| // |
| // Copyright (C) 2015 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| #include <string> |
| |
| #include <base/bind.h> |
| #include <base/callback.h> |
| #include <base/message_loop/message_loop.h> |
| #include <base/run_loop.h> |
| #include <brillo/bind_lambda.h> |
| #include <brillo/data_encoding.h> |
| #include <brillo/http/http_transport_fake.h> |
| #include <brillo/mime_utils.h> |
| #include <gmock/gmock.h> |
| #include <gtest/gtest.h> |
| |
| #include "attestation/common/attestation_ca.pb.h" |
| #include "attestation/common/mock_crypto_utility.h" |
| #include "attestation/common/mock_tpm_utility.h" |
| #include "attestation/server/attestation_service.h" |
| #include "attestation/server/mock_database.h" |
| #include "attestation/server/mock_key_store.h" |
| |
| using brillo::http::fake::ServerRequest; |
| using brillo::http::fake::ServerResponse; |
| using testing::_; |
| using testing::DoAll; |
| using testing::NiceMock; |
| using testing::Return; |
| using testing::ReturnRef; |
| using testing::SetArgumentPointee; |
| |
| namespace attestation { |
| |
| class AttestationServiceTest : public testing::Test { |
| public: |
| enum FakeCAState { |
| kSuccess, // Valid successful response. |
| kCommandFailure, // Valid error response. |
| kHttpFailure, // Responds with an HTTP error. |
| kBadMessageID, // Valid successful response but a message ID mismatch. |
| }; |
| |
| ~AttestationServiceTest() override = default; |
| void SetUp() override { |
| service_.reset(new AttestationService); |
| service_->set_database(&mock_database_); |
| service_->set_crypto_utility(&mock_crypto_utility_); |
| fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>(); |
| service_->set_http_transport(fake_http_transport_); |
| service_->set_key_store(&mock_key_store_); |
| service_->set_tpm_utility(&mock_tpm_utility_); |
| // Setup a fake wrapped EK certificate by default. |
| mock_database_.GetMutableProtobuf()->mutable_credentials()-> |
| mutable_default_encrypted_endorsement_credential()-> |
| set_wrapping_key_id("default"); |
| // Setup a fake Attestation CA for success by default. |
| SetupFakeCAEnroll(kSuccess); |
| SetupFakeCASign(kSuccess); |
| CHECK(service_->Initialize()); |
| } |
| |
| protected: |
| void SetupFakeCAEnroll(FakeCAState state) { |
| fake_http_transport_->AddHandler( |
| service_->attestation_ca_origin() + "/enroll", |
| brillo::http::request_type::kPost, |
| base::Bind(&AttestationServiceTest::FakeCAEnroll, |
| base::Unretained(this), |
| state)); |
| } |
| |
| void SetupFakeCASign(FakeCAState state) { |
| fake_http_transport_->AddHandler( |
| service_->attestation_ca_origin() + "/sign", |
| brillo::http::request_type::kPost, |
| base::Bind(&AttestationServiceTest::FakeCASign, |
| base::Unretained(this), |
| state)); |
| } |
| |
| std::string GetFakeCertificateChain() { |
| const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n"; |
| const std::string kEndCertificate = "-----END CERTIFICATE-----"; |
| std::string pem = kBeginCertificate; |
| pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert"); |
| pem += kEndCertificate + "\n" + kBeginCertificate; |
| pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert"); |
| pem += kEndCertificate + "\n" + kBeginCertificate; |
| pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2"); |
| pem += kEndCertificate; |
| return pem; |
| } |
| |
| CreateGoogleAttestedKeyRequest GetCreateRequest() { |
| CreateGoogleAttestedKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE); |
| request.set_username("user"); |
| request.set_origin("origin"); |
| return request; |
| } |
| |
| void Run() { |
| run_loop_.Run(); |
| } |
| |
| void RunUntilIdle() { |
| run_loop_.RunUntilIdle(); |
| } |
| |
| void Quit() { |
| run_loop_.Quit(); |
| } |
| |
| std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_; |
| NiceMock<MockCryptoUtility> mock_crypto_utility_; |
| NiceMock<MockDatabase> mock_database_; |
| NiceMock<MockKeyStore> mock_key_store_; |
| NiceMock<MockTpmUtility> mock_tpm_utility_; |
| std::unique_ptr<AttestationService> service_; |
| |
| private: |
| void FakeCAEnroll(FakeCAState state, |
| const ServerRequest& request, |
| ServerResponse* response) { |
| AttestationEnrollmentRequest request_pb; |
| EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString())); |
| if (state == kHttpFailure) { |
| response->ReplyText(brillo::http::status_code::NotFound, std::string(), |
| brillo::mime::application::kOctet_stream); |
| return; |
| } |
| AttestationEnrollmentResponse response_pb; |
| if (state == kCommandFailure) { |
| response_pb.set_status(SERVER_ERROR); |
| response_pb.set_detail("fake_enroll_error"); |
| } else if (state == kSuccess) { |
| response_pb.set_status(OK); |
| response_pb.set_detail(""); |
| response_pb.mutable_encrypted_identity_credential()-> |
| set_asym_ca_contents("1234"); |
| response_pb.mutable_encrypted_identity_credential()-> |
| set_sym_ca_attestation("5678"); |
| } else { |
| NOTREACHED(); |
| } |
| std::string tmp; |
| response_pb.SerializeToString(&tmp); |
