From 748d7a317f92813daeee39dfdb602880bef3b134 Mon Sep 17 00:00:00 2001 From: iadgovuser62 <145499407+iadgovuser62@users.noreply.github.com> Date: Tue, 5 Dec 2023 15:09:01 -0500 Subject: [PATCH] HIRS_Utils Unit Tests Migration from /hirs/data/persist directory (#632) * Adding TPMInfoTest with necessary resources, and adding EndorsementCredentialTest with approved fix to EndorsementCredential * Adding CertificateAuthorityCredentialTest and adding mockito import to build.gradle --- HIRS_AttestationCA/build.gradle | 2 + .../certificate/EndorsementCredential.java | 9 +- .../CertificateAuthorityCredentialTest.java | 48 +++ .../EndorsementCredentialTest.java | 215 +++++++++++ .../entity/userdefined/info/TPMInfoTest.java | 357 ++++++++++++++++++ .../src/test/resources/tpm/TPMEmptyFile.csv | 1 + .../test/resources/tpm/TPMInvalidRecords.csv | 24 ++ .../resources/tpm/TPMTestAdditionalFields.csv | 24 ++ .../test/resources/tpm/TPMTestBaseline.csv | 24 ++ .../resources/tpm/TPMTestBaselineAllEs.csv | 24 ++ .../tpm/TPMTestBaselineWithDeviceInfo.csv | 42 +++ .../TPMTestBaselineWithInvalidDeviceInfo.csv | 27 ++ .../resources/tpm/TPMTestBaselineZeroes.csv | 17 + .../resources/tpm/sample_identity_cert.cer | Bin 0 -> 786 bytes 14 files changed, 809 insertions(+), 5 deletions(-) create mode 100644 HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredentialTest.java create mode 100644 HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredentialTest.java create mode 100644 HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMEmptyFile.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMInvalidRecords.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMTestAdditionalFields.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaseline.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineAllEs.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithDeviceInfo.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithInvalidDeviceInfo.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineZeroes.csv create mode 100644 HIRS_AttestationCA/src/test/resources/tpm/sample_identity_cert.cer diff --git a/HIRS_AttestationCA/build.gradle b/HIRS_AttestationCA/build.gradle index f911757e..893997d9 100644 --- a/HIRS_AttestationCA/build.gradle +++ b/HIRS_AttestationCA/build.gradle @@ -50,6 +50,8 @@ dependencies { testImplementation 'org.junit.platform:junit-platform-launcher:1.9.3' testImplementation 'org.hamcrest:hamcrest:2.2' + testImplementation 'org.mockito:mockito-core:4.2.0' + // spring management compileOnly libs.lombok implementation libs.lombok diff --git a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java index 48435ad2..89437e33 100644 --- a/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java +++ b/HIRS_AttestationCA/src/main/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredential.java @@ -36,7 +36,6 @@ import org.bouncycastle.asn1.DERIA5String; import org.bouncycastle.asn1.DERNumericString; import org.bouncycastle.asn1.DERPrintableString; import org.bouncycastle.asn1.DERT61String; -import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.DERUniversalString; import org.bouncycastle.asn1.DERVisibleString; @@ -348,10 +347,10 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { log.debug("Found TPM Assertions: " + tpmSecurityAssertions.toString()); // Iterate through remaining fields to set optional attributes int tag; - DERTaggedObject obj; + ASN1TaggedObject obj; for (int i = seqPosition; i < seq.size(); i++) { - if (seq.getObjectAt(i) instanceof DERTaggedObject) { - obj = (DERTaggedObject) seq.getObjectAt(i); + if (seq.getObjectAt(i) instanceof ASN1TaggedObject) { + obj = (ASN1TaggedObject) seq.getObjectAt(i); tag = obj.getTagNo(); if (tag == EK_TYPE_TAG) { int ekGenTypeVal = ((ASN1Enumerated) obj.getObject()).getValue().intValue(); @@ -375,7 +374,7 @@ public class EndorsementCredential extends DeviceAssociatedCertificate { TPMSecurityAssertions.EkGenerationLocation ekCertGenLoc = TPMSecurityAssertions.EkGenerationLocation. values()[ekCertGenLocVal]; - tpmSecurityAssertions.setEkGenerationLocation(ekCertGenLoc); + tpmSecurityAssertions.setEkCertificateGenerationLocation(ekCertGenLoc); } } // ccInfo, fipsLevel, iso9000Certified, and iso9000Uri still to be implemented diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredentialTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredentialTest.java new file mode 100644 index 00000000..7d59722c --- /dev/null +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/CertificateAuthorityCredentialTest.java @@ -0,0 +1,48 @@ +package hirs.attestationca.persist.entity.userdefined.certificate; + +import hirs.attestationca.persist.entity.userdefined.CertificateTest; +import org.apache.commons.codec.binary.Hex; +import static org.mockito.Mockito.mock; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.net.URISyntaxException; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.cert.CertificateException; +import hirs.attestationca.persist.entity.manager.CertificateRepository; + +/** + * Tests that CertificateAuthorityCredential properly parses its fields. + */ +public class CertificateAuthorityCredentialTest { + private static final CertificateRepository CERT_MAN = mock(CertificateRepository.class); + + /** + * Tests that a CertificateAuthorityCredential can be created from an X.509 certificate and + * that the subject key identifier is correctly extracted. + * + * @throws IOException if the certificate could not be constructed properly + * @throws CertificateException if there is a problem with the KeyStore or de/serializing the + * certificate + * @throws URISyntaxException if there is a problem constructing the path to the certificate + */ + @Test + public void testGetSubjectKeyIdentifier() + throws CertificateException, IOException, URISyntaxException { + Path testCertPath = Paths.get( + this.getClass().getResource(CertificateTest.FAKE_ROOT_CA_FILE).toURI() + ); + CertificateAuthorityCredential caCred = new CertificateAuthorityCredential(testCertPath); + + byte[] subjectKeyIdentifier = caCred.getSubjectKeyIdentifier(); + + assertNotNull(subjectKeyIdentifier); + assertEquals( + Hex.encodeHexString(subjectKeyIdentifier), + CertificateTest.FAKE_ROOT_CA_SUBJECT_KEY_IDENTIFIER_HEX + ); + } +} diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredentialTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredentialTest.java new file mode 100644 index 00000000..877f0adb --- /dev/null +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/certificate/EndorsementCredentialTest.java @@ -0,0 +1,215 @@ +package hirs.attestationca.persist.entity.userdefined.certificate; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.assertNotNull; + +import hirs.attestationca.persist.entity.userdefined.CertificateTest; +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.math.BigInteger; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TPMSecurityAssertions; +import hirs.attestationca.persist.entity.userdefined.certificate.attributes.TPMSpecification; + +/** + * Tests for the EndorsementCredential class. + */ +public class EndorsementCredentialTest { + private static final String TEST_ENDORSEMENT_CREDENTIAL + = "/certificates/ab21ccf2-tpmcert.pem"; + private static final String TEST_ENDORSEMENT_CREDENTIAL_NUC1 + = "/certificates/nuc-1/tpmcert.pem"; + private static final String TEST_ENDORSEMENT_CREDENTIAL_NUC2 + = "/certificates/nuc-2/tpmcert.pem"; + private static final String EK_CERT_WITH_SECURITY_ASSERTIONS = + "/certificates/ek_cert_with_security_assertions.cer"; + + /** + * Tests the successful parsing of an EC using a test cert from STM. + * @throws IOException test failed due to invalid certificate parsing + */ + @Test + public void testParse() throws IOException { + String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL). + getPath(); + Path fPath = Paths.get(path); + EndorsementCredential ec = new EndorsementCredential(fPath); + assertNotNull(ec); + + //test the fields + assertEquals(ec.getManufacturer(), "id:53544D20"); + assertEquals(ec.getModel(), "ST33ZP24PVSP"); + assertEquals(ec.getVersion(), "id:0D0C"); + + TPMSpecification spec = ec.getTpmSpecification(); + assertEquals(spec.getFamily(), "1.2"); + assertEquals(spec.getLevel(), BigInteger.valueOf(2)); + assertEquals(spec.getRevision(), BigInteger.valueOf(116)); + + TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); + assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); + assertTrue(asserts.isFieldUpgradeable()); + assertEquals(asserts.getEkGenType(), + TPMSecurityAssertions.EkGenerationType.INJECTED); + assertEquals(asserts.getEkGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + