constellation/internal/attestation/azure/azure_test.go

//go:build azure

package azure

import (
	"encoding/json"
	"testing"

	"github.com/edgelesssys/constellation/internal/attestation/vtpm"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"go.uber.org/goleak"
)

func TestMain(m *testing.M) {
	goleak.VerifyTestMain(m)
}

func TestAttestation(t *testing.T) {
	assert := assert.New(t)
	require := require.New(t)

	issuer := NewIssuer()
	validator := NewValidator(map[uint32][]byte{}, nil, nil, false, nil) // TODO: check for list of expected Azure PCRs

	nonce := []byte{2, 3, 4}
	challenge := []byte("Constellation")

	attDocRaw, err := issuer.Issue(challenge, nonce)
	assert.NoError(err)

	var attDoc vtpm.AttestationDocument
	err = json.Unmarshal(attDocRaw, &attDoc)
	require.NoError(err)
	assert.Equal(challenge, attDoc.UserData)
	originalPCR := attDoc.Attestation.Quotes[1].Pcrs.Pcrs[uint32(vtpm.PCRIndexOwnerID)]

	out, err := validator.Validate(attDocRaw, nonce)
	require.NoError(err)
	assert.Equal(challenge, out)

	// Mark node as intialized. We should still be abe to validate
	assert.NoError(vtpm.MarkNodeAsBootstrapped(vtpm.OpenVTPM, []byte("Test")))

	attDocRaw, err = issuer.Issue(challenge, nonce)
	assert.NoError(err)

	// Make sure the PCR changed
	err = json.Unmarshal(attDocRaw, &attDoc)
	require.NoError(err)
	assert.NotEqual(originalPCR, attDoc.Attestation.Quotes[1].Pcrs.Pcrs[uint32(vtpm.PCRIndexOwnerID)])

	out, err = validator.Validate(attDocRaw, nonce)
	require.NoError(err)
	assert.Equal(challenge, out)
}
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 16:03:15 +01:00			`//go:build azure`

			`package azure`

			`import (`
			`"encoding/json"`
			`"testing"`

Move attestation, atls and oid packages to internal directory Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-06-01 15:08:42 +02:00			`"github.com/edgelesssys/constellation/internal/attestation/vtpm"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 16:03:15 +01:00			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 15:24:36 +02:00			`"go.uber.org/goleak"`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 16:03:15 +01:00			`)`

Add goleak to all tests (#227) * Run goleak as part of all tests We are already using goleak in various tests. This commit adds a TestMain to all remaining tests and calls goleak.VerifyTestMain in them. * Add goleak to debugd/deploy package and fix bug. * Run go mod tidy * Fix integration tests * Move goleak invocation for mount integration test * Ignore leak in state integration tests Co-authored-by: Fabian Kammel <fk@edgelss.systems> 2022-06-30 15:24:36 +02:00			`func TestMain(m *testing.M) {`
			`goleak.VerifyTestMain(m)`
			`}`

monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 16:03:15 +01:00			`func TestAttestation(t *testing.T) {`
			`assert := assert.New(t)`
			`require := require.New(t)`

			`issuer := NewIssuer()`
AB#2350: Configurably enforce idkeydigest on Azure * Add join-config entry for "enforceIdKeyDigest" bool * Add join-config entry for "idkeydigest" * Initially filled with TPM value from bootstrapper * Add config entries for idkeydigest and enforceIdKeyDigest * Extend azure attestation validator to check idkeydigest, if configured. * Update unittests * Add logger to NewValidator for all CSPs * Add csp to Updateable type Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> 2022-08-29 16:41:09 +02:00			`validator := NewValidator(map[uint32][]byte{}, nil, nil, false, nil) // TODO: check for list of expected Azure PCRs`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 16:03:15 +01:00
			`nonce := []byte{2, 3, 4}`
			`challenge := []byte("Constellation")`

			`attDocRaw, err := issuer.Issue(challenge, nonce)`
			`assert.NoError(err)`

			`var attDoc vtpm.AttestationDocument`
			`err = json.Unmarshal(attDocRaw, &attDoc)`
			`require.NoError(err)`
			`assert.Equal(challenge, attDoc.UserData)`
			`originalPCR := attDoc.Attestation.Quotes[1].Pcrs.Pcrs[uint32(vtpm.PCRIndexOwnerID)]`

			`out, err := validator.Validate(attDocRaw, nonce)`
			`require.NoError(err)`
			`assert.Equal(challenge, out)`

			`// Mark node as intialized. We should still be abe to validate`
Fix tests and linting (#370) * Fix license integration test * Fix build tags in lint config * Fix missing error checks * Fix use of MarkNodeAsInitialized * Fix attestation tests * Add license integration test to cmake list 2022-08-17 13:50:43 +02:00			`assert.NoError(vtpm.MarkNodeAsBootstrapped(vtpm.OpenVTPM, []byte("Test")))`
monorepo Co-authored-by: Malte Poll <mp@edgeless.systems> Co-authored-by: katexochen <katexochen@users.noreply.github.com> Co-authored-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems> Co-authored-by: Benedict Schlueter <bs@edgeless.systems> Co-authored-by: leongross <leon.gross@rub.de> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> 2022-03-22 16:03:15 +01:00
			`attDocRaw, err = issuer.Issue(challenge, nonce)`
			`assert.NoError(err)`

			`// Make sure the PCR changed`
			`err = json.Unmarshal(attDocRaw, &attDoc)`
			`require.NoError(err)`
			`assert.NotEqual(originalPCR, attDoc.Attestation.Quotes[1].Pcrs.Pcrs[uint32(vtpm.PCRIndexOwnerID)])`

			`out, err = validator.Validate(attDocRaw, nonce)`
			`require.NoError(err)`
			`assert.Equal(challenge, out)`
			`}`