| response->ReplyText(brillo::http::status_code::Ok, tmp, |
| brillo::mime::application::kOctet_stream); |
| } |
| |
| void FakeCASign(FakeCAState state, |
| const ServerRequest& request, |
| ServerResponse* response) { |
| AttestationCertificateRequest request_pb; |
| EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString())); |
| if (state == kHttpFailure) { |
| response->ReplyText(brillo::http::status_code::NotFound, std::string(), |
| brillo::mime::application::kOctet_stream); |
| return; |
| } |
| AttestationCertificateResponse response_pb; |
| if (state == kCommandFailure) { |
| response_pb.set_status(SERVER_ERROR); |
| response_pb.set_detail("fake_sign_error"); |
| } else if (state == kSuccess || state == kBadMessageID) { |
| response_pb.set_status(OK); |
| response_pb.set_detail(""); |
| if (state == kSuccess) { |
| response_pb.set_message_id(request_pb.message_id()); |
| } |
| response_pb.set_certified_key_credential("fake_cert"); |
| response_pb.set_intermediate_ca_cert("fake_ca_cert"); |
| *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; |
| } |
| std::string tmp; |
| response_pb.SerializeToString(&tmp); |
| response->ReplyText(brillo::http::status_code::Ok, tmp, |
| brillo::mime::application::kOctet_stream); |
| } |
| |
| base::MessageLoop message_loop_; |
| base::RunLoop run_loop_; |
| }; |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) { |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain()); |
| EXPECT_FALSE(reply.has_server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) { |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain()); |
| EXPECT_FALSE(reply.has_server_error()); |
| Quit(); |
| }; |
| CreateGoogleAttestedKeyRequest request = GetCreateRequest(); |
| request.clear_username(); |
| service_->CreateGoogleAttestedKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) { |
| SetupFakeCAEnroll(kHttpFailure); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) { |
| SetupFakeCASign(kHttpFailure); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) { |
| SetupFakeCAEnroll(kCommandFailure); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("fake_enroll_error", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) { |
| SetupFakeCASign(kCommandFailure); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("fake_sign_error", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) { |
| SetupFakeCASign(kBadMessageID); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) { |
| // Remove the default credential setup. |
| mock_database_.GetMutableProtobuf()->clear_credentials(); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) { |
| EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) { |
| EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) |
| .WillOnce(Return(true)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) { |
| EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) { |
| EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| CreateGoogleAttestedKeyRequest request = GetCreateRequest(); |
| request.clear_username(); |
| service_->CreateGoogleAttestedKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) { |
| EXPECT_CALL(mock_key_store_, Write(_, _, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) { |
| EXPECT_CALL(mock_tpm_utility_, IsTpmReady()) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) { |
| EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) { |
| EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_certificate_chain()); |
| EXPECT_EQ("", reply.server_error()); |
| Quit(); |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) { |
| // Set expectations on the outputs. |
| int callback_count = 0; |
| auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) { |
| callback_count++; |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| // Bring down the service, which should cancel any callbacks. |
| service_.reset(); |
| EXPECT_EQ(0, callback_count); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) { |
| // Set expectations on the outputs. |
| int callback_count = 0; |
| auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) { |
| callback_count++; |
| }; |
| service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); |
| // Give threads a chance to run. |
| base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10)); |
| // Bring down the service, which should cancel any callbacks. |
| service_.reset(); |
| // Pump the loop to make sure no callbacks were posted. |
| RunUntilIdle(); |
| EXPECT_EQ(0, callback_count); |
| } |
| |
| TEST_F(AttestationServiceTest, GetKeyInfoSuccess) { |
| // Setup a certified key in the key store. |
| CertifiedKey key; |
| key.set_public_key("public_key"); |
| key.set_certified_key_credential("fake_cert"); |
| key.set_intermediate_ca_cert("fake_ca_cert"); |
| *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; |
| key.set_key_name("label"); |
| key.set_certified_key_info("certify_info"); |
| key.set_certified_key_proof("signature"); |
| key.set_key_type(KEY_TYPE_RSA); |
| key.set_key_usage(KEY_USAGE_SIGN); |
| std::string key_bytes; |