assertEquals(asserts.getEkCertificateGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + } + + /** + * Tests the successful parsing of an EC using a test cert from NUC 1. + * @throws IOException test failed due to invalid certificate parsing + */ + @Test + public void testParseNuc1() throws IOException { + String path = CertificateTest.class.getResource( + TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath(); + Path fPath = Paths.get(path); + EndorsementCredential ec = new EndorsementCredential(fPath); + assertNotNull(ec); + + //test the fields + assertEquals(ec.getManufacturer(), "id:53544D20"); + assertEquals(ec.getModel(), "ST33ZP24PVSP"); + assertEquals(ec.getVersion(), "id:0D0C"); + + TPMSpecification spec = ec.getTpmSpecification(); + assertEquals(spec.getFamily(), "1.2"); + assertEquals(spec.getLevel(), BigInteger.valueOf(2)); + assertEquals(spec.getRevision(), BigInteger.valueOf(116)); + + TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); + assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); + assertTrue(asserts.isFieldUpgradeable()); + assertEquals(asserts.getEkGenType(), + TPMSecurityAssertions.EkGenerationType.INJECTED); + assertEquals(asserts.getEkGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + assertEquals(asserts.getEkCertificateGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + } + + /** + * Tests the successful parsing of an EC using a test cert from NUC 1, + * using the static builder method. + * @throws IOException test failed due to invalid certificate parsing + */ + @Test + public void testParseNuc1BuilderMethod() throws IOException { + String path = CertificateTest.class.getResource( + TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath(); + Path fPath = Paths.get(path); + byte[] ecBytes = Files.readAllBytes(fPath); + + EndorsementCredential ec = EndorsementCredential.parseWithPossibleHeader(ecBytes); + assertNotNull(ec); + + //test the fields + assertEquals(ec.getManufacturer(), "id:53544D20"); + assertEquals(ec.getModel(), "ST33ZP24PVSP"); + assertEquals(ec.getVersion(), "id:0D0C"); + + TPMSpecification spec = ec.getTpmSpecification(); + assertEquals(spec.getFamily(), "1.2"); + assertEquals(spec.getLevel(), BigInteger.valueOf(2)); + assertEquals(spec.getRevision(), BigInteger.valueOf(116)); + + TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); + assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); + assertTrue(asserts.isFieldUpgradeable()); + assertEquals(asserts.getEkGenType(), + TPMSecurityAssertions.EkGenerationType.INJECTED); + assertEquals(asserts.getEkGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + assertEquals(asserts.getEkCertificateGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + } + + /** + * Tests the successful parsing of an EC using a test cert from NUC 2. + * @throws IOException test failed due to invalid certificate parsing + */ + @Test + public void testParseNuc2() throws IOException { + String path = CertificateTest.class.getResource( + TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath(); + Path fPath = Paths.get(path); + EndorsementCredential ec = new EndorsementCredential(fPath); + assertNotNull(ec); + + //test the fields + assertEquals(ec.getManufacturer(), "id:53544D20"); + assertEquals(ec.getModel(), "ST33ZP24PVSP"); + assertEquals(ec.getVersion(), "id:0D0C"); + + TPMSpecification spec = ec.getTpmSpecification(); + assertEquals(spec.getFamily(), "1.2"); + assertEquals(spec.getLevel(), BigInteger.valueOf(2)); + assertEquals(spec.getRevision(), BigInteger.valueOf(116)); + + TPMSecurityAssertions asserts = ec.getTpmSecurityAssertions(); + assertEquals(asserts.getTpmSecAssertsVersion(), BigInteger.valueOf(0)); + assertTrue(asserts.isFieldUpgradeable()); + assertEquals(asserts.getEkGenType(), + TPMSecurityAssertions.EkGenerationType.INJECTED); + assertEquals(asserts.getEkGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + assertEquals(asserts.getEkCertificateGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + } + + /** + * Tests that different EC certificates aren't the same, even if their attributes are the same. + * @throws IOException test failed due to invalid certificate parsing + */ + @Test + public void testCertsNotEqual() throws IOException { + String path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL).getPath(); + Path