2022-09-05 09:06:08 +02:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
|
|
|
|
2022-08-31 20:10:49 +02:00
|
|
|
package snp
|
2022-03-22 16:03:15 +01:00
|
|
|
|
|
|
|
import (
|
2022-08-19 12:26:29 +02:00
|
|
|
"context"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"io"
|
2022-03-22 16:03:15 +01:00
|
|
|
"testing"
|
|
|
|
|
2023-10-30 12:31:42 +01:00
|
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/snp"
|
2023-03-21 12:46:49 +01:00
|
|
|
"github.com/edgelesssys/go-azguestattestation/maa"
|
2022-03-22 16:03:15 +01:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestGetSNPAttestation(t *testing.T) {
|
|
|
|
testCases := map[string]struct {
|
2023-03-21 12:46:49 +01:00
|
|
|
maaURL string
|
|
|
|
maaToken string
|
2022-08-19 12:26:29 +02:00
|
|
|
apiError error
|
2023-03-21 12:46:49 +01:00
|
|
|
tokenErr error
|
|
|
|
paramsErr error
|
2022-08-19 12:26:29 +02:00
|
|
|
wantErr bool
|
2022-03-22 16:03:15 +01:00
|
|
|
}{
|
2023-03-21 12:46:49 +01:00
|
|
|
"success without maa": {
|
|
|
|
wantErr: false,
|
2022-08-19 12:26:29 +02:00
|
|
|
},
|
2023-03-21 12:46:49 +01:00
|
|
|
"success with maa": {
|
|
|
|
maaURL: "maaurl",
|
|
|
|
maaToken: "maatoken",
|
|
|
|
wantErr: false,
|
2022-08-19 12:26:29 +02:00
|
|
|
},
|
2023-03-21 12:46:49 +01:00
|
|
|
"api fails": {
|
2022-08-19 12:26:29 +02:00
|
|
|
apiError: errors.New(""),
|
|
|
|
wantErr: true,
|
2022-03-22 16:03:15 +01:00
|
|
|
},
|
2023-03-21 12:46:49 +01:00
|
|
|
"createToken fails": {
|
|
|
|
maaURL: "maaurl",
|
|
|
|
tokenErr: errors.New(""),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
|
|
|
"newParameters fails": {
|
|
|
|
paramsErr: errors.New(""),
|
|
|
|
wantErr: true,
|
|
|
|
},
|
2022-03-22 16:03:15 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
for name, tc := range testCases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
assert := assert.New(t)
|
|
|
|
require := require.New(t)
|
|
|
|
|
2022-08-19 12:26:29 +02:00
|
|
|
imdsClient := stubImdsClient{
|
2023-03-21 12:46:49 +01:00
|
|
|
maaURL: tc.maaURL,
|
|
|
|
apiError: tc.apiError,
|
|
|
|
}
|
|
|
|
|
|
|
|
params := maa.Parameters{
|
|
|
|
SNPReport: []byte("snpreport"),
|
|
|
|
RuntimeData: []byte("runtimedata"),
|
|
|
|
VcekCert: []byte("vcekcert"),
|
|
|
|
VcekChain: []byte("vcekchain"),
|
|
|
|
}
|
|
|
|
|
|
|
|
maa := &stubMaaTokenCreator{
|
|
|
|
token: tc.maaToken,
|
|
|
|
tokenErr: tc.tokenErr,
|
|
|
|
params: params,
|
|
|
|
paramsErr: tc.paramsErr,
|
2022-08-19 12:26:29 +02:00
|
|
|
}
|
2023-03-21 12:46:49 +01:00
|
|
|
|
|
|
|
issuer := Issuer{
|
|
|
|
imds: imdsClient,
|
|
|
|
maa: maa,
|
