ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 04:58:00 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #720 from nsacyber/v3_issue_680-unittest

Browse Source 
Migrated 1 unit test from master Utils to main HIRS_AttestationCA
This commit is contained in:
D2B8CA1B27286366A8607B6858C0565962613D18D0546480078B520CD7AD705A 2024-02-28 08:55:36 -05:00 committed by GitHub
commit 60dfb21c62
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
30 changed files with 847 additions and 514 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/AttestationCertificateAuthorityTest.java
View File

@ -20,7 +20,11 @@ import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.TBSCertificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.*;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import org.springframework.test.util.ReflectionTestUtils;
import javax.crypto.Cipher;
@ -37,7 +41,14 @@ import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.MGF1ParameterSpec;
@ -46,9 +57,14 @@ import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
/**
* Test suite for {@link AttestationCertificateAuthority}.
@ -64,11 +80,28 @@ public class AttestationCertificateAuthorityTest {
*/
@Nested
public class AccessAbstractProcessor extends AbstractProcessor {
/**
* Constructor.
*
* @param privateKey the private key of the ACA
* @param validDays int for the time in which a certificate is valid.
*/
public AccessAbstractProcessor(final PrivateKey privateKey,
final int validDays) {
super(privateKey, validDays);
}
/**
* Public wrapper for the protected function generateCredential(), to access for testing.
*
* @param publicKey cannot be null
* @param endorsementCredential the endorsement credential
* @param platformCredentials the set of platform credentials
* @param deviceName The host name used in the subject alternative name
* @param acaCertificate the aca certificate
* @return the generated X509 certificate
*/
public X509Certificate accessGenerateCredential(final PublicKey publicKey,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials,
@ -90,6 +123,11 @@ public class AttestationCertificateAuthorityTest {
// test key pair
private KeyPair keyPair;
// length of IV used in PKI
private static final int ENCRYPTION_IV_LEN = 16;
// length of secret key used in PKI
private static final int SECRETKEY_LEN = 128;
private static final String EK_PUBLIC_PATH = "/tpm2/ek.pub";
private static final String AK_PUBLIC_PATH = "/tpm2/ak.pub";
private static final String AK_NAME_PATH = "/tpm2/ak.name";
@ -149,7 +187,7 @@ public class AttestationCertificateAuthorityTest {
null, null, null, null, null, null, 1,
null, null, null, null) {
};
abstractProcessor = new AccessAbstractProcessor(keyPair.getPrivate(),1);
abstractProcessor = new AccessAbstractProcessor(keyPair.getPrivate(), 1);
Security.addProvider(new BouncyCastleProvider());
}
@ -216,7 +254,8 @@ public class AttestationCertificateAuthorityTest {
byte[] encrypted = encryptBlob(expected, encryptionScheme.toString());
// perform the decryption and assert that the decrypted bytes equal the expected bytes
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(encrypted, encryptionScheme, keyPair.getPrivate()));
assertArrayEquals(expected, ProvisionUtils.decryptAsymmetricBlob(
encrypted, encryptionScheme, keyPair.getPrivate()));
}
/**
@ -235,10 +274,10 @@ public class AttestationCertificateAuthorityTest {
// create a key generator to generate a "shared" secret
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
keyGenerator.init(SECRETKEY_LEN);
// use some random bytes as the IV to encrypt and subsequently decrypt with
byte[] randomBytes = new byte[16];
byte[] randomBytes = new byte[ENCRYPTION_IV_LEN];
// generate the random bytes
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
@ -271,6 +310,9 @@ public class AttestationCertificateAuthorityTest {
assertTrue(symmetricKey.getKeySize() == symmetricKey.getKey().length);
}
private void assertTrue(final boolean b) {
}
/**
* Tests {@link ProvisionUtils#generateAsymmetricContents(
* byte[], byte[], PublicKey)}.
@ -284,7 +326,7 @@ public class AttestationCertificateAuthorityTest {
byte[] identityProofEncoded = new byte[]{0, 0, 1, 1};
// generate a random session key to be used for encryption and decryption
byte[] sessionKey = new byte[16];
byte[] sessionKey = new byte[ENCRYPTION_IV_LEN];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.nextBytes(sessionKey);
@ -325,7 +367,7 @@ public class AttestationCertificateAuthorityTest {
// create a key generator to generate a secret key
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
keyGenerator.init(SECRETKEY_LEN);
// obtain the key from the generator
byte[] secretKey = keyGenerator.generateKey().getEncoded();
@ -356,7 +398,7 @@ public class AttestationCertificateAuthorityTest {
assertTrue(attestation.getCredential().length == attestation.getCredentialSize());
// create containers for the 2 parts of the credential
byte[] iv = new byte[16];
byte[] iv = new byte[ENCRYPTION_IV_LEN];
byte[] credential = new byte[attestation.getCredential().length - iv.length];
// siphon off the first 16 bytes for the IV
@ -623,7 +665,7 @@ public class AttestationCertificateAuthorityTest {
* @return encrypted blob
* @throws Exception during the encryption process
*/
private byte[] encryptBlob(byte[] blob, String transformation) throws Exception {
private byte[] encryptBlob(final byte[] blob, final String transformation) throws Exception {
// initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(transformation);
@ -645,8 +687,8 @@ public class AttestationCertificateAuthorityTest {
* @return encrypted blob
* @throws Exception
*/
private byte[] encryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation)
throws Exception {
private byte[] encryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
final String transformation) throws Exception {
// initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(transformation);
@ -670,7 +712,7 @@ public class AttestationCertificateAuthorityTest {
* @return decrypted blob
* @throws Exception
*/
private byte[] decryptBlob(byte[] blob) throws Exception {
private byte[] decryptBlob(final byte[] blob) throws Exception {
// initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(EncryptionScheme.OAEP.toString());
@ -695,12 +737,12 @@ public class AttestationCertificateAuthorityTest {
* @return decrypted blob
* @throws Exception
*/
private byte[] decryptBlob(byte[] blob, byte[] key, byte[] iv, String transformation)
throws Exception {
private byte[] decryptBlob(final byte[] blob, final byte[] key, final byte[] iv,
final String transformation) throws Exception {
// initialize a cipher using the specified transformation
Cipher cipher = Cipher.getInstance(transformation);
// generate a secret key specification using the key and AES.
// generate a secret key specification using the key and AES
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
// create IV parameter for key specification
@ -712,5 +754,4 @@ public class AttestationCertificateAuthorityTest {
// return the cipher text
return cipher.doFinal(blob);
}
}

11
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/AppraiserTest.java
View File

@ -1,12 +1,14 @@
package hirs.attestationca.persist.entity;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import org.junit.jupiter.api.Test;
import java.io.IOException;
import java.security.cert.CertificateException;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.*;
/**
* Unit tests for the class <code>Appraiser</code>.
@ -160,5 +162,4 @@ public final class AppraiserTest {
assertNotEquals(appraiser1.hashCode(), appraiser2.hashCode());
assertNotEquals(appraiser2.hashCode(), appraiser1.hashCode());
}
}

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity;

21
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/TPM2ProvisionerStateTest.java
View File