fPath = Paths.get(path); + EndorsementCredential ec1 = new EndorsementCredential(fPath); + assertNotNull(ec1); + + path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC1).getPath(); + fPath = Paths.get(path); + EndorsementCredential ec2 = new EndorsementCredential(fPath); + assertNotNull(ec2); + + path = CertificateTest.class.getResource(TEST_ENDORSEMENT_CREDENTIAL_NUC2).getPath(); + fPath = Paths.get(path); + EndorsementCredential ec3 = new EndorsementCredential(fPath); + assertNotNull(ec3); + + assertNotEquals(ec1, ec2); + assertNotEquals(ec2, ec3); + } + + /** + * Tests that EndorsementCredential correctly parses out TPM Security Assertions from a + * provided TPM EK Certificate. + * + * @throws IOException if there is a problem reading the cert file at the given path + */ + @Test + public void testTpmSecurityAssertionsParsing() throws IOException { + Path fPath = Paths.get(CertificateTest.class + .getResource(EK_CERT_WITH_SECURITY_ASSERTIONS).getPath()); + EndorsementCredential ec = new EndorsementCredential(fPath); + + TPMSecurityAssertions securityAssertions = ec.getTpmSecurityAssertions(); + assertEquals(securityAssertions.getTpmSecAssertsVersion(), BigInteger.ONE); + assertTrue(securityAssertions.isFieldUpgradeable()); + assertEquals(securityAssertions.getEkGenType(), + TPMSecurityAssertions.EkGenerationType.INJECTED); + assertEquals(securityAssertions.getEkGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + assertEquals(securityAssertions.getEkCertificateGenerationLocation(), + TPMSecurityAssertions.EkGenerationLocation.TPM_MANUFACTURER); + } + +} diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java new file mode 100644 index 00000000..0a515c6f --- /dev/null +++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/entity/userdefined/info/TPMInfoTest.java @@ -0,0 +1,357 @@ +package hirs.attestationca.persist.entity.userdefined.info; + +import static hirs.utils.enums.DeviceInfoEnums.NOT_SPECIFIED; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +import org.apache.commons.lang3.StringUtils; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import org.junit.jupiter.api.Test; + +/** + * TPMInfoTest is a unit test class for TPMInfo. + */ +public class TPMInfoTest { + + private static final String TPM_MAKE = "test tpmMake"; + private static final String LONG_TPM_MAKE = StringUtils.rightPad("test tpmMake", 65); + private static final String TEST_IDENTITY_CERT = + "/tpm/sample_identity_cert.cer"; + private static final short VERSION_MAJOR = 1; + private static final short VERSION_MINOR = 2; + private static final short VERSION_REV_MAJOR = 3; + private static final short VERSION_REV_MINOR = 4; + private static final Logger LOGGER = LogManager + .getLogger(TPMInfoTest.class); + + /** + * Tests instantiation and getters of a TPMInfo object. + */ + @Test + public final void tpmInfo() { + TPMInfo tpmInfo = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + String yea = tpmInfo.getTpmMake(); + assertEquals(tpmInfo.getTpmMake(), TPM_MAKE); + assertEquals(tpmInfo.getTpmVersionMajor(), VERSION_MAJOR); + assertEquals(tpmInfo.getTpmVersionMinor(), VERSION_MINOR); + assertEquals(tpmInfo.getTpmVersionRevMajor(), VERSION_REV_MAJOR); + assertEquals(tpmInfo.getTpmVersionRevMinor(), VERSION_REV_MINOR); + } + + /** + * Tests that the no-parameter constructor for TPMInfo contains expected values. + */ + @Test + public final void tpmInfoNoParams() { + TPMInfo tpmInfo = new TPMInfo(); + assertEquals(tpmInfo.getTpmMake(), NOT_SPECIFIED); + assertEquals(tpmInfo.getTpmVersionMajor(), (short) 0); + assertEquals(tpmInfo.getTpmVersionMinor(), (short) 0); + assertEquals(tpmInfo.getTpmVersionRevMajor(), (short) 0); + assertEquals(tpmInfo.getTpmVersionRevMinor(), (short) 0); + assertEquals(tpmInfo.getIdentityCertificate(), null); + } + + /** + * Tests that the TPM make information cannot be null. + */ + @Test + public final void tpmMakeNullTest() { + assertThrows(IllegalArgumentException.class, () -> + new TPMInfo(null, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR, + VERSION_REV_MINOR, getTestIdentityCertificate())); + } + + /** + * Tests that the TPM make information cannot be longer than 64 characters. + */ + @Test + public final void tpmMakeLongTest() { + assertThrows(IllegalArgumentException.class, () -> + new