| key.SerializeToString(&key_bytes); |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); |
| |
| // Set expectations on the outputs. |
| auto callback = [this](const GetKeyInfoReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(KEY_TYPE_RSA, reply.key_type()); |
| EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage()); |
| EXPECT_EQ("public_key", reply.public_key()); |
| EXPECT_EQ("certify_info", reply.certify_info()); |
| EXPECT_EQ("signature", reply.certify_info_signature()); |
| EXPECT_EQ(GetFakeCertificateChain(), reply.certificate()); |
| Quit(); |
| }; |
| GetKeyInfoRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->GetKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) { |
| // Setup a certified key in the device key store. |
| CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys(); |
| key.set_public_key("public_key"); |
| key.set_certified_key_credential("fake_cert"); |
| key.set_intermediate_ca_cert("fake_ca_cert"); |
| *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; |
| key.set_key_name("label"); |
| key.set_certified_key_info("certify_info"); |
| key.set_certified_key_proof("signature"); |
| key.set_key_type(KEY_TYPE_RSA); |
| key.set_key_usage(KEY_USAGE_SIGN); |
| |
| // Set expectations on the outputs. |
| auto callback = [this](const GetKeyInfoReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(KEY_TYPE_RSA, reply.key_type()); |
| EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage()); |
| EXPECT_EQ("public_key", reply.public_key()); |
| EXPECT_EQ("certify_info", reply.certify_info()); |
| EXPECT_EQ("signature", reply.certify_info_signature()); |
| EXPECT_EQ(GetFakeCertificateChain(), reply.certificate()); |
| Quit(); |
| }; |
| GetKeyInfoRequest request; |
| request.set_key_label("label"); |
| service_->GetKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetKeyInfoNoKey) { |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillRepeatedly(Return(false)); |
| |
| // Set expectations on the outputs. |
| auto callback = [this](const GetKeyInfoReply& reply) { |
| EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status()); |
| Quit(); |
| }; |
| GetKeyInfoRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->GetKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) { |
| EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _)) |
| .WillRepeatedly(Return(false)); |
| |
| // Set expectations on the outputs. |
| auto callback = [this](const GetKeyInfoReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| GetKeyInfoRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->GetKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) { |
| AttestationDatabase* database = mock_database_.GetMutableProtobuf(); |
| database->mutable_credentials()->set_endorsement_public_key("public_key"); |
| database->mutable_credentials()->set_endorsement_credential("certificate"); |
| // Set expectations on the outputs. |
| auto callback = [this](const GetEndorsementInfoReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("public_key", reply.ek_public_key()); |
| EXPECT_EQ("certificate", reply.ek_certificate()); |
| Quit(); |
| }; |
| GetEndorsementInfoRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| service_->GetEndorsementInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) { |
| // Set expectations on the outputs. |
| auto callback = [this](const GetEndorsementInfoReply& reply) { |
| EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status()); |
| EXPECT_FALSE(reply.has_ek_public_key()); |
| EXPECT_FALSE(reply.has_ek_certificate()); |
| Quit(); |
| }; |
| GetEndorsementInfoRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| service_->GetEndorsementInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) { |
| AttestationDatabase* database = mock_database_.GetMutableProtobuf(); |
| database->mutable_credentials()->set_endorsement_public_key("public_key"); |
| // Set expectations on the outputs. |
| auto callback = [this](const GetEndorsementInfoReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("public_key", reply.ek_public_key()); |
| EXPECT_FALSE(reply.has_ek_certificate()); |
| Quit(); |
| }; |
| GetEndorsementInfoRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| service_->GetEndorsementInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) { |
| AttestationDatabase* database = mock_database_.GetMutableProtobuf(); |
| database->mutable_identity_key()->set_identity_public_key("public_key"); |
| database->mutable_identity_key()->set_identity_credential("certificate"); |
| database->mutable_pcr0_quote()->set_quote("pcr0"); |
| database->mutable_pcr1_quote()->set_quote("pcr1"); |
| database->mutable_identity_binding()->set_identity_public_key("public_key2"); |
| // Set expectations on the outputs. |
| auto callback = [this](const GetAttestationKeyInfoReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("public_key", reply.public_key()); |
| EXPECT_EQ("public_key2", reply.public_key_tpm_format()); |
| EXPECT_EQ("certificate", reply.certificate()); |
| EXPECT_EQ("pcr0", reply.pcr0_quote().quote()); |
| EXPECT_EQ("pcr1", reply.pcr1_quote().quote()); |