@ -87,13 +87,16 @@ public class TPM2ProvisionerStateTest {
/**
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])} works.
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
* Test that {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])} works.
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
* @throws IOException this will never happen
*/
@Test
public final void testGetTPM2ProvisionerStateNominal() throws IOException {
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
mock(TPM2ProvisionerStateRepository.class);
byte[] nonce = new byte[32];
byte[] identityClaim = new byte[360];
random.nextBytes(nonce);
@ -112,12 +115,14 @@ public class TPM2ProvisionerStateTest {
/**
* Test that if a null is passed as a nonce to
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
* @throws IOException this will never happen
*/
@Test
public final void testGetTPM2ProvisionerStateNullNonce() throws IOException {
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
mock(TPM2ProvisionerStateRepository.class);
byte[] nonce = new byte[32];
byte[] identityClaim = new byte[360];
random.nextBytes(nonce);
@ -133,12 +138,14 @@ public class TPM2ProvisionerStateTest {
/**
* Test that if a nonce that is less than 8 bytes is passed to
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(TPM2ProvisionerStateRepository, byte[])}, null is returned.
* {@link TPM2ProvisionerState#getTPM2ProvisionerState(
* TPM2ProvisionerStateRepository, byte[])}, null is returned.
* @throws IOException this will never happen
*/
@Test
public final void testGetTPM2ProvisionerStateNonceTooSmall() throws IOException {
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository = mock(TPM2ProvisionerStateRepository.class);
TPM2ProvisionerStateRepository tpm2ProvisionerStateRepository =
mock(TPM2ProvisionerStateRepository.class);
byte[] nonce = new byte[32];
byte[] identityClaim = new byte[360];
random.nextBytes(nonce);

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/tpm/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.tpm;

313
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/AbstractUserdefinedEntityTest.java Normal file
View File

@ -0,0 +1,313 @@
package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.IssuedAttestationCertificate;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
import hirs.attestationca.persist.enums.AppraisalStatus;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
/**
* Class with definitions and functions common to multiple Userdefined Entity object tests.
*
*/
public class AbstractUserdefinedEntityTest {
/**
* Location of a test (fake) SGI intermediate CA certificate.
*/
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
/**
* Location of a test (fake) Intel intermediate CA certificate.
*/
public static final String FAKE_INTEL_INT_CA_FILE =
"/certificates/fakeIntelIntermediateCA.cer";
/**
* Location of a test (fake) root CA certificate.
*/
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
/**
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
*/
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
/**
* Location of a test identity certificate.
*/
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
/**
* Location of a test platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_1 =
"/validation/platform_credentials/Intel_pc1.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_2 =
"/validation/platform_credentials/Intel_pc2.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_3 =
"/validation/platform_credentials/Intel_pc3.cer";
/**
* Platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_4 =
"/validation/platform_credentials/Intel_pc4.pem";
/**
* Another platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_5 =
"/validation/platform_credentials/Intel_pc5.pem";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_6 =
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
/**
* Dummy message for supply chain validation test.
*/
public static final String VALIDATION_MESSAGE = "Some message.";
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename)
throws IOException {
return getTestCertificate(certificateClass, filename, null, null);
}
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @param endorsementCredential the endorsement credentials (can be null)
* @param platformCredentials the platform credentials (can be null)
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials)
throws IOException {
Path certPath;
try {
certPath = Paths.get(Objects.requireNonNull(
AbstractUserdefinedEntityTest.class.getResource(filename)).toURI());
// certPath = Paths.get(Objects.requireNonNull(
// CertificateTest.class.getResource(filename)).toURI());
} catch (URISyntaxException e) {
throw new IOException("Could not resolve path URI", e);
}
switch (certificateClass.getSimpleName()) {
case "CertificateAuthorityCredential":
return new CertificateAuthorityCredential(certPath);
case "ConformanceCredential":
return new ConformanceCredential(certPath);
case "EndorsementCredential":
return new EndorsementCredential(certPath);
case "PlatformCredential":
return new PlatformCredential(certPath);
case "IssuedAttestationCertificate":
return new IssuedAttestationCertificate(certPath,
endorsementCredential, platformCredentials);
default:
throw new IllegalArgumentException(
String.format("Unknown certificate class %s", certificateClass.getName())
);
}
}
/**
* Return a list of all test certificates.
*
* @return a list of all test certificates
* @throws IOException if there is a problem deserializing certificates
*/
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
return Arrays.asList(
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
);
}
/**
* Creates a DeviceInfoReport instance usable for testing.
*
* @return a test DeviceInfoReport
*/
public static DeviceInfoReport getTestDeviceInfoReport() {
return new DeviceInfoReport(
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
createTestHardwareInfo(), createTPMInfo()
);
}
/**
* Creates a test instance of NetworkInfo.
*
* @return network information for a fake device
*/
public static NetworkInfo createTestNetworkInfo() {
try {
final String hostname = "test.hostname";
final InetAddress ipAddress =
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
return new NetworkInfo(hostname, ipAddress, macAddress);
} catch (UnknownHostException e) {
LOGGER.error("error occurred while creating InetAddress");
return null;
}
}
/**
* Creates a test instance of OSInfo.
*
* @return OS information for a fake device
*/
public static OSInfo createTestOSInfo() {
return new OSInfo("test os name", "test os version", "test os arch",
"test distribution", "test distribution release");
}
/**
* Creates a test instance of FirmwareInfo.
*
* @return Firmware information for a fake device
*/
public static FirmwareInfo createTestFirmwareInfo() {
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
}
/**
* Creates a test instance of HardwareInfo.
*
* @return Hardware information for a fake device
*/
public static HardwareInfo createTestHardwareInfo() {
return new HardwareInfo("test manufacturer", "test product name", "test version",
"test really long serial number with many characters", "test really long chassis "
+ "serial number with many characters",
"test really long baseboard serial number with many characters");
}
/**
* Creates a test instance of TPMInfo.
*
* @return TPM information for a fake device
*/
public static final TPMInfo createTPMInfo() {
final short num1 = 1;
final short num2 = 2;
final short num3 = 3;
final short num4 = 4;
return new TPMInfo("test os make", num1, num2, num3, num4,
getTestIdentityCertificate());
}
/**
* Creates a test identity certificate.
*
* @return the test X509 certificate
*/
public static X509Certificate getTestIdentityCertificate() {
X509Certificate certificateValue = null;
InputStream istream = null;
istream = AbstractUserdefinedEntityTest.class.getResourceAsStream(
TEST_IDENTITY_CERT
);
try {
if (istream == null) {
throw new FileNotFoundException(TEST_IDENTITY_CERT);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
certificateValue = (X509Certificate) cf.generateCertificate(
istream);
} catch (Exception e) {
return null;
} finally {
if (istream != null) {
try {
istream.close();
} catch (IOException e) {
LOGGER.error("test certificate file could not be closed");
}
}
}
return certificateValue;
}
/**
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
*
* @param type the type of validation
* @param result the appraisal result
* @param certificates the certificates related to this validation
* @return the resulting SupplyChainValidation object
*/
public static SupplyChainValidation getTestSupplyChainValidation(
final SupplyChainValidation.ValidationType type,
final AppraisalStatus.Status result,
final List<ArchivableEntity> certificates) {
return new SupplyChainValidation(
type,
result,
certificates,
VALIDATION_MESSAGE
);
}
}

