Skip to content

Commit

Permalink
Merge pull request #394 from nsacyber/unit-test-delta-fix
Browse files Browse the repository at this point in the history 
Delta Component Unit Tests Fixes
  • Loading branch information
@cyrus-dev
cyrus-dev authored Aug 30, 2021
2 parents 54b45f1 + 14ecd98 commit 744aeab
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 39 deletions.
12 changes: 6 additions & 6 deletions HIRS_Utils/src/main/java/hirs/validation/SupplyChainCredentialValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,21 +321,21 @@ public AppraisalStatus validateDeltaPlatformCredentialAttributes(

// this needs to be a loop for all deltas, link to issue #110
// check that they don't have the same serial number
for (PlatformCredential delta : deltaMapping.keySet()) {
for (PlatformCredential pc : deltaMapping.keySet()) {
if (!basePlatformCredential.getPlatformSerial()
.equals(delta.getPlatformSerial())) {
.equals(pc.getPlatformSerial())) {
message = String.format("Base and Delta platform serial "
+ "numbers do not match (%s != %s)",
delta.getPlatformSerial(),
pc.getPlatformSerial(),
basePlatformCredential.getPlatformSerial());
LOGGER.error(message);
return new AppraisalStatus(FAIL, message);
}
// none of the deltas should have the serial number of the base
if (basePlatformCredential.getSerialNumber()
.equals(delta.getSerialNumber())) {
if (!pc.isBase() && basePlatformCredential.getSerialNumber()
.equals(pc.getSerialNumber())) {
message = String.format("Delta Certificate with same serial number as base. (%s)",
delta.getSerialNumber());
pc.getSerialNumber());
LOGGER.error(message);
return new AppraisalStatus(FAIL, message);
}
Expand Down
82 changes: 52 additions & 30 deletions HIRS_Utils/src/test/java/hirs/validation/SupplyChainCredentialValidatorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@
"javax.security.auth.*" })
public class SupplyChainCredentialValidatorTest {

private static final String JSON_FILE = "/config/component-class.json";
private static final String SAMPLE_PACCOR_OUTPUT_TXT = "sample_paccor_output.txt";
private static final String SAMPLE_PACCOR_OUTPUT_NOT_SPECIFIED_TXT
= "sample_paccor_output_not_specified_values.txt";
Expand Down Expand Up @@ -2028,29 +2029,41 @@ public final void testValidateDeltaPlatformCredentialAttributes()
PlatformCredential delta1 = mock(PlatformCredential.class);
PlatformCredential delta2 = mock(PlatformCredential.class);

ComponentIdentifier compId1 = new ComponentIdentifier(new DERUTF8String("Intel"),
ComponentIdentifierV2 compId1 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00010002"),
new DERUTF8String("Intel"),
new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"),
new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null,
ASN1Boolean.TRUE, new ArrayList<>(0));
ComponentIdentifier compId2 = new ComponentIdentifier(
ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V-faulty"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0));
ComponentIdentifier compId3 = new ComponentIdentifier(
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00090002"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("82580 Gigabit Network Connection-faulty"),
new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
ASN1Boolean.FALSE, new ArrayList<>(0));
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
new ComponentClass(),
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
AttributeStatus.ADDED);
ComponentIdentifierV2 deltaCompId3 = new ComponentIdentifierV2(
new ComponentClass(),
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00090002"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("82580 Gigabit Network Connection"),
new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
Expand All @@ -2060,6 +2073,7 @@ public final void testValidateDeltaPlatformCredentialAttributes()
ComponentIdentifierV2 ciV21Faulty = new ComponentIdentifierV2();
ComponentIdentifierV2 ciV22Faulty = new ComponentIdentifierV2();
ciV21Faulty.setComponentManufacturer(compId2.getComponentManufacturer());
ciV21Faulty.setComponentClass(compId2.getComponentClass());
ciV21Faulty.setComponentModel(compId2.getComponentModel());
ciV21Faulty.setComponentSerial(compId2.getComponentSerial());
ciV21Faulty.setComponentRevision(compId2.getComponentRevision());
Expand All @@ -2068,6 +2082,7 @@ public final void testValidateDeltaPlatformCredentialAttributes()
ciV21Faulty.setComponentAddress(compId2.getComponentAddress());
ciV21Faulty.setAttributeStatus(AttributeStatus.REMOVED);
ciV22Faulty.setComponentManufacturer(compId3.getComponentManufacturer());
ciV22Faulty.setComponentClass(compId3.getComponentClass());
ciV22Faulty.setComponentModel(compId3.getComponentModel());
ciV22Faulty.setComponentSerial(compId3.getComponentSerial());
ciV22Faulty.setComponentRevision(compId3.getComponentRevision());
Expand All @@ -2094,17 +2109,17 @@ public final void testValidateDeltaPlatformCredentialAttributes()
when(base.getManufacturer()).thenReturn("innotek GmbH");
when(base.getModel()).thenReturn("VirtualBox");
when(base.getVersion()).thenReturn("1.2");
when(base.getPlatformSerial()).thenReturn("0");
when(delta1.getPlatformSerial()).thenReturn("0");
when(delta2.getPlatformSerial()).thenReturn("0");
when(base.getPlatformSerial()).thenReturn("62UIAE5");
when(delta1.getPlatformSerial()).thenReturn("62UIAE5");
when(delta2.getPlatformSerial()).thenReturn("62UIAE5");
when(base.getPlatformType()).thenReturn("base");
when(delta1.getPlatformType()).thenReturn("delta");
when(delta2.getPlatformType()).thenReturn("delta");
when(base.getSerialNumber()).thenReturn(BigInteger.ZERO);
when(delta1.getSerialNumber()).thenReturn(BigInteger.ONE);
when(delta2.getSerialNumber()).thenReturn(BigInteger.TEN);
when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.ZERO);
when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.ONE);
when(base.getSerialNumber()).thenReturn(BigInteger.valueOf(01));
when(delta1.getSerialNumber()).thenReturn(BigInteger.valueOf(39821));
when(delta2.getSerialNumber()).thenReturn(BigInteger.valueOf(39822));
when(delta1.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(02));
when(delta2.getHolderSerialNumber()).thenReturn(BigInteger.valueOf(39821));
when(base.getComponentIdentifiers()).thenReturn(compList);
when(delta1.getComponentIdentifiers()).thenReturn(delta1List);
when(delta2.getComponentIdentifiers()).thenReturn(delta2List);
Expand All @@ -2129,9 +2144,9 @@ public final void testValidateDeltaPlatformCredentialAttributes()
AppraisalStatus result = supplyChainCredentialValidator
.validateDeltaPlatformCredentialAttributes(delta2,
deviceInfoReport, base, chainCredentials);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS);
Assert.assertEquals(result.getMessage(),
SupplyChainCredentialValidator.PLATFORM_ATTRIBUTES_VALID);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.PASS);
}