TPMInfo(LONG_TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR, + VERSION_REV_MINOR, getTestIdentityCertificate())); + } + + /** + * Tests that the version major number info cannot be set to negative + * values. + */ + @Test + public final void testTPMInfoInvalidVersionMajor() { + assertThrows(IllegalArgumentException.class, () -> + new TPMInfo(TPM_MAKE, (short) -1, VERSION_MINOR, VERSION_REV_MAJOR, + VERSION_REV_MINOR, getTestIdentityCertificate())); + } + + /** + * Tests that the version minor number info cannot be set to negative + * values. + */ + @Test + public final void testTPMInfoInvalidVersionMinor() { + assertThrows(IllegalArgumentException.class, () -> + new TPMInfo(TPM_MAKE, VERSION_MAJOR, (short) -1, VERSION_REV_MAJOR, + VERSION_REV_MINOR, getTestIdentityCertificate())); + } + + /** + * Tests that the version revision major numbers cannot be set to negative + * values. + */ + @Test + public final void testTPMInfoInvalidVersionRevMajor() { + assertThrows(IllegalArgumentException.class, () -> + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, (short) -1, + VERSION_REV_MINOR, getTestIdentityCertificate())); + } + + /** + * Tests that the version revision minor numbers cannot be set to negative + * values. + */ + @Test + public final void testTPMInfoInvalidVersionRevMinor() { + assertThrows(IllegalArgumentException.class, () -> + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, VERSION_REV_MAJOR, + (short) -1, getTestIdentityCertificate())); + } + + /** + * Tests that two TPMInfo objects with the same TPM make, major, minor, + * major revision, and minor revision information have equal hash codes. + */ + @Test + public final void testEqualHashCode() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertEquals(ti1.hashCode(), ti2.hashCode()); + } + + /** + * Tests that two TPMInfo objects with different TPM make information have + * different hash codes. + */ + @Test + public final void testNotEqualHashCodeTPMMake() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo("test tpmMake 2", VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1.hashCode(), ti2.hashCode()); + } + + /** + * Tests that two TPMInfo objects with different TPM major version number + * information have different hash codes. + */ + @Test + public final void testNotEqualHashCodeTPMVersionMajor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, (short) 0, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1.hashCode(), ti2.hashCode()); + } + + /** + * Tests that two TPMInfo objects with different TPM minor version number + * information have different hash codes. + */ + @Test + public final void testNotEqualHashCodeTPMVersionMinor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, (short) 0, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1.hashCode(), ti2.hashCode()); + } + + /** + * Tests that two TPMInfo objects with different TPM major revision version + * number information have different hash codes. + */ + @Test + public final void testNotEqualHashCodeTPMVersionRevMajor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, (short) 0, + VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1.hashCode(), ti2.hashCode()); + } + + /** + * Tests that two TPMInfo objects with different TPM minor revision version + * number information have different hash codes. + */ + @Test + public final void testNotEqualHashCodeTPMVersionRevMinor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, (short) 0, + getTestIdentityCertificate()); + assertNotEquals(ti1.hashCode(), ti2.hashCode()); + } + + /** + * Tests that two TPMInfo objects with the same TPM make, major, minor, + * major revision, and minor revision version number information are equal. + */ + @Test + public final void testEqual() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertEquals(ti1, ti2); + } + + /** + * Tests that two TPMInfo objects with different TPM make information are + * not equal. + */ + @Test + public final void testNotEqualTPMMake() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo("test tpmMake 2", VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1, ti2); + } + + /** + * Tests that two TPMInfo objects with different TPM major version number + * information are not equal. + */ + @Test + public final void testNotEqualTPMVersionMajor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, (short) 0, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1, ti2); + } + + /** + * Tests that two TPMInfo objects with different TPM minor version number + * information are not equal. + */ + @Test + public final void testNotEqualTPMVersionMinor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, (short) 0, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + assertNotEquals(ti1, ti2); + } + + /** + * Tests that two TPMInfo objects with different TPM major revision version + * number information are not equal. + */ + @Test + public final void testNotEqualTPMVersionRevMajor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, (short) 0, + VERSION_REV_MINOR, getTestIdentityCertificate()); + assertNotEquals(ti1, ti2); + } + + /** + * Tests that two TPMInfo objects with different TPM minor revision version + * number information are not equal. + */ + @Test + public final void testNotEqualTPMVersionRevMinor() { + final TPMInfo ti1 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, VERSION_REV_MINOR, + getTestIdentityCertificate()); + final TPMInfo ti2 = + new TPMInfo(TPM_MAKE, VERSION_MAJOR, VERSION_MINOR, + VERSION_REV_MAJOR, (short) 0, + getTestIdentityCertificate()); + assertNotEquals(ti1, ti2); + } + + private X509Certificate getTestIdentityCertificate() { + X509Certificate certificateValue = null; + InputStream istream = null; + istream = getClass().getResourceAsStream(TEST_IDENTITY_CERT); + try { + if (istream == null) { + throw new FileNotFoundException(TEST_IDENTITY_CERT); + } + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + certificateValue = (X509Certificate) cf.generateCertificate( + istream); + + } catch (Exception e) { + return null; + } finally { + if (istream != null) { + try { + istream.close(); + } catch (IOException e) { + LOGGER.error("test certificate file could not be closed"); + } + } + } + return certificateValue; + } +} diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMEmptyFile.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMEmptyFile.csv new file mode 100644 index 00000000..d3f5a12f --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMEmptyFile.csv @@ -0,0 +1 @@ + diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMInvalidRecords.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMInvalidRecords.csv new file mode 100644 index 00000000..995181e4 --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMInvalidRecords.csv @@ -0,0 +1,24 @@ +0, +1,3a3f780f11a4b49969fcaa80cd6 +2,3a3f780f11a4b49969fcaa80cd6 +3,3a3f780f11a4b49969fcaa80cd6 +4,5289e89800f19805192a20fbbc7 +5,7e39b3da2fbbe3a36798ead5e87 +6,3a3f780f11a4b49969fcaa80cd6 +7,3a3f780f11a4b49969fcaa80cd6 +8,000000000000000000000000000 +9,000000000000000000000000000 +10,d917a32ee75f2d7cad093ca1dd8 +11,000000000000000000000000000 +12,000000000000000000000000000 +13,000000000000000000000000000 +14,000000000000000000000000000 +15,fffffffffffffffffffffffffff +16,000000000000000000000000000 +17,000000000000000000000000000 +18,000000000000000000000000000 +19,000000000000000000000000000 +20,000000000000000000000000000 +21,000000000000000000000000000 +22,000000000000000000000000000 +23,000000000000000000000000000 diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMTestAdditionalFields.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestAdditionalFields.csv new file mode 100644 index 00000000..2d7ed555 --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestAdditionalFields.csv @@ -0,0 +1,24 @@ +0,76abf677781fcb983da780a08fe46920ebb1a058,Testing,Additional,Fields +1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275,,, +2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275,,, +3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275,,, +4,5289e89800f19805192a20fbbc712d18361d3d45,,, +5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2,,, +6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275,,, +7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275,,, +8,0000000000000000000000000000000000000000,,, +9,0000000000000000000000000000000000000000,,, +10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832,,, +11,0000000000000000000000000000000000000000,,, +12,0000000000000000000000000000000000000000,,, +13,0000000000000000000000000000000000000000,,, +14,0000000000000000000000000000000000000000,,, +15,0000000000000000000000000000000000000000,,, +16,0000000000000000000000000000000000000000,,, +17,ffffffffffffffffffffffffffffffffffffffff,,, +18,ffffffffffffffffffffffffffffffffffffffff,,, +19,ffffffffffffffffffffffffffffffffffffffff,,, +20,ffffffffffffffffffffffffffffffffffffffff,,, +21,ffffffffffffffffffffffffffffffffffffffff,,, +22,ffffffffffffffffffffffffffffffffffffffff,,, +23,0000000000000000000000000000000000000000,,, \ No newline at end of file diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaseline.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaseline.csv new file mode 100644 index 00000000..092e7399 --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaseline.csv @@ -0,0 +1,24 @@ +0,76abf677781fcb983da780a08fe46920ebb1a058 +1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +4,5289e89800f19805192a20fbbc712d18361d3d45 +5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2 +6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +8,0000000000000000000000000000000000000000 +9,0000000000000000000000000000000000000000 +10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832 +11,0000000000000000000000000000000000000000 +12,0000000000000000000000000000000000000000 +13,0000000000000000000000000000000000000000 +14,0000000000000000000000000000000000000000 +15,ffffffffffffffffffffffffffffffffffffffff +16,0000000000000000000000000000000000000000 +17,0000000000000000000000000000000000000000 +18,0000000000000000000000000000000000000000 +19,0000000000000000000000000000000000000000 +20,0000000000000000000000000000000000000000 +21,0000000000000000000000000000000000000000 +22,0000000000000000000000000000000000000000 +23,0000000000000000000000000000000000000000 \ No newline at end of file diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineAllEs.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineAllEs.csv new file mode 100644 index 00000000..d8fd833a --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineAllEs.csv @@ -0,0 +1,24 @@ +0,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +1,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +2,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +3,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +4,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +5,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +6,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +7,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +8,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +9,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +10,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +11,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +12,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +13,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +14,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +15,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +16,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +17,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +18,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +19,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +20,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +21,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +22,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee +23,eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee \ No newline at end of file diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithDeviceInfo.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithDeviceInfo.csv new file mode 100644 index 00000000..0977f6af --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithDeviceInfo.csv @@ -0,0 +1,42 @@ +manufacturer,U.S.A +BIOS_VENDOR,HirsBIOS +PRODUCT_NAME,The best product +VERSION,0.6.9 +SYSTEM_SERIAL_NUMBER,8_8 +CHASSIS_SERIAL_NUMBER,9_9 +BASEBOARD_SERIAL_NUMBER,ABC123 +TPM_MAKE,Infineon +TPM_VERSION_MAJOR,1 +TPM_VERSION_MINOR,2 +TPM_VERSION_REV_MAJOR,3 +TPM_VERSION_REV_MINOR,4 +0,76abf677781fcb983da780a08fe46920ebb1a058 +1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +4,5289e89800f19805192a20fbbc712d18361d3d45 +5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2 +6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +BIOS_RELEASE_DATE,04/25/2014 +7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +8,0000000000000000000000000000000000000000 +9,0000000000000000000000000000000000000000 +10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832 +11,0000000000000000000000000000000000000000 +12,0000000000000000000000000000000000000000 +13,0000000000000000000000000000000000000000 +14,0000000000000000000000000000000000000000 +15,0000000000000000000000000000000000000000 +16,0000000000000000000000000000000000000000 +17,ffffffffffffffffffffffffffffffffffffffff +18,ffffffffffffffffffffffffffffffffffffffff +19,ffffffffffffffffffffffffffffffffffffffff +20,ffffffffffffffffffffffffffffffffffffffff +21,ffffffffffffffffffffffffffffffffffffffff +22,ffffffffffffffffffffffffffffffffffffffff +23,0000000000000000000000000000000000000000 +BIOS_VERSION,abc +OS_NAME,Linux +OS_VERSION,3.10.0-123.el7.x86_64 +DISTRIBUTION,CentOS +DISTRIBUTION_RELEASE,7.0.1406 diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithInvalidDeviceInfo.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithInvalidDeviceInfo.csv new file mode 100644 index 00000000..292a53c4 --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineWithInvalidDeviceInfo.csv @@ -0,0 +1,27 @@ +manufacturer,U.S.A +0,76abf677781fcb983da780a08fe46920ebb1a058 +1,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +2,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +3,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +4,5289e89800f19805192a20fbbc712d18361d3d45 +5,7e39b3da2fbbe3a36798ead5e877a7ea60d00db2 +6,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +OS_VERSION,3.10.0-123.el7.x86_64 +7,3a3f780f11a4b49969fcaa80cd6e3957c33b2275 +8,0000000000000000000000000000000000000000 +9,0000000000000000000000000000000000000000 +10,d917a32ee75f2d7cad093ca1dd8a8a981a3f3832 +11,0000000000000000000000000000000000000000 +12,0000000000000000000000000000000000000000 +13,0000000000000000000000000000000000000000 +14,0000000000000000000000000000000000000000 +15,0000000000000000000000000000000000000000 +16,0000000000000000000000000000000000000000 +17,ffffffffffffffffffffffffffffffffffffffff +18,ffffffffffffffffffffffffffffffffffffffff +19,ffffffffffffffffffffffffffffffffffffffff +20,ffffffffffffffffffffffffffffffffffffffff +21,ffffffffffffffffffffffffffffffffffffffff +22,ffffffffffffffffffffffffffffffffffffffff +23,0000000000000000000000000000000000000000 +DISTRIBUTION_RELEASE,7.0.1406 diff --git a/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineZeroes.csv b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineZeroes.csv new file mode 100644 index 00000000..2edc2828 --- /dev/null +++ b/HIRS_AttestationCA/src/test/resources/tpm/TPMTestBaselineZeroes.csv @@ -0,0 +1,17 @@ +0,0000000000000000000000000000000000000000 +1,0000000000000000000000000000000000000000 +2,0000000000000000000000000000000000000000 +3,0000000000000000000000000000000000000000 +4,0000000000000000000000000000000000000000 +5,0000000000000000000000000000000000000000 +6,0000000000000000000000000000000000000000 +7,0000000000000000000000000000000000000000 +8,0000000000000000000000000000000000000000 +9,0000000000000000000000000000000000000000 +10,0000000000000000000000000000000000000000 +11,0000000000000000000000000000000000000000 +12,0000000000000000000000000000000000000000 +13,0000000000000000000000000000000000000000 +14,0000000000000000000000000000000000000000 +15,0000000000000000000000000000000000000000 +16,0000000000000000000000000000000000000000 \ No newline at end of file diff --git a/HIRS_AttestationCA/src/test/resources/tpm/sample_identity_cert.cer b/HIRS_AttestationCA/src/test/resources/tpm/sample_identity_cert.cer new file mode 100644 index 0000000000000000000000000000000000000000..f44426716d36670c79e17c953dba2644c8f593b4 GIT binary patch literal 786 zcmXqLV&*ewV*Iv%nTe5!iH$M-V6>&S0WTY;R+~rLcV0$DR#pZBA45?CVK(Ma7G@rv zjLf29-Q2|FjLf`LLvaI9kT5q7pJPc$YH>+oNoIbYg0rI`uK_nmf{Ta6!!sz@klTP0 z#AOp^3Jo@p6X!KFH#9UfH8Li(1Ozw1Y8u;e4$}jink3HhZ+cxaWV<$BXg$?F99f zX$QBhd)`}i-t+F?W4CI3PVzpVWu4(6uJSn3=yEHoYdT{YS0!%r~#Z zb}w5zDQ-S{UhNCt`JZB){5U%nzs`RXcjQxVewrTBf;Vn!S53?4Ia6$*G4=e%oAL6# zS>M!D3&WzsT?(0)85tNCI~h0_Xaa*(R*;eLKa0G9>=J1MNpO^~rZ=)O@$>K)S{msY znpx->=$RXWBT!Zqq?FTuoeiXfgBdxLfe{T1Wkv?I+>QrbzQR3=vN(H%H*C_j{L=Eq zvb3qwrK@4rtyHVM49pjAs-#O43cs8G-pICP!5J+UZ7SZ_ z@#k`(@5g;c8_g~^m+oiZJ1zg}xh>qYPu9&9kX*qooV5O?ZvOQpJAOo{#7~#`zcc*Q ug9RUMm%hI?c|p&D%TlYEyk3PW&+*%|T>6n#H_Lf7{nT~YCxov&`Tzi`BRi}B literal 0 HcmV?d00001