147
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/CertificateTest.java
View File

@ -1,6 +1,11 @@
package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.ConformanceCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.junit.jupiter.api.Test;
import java.io.FileInputStream;
import java.io.IOException;
@ -14,12 +19,8 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import hirs.attestationca.persist.entity.userdefined.certificate.*;
import org.bouncycastle.cert.X509AttributeCertificateHolder;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
@ -29,17 +30,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
/**
* This class tests functionality of the {@link Certificate} class.
*/
public class CertificateTest {
/**
* Location of a test (fake) root CA certificate.
*/
public static final String FAKE_ROOT_CA_FILE = "/certificates/fakeRootCA.cer";
/**
* Location of a test (fake) Intel intermediate CA certificate.
*/
public static final String FAKE_INTEL_INT_CA_FILE =
"/certificates/fakeIntelIntermediateCA.cer";
public class CertificateTest extends AbstractUserdefinedEntityTest {
/**
* Location of a test (fake) Intel intermediate CA certificate.
@ -47,11 +38,6 @@ public class CertificateTest {
public static final String INTEL_INT_CA_FILE =
"/validation/platform_credentials/intel_chain/root/intermediate2.cer";
/**
* Location of a test (fake) SGI intermediate CA certificate.
*/
public static final String FAKE_SGI_INT_CA_FILE = "/certificates/fakeSGIIntermediateCA.cer";
/**
* Location of another test self-signed certificate.
*/
@ -78,12 +64,6 @@ public class CertificateTest {
*/
public static final String GS_ROOT_CA = "/certificates/stMicroCaCerts/gstpmroot.crt";
/**
* Hex-encoded subject key identifier for the FAKE_ROOT_CA_FILE.
*/
public static final String FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX =
"58ec313a1699f94c1c8c4e2c6412402b258f0177";
/**
* Location of a test STM endorsement credential.
*/
@ -119,7 +99,8 @@ public class CertificateTest {
public void testConstructCertFromByteArray() throws IOException, URISyntaxException {
Certificate certificate = new CertificateAuthorityCredential(
Files.readAllBytes(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
)
);
assertEquals(
@ -163,7 +144,8 @@ public class CertificateTest {
@Test
public void testConstructCertFromPath() throws URISyntaxException, IOException {
Certificate certificate = new CertificateAuthorityCredential(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
);
assertEquals(
"CN=Fake Root CA",
@ -202,12 +184,12 @@ public class CertificateTest {
Certificate.CertificateType.X509_CERTIFICATE,
getTestCertificate(
PlatformCredential.class,
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType());
TEST_PLATFORM_CERT_3).getCertificateType());
assertEquals(
Certificate.CertificateType.ATTRIBUTE_CERTIFICATE,
getTestCertificate(
PlatformCredential.class,
PlatformCredentialTest.TEST_PLATFORM_CERT_3).getCertificateType());
TEST_PLATFORM_CERT_3).getCertificateType());
}
@ -220,7 +202,7 @@ public class CertificateTest {
@Test
public void testImportPem() throws IOException {
Certificate platformCredential = getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_4
PlatformCredential.class, TEST_PLATFORM_CERT_4
);
assertEquals(
@ -232,7 +214,7 @@ public class CertificateTest {
);
platformCredential = getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_5
PlatformCredential.class, TEST_PLATFORM_CERT_5
);
assertEquals(
@ -295,13 +277,12 @@ public class CertificateTest {
public void testX509AttributeCertificateParsing() throws IOException, URISyntaxException {
Certificate platformCert = getTestCertificate(
PlatformCredential.class,
PlatformCredentialTest.TEST_PLATFORM_CERT_3
TEST_PLATFORM_CERT_3
);
X509AttributeCertificateHolder attrCertHolder = new X509AttributeCertificateHolder(
Files.readAllBytes(Paths.get(Objects.requireNonNull(this.getClass().getResource(
PlatformCredentialTest.TEST_PLATFORM_CERT_3
)).toURI()))
TEST_PLATFORM_CERT_3)).toURI()))
);
assertEquals(
@ -330,7 +311,7 @@ public class CertificateTest {
public void testX509AttributeCertificateParsingExtended()
throws IOException, URISyntaxException {
Certificate platformCert = getTestCertificate(
PlatformCredential.class, PlatformCredentialTest.TEST_PLATFORM_CERT_6);
PlatformCredential.class, TEST_PLATFORM_CERT_6);
assertEquals("https://trustedservices.intel.com/"
+ "content/TSC/certs/TSC_IssuingCAIKGF_TEST.cer\n",
@ -428,11 +409,13 @@ public class CertificateTest {
assertEquals(
new CertificateAuthorityCredential(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
),
new CertificateAuthorityCredential(
Files.readAllBytes(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
)
)
);
@ -450,7 +433,7 @@ public class CertificateTest {
assertNotEquals(
null,
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
);
);
}
/**
@ -489,11 +472,13 @@ public class CertificateTest {
assertEquals(
new CertificateAuthorityCredential(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
).hashCode(),
new CertificateAuthorityCredential(
Files.readAllBytes(
Paths.get(Objects.requireNonNull(this.getClass().getResource(FAKE_ROOT_CA_FILE)).toURI())
Paths.get(Objects.requireNonNull(this.getClass().getResource(
FAKE_ROOT_CA_FILE)).toURI())
)
).hashCode()
);
@ -520,79 +505,6 @@ public class CertificateTest {
return getTestCertificate(CertificateAuthorityCredential.class, filename);
}
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename)
throws IOException {
return getTestCertificate(certificateClass, filename, null, null);
}
/**
* Construct a test certificate from the given parameters.
*
* @param <T> the type of Certificate that will be created
* @param certificateClass the class of certificate to generate
* @param filename the location of the certificate to be used
* @param endorsementCredential the endorsement credentials (can be null)
* @param platformCredentials the platform credentials (can be null)
* @return the newly-constructed Certificate
* @throws IOException if there is a problem constructing the test certificate
*/
public static <T extends ArchivableEntity> Certificate getTestCertificate(
final Class<T> certificateClass, final String filename,
final EndorsementCredential endorsementCredential,
final List<PlatformCredential> platformCredentials)
throws IOException {
Path certPath;
try {
certPath = Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(filename)).toURI());
} catch (URISyntaxException e) {
throw new IOException("Could not resolve path URI", e);
}
switch (certificateClass.getSimpleName()) {
case "CertificateAuthorityCredential":
return new CertificateAuthorityCredential(certPath);
case "ConformanceCredential":
return new ConformanceCredential(certPath);
case "EndorsementCredential":
return new EndorsementCredential(certPath);
case "PlatformCredential":
return new PlatformCredential(certPath);
case "IssuedAttestationCertificate":
return new IssuedAttestationCertificate(certPath,
endorsementCredential, platformCredentials);
default:
throw new IllegalArgumentException(
String.format("Unknown certificate class %s", certificateClass.getName())
);
}
}
/**
* Return a list of all test certificates.
*
* @return a list of all test certificates
* @throws IOException if there is a problem deserializing certificates
*/
public static List<ArchivableEntity> getAllTestCertificates() throws IOException {
return Arrays.asList(
getTestCertificate(CertificateAuthorityCredential.class, FAKE_SGI_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_INTEL_INT_CA_FILE),
getTestCertificate(CertificateAuthorityCredential.class, FAKE_ROOT_CA_FILE)
);
}
private static X509Certificate readX509Certificate(final String resourceName)
throws IOException {
@ -603,8 +515,9 @@ public class CertificateTest {
throw new IOException("Cannot get X509 CertificateFactory instance", e);
}
try (FileInputStream certInputStream = new FileInputStream(
Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(resourceName)).toURI()).toFile()
try (FileInputStream certInputStream = new FileInputStream(Paths.get(
Objects.requireNonNull(CertificateTest.class.getResource(
resourceName)).toURI()).toFile()
)) {
return (X509Certificate) cf.generateCertificate(certInputStream);
} catch (CertificateException | URISyntaxException e) {