2022-08-19 12:26:29 +02:00
|
|
|
}
|
2022-08-31 20:10:49 +02:00
|
|
|
|
2023-03-21 12:46:49 +01:00
|
|
|
data := []byte("data")
|
|
|
|
|
|
|
|
attestationJSON, err := issuer.getInstanceInfo(context.Background(), nil, data)
|
2022-04-26 16:54:05 +02:00
|
|
|
if tc.wantErr {
|
2022-03-22 16:03:15 +01:00
|
|
|
assert.Error(err)
|
2022-08-19 12:26:29 +02:00
|
|
|
return
|
|
|
|
}
|
2023-03-21 12:46:49 +01:00
|
|
|
require.NoError(err)
|
|
|
|
|
|
|
|
assert.Equal(data, maa.gotParamsData)
|
|
|
|
if tc.maaURL == "" {
|
|
|
|
assert.Empty(maa.gotTokenData)
|
|
|
|
} else {
|
|
|
|
assert.Equal(data, maa.gotTokenData)
|
|
|
|
}
|
2022-08-19 12:26:29 +02:00
|
|
|
|
2023-10-30 12:31:42 +01:00
|
|
|
var instanceInfo snp.InstanceInfo
|
2022-10-05 15:02:46 +02:00
|
|
|
err = json.Unmarshal(attestationJSON, &instanceInfo)
|
2023-03-21 12:46:49 +01:00
|
|
|
require.NoError(err)
|
2022-08-19 12:26:29 +02:00
|
|
|
|
2023-11-07 15:19:31 +01:00
|
|
|
assert.Equal(params.VcekCert, instanceInfo.ReportSigner)
|
2023-03-21 12:46:49 +01:00
|
|
|
assert.Equal(params.VcekChain, instanceInfo.CertChain)
|
|
|
|
assert.Equal(params.SNPReport, instanceInfo.AttestationReport)
|
2023-11-07 15:19:31 +01:00
|
|
|
assert.Equal(params.RuntimeData, instanceInfo.Azure.RuntimeData)
|
|
|
|
assert.Equal(tc.maaToken, instanceInfo.Azure.MAAToken)
|
2022-03-22 16:03:15 +01:00
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2022-08-19 12:26:29 +02:00
|
|
|
|
|
|
|
type stubImdsClient struct {
|
2023-03-21 12:46:49 +01:00
|
|
|
maaURL string
|
|
|
|
apiError error
|
2022-08-19 12:26:29 +02:00
|
|
|
}
|
|
|
|
|
2023-03-21 12:46:49 +01:00
|
|
|
func (c stubImdsClient) getMAAURL(_ context.Context) (string, error) {
|
|
|
|
return c.maaURL, c.apiError
|
|
|
|
}
|
2022-08-19 12:26:29 +02:00
|
|
|
|
2023-03-21 12:46:49 +01:00
|
|
|
type stubMaaTokenCreator struct {
|
|
|
|
token string
|
|
|
|
tokenErr error
|
|
|
|
gotTokenData []byte
|
|
|
|
|
|
|
|
params maa.Parameters
|
|
|
|
paramsErr error
|
|
|
|
gotParamsData []byte
|
2022-08-19 12:26:29 +02:00
|
|
|
}
|
|
|
|
|
2023-03-21 12:46:49 +01:00
|
|
|
func (s *stubMaaTokenCreator) newParameters(_ context.Context, data []byte, _ io.ReadWriter) (maa.Parameters, error) {
|
|
|
|
s.gotParamsData = data
|
|
|
|
return s.params, s.paramsErr
|
2022-08-19 12:26:29 +02:00
|
|
|
}
|
|
|
|
|
2023-03-21 12:46:49 +01:00
|
|
|
func (s *stubMaaTokenCreator) createToken(_ context.Context, _ io.ReadWriter, _ string, data []byte, _ maa.Parameters) (string, error) {
|
|
|
|
s.gotTokenData = data
|
|
|
|
return s.token, s.tokenErr
|
2022-08-19 12:26:29 +02:00
|
|
|
}
|