Extract common function used in tests

This commit is contained in:
Mariano Cano 2022-09-16 10:02:10 -07:00
parent 829530ae90
commit 498549c95c

View file

@ -49,6 +49,23 @@ func (m *mockClient) TLSDial(network, addr string, tlsConfig *tls.Config) (*tls.
return m.tlsDial(network, addr, tlsConfig) return m.tlsDial(network, addr, tlsConfig)
} }
func mustAttestationProvisioner(t *testing.T, roots []byte) Provisioner {
t.Helper()
prov := &provisioner.ACME{
Type: "ACME",
Name: "acme",
Challenges: []provisioner.ACMEChallenge{provisioner.DEVICE_ATTEST_01},
AttestationRoots: roots,
}
if err := prov.Init(provisioner.Config{
Claims: config.GlobalProvisionerClaims,
}); err != nil {
t.Fatal(err)
}
return prov
}
func Test_storeError(t *testing.T) { func Test_storeError(t *testing.T) {
type test struct { type test struct {
ch *Challenge ch *Challenge
@ -2410,21 +2427,6 @@ func Test_http01ChallengeHost(t *testing.T) {
} }
func Test_doAppleAttestationFormat(t *testing.T) { func Test_doAppleAttestationFormat(t *testing.T) {
makeProvisioner := func(roots []byte) Provisioner {
prov := &provisioner.ACME{
Type: "ACME",
Name: "acme",
Challenges: []provisioner.ACMEChallenge{provisioner.DEVICE_ATTEST_01},
AttestationRoots: roots,
}
if err := prov.Init(provisioner.Config{
Claims: config.GlobalProvisionerClaims,
}); err != nil {
t.Fatal(err)
}
return prov
}
ctx := context.Background() ctx := context.Background()
ca, err := minica.New() ca, err := minica.New()
if err != nil { if err != nil {
@ -2461,7 +2463,7 @@ func Test_doAppleAttestationFormat(t *testing.T) {
want *appleAttestationData want *appleAttestationData
wantErr bool wantErr bool
}{ }{
{"ok", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"ok", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2473,49 +2475,49 @@ func Test_doAppleAttestationFormat(t *testing.T) {
SEPVersion: "16.0", SEPVersion: "16.0",
Certificate: leaf, Certificate: leaf,
}, false}, }, false},
{"fail apple issuer", args{ctx, makeProvisioner(nil), &Challenge{}, &AttestationObject{ {"fail apple issuer", args{ctx, mustAttestationProvisioner(t, nil), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
}, },
}}, nil, true}, }}, nil, true},
{"fail missing x5c", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail missing x5c", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"foo": "bar", "foo": "bar",
}, },
}}, nil, true}, }}, nil, true},
{"fail empty issuer", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail empty issuer", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{}, "x5c": []interface{}{},
}, },
}}, nil, true}, }}, nil, true},
{"fail leaf type", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail leaf type", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{"leaf", ca.Intermediate.Raw}, "x5c": []interface{}{"leaf", ca.Intermediate.Raw},
}, },
}}, nil, true}, }}, nil, true},
{"fail leaf parse", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail leaf parse", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw[:100], ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw[:100], ca.Intermediate.Raw},
}, },
}}, nil, true}, }}, nil, true},
{"fail intermediate type", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail intermediate type", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, "intermediate"}, "x5c": []interface{}{leaf.Raw, "intermediate"},
}, },
}}, nil, true}, }}, nil, true},
{"fail intermediate parse", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail intermediate parse", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw[:100]}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw[:100]},
}, },
}}, nil, true}, }}, nil, true},
{"fail verify", args{ctx, makeProvisioner(caRoot), &Challenge{}, &AttestationObject{ {"fail verify", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{}, &AttestationObject{
Format: "apple", Format: "apple",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw}, "x5c": []interface{}{leaf.Raw},
@ -2544,20 +2546,6 @@ func Test_doStepAttestationFormat(t *testing.T) {
} }
caRoot := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ca.Root.Raw}) caRoot := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ca.Root.Raw})
makeProvisioner := func(roots []byte) Provisioner {
prov := &provisioner.ACME{
Type: "ACME",
Name: "acme",
Challenges: []provisioner.ACMEChallenge{provisioner.DEVICE_ATTEST_01},
AttestationRoots: roots,
}
if err := prov.Init(provisioner.Config{
Claims: config.GlobalProvisionerClaims,
}); err != nil {
t.Fatal(err)
}
return prov
}
makeLeaf := func(signer crypto.Signer, serialNumber []byte) *x509.Certificate { makeLeaf := func(signer crypto.Signer, serialNumber []byte) *x509.Certificate {
leaf, err := ca.Sign(&x509.Certificate{ leaf, err := ca.Sign(&x509.Certificate{
Subject: pkix.Name{CommonName: "attestation cert"}, Subject: pkix.Name{CommonName: "attestation cert"},
@ -2633,7 +2621,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
want *stepAttestationData want *stepAttestationData
wantErr bool wantErr bool
}{ }{
{"ok", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"ok", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2644,7 +2632,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
SerialNumber: "1234", SerialNumber: "1234",
Certificate: leaf, Certificate: leaf,
}, false}, }, false},