79
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/DeviceTest.java
View File

@ -1,7 +1,6 @@
package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReportTest;
import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.enums.HealthStatus;
import org.junit.jupiter.api.Test;
@ -14,19 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertNull;
* This is the test class for the <code>Device</code> class.
*
*/
public final class DeviceTest {
/**
* Utility method for getting a <code>Device</code> that can be used for
* testing.
*
* @param name name for the <code>Device</code>
*
* @return device
*/
public static Device getTestDevice(final String name) {
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
return new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
}
public final class DeviceTest extends AbstractUserdefinedEntityTest {
/**
* Tests that the device constructor can take a name.
@ -34,7 +21,9 @@ public final class DeviceTest {
@Test
public void testDevice() {
final String name = "my-laptop";
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null , null);
final Device device = new Device(name, null, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertNotNull(device);
}
@ -45,8 +34,10 @@ public final class DeviceTest {
@Test
public void testDeviceNameAndInfo() {
final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
}
/**
@ -56,7 +47,9 @@ public final class DeviceTest {
public void testDeviceNameAndNullInfo() {
final String name = "my-laptop";
final DeviceInfoReport deviceInfo = null;
new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
}
/**
@ -65,8 +58,10 @@ public final class DeviceTest {
@Test
public void testGetDeviceInfo() {
final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(deviceInfo, device.getDeviceInfo());
}
@ -76,9 +71,11 @@ public final class DeviceTest {
@Test
public void testSetDeviceInfo() {
final String name = "my-laptop";
final Device device = new Device(name, null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final Device device = new Device(name, null, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertNull(device.getDeviceInfo());
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
device.setDeviceInfo(deviceInfo);
assertEquals(deviceInfo, device.getDeviceInfo());
}
@ -89,8 +86,10 @@ public final class DeviceTest {
@Test
public void testSetNullDeviceInfo() {
final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(deviceInfo, device.getDeviceInfo());
device.setDeviceInfo(null);
assertNull(device.getDeviceInfo());
@ -102,8 +101,10 @@ public final class DeviceTest {
@Test
public void testNotNullLastReportTimeStamp() {
final String name = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertNotNull(device.getLastReportTimestamp());
}
@ -112,7 +113,9 @@ public final class DeviceTest {
*/
@Test
public void testSetHealthStatus() {
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final Device device = new Device("test-device", null, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
device.setHealthStatus(HealthStatus.TRUSTED);
assertEquals(HealthStatus.TRUSTED, device.getHealthStatus());
}
@ -124,9 +127,13 @@ public final class DeviceTest {
public void testDeviceEquals() {
final String name = "my-laptop";
final String otherName = "my-laptop";
final DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
final Device other = new Device(otherName, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(device, other);
}
@ -136,8 +143,10 @@ public final class DeviceTest {
@Test
public void testGetDefaultSupplyChainStatus() {
String name = "my-laptop";
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
assertEquals(AppraisalStatus.Status.UNKNOWN, device.getSupplyChainValidationStatus());
}
@ -147,8 +156,10 @@ public final class DeviceTest {
@Test
public void testSetAndGetSupplyChainStatus() {
String name = "my-laptop";
DeviceInfoReport deviceInfo = DeviceInfoReportTest.getTestReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN, AppraisalStatus.Status.UNKNOWN, null, false, null, null);
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
final Device device = new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null, false,
null, null);
device.setSupplyChainValidationStatus(AppraisalStatus.Status.PASS);
assertEquals(AppraisalStatus.Status.PASS, device.getSupplyChainValidationStatus());
}

221
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationSummaryTest.java Normal file
View File

