forked from TrueCloudLab/certificates
Add tests for deviceAttest01Validate
This commit is contained in:
Herman Slatman
parent
7c632629dd
commit
2ab9beb7ed
2 changed files with 954 additions and 49 deletions
|
|
@ -80,10 +80,9 @@ func (ch *Challenge) ToLog() (interface{}, error) {
|
||||||
return string(b), nil
|
return string(b), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate attempts to validate the challenge. Stores changes to the Challenge
|
// Validate attempts to validate the Challenge. Stores changes to the Challenge
|
||||||
// type using the DB interface.
|
// type using the DB interface. If the Challenge is validated, the 'status' and
|
||||||
// satisfactorily validated, the 'status' and 'validated' attributes are
|
// 'validated' attributes are updated.
|
||||||
// updated.
|
|
||||||
func (ch *Challenge) Validate(ctx context.Context, db DB, jwk *jose.JSONWebKey, payload []byte) error {
|
func (ch *Challenge) Validate(ctx context.Context, db DB, jwk *jose.JSONWebKey, payload []byte) error {
|
||||||
// If already valid or invalid then return without performing validation.
|
// If already valid or invalid then return without performing validation.
|
||||||
if ch.Status != StatusPending {
|
if ch.Status != StatusPending {
|
||||||
|
|
@ -336,21 +335,21 @@ func dns01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSONWebK
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type Payload struct {
|
type payloadType struct {
|
||||||
AttObj string `json:"attObj"`
|
AttObj string `json:"attObj"`
|
||||||
Error string `json:"error"`
|
Error string `json:"error"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AttestationObject struct {
|
type attestationObject struct {
|
||||||
Format string `json:"fmt"`
|
Format string `json:"fmt"`
|
||||||
AttStatement map[string]interface{} `json:"attStmt,omitempty"`
|
AttStatement map[string]interface{} `json:"attStmt,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(bweeks): move attestation verification to a shared package.
|
// TODO(bweeks): move attestation verification to a shared package.
|
||||||
// TODO(bweeks): define new error type for failed attestation validation.
|
|
||||||
func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSONWebKey, payload []byte) error {
|
func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSONWebKey, payload []byte) error {
|
||||||
var p Payload
|
var p payloadType
|
||||||
if err := json.Unmarshal(payload, &p); err != nil {
|
if err := json.Unmarshal(payload, &p); err != nil {
|
||||||
|
|
||||||
return WrapErrorISE(err, "error unmarshalling JSON")
|
return WrapErrorISE(err, "error unmarshalling JSON")
|
||||||
}
|
}
|
||||||
if p.Error != "" {
|
if p.Error != "" {
|
||||||
|
|
@ -363,7 +362,7 @@ func deviceAttest01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose
|
||||||
return WrapErrorISE(err, "error base64 decoding attObj")
|
return WrapErrorISE(err, "error base64 decoding attObj")
|
||||||
}
|
}
|
||||||
|
|
||||||
att := AttestationObject{}
|
att := attestationObject{}
|
||||||
if err := cbor.Unmarshal(attObj, &att); err != nil {
|
if err := cbor.Unmarshal(attObj, &att); err != nil {
|
||||||
return WrapErrorISE(err, "error unmarshalling CBOR")
|
return WrapErrorISE(err, "error unmarshalling CBOR")
|
||||||
}
|
}
|
||||||
|
|
@ -475,7 +474,7 @@ type appleAttestationData struct {
|
||||||
Certificate *x509.Certificate
|
Certificate *x509.Certificate
|
||||||
}
|
}
|
||||||
|
|
||||||
func doAppleAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, att *AttestationObject) (*appleAttestationData, error) {
|
func doAppleAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, att *attestationObject) (*appleAttestationData, error) {
|
||||||
// Use configured or default attestation roots if none is configured.
|
// Use configured or default attestation roots if none is configured.
|
||||||
roots, ok := prov.GetAttestationRoots()
|
roots, ok := prov.GetAttestationRoots()
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
@ -576,7 +575,7 @@ type stepAttestationData struct {
|
||||||
SerialNumber string
|
SerialNumber string
|
||||||
}
|
}
|
||||||
|
|
||||||
func doStepAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *AttestationObject) (*stepAttestationData, error) {
|
func doStepAttestationFormat(ctx context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *attestationObject) (*stepAttestationData, error) {
|
||||||
// Use configured or default attestation roots if none is configured.
|
// Use configured or default attestation roots if none is configured.
|
||||||
roots, ok := prov.GetAttestationRoots()
|
roots, ok := prov.GetAttestationRoots()
|
||||||
if !ok {
|
if !ok {
|
||||||
|
|
|
||||||
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue