From de84ccbb2cdaf0970117a762725474605a1048d7 Mon Sep 17 00:00:00 2001
From: iadgovuser62 <iadgovuser62@empire.eclipse.ncsc.mil>
Date: Fri, 23 Feb 2024 12:53:13 -0500
Subject: [PATCH] Adding tests for validating mismatching
 baseboard/chassis/system serial numbers in DeviceInfoReport objects

---
 .../SupplyChainCredentialValidatorTest.java   | 92 ++++++++++++++++++-
 1 file changed, 91 insertions(+), 1 deletion(-)

diff --git a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
index 16a5dd2c..00aaeeca 100644
--- a/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
+++ b/HIRS_AttestationCA/src/test/java/hirs/attestationca/persist/validation/SupplyChainCredentialValidatorTest.java
@@ -93,7 +93,10 @@ import java.util.Map;
 import java.util.HashMap;
 
 /**
- * Tests the SupplyChainValidator class.
+ * Tests the SupplyChainCredentialValidator and CredentialValidator class.
+ * Migration note: Tests specifically for test Intel Nuc Platform Credentials
+ * have been omitted, as there is no existing matching test Endorsement Credential
+ * in the project resources.
  */
 public class SupplyChainCredentialValidatorTest {
 
@@ -436,6 +439,93 @@ public class SupplyChainCredentialValidatorTest {
                 result.getMessage());
     }
 
+    /**
+     * Checks if validation occurs when the Platform Credential baseboard
+     * serial number is in the device chassis serial number field.
+     */
+    @Test
+    public final void validatePlatformCredentialCombinedWithChassisSerialNumbersMatchedBaseboard()
+            throws Exception {
+
+        DeviceInfoReport deviceInfoReport = buildReport(new HardwareInfo(
+                DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
+                DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
+                TEST_BOARD_SERIAL_NUMBER, DeviceInfoEnums.NOT_SPECIFIED));
+
+        byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
+                getResource(INTEL_PLATFORM_CERT_2)).toURI()));
+
+        PlatformCredential pc = new PlatformCredential(certBytes);
+
+        EndorsementCredential ec = new EndorsementCredential(
+                Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
+
+        AppraisalStatus result =
+                CredentialValidator.validatePlatformCredentialAttributes(pc,
+                        deviceInfoReport, ec);
+        assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
+        assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
+                result.getMessage());
+    }
+
+    /**
+     * Checks if validation occurs when the Platform Credential chassis
+     * serial number is in the device baseboard serial number field.
+     */
+    @Test
+    public final void validatePlatformCredentialCombinedWithBaseboardSerialNumbersMatchedChassis()
+            throws Exception {
+
+        DeviceInfoReport deviceInfoReport = buildReport(new HardwareInfo(
+                DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
+                DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
+                DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER));
+
+        byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
+                getResource(INTEL_PLATFORM_CERT_2)).toURI()));
+
+        PlatformCredential pc = new PlatformCredential(certBytes);
+
+        EndorsementCredential ec = new EndorsementCredential(
+                Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
+
+        AppraisalStatus result =
+                CredentialValidator.validatePlatformCredentialAttributes(pc,
+                        deviceInfoReport, ec);
+        assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
+        assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
+                result.getMessage());
+    }
+
+    /**
+     * Checks if validation occurs when the Platform Credential chassis
+     * serial number is in the device system serial number field.
+     */
+    @Test
+    public final void validatePlatformCredentialCombinedWithSystemSerialNumbersMatchedChassis()
+            throws Exception {
+
+        DeviceInfoReport deviceInfoReport = buildReport(new HardwareInfo(
+                DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED,
+                DeviceInfoEnums.NOT_SPECIFIED, TEST_CHASSIS_SERIAL_NUMBER,
+                DeviceInfoEnums.NOT_SPECIFIED, DeviceInfoEnums.NOT_SPECIFIED));
+
+        byte[] certBytes = Files.readAllBytes(Paths.get(Objects.requireNonNull(CertificateTest.class.
+                getResource(INTEL_PLATFORM_CERT_2)).toURI()));
+
+        PlatformCredential pc = new PlatformCredential(certBytes);
+
+        EndorsementCredential ec = new EndorsementCredential(
+                Files.readAllBytes(Paths.get(Objects.requireNonNull(getClass().getResource(TEST_EK_CERT)).toURI())));
+
+        AppraisalStatus result =
+                CredentialValidator.validatePlatformCredentialAttributes(pc,
+                        deviceInfoReport, ec);
+        assertEquals(AppraisalStatus.Status.PASS, result.getAppStatus());
+        assertEquals(SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID,
+                result.getMessage());
+    }
+
     /**
      * Checks if the Platform Credential validator appropriately fails
      * when there are no serial numbers returned from the device.