@ -0,0 +1,221 @@
package hirs.attestationca.persist.entity.userdefined;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.entity.userdefined.report.DeviceInfoReport;
import hirs.attestationca.persist.enums.AppraisalStatus;
import hirs.attestationca.persist.enums.HealthStatus;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestInstance;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
/**
* Tests the functionality in SupplyChainValidationSummary.
*/
@TestInstance(TestInstance.Lifecycle.PER_CLASS)
public class SupplyChainValidationSummaryTest extends AbstractUserdefinedEntityTest {
/**
* Test device.
*
*/
private Device device;
/**
* List of test certificates.
*
*/
private List<ArchivableEntity> certificates;
/**
* Create a set of certificates and a device for use by these tests.
*
* @throws Exception if there is a problem deserializing certificates or creating test device
*/
@BeforeAll
public void setup() throws Exception {
certificates = getAllTestCertificates();
device = getTestDevice("TestDevice");
}
/**
* Tests that an empty summary behaves as expected.
*/
@Test
public void testEmptySummary() throws InterruptedException {
SupplyChainValidationSummary emptySummary = getTestSummary(
0,
0
);
//assertEquals(device, emptySummary.getDevice());
assertEquals(device.getDeviceInfo(), emptySummary.getDevice().getDeviceInfo());
assertEquals(Collections.EMPTY_SET, emptySummary.getValidations());
assertEquals(AppraisalStatus.Status.PASS, emptySummary.getOverallValidationResult());
assertNotNull(emptySummary.getCreateTime());
}
/**
* Test that a summary can't be created with a null validationIdentifier.
*/
@Test
public void testNullValidationIdentifier() {
assertThrows(IllegalArgumentException.class, () ->
new SupplyChainValidationSummary(null, Collections.emptyList()));
}
/**
* Test that a summary can't be created with a null validations list.
*/
@Test
public void testNullValidationList() {
assertThrows(IllegalArgumentException.class, () ->
new SupplyChainValidationSummary(device, null));
}
/**
* Test that summaries with one and two component validations, which both represent successful
* validations, have getters that return the expected information.
*/
@Test
public void testSuccessfulSummary() throws InterruptedException {
SupplyChainValidationSummary oneValidation = getTestSummary(
1,
0
);
//assertEquals(device, oneValidation.getDevice());
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
assertEquals(1, oneValidation.getValidations().size());
assertEquals(AppraisalStatus.Status.PASS, oneValidation.getOverallValidationResult());
assertNotNull(oneValidation.getCreateTime());
SupplyChainValidationSummary twoValidations = getTestSummary(
2,
0
);
//assertEquals(device, twoValidations.getDevice());
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
assertEquals(2, twoValidations.getValidations().size());
assertEquals(twoValidations.getOverallValidationResult(), AppraisalStatus.Status.PASS);
assertNotNull(twoValidations.getCreateTime());
}
/**
* Test that summaries with one and two component validations, of which one represents an
* unsuccessful validations, have getters that return the expected information.
*/
@Test
public void testUnsuccessfulSummary() throws InterruptedException {
SupplyChainValidationSummary oneValidation = getTestSummary(
1,
1
);
//assertEquals(device, oneValidation.getDevice());
assertEquals(device.getDeviceInfo(), oneValidation.getDevice().getDeviceInfo());
assertEquals(1, oneValidation.getValidations().size());
assertEquals(AppraisalStatus.Status.FAIL, oneValidation.getOverallValidationResult());
assertNotNull(oneValidation.getCreateTime());
SupplyChainValidationSummary twoValidations = getTestSummary(
2,
1
);
//assertEquals(device, twoValidations.getDevice());
assertEquals(device.getDeviceInfo(), twoValidations.getDevice().getDeviceInfo());
assertEquals(2, twoValidations.getValidations().size());
assertEquals(AppraisalStatus.Status.FAIL, twoValidations.getOverallValidationResult());
assertNotNull(twoValidations.getCreateTime());
SupplyChainValidationSummary twoBadValidations = getTestSummary(
2,
2
);
//assertEquals(device, twoBadValidations.getDevice());
assertEquals(device.getDeviceInfo(), twoBadValidations.getDevice().getDeviceInfo());
assertEquals(2, twoBadValidations.getValidations().size());
assertEquals(AppraisalStatus.Status.FAIL, twoBadValidations.getOverallValidationResult());
assertNotNull(twoBadValidations.getCreateTime());
}
/**
* Utility method for getting a <code>Device</code> that can be used for
* testing.
*
* @param name name for the <code>Device</code>
*
* @return device
*/
public static Device getTestDevice(final String name) {
final DeviceInfoReport deviceInfo = getTestDeviceInfoReport();
return new Device(name, deviceInfo, HealthStatus.UNKNOWN,
AppraisalStatus.Status.UNKNOWN, null,
false, null, null);
}
/**
* Utility method for getting a <code>SupplyChainValidationSummary</code> that can be used for
* testing.
*
* @param numberOfValidations number of validations for the <code>SupplyChainValidationSummary</code>
* @param numFail number of failed validations
*
* @return device
*/
private SupplyChainValidationSummary getTestSummary(
final int numberOfValidations,
final int numFail
) throws InterruptedException {
SupplyChainValidation.ValidationType[] validationTypes =
SupplyChainValidation.ValidationType.values();
if (numberOfValidations > validationTypes.length) {
throw new IllegalArgumentException(String.format(
"Cannot have more than %d validation types",
validationTypes.length
));
}
if (numFail > numberOfValidations) {
throw new IllegalArgumentException(String.format(
"Cannot have more than %d failed validations",
validationTypes.length
));
}
Collection<SupplyChainValidation> validations = new HashSet<>();
for (int i = 0; i < numberOfValidations; i++) {
boolean successful = true;
if (i >= (numberOfValidations - numFail)) {
successful = false;
}
AppraisalStatus.Status result = AppraisalStatus.Status.FAIL;
if (successful) {
result = AppraisalStatus.Status.PASS;
}
validations.add(SupplyChainValidationTest.getTestSupplyChainValidation(
validationTypes[i],
result,
certificates
));
}
return new SupplyChainValidationSummary(device, validations);
}
}

47
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/SupplyChainValidationTest.java
View File

@ -1,21 +1,18 @@
package hirs.attestationca.persist.entity.userdefined;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import hirs.attestationca.persist.entity.ArchivableEntity;
import hirs.attestationca.persist.enums.AppraisalStatus;
import org.junit.jupiter.api.Test;
import java.io.IOException;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
/**
* Simple tests for the {@link SupplyChainValidation} class. Tests for the persistence of this
* class are located in { SupplyChainValidationSummaryTest}.
*/
class SupplyChainValidationTest {
private static final String MESSAGE = "Some message.";
class SupplyChainValidationTest extends AbstractUserdefinedEntityTest {
/**
* Test that this class' getter methods work properly.
@ -31,9 +28,9 @@ class SupplyChainValidationTest {
);
assertEquals(
validation.getCertificatesUsed(),
CertificateTest.getAllTestCertificates()
getAllTestCertificates()
);
assertEquals(validation.getMessage(), MESSAGE);
assertEquals(validation.getMessage(), VALIDATION_MESSAGE);
}
/**
@ -47,8 +44,8 @@ class SupplyChainValidationTest {
new SupplyChainValidation(
null,
AppraisalStatus.Status.PASS,
CertificateTest.getAllTestCertificates(),
MESSAGE
getAllTestCertificates(),
VALIDATION_MESSAGE
));
}
@ -64,7 +61,7 @@ class SupplyChainValidationTest {
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
AppraisalStatus.Status.PASS,
null,
MESSAGE
VALIDATION_MESSAGE
));
}
@ -78,8 +75,8 @@ class SupplyChainValidationTest {
new SupplyChainValidation(
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
AppraisalStatus.Status.PASS,
CertificateTest.getAllTestCertificates(),
MESSAGE
getAllTestCertificates(),
VALIDATION_MESSAGE
);
}
@ -95,27 +92,7 @@ class SupplyChainValidationTest {
return getTestSupplyChainValidation(
SupplyChainValidation.ValidationType.ENDORSEMENT_CREDENTIAL,
AppraisalStatus.Status.PASS,
CertificateTest.getAllTestCertificates()
);
}
/**
* Construct a SupplyChainValidation for use in tests according to the provided parameters.
*
* @param type the type of validation
* @param result the appraisal result
* @param certificates the certificates related to this validation
* @return the resulting SupplyChainValidation object
*/
public static SupplyChainValidation getTestSupplyChainValidation(
final SupplyChainValidation.ValidationType type,
final AppraisalStatus.Status result,
final List<ArchivableEntity> certificates) {
return new SupplyChainValidation(
type,
result,
certificates,
MESSAGE
getAllTestCertificates()
);
}
}

11
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredentialTest.java
View File

@ -1,8 +1,7 @@
package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import org.apache.commons.codec.binary.Hex;
import static org.mockito.Mockito.mock;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import org.junit.jupiter.api.Test;
@ -12,13 +11,11 @@ import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateException;
import hirs.attestationca.persist.entity.manager.CertificateRepository;
/**
* Tests that CertificateAuthorityCredential properly parses its fields.
*/
public class CertificateAuthorityCredentialTest {
private static final CertificateRepository CERT_MAN = mock(CertificateRepository.class);
public class CertificateAuthorityCredentialTest extends AbstractUserdefinedEntityTest {
/**
* Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and
@ -33,7 +30,7 @@ public class CertificateAuthorityCredentialTest {
public void testGetSubjectKeyIdentifier()
throws CertificateException, IOException, URISyntaxException {
Path testCertPath = Paths.get(
this.getClass().getResource(CertificateTest.FAKE_ROOT_CA_FILE).toURI()
this.getClass().getResource(FAKE_ROOT_CA_FILE).toURI()
);
CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath);
@ -42,7 +39,7 @@ public class CertificateAuthorityCredentialTest {
assertNotNull(subjectKeyIdentifier);
assertEquals(
Hex.encodeHexString(subjectKeyIdentifier),
CertificateTest.FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX
);
}
}