| Quit(); |
| }; |
| GetAttestationKeyInfoRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| service_->GetAttestationKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) { |
| // Set expectations on the outputs. |
| auto callback = [this](const GetAttestationKeyInfoReply& reply) { |
| EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status()); |
| EXPECT_FALSE(reply.has_public_key()); |
| EXPECT_FALSE(reply.has_public_key_tpm_format()); |
| EXPECT_FALSE(reply.has_certificate()); |
| EXPECT_FALSE(reply.has_pcr0_quote()); |
| EXPECT_FALSE(reply.has_pcr1_quote()); |
| Quit(); |
| }; |
| GetAttestationKeyInfoRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| service_->GetAttestationKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) { |
| AttestationDatabase* database = mock_database_.GetMutableProtobuf(); |
| database->mutable_identity_key()->set_identity_credential("certificate"); |
| database->mutable_pcr1_quote()->set_quote("pcr1"); |
| // Set expectations on the outputs. |
| auto callback = [this](const GetAttestationKeyInfoReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_public_key()); |
| EXPECT_FALSE(reply.has_public_key_tpm_format()); |
| EXPECT_EQ("certificate", reply.certificate()); |
| EXPECT_FALSE(reply.has_pcr0_quote()); |
| EXPECT_EQ("pcr1", reply.pcr1_quote().quote()); |
| Quit(); |
| }; |
| GetAttestationKeyInfoRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| service_->GetAttestationKeyInfo(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) { |
| EXPECT_CALL(mock_database_, SaveChanges()).Times(1); |
| EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1", |
| "encrypted2", _)) |
| .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")), |
| Return(true))); |
| // Set expectations on the outputs. |
| auto callback = [this](const ActivateAttestationKeyReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("certificate", reply.certificate()); |
| Quit(); |
| }; |
| ActivateAttestationKeyRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); |
| request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); |
| request.set_save_certificate(true); |
| service_->ActivateAttestationKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) { |
| EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0); |
| EXPECT_CALL(mock_database_, SaveChanges()).Times(0); |
| EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1", |
| "encrypted2", _)) |
| .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")), |
| Return(true))); |
| // Set expectations on the outputs. |
| auto callback = [this](const ActivateAttestationKeyReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("certificate", reply.certificate()); |
| Quit(); |
| }; |
| ActivateAttestationKeyRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); |
| request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); |
| request.set_save_certificate(false); |
| service_->ActivateAttestationKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) { |
| EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const ActivateAttestationKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| ActivateAttestationKeyRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); |
| request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); |
| request.set_save_certificate(true); |
| service_->ActivateAttestationKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) { |
| EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1", |
| "encrypted2", _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const ActivateAttestationKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| ActivateAttestationKeyRequest request; |
| request.set_key_type(KEY_TYPE_RSA); |
| request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); |
| request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); |
| request.set_save_certificate(true); |
| service_->ActivateAttestationKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) { |
| // Configure a fake TPM response. |
| EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC, |
| KEY_USAGE_SIGN, |
| _, _, _, _, _, _, _)) |
| .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")), |
| SetArgumentPointee<7>(std::string("certify_info")), |
| SetArgumentPointee<8>( |
| std::string("certify_info_signature")), |
| Return(true))); |
| // Expect the key to be written exactly once. |
| EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateCertifiableKeyReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("public_key", reply.public_key()); |
| EXPECT_EQ("certify_info", reply.certify_info()); |
| EXPECT_EQ("certify_info_signature", reply.certify_info_signature()); |
| Quit(); |
| }; |
| CreateCertifiableKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| request.set_username("user"); |
| service_->CreateCertifiableKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) { |
| // Configure a fake TPM response. |
| EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC, |
| KEY_USAGE_SIGN, |
| _, _, _, _, _, _, _)) |
| .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")), |
| SetArgumentPointee<7>(std::string("certify_info")), |
| SetArgumentPointee<8>( |
| std::string("certify_info_signature")), |
| Return(true))); |
| // Expect the key to be written exactly once. |
| EXPECT_CALL(mock_database_, SaveChanges()).Times(1); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateCertifiableKeyReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ("public_key", reply.public_key()); |
| EXPECT_EQ("certify_info", reply.certify_info()); |
| EXPECT_EQ("certify_info_signature", reply.certify_info_signature()); |
| Quit(); |
| }; |
| CreateCertifiableKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| service_->CreateCertifiableKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) { |
| EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateCertifiableKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_public_key()); |
| EXPECT_FALSE(reply.has_certify_info()); |
| EXPECT_FALSE(reply.has_certify_info_signature()); |
| Quit(); |
| }; |
| CreateCertifiableKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| service_->CreateCertifiableKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) { |
| EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateCertifiableKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_public_key()); |
| EXPECT_FALSE(reply.has_certify_info()); |
| EXPECT_FALSE(reply.has_certify_info_signature()); |
| Quit(); |
| }; |
| CreateCertifiableKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| service_->CreateCertifiableKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) { |
| EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateCertifiableKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_public_key()); |
| EXPECT_FALSE(reply.has_certify_info()); |
| EXPECT_FALSE(reply.has_certify_info_signature()); |
| Quit(); |
| }; |
| CreateCertifiableKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| request.set_username("username"); |
| service_->CreateCertifiableKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) { |
| EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const CreateCertifiableKeyReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_public_key()); |
| EXPECT_FALSE(reply.has_certify_info()); |
| EXPECT_FALSE(reply.has_certify_info_signature()); |
| Quit(); |
| }; |
| CreateCertifiableKeyRequest request; |
| request.set_key_label("label"); |
| request.set_key_type(KEY_TYPE_ECC); |
| request.set_key_usage(KEY_USAGE_SIGN); |
| service_->CreateCertifiableKey(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, DecryptSuccess) { |
| // Set expectations on the outputs. |
| auto callback = [this](const DecryptReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"), |
| reply.decrypted_data()); |
| Quit(); |
| }; |
| DecryptRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| request.set_encrypted_data("data"); |
| service_->Decrypt(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, DecryptSuccessNoUser) { |
| mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label"); |
| // Set expectations on the outputs. |
| auto callback = [this](const DecryptReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"), |
| reply.decrypted_data()); |
| Quit(); |
| }; |
| DecryptRequest request; |
| request.set_key_label("label"); |
| request.set_encrypted_data("data"); |
| service_->Decrypt(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, DecryptKeyNotFound) { |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const DecryptReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_decrypted_data()); |
| Quit(); |
| }; |
| DecryptRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| request.set_encrypted_data("data"); |
| service_->Decrypt(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) { |
| // Set expectations on the outputs. |
| auto callback = [this](const DecryptReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_decrypted_data()); |
| Quit(); |
| }; |
| DecryptRequest request; |
| request.set_key_label("label"); |
| request.set_encrypted_data("data"); |
| service_->Decrypt(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, DecryptUnbindFailure) { |
| EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const DecryptReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_decrypted_data()); |
| Quit(); |
| }; |
| DecryptRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| request.set_encrypted_data("data"); |
| service_->Decrypt(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, SignSuccess) { |
| // Set expectations on the outputs. |
| auto callback = [this](const SignReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature()); |
| Quit(); |
| }; |
| SignRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| request.set_data_to_sign("data"); |
| service_->Sign(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, SignSuccessNoUser) { |
| mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label"); |
| // Set expectations on the outputs. |
| auto callback = [this](const SignReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature()); |
| Quit(); |
| }; |
| SignRequest request; |
| request.set_key_label("label"); |
| request.set_data_to_sign("data"); |
| service_->Sign(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, SignKeyNotFound) { |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const SignReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_signature()); |
| Quit(); |
| }; |
| SignRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| request.set_data_to_sign("data"); |
| service_->Sign(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) { |
| // Set expectations on the outputs. |
| auto callback = [this](const SignReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_signature()); |
| Quit(); |
| }; |
| SignRequest request; |
| request.set_key_label("label"); |
| request.set_data_to_sign("data"); |
| service_->Sign(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, SignUnbindFailure) { |
| EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const SignReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| EXPECT_FALSE(reply.has_signature()); |
| Quit(); |
| }; |
| SignRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| request.set_data_to_sign("data"); |
| service_->Sign(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterSuccess) { |
| // Setup a key in the user key store. |
| CertifiedKey key; |
| key.set_key_blob("key_blob"); |
| key.set_public_key("public_key"); |
| key.set_certified_key_credential("fake_cert"); |
| key.set_intermediate_ca_cert("fake_ca_cert"); |
| *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; |
| key.set_key_name("label"); |
| key.set_key_type(KEY_TYPE_RSA); |
| key.set_key_usage(KEY_USAGE_SIGN); |
| std::string key_bytes; |
| key.SerializeToString(&key_bytes); |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); |
| // Cardinality is verified here to verify various steps are performed and to |
| // catch performance regressions. |
| EXPECT_CALL(mock_key_store_, Register("user", |
| "label", |
| KEY_TYPE_RSA, |
| KEY_USAGE_SIGN, |
| "key_blob", |
| "public_key", |
| "fake_cert")).Times(1); |
| EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert")) |
| .Times(1); |
| EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2")) |
| .Times(1); |
| EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1); |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterSuccessNoUser) { |
| // Setup a key in the device_keys field. |
| CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys(); |
| key.set_key_blob("key_blob"); |
| key.set_public_key("public_key"); |
| key.set_certified_key_credential("fake_cert"); |
| key.set_intermediate_ca_cert("fake_ca_cert"); |
| *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; |
| key.set_key_name("label"); |
| key.set_key_type(KEY_TYPE_RSA); |
| key.set_key_usage(KEY_USAGE_SIGN); |
| // Cardinality is verified here to verify various steps are performed and to |
| // catch performance regressions. |
| EXPECT_CALL(mock_key_store_, Register("", |
| "label", |
| KEY_TYPE_RSA, |
| KEY_USAGE_SIGN, |
| "key_blob", |
| "public_key", |
| "fake_cert")).Times(1); |
| EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert")) |
| .Times(1); |
| EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2")) |
| .Times(1); |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_EQ(STATUS_SUCCESS, reply.status()); |
| EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterNoKey) { |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) { |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterFailure) { |
| // Setup a key in the user key store. |
| CertifiedKey key; |
| key.set_key_name("label"); |
| std::string key_bytes; |
| key.SerializeToString(&key_bytes); |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); |
| EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterIntermediateFailure) { |
| // Setup a key in the user key store. |
| CertifiedKey key; |
| key.set_key_name("label"); |
| key.set_intermediate_ca_cert("fake_ca_cert"); |
| std::string key_bytes; |
| key.SerializeToString(&key_bytes); |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); |
| EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| TEST_F(AttestationServiceTest, RegisterAdditionalFailure) { |
| // Setup a key in the user key store. |
| CertifiedKey key; |
| key.set_key_name("label"); |
| *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; |
| std::string key_bytes; |
| key.SerializeToString(&key_bytes); |
| EXPECT_CALL(mock_key_store_, Read("user", "label", _)) |
| .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); |
| EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _)) |
| .WillRepeatedly(Return(false)); |
| // Set expectations on the outputs. |
| auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { |
| EXPECT_NE(STATUS_SUCCESS, reply.status()); |
| Quit(); |
| }; |
| RegisterKeyWithChapsTokenRequest request; |
| request.set_key_label("label"); |
| request.set_username("user"); |
| service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); |
| Run(); |
| } |
| |
| } // namespace attestation |