{"fail yubico issuer", args{ctx, makeProvisioner(nil), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail yubico issuer", args{ctx, mustAttestationProvisioner(t, nil), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2652,7 +2640,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail x5c type", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail x5c type", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": [][]byte{leaf.Raw, ca.Intermediate.Raw}, "x5c": [][]byte{leaf.Raw, ca.Intermediate.Raw},
@ -2660,7 +2648,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail x5c empty", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail x5c empty", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{}, "x5c": []interface{}{},
@ -2668,7 +2656,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail leaf type", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail leaf type", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{"leaf", ca.Intermediate.Raw}, "x5c": []interface{}{"leaf", ca.Intermediate.Raw},
@ -2676,7 +2664,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail leaf parse", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail leaf parse", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw[:100], ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw[:100], ca.Intermediate.Raw},
@ -2684,7 +2672,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail intermediate type", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail intermediate type", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, "intermediate"}, "x5c": []interface{}{leaf.Raw, "intermediate"},
@ -2692,7 +2680,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail intermediate parse", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail intermediate parse", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw[:100]}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw[:100]},
@ -2700,7 +2688,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail verify", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail verify", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw}, "x5c": []interface{}{leaf.Raw},
@ -2708,7 +2696,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail sig type", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail sig type", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2716,7 +2704,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": string(cborSig), "sig": string(cborSig),
}, },
}}, nil, true}, }}, nil, true},
{"fail sig unmarshal", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail sig unmarshal", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2724,7 +2712,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": []byte("bad-sig"), "sig": []byte("bad-sig"),
}, },
}}, nil, true}, }}, nil, true},
{"fail keyAuthorization", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, &jose.JSONWebKey{Key: []byte("not an asymmetric key")}, &AttestationObject{ {"fail keyAuthorization", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, &jose.JSONWebKey{Key: []byte("not an asymmetric key")}, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2732,7 +2720,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail sig verify P-256", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail sig verify P-256", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw}, "x5c": []interface{}{leaf.Raw, ca.Intermediate.Raw},
@ -2740,7 +2728,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": otherCBORSig, "sig": otherCBORSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail sig verify P-384", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail sig verify P-384", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{makeLeaf(mustSigner("EC", "P-384", 0), serialNumber).Raw, ca.Intermediate.Raw}, "x5c": []interface{}{makeLeaf(mustSigner("EC", "P-384", 0), serialNumber).Raw, ca.Intermediate.Raw},
@ -2748,7 +2736,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail sig verify RSA", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail sig verify RSA", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{makeLeaf(mustSigner("RSA", "", 2048), serialNumber).Raw, ca.Intermediate.Raw}, "x5c": []interface{}{makeLeaf(mustSigner("RSA", "", 2048), serialNumber).Raw, ca.Intermediate.Raw},
@ -2756,7 +2744,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail sig verify Ed25519", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail sig verify Ed25519", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{makeLeaf(mustSigner("OKP", "Ed25519", 0), serialNumber).Raw, ca.Intermediate.Raw}, "x5c": []interface{}{makeLeaf(mustSigner("OKP", "Ed25519", 0), serialNumber).Raw, ca.Intermediate.Raw},
@ -2764,7 +2752,7 @@ func Test_doStepAttestationFormat(t *testing.T) {
"sig": cborSig, "sig": cborSig,
}, },
}}, nil, true}, }}, nil, true},
{"fail unmarshal serial number", args{ctx, makeProvisioner(caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{ {"fail unmarshal serial number", args{ctx, mustAttestationProvisioner(t, caRoot), &Challenge{Token: "token"}, jwk, &AttestationObject{
Format: "step", Format: "step",
AttStatement: map[string]interface{}{ AttStatement: map[string]interface{}{
"x5c": []interface{}{makeLeaf(signer, []byte("bad-serial")).Raw, ca.Intermediate.Raw}, "x5c": []interface{}{makeLeaf(signer, []byte("bad-serial")).Raw, ca.Intermediate.Raw},