27
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredentialTest.java
View File

@ -5,7 +5,6 @@ import static org.junit.jupiter.api.Assertions.assertNotEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
import org.junit.jupiter.api.Test;
import java.io.IOException;
@ -29,13 +28,15 @@ public class EndorsementCredentialTest {
private static final String EK_CERT_WITH_SECURITY_ASSERTIONS =
"/certificates/ek_cert_with_security_assertions.cer";
private static final int TPM_SPEC_REVISION_NUM = 116;
/**
* Tests the successful parsing of an EC using a test cert from STM.
* @throws IOException test failed due to invalid certificate parsing
*/
@Test
public void testParse() throws IOException {
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).
String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).
getPath();
Path fPath = Paths.get(path);
EndorsementCredential ec = new EndorsementCredential(fPath);
@ -49,7 +50,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -68,7 +69,7 @@ public class EndorsementCredentialTest {
*/
@Test
public void testParseNuc1() throws IOException {
String path = CertificateTest.class.getResource(
String path = this.getClass().getResource(
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
Path fPath = Paths.get(path);
EndorsementCredential ec = new EndorsementCredential(fPath);
@ -82,7 +83,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -102,7 +103,7 @@ public class EndorsementCredentialTest {
*/
@Test
public void testParseNuc1BuilderMethod() throws IOException {
String path = CertificateTest.class.getResource(
String path = this.getClass().getResource(
TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
Path fPath = Paths.get(path);
byte[] ecBytes = Files.readAllBytes(fPath);
@ -118,7 +119,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -137,7 +138,7 @@ public class EndorsementCredentialTest {
*/
@Test
public void testParseNuc2() throws IOException {
String path = CertificateTest.class.getResource(
String path = this.getClass().getResource(
TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
Path fPath = Paths.get(path);
EndorsementCredential ec = new EndorsementCredential(fPath);
@ -151,7 +152,7 @@ public class EndorsementCredentialTest {
TPMSpecification spec = ec.getTpmSpecification();
assertEquals(spec.getFamily(), "1.2");
assertEquals(spec.getLevel(), BigInteger.valueOf(2));
assertEquals(spec.getRevision(), BigInteger.valueOf(116));
assertEquals(spec.getRevision(), BigInteger.valueOf(TPM_SPEC_REVISION_NUM));
TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions();
assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0));
@ -170,17 +171,17 @@ public class EndorsementCredentialTest {
*/
@Test
public void testCertsNotEqual() throws IOException {
String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
String path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath();
Path fPath = Paths.get(path);
EndorsementCredential ec1 = new EndorsementCredential(fPath);
assertNotNull(ec1);
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath();
fPath = Paths.get(path);
EndorsementCredential ec2 = new EndorsementCredential(fPath);
assertNotNull(ec2);
path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
path = this.getClass().getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath();
fPath = Paths.get(path);
EndorsementCredential ec3 = new EndorsementCredential(fPath);
assertNotNull(ec3);
@ -197,7 +198,7 @@ public class EndorsementCredentialTest {
*/
@Test
public void testTpmSecurityAssertionsParsing() throws IOException {
Path fPath = Paths.get(CertificateTest.class
Path fPath = Paths.get(this.getClass()
.getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath());
EndorsementCredential ec = new EndorsementCredential(fPath);

38
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/PlatformCredentialTest.java
View File

@ -1,5 +1,6 @@
package hirs.attestationca.persist.entity.userdefined.certificate;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import hirs.attestationca.persist.entity.userdefined.Certificate;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentIdentifier;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.PlatformConfiguration;
@ -25,42 +26,7 @@ import java.util.TimeZone;
/**
* Tests that a PlatformCredential parses its fields correctly.
*/
public class PlatformCredentialTest {
/**
* Location of a test platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_1 =
"/validation/platform_credentials/Intel_pc1.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_2 =
"/validation/platform_credentials/Intel_pc2.cer";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_3 =
"/validation/platform_credentials/Intel_pc3.cer";
/**
* Platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_4 =
"/validation/platform_credentials/Intel_pc4.pem";
/**
* Another platform cert with comma separated baseboard and chassis serial number.
*/
public static final String TEST_PLATFORM_CERT_5 =
"/validation/platform_credentials/Intel_pc5.pem";
/**
* Location of another, slightly different platform attribute cert.
*/
public static final String TEST_PLATFORM_CERT_6 =
"/validation/platform_credentials/TPM_INTC_Platform_Cert_RSA.txt";
public class PlatformCredentialTest extends AbstractUserdefinedEntityTest {
/**
* Platform Certificate 2.0 with all the expected data.

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/attributes/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.certificate.attributes;

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.certificate;

37
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java
View File

@ -1,12 +1,8 @@
package hirs.attestationca.persist.entity.userdefined.info;
import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@ -18,12 +14,11 @@ import org.junit.jupiter.api.Test;
/**
* TPMInfoTest is a unit test class for TPMInfo.
*/
public class TPMInfoTest {
public class TPMInfoTest extends AbstractUserdefinedEntityTest {
private static final String TPM_MAKE = "test tpmMake";
private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65);
private static final String TEST_IDENTITY_CERT =
"/tpm/sample_identity_cert.cer";
private static final short VERSION_MAJOR = 1;
private static final short VERSION_MINOR = 2;
private static final short VERSION_REV_MAJOR = 3;
@ -327,30 +322,4 @@ public class TPMInfoTest {
getTestIdentityCertificate());
assertNotEquals(ti1, ti2);
}
private X509Certificate getTestIdentityCertificate() {
X509Certificate certificateValue = null;
InputStream istream = null;
istream = getClass().getResourceAsStream(TEST_IDENTITY_CERT);
try {
if (istream == null) {
throw new FileNotFoundException(TEST_IDENTITY_CERT);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
certificateValue = (X509Certificate) cf.generateCertificate(
istream);
} catch (Exception e) {
return null;
} finally {
if (istream != null) {
try {
istream.close();
} catch (IOException e) {
LOGGER.error("test certificate file could not be closed");
}
}
}
return certificateValue;
}
}

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.info;

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined;

3
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/record/TPMMeasurementRecordTest.java
View File

@ -26,7 +26,8 @@ public class TPMMeasurementRecordTest {
private static final int DEFAULT_PCR_ID = 3;
private static final String DEFAULT_HASH =
"3d5f3c2f7f3003d2e4baddc46ed4763a4954f648";
private static final ExaminableRecord.ExamineState DEFAULT_STATE = ExaminableRecord.ExamineState.UNEXAMINED;
private static final ExaminableRecord.ExamineState DEFAULT_STATE =
ExaminableRecord.ExamineState.UNEXAMINED;
/**
* Tests instantiation of new <code>PCRMeasurementRecord</code>.