/**
Expand All @@ -2149,22 +2164,33 @@ public final void testValidateChainFailure()
PlatformCredential base = mock(PlatformCredential.class);
PlatformCredential delta1 = mock(PlatformCredential.class);

ComponentIdentifier compId1 = new ComponentIdentifier(new DERUTF8String("Intel"),
ComponentIdentifierV2 compId1 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00010002"),
new DERUTF8String("Intel"),
new DERUTF8String("Core i7"), new DERUTF8String("Not Specified"),
new DERUTF8String("Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"), null,
ASN1Boolean.TRUE, new ArrayList<>(0));
ComponentIdentifier compId2 = new ComponentIdentifier(
ASN1Boolean.TRUE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId2 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V-faulty"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
ASN1Boolean.FALSE, new ArrayList<>(0));
ComponentIdentifier compId3 = new ComponentIdentifier(
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 compId3 = new ComponentIdentifierV2(
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00090002"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("82580 Gigabit Network Connection-faulty"),
new DERUTF8String("90:e2:ba:31:83:10"), new DERUTF8String(""), null,
ASN1Boolean.FALSE, new ArrayList<>(0));
ASN1Boolean.FALSE, new ArrayList<>(0), null, null,
null);
ComponentIdentifierV2 deltaCompId2 = new ComponentIdentifierV2(
new ComponentClass(),
new ComponentClass(Paths.get(this.getClass()
.getResource(JSON_FILE).toURI()), "0x00050004"),
new DERUTF8String("Intel Corporation"),
new DERUTF8String("Ethernet Connection I217-V"),
new DERUTF8String("23:94:17:ba:86:5e"), new DERUTF8String("00"), null,
Expand Down Expand Up @@ -2231,12 +2257,8 @@ public final void testValidateChainFailure()
deviceInfoReport, base, chainCredentials);
Assert.assertEquals(result.getAppStatus(), AppraisalStatus.Status.FAIL);
Assert.assertEquals(result.getMessage(),
"Delta Certificate with same serial number as base. (0)");
// Assert.assertEquals(result.getMessage(),
// "There are unmatched components:\n"
// + "Manufacturer=Intel Corporation, Model=82580 "
// + "Gigabit Network Connection-faulty, "
// + "Serial=90:e2:ba:31:83:10, Revision=;\n");
"There are 1 unmatched components on the Platform Certificate:\n"
+ "COMPID=370101885;1");
}

/**
Expand Down
15 changes: 12 additions & 3 deletions HIRS_Utils/src/test/resources/hirs/validation/sample_paccor_output.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,22 @@
},
"COMPONENTS": [
{
"MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"
"COMPONENTCLASS": {
"COMPONENTCLASSREGISTRY": "2.23.133.18.3.1",
"COMPONENTCLASSVALUE": "00010002"
},"MANUFACTURER": "Intel","MODEL": "Core i7","SERIAL": "Not Specified","REVISION": "Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz"
},
{
"MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00"
"COMPONENTCLASS": {
"COMPONENTCLASSREGISTRY": "2.23.133.18.3.1",
"COMPONENTCLASSVALUE": "00050004"
},"MANUFACTURER": "Intel Corporation","MODEL": "Ethernet Connection I217-V", "FIELDREPLACEABLE": "false","SERIAL": "23:94:17:ba:86:5e", "REVISION": "00"
},
{
"MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": ""
"COMPONENTCLASS": {
"COMPONENTCLASSREGISTRY": "2.23.133.18.3.1",
"COMPONENTCLASSVALUE": "00090002"
},"MANUFACTURER": "Intel Corporation","MODEL": "82580 Gigabit Network Connection", "FIELDREPLACEABLE": "false", "SERIAL": "90:e2:ba:31:83:10", "REVISION": ""
}
],
"PROPERTIES": [
Expand Down

0 comments on commit 744aeab

Please sign in to comment.