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/record/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.record;

123
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/report/DeviceInfoReportTest.java
View File

@ -1,37 +1,25 @@
package hirs.attestationca.persist.entity.userdefined.report;
import hirs.attestationca.persist.entity.userdefined.AbstractUserdefinedEntityTest;
import hirs.attestationca.persist.entity.userdefined.info.OSInfo;
import hirs.attestationca.persist.entity.userdefined.info.TPMInfo;
import hirs.attestationca.persist.entity.userdefined.info.NetworkInfo;
import hirs.attestationca.persist.entity.userdefined.info.HardwareInfo;
import hirs.attestationca.persist.entity.userdefined.info.FirmwareInfo;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/**
* DeviceInfoReportTest is a unit test class for DeviceInfoReports.
* Unit test class for DeviceInfoReports.
*/
public class DeviceInfoReportTest {
public class DeviceInfoReportTest extends AbstractUserdefinedEntityTest {
private final NetworkInfo networkInfo = createTestNetworkInfo();
private final OSInfo osInfo = createTestOSInfo();
private final FirmwareInfo firmwareInfo = createTestFirmwareInfo();
private final HardwareInfo hardwareInfo = createTestHardwareInfo();
private final TPMInfo tpmInfo = createTPMInfo();
private static final String TEST_IDENTITY_CERT = "/tpm/sample_identity_cert.cer";
private static final Logger LOGGER = LogManager.getLogger(DeviceInfoReportTest.class);
private static final String EXPECTED_CLIENT_VERSION = "Test.Version";
@ -101,109 +89,4 @@ public class DeviceInfoReportTest {
assertEquals(tpmInfo, deviceInfoReport.getTpmInfo());
assertEquals(EXPECTED_CLIENT_VERSION, deviceInfoReport.getClientApplicationVersion());
}
/**
* Creates a DeviceInfoReport instance usable for testing.
*
* @return a test DeviceInfoReport
*/
public static DeviceInfoReport getTestReport() {
return new DeviceInfoReport(
createTestNetworkInfo(), createTestOSInfo(), createTestFirmwareInfo(),
createTestHardwareInfo(), createTPMInfo()
);
}
/**
* Creates a test instance of NetworkInfo.
*
* @return network information for a fake device
*/
public static NetworkInfo createTestNetworkInfo() {
try {
final String hostname = "test.hostname";
final InetAddress ipAddress =
InetAddress.getByAddress(new byte[] {127, 0, 0, 1});
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
return new NetworkInfo(hostname, ipAddress, macAddress);
} catch (UnknownHostException e) {
LOGGER.error("error occurred while creating InetAddress");
return null;
}
}
/**
* Creates a test instance of OSInfo.
*
* @return OS information for a fake device
*/
public static OSInfo createTestOSInfo() {
return new OSInfo("test os name", "test os version", "test os arch",
"test distribution", "test distribution release");
}
/**
* Creates a test instance of FirmwareInfo.
*
* @return Firmware information for a fake device
*/
public static FirmwareInfo createTestFirmwareInfo() {
return new FirmwareInfo("test bios vendor", "test bios version", "test bios release date");
}
/**
* Creates a test instance of HardwareInfo.
*
* @return Hardware information for a fake device
*/
public static HardwareInfo createTestHardwareInfo() {
return new HardwareInfo("test manufacturer", "test product name", "test version",
"test really long serial number with many characters", "test really long chassis "
+ "serial number with many characters",
"test really long baseboard serial number with many characters");
}
/**
* Creates a test instance of TPMInfo.
*
* @return TPM information for a fake device
*/
public static final TPMInfo createTPMInfo() {
final short num1 = 1;
final short num2 = 2;
final short num3 = 3;
final short num4 = 4;
return new TPMInfo("test os make", num1, num2, num3, num4,
getTestIdentityCertificate());
}
private static X509Certificate getTestIdentityCertificate() {
X509Certificate certificateValue = null;
InputStream istream = null;
istream = DeviceInfoReportTest.class.getResourceAsStream(
TEST_IDENTITY_CERT
);
try {
if (istream == null) {
throw new FileNotFoundException(TEST_IDENTITY_CERT);
}
CertificateFactory cf = CertificateFactory.getInstance("X.509");
certificateValue = (X509Certificate) cf.generateCertificate(
istream);
} catch (Exception e) {
return null;
} finally {
if (istream != null) {
try {
istream.close();
} catch (IOException e) {
LOGGER.error("test certificate file could not be closed");
}
}
}
return certificateValue;
}
}

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/report/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.entity.userdefined.report;

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist;

6
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/provision/helper/CredentialManagementHelperTest.java
View File

@ -65,7 +65,8 @@ public class CredentialManagementHelperTest {
@Test
public void processEmptyEndorsementCredential() {
assertThrows(IllegalArgumentException.class, () ->
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, new byte[0], "testName"));
CredentialManagementHelper.storeEndorsementCredential(
certificateRepository, new byte[0], "testName"));
}
/**
@ -75,7 +76,8 @@ public class CredentialManagementHelperTest {
public void processInvalidEndorsementCredentialCase1() {
byte[] ekBytes = new byte[] {1};
assertThrows(IllegalArgumentException.class, () ->
CredentialManagementHelper.storeEndorsementCredential(certificateRepository, ekBytes, "testName"));
CredentialManagementHelper.storeEndorsementCredential(
certificateRepository, ekBytes, "testName"));
}
/**

2
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/provision/helper/IssuedCertificateAttributeHelperTest.java
View File

@ -186,7 +186,7 @@ public class IssuedCertificateAttributeHelperTest {
}
private Map<String, String> getSubjectAlternativeNameAttributes(
Extension subjectAlternativeName) {
final Extension subjectAlternativeName) {
Map<String, String> subjectAlternativeNameAttrMap = new HashMap<>();
DLSequence dlSequence = (DLSequence) subjectAlternativeName.getParsedValue();

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/provision/helper/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.provision.helper;

169
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
View File

@ -6,7 +6,6 @@ import hirs.attestationca.persist.entity.userdefined.SupplyChainValidation;
import hirs.attestationca.persist.entity.userdefined.certificate.CertificateAuthorityCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.EndorsementCredential;
import hirs.attestationca.persist.entity.userdefined.certificate.PlatformCredential;
import hirs.attestationca.persist.entity.userdefined.CertificateTest;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.ComponentClass;
import hirs.attestationca.persist.entity.userdefined.certificate.attributes.V2.AttributeStatus;
import hirs.attestationca.persist.entity.userdefined.info.ComponentInfo;
@ -232,7 +231,6 @@ public class SupplyChainCredentialValidatorTest {
if (!f.delete()) {
fail("file was not cleaned up");
}
}
/**
@ -246,18 +244,17 @@ public class SupplyChainCredentialValidatorTest {
@Test
public final void testValidateEndorsementCredential()
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
Certificate rootcacert, intermediateca02cert;
EndorsementCredential ekcert = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
EndorsementCredential ekcert = new EndorsementCredential(Files.readAllBytes(
Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI()))
);
intermediateca02cert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
Certificate intermediateca02cert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
);
rootcacert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
Certificate rootcacert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA_ORIG)).toURI()))
);
try {
@ -287,14 +284,15 @@ public class SupplyChainCredentialValidatorTest {
@Test
public final void validateIntelPlatformCredentials()
throws URISyntaxException, IOException, CertificateException, KeyStoreException {
Certificate rootcacert, intermediatecacert;
intermediatecacert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
Certificate intermediatecacert =
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
);
rootcacert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
Certificate rootcacert =
new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(FAKE_ROOT_CA)).toURI()))
);
try {
@ -302,8 +300,9 @@ public class SupplyChainCredentialValidatorTest {
keyStore.setCertificateEntry("Intel Intermediate Cert",
intermediatecacert.getX509Certificate());
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
@ -328,8 +327,9 @@ public class SupplyChainCredentialValidatorTest {
public final void validateIntelPlatformCredentialAttributes()
throws Exception {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
@ -338,8 +338,8 @@ public class SupplyChainCredentialValidatorTest {
PLATFORM_VERSION, TEST_BOARD_SERIAL_NUMBER,
TEST_CHASSIS_SERIAL_NUMBER, TEST_BOARD_SERIAL_NUMBER));
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -363,13 +363,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -392,13 +393,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
TEST_CHASSIS_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -423,13 +425,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, TEST_BOARD_SERIAL_NUMBER,
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -452,13 +455,15 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -481,13 +486,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -510,13 +516,14 @@ public class SupplyChainCredentialValidatorTest {
DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER,
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
AppraisalStatus result =
CredentialValidator.validatePlatformCredentialAttributes(pc,
@ -540,13 +547,15 @@ public class SupplyChainCredentialValidatorTest {
PLATFORM_VERSION, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
String expectedMessage = "Platform serial did not match device info";
@ -570,13 +579,15 @@ public class SupplyChainCredentialValidatorTest {
new HardwareInfo(DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
DeviceInfoEnums.NOT_SPECIFIED, "zzz", "aaa", "bbb"));
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.
getResource(INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
String expectedMessage = "Platform serial did not match device info";
@ -884,7 +895,8 @@ public class SupplyChainCredentialValidatorTest {
@Test
public final void verifyPlatformCredentialWithBadKeyStore()
throws URISyntaxException, IOException {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
@ -923,7 +935,8 @@ public class SupplyChainCredentialValidatorTest {
@Test
public final void verifyPlatformCredentialNullKeyStore()
throws URISyntaxException, IOException {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
@ -947,13 +960,14 @@ public class SupplyChainCredentialValidatorTest {
@Test
public final void verifyPlatformCredentialNullDeviceInfoReport()
throws URISyntaxException, IOException {
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.getResource(
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidatorTest.class.getResource(
INTEL_PLATFORM_CERT_2)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
EndorsementCredential ec = new EndorsementCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
EndorsementCredential ec = new EndorsementCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
String expectedMessage = "Can't validate platform credential attributes without a "
+ "device info report";
@ -977,12 +991,13 @@ public class SupplyChainCredentialValidatorTest {
public final void testPlatformDnEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException {
Certificate signingCert;
signingCert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INTEL_SIGNING_KEY)).toURI()))
);
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(NEW_NUC1)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
NEW_NUC1)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
@ -1006,11 +1021,12 @@ public class SupplyChainCredentialValidatorTest {
public final void testPlatformDnNotEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException {
Certificate signingCert;
signingCert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
);
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.
getResource(NEW_NUC1)).toURI()));
PlatformCredential pc = new PlatformCredential(certBytes);
@ -1034,12 +1050,13 @@ public class SupplyChainCredentialValidatorTest {
public final void testEndorsementDnEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException {
Certificate signingCert;
signingCert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INT_CA_CERT02)).toURI()))
);
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource(TEST_EK_CERT)).toURI()));
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
TEST_EK_CERT)).toURI()));
EndorsementCredential ec = new EndorsementCredential(certBytes);
@ -1063,11 +1080,12 @@ public class SupplyChainCredentialValidatorTest {
public final void testEndorsementDnNotEquals() throws URISyntaxException, IOException,
KeyStoreException, SupplyChainValidatorException {
Certificate signingCert;
signingCert = new CertificateAuthorityCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
signingCert = new CertificateAuthorityCredential(Files.readAllBytes(Paths.get(
Objects.requireNonNull(getClass().getResource(INTEL_INT_CA)).toURI()))
);
byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
byte[] certBytes = Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.
getResource(TEST_EK_CERT)).toURI()));
EndorsementCredential ec = new EndorsementCredential(certBytes);
@ -1268,8 +1286,9 @@ public class SupplyChainCredentialValidatorTest {
throws IOException, URISyntaxException {
DeviceInfoReport deviceInfoReport = setupDeviceInfoReportWithNotSpecifiedComponents();
PlatformCredential platformCredential = new PlatformCredential(
Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
getResource((SAMPLE_TEST_PACCOR_CERT))).toURI())));
Files.readAllBytes(Paths.get(
Objects.requireNonNull(SupplyChainCredentialValidator.class.getResource(
SAMPLE_TEST_PACCOR_CERT)).toURI())));
AppraisalStatus appraisalStatus = CertificateAttributeScvValidator
.validatePlatformCredentialAttributesV2p0(platformCredential, deviceInfoReport);
@ -1937,9 +1956,9 @@ public class SupplyChainCredentialValidatorTest {
.validateDeltaPlatformCredentialAttributes(delta1,
deviceInfoReport, base, chainCredentials);
assertEquals(AppraisalStatus.Status.FAIL, result.getAppStatus());
assertEquals("There are unmatched components:\n" +
"Manufacturer=Intel Corporation, Model=82580 Gigabit Network " +
"Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
assertEquals("There are unmatched components:\n"
+ "Manufacturer=Intel Corporation, Model=82580 Gigabit Network "
+ "Connection-faulty, Serial=90:e2:ba:31:83:10, Revision=;\n",
result.getMessage());
}
@ -2018,7 +2037,7 @@ public class SupplyChainCredentialValidatorTest {
* @return new X509Certificate
*/
private static X509Certificate createCertSignedByAnotherCert(final KeyPair keyPair,
final PrivateKey signingKey, final X509Certificate signingCert) {
final PrivateKey signingKey, final X509Certificate signingCert) {
final int timeRange = 10000;
X509Certificate cert = null;
try {
@ -2073,7 +2092,7 @@ public class SupplyChainCredentialValidatorTest {
return cert;
}
private DeviceInfoReport buildReport(final HardwareInfo hardwareInfo) {
private DeviceInfoReport buildReport(final HardwareInfo givenHardwareInfo) {
final InetAddress ipAddress = getTestIpAddress();
final byte[] macAddress = new byte[] {11, 22, 33, 44, 55, 66};
@ -2083,7 +2102,7 @@ public class SupplyChainCredentialValidatorTest {
TPMInfo tpmInfo = new TPMInfo();
return new DeviceInfoReport(networkInfo, osInfo,
firmwareInfo, hardwareInfo, tpmInfo);
firmwareInfo, givenHardwareInfo, tpmInfo);
}
private static InetAddress getTestIpAddress() {
try {

1
HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/package-info.java Normal file
View File

@ -0,0 +1 @@
package hirs.attestationca.persist.validation;