2023-05-25 12:43:44 -04:00
|
|
|
/*
|
|
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
*/
|
2023-06-07 10:16:32 -04:00
|
|
|
package attestationconfigapi
|
2023-05-25 12:43:44 -04:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"context"
|
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
2023-06-12 10:04:54 -04:00
|
|
|
"fmt"
|
2023-05-25 12:43:44 -04:00
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"testing"
|
2023-06-09 06:48:12 -04:00
|
|
|
"time"
|
2023-05-25 12:43:44 -04:00
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
2023-06-01 07:55:46 -04:00
|
|
|
func TestFetchLatestAzureSEVSNPVersion(t *testing.T) {
|
2023-06-12 10:04:54 -04:00
|
|
|
now := time.Date(2023, 6, 12, 0, 0, 0, 0, time.UTC)
|
|
|
|
latestStr := "2023-06-11-14-09.json"
|
|
|
|
olderStr := "2019-01-01-01-01.json"
|
2023-06-01 07:55:46 -04:00
|
|
|
testcases := map[string]struct {
|
2023-06-09 06:48:12 -04:00
|
|
|
fetcherVersions []string
|
|
|
|
timeAtTest time.Time
|
|
|
|
wantErr bool
|
|
|
|
want AzureSEVSNPVersionAPI
|
2023-06-01 07:55:46 -04:00
|
|
|
}{
|
2023-06-09 06:48:12 -04:00
|
|
|
"get latest version if older than 2 weeks": {
|
2023-06-12 10:04:54 -04:00
|
|
|
fetcherVersions: []string{latestStr, olderStr},
|
2023-06-09 06:48:12 -04:00
|
|
|
timeAtTest: now.Add(days(15)),
|
|
|
|
want: latestVersion,
|
|
|
|
},
|
|
|
|
"get older version if latest version is not older than minimum age": {
|
2023-06-12 10:04:54 -04:00
|
|
|
fetcherVersions: []string{"2023-06-11-14-09.json", "2019-01-01-01-01.json"},
|
2023-06-09 06:48:12 -04:00
|
|
|
timeAtTest: now.Add(days(7)),
|
|
|
|
want: olderVersion,
|
2023-06-01 07:55:46 -04:00
|
|
|
},
|
2023-06-09 06:48:12 -04:00
|
|
|
"fail when no version is older minimum age": {
|
2023-06-12 10:04:54 -04:00
|
|
|
fetcherVersions: []string{"2021-02-21-01-01.json", "2021-02-20-00-00.json"},
|
2023-06-09 06:48:12 -04:00
|
|
|
timeAtTest: now.Add(days(2)),
|
|
|
|
wantErr: true,
|
2023-06-01 07:55:46 -04:00
|
|
|
},
|
|
|
|
}
|
|
|
|
for name, tc := range testcases {
|
|
|
|
t.Run(name, func(t *testing.T) {
|
|
|
|
client := &http.Client{
|
|
|
|
Transport: &fakeConfigAPIHandler{
|
2023-06-12 10:04:54 -04:00
|
|
|
versions: tc.fetcherVersions,
|
|
|
|
latestVersion: latestStr,
|
|
|
|
olderVersion: olderStr,
|
2023-06-01 07:55:46 -04:00
|
|
|
},
|
|
|
|
}
|
2023-06-09 06:48:12 -04:00
|
|
|
fetcher := newFetcherWithClientAndVerifier(client, dummyVerifier{})
|
|
|
|
res, err := fetcher.FetchAzureSEVSNPVersionLatest(context.Background(), tc.timeAtTest)
|
2023-06-01 07:55:46 -04:00
|
|
|
assert := assert.New(t)
|
|
|
|
if tc.wantErr {
|
|
|
|
assert.Error(err)
|
|
|
|
} else {
|
|
|
|
assert.NoError(err)
|
2023-06-09 06:48:12 -04:00
|
|
|
assert.Equal(tc.want, res)
|
2023-06-01 07:55:46 -04:00
|
|
|
}
|
|
|
|
})
|
2023-05-25 12:43:44 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-06-09 06:48:12 -04:00
|
|
|
var latestVersion = AzureSEVSNPVersionAPI{
|
|
|
|
AzureSEVSNPVersion: AzureSEVSNPVersion{
|
|
|
|
Microcode: 93,
|
|
|
|
TEE: 0,
|
|
|
|
SNP: 6,
|
|
|
|
Bootloader: 2,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
var olderVersion = AzureSEVSNPVersionAPI{
|
|
|
|
AzureSEVSNPVersion: AzureSEVSNPVersion{
|
|
|
|
Microcode: 1,
|
|
|
|
TEE: 0,
|
|
|
|
SNP: 1,
|
|
|
|
Bootloader: 1,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
func days(days int) time.Duration {
|
|
|
|
return time.Duration(days*24) * time.Hour
|
|
|
|
}
|
|
|
|
|
2023-06-01 07:55:46 -04:00
|
|
|
type fakeConfigAPIHandler struct {
|
2023-06-12 10:04:54 -04:00
|
|
|
versions []string
|
|
|
|
latestVersion string
|
|
|
|
olderVersion string
|
2023-06-01 07:55:46 -04:00
|
|
|
}
|
2023-05-25 12:43:44 -04:00
|
|
|
|
|
|
|
// RoundTrip resolves the request and returns a dummy response.
|
|
|
|
func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, error) {
|
2023-06-09 06:48:12 -04:00
|
|
|
signature := []byte("placeholderSignature")
|
2023-05-25 12:43:44 -04:00
|
|
|
if req.URL.Path == "/constellation/v1/attestation/azure-sev-snp/list" {
|
|
|
|
res := &http.Response{}
|
2023-06-09 06:48:12 -04:00
|
|
|
bt, err := json.Marshal(f.versions)
|
2023-05-25 12:43:44 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
res.Body = io.NopCloser(bytes.NewReader(bt))
|
|
|
|
res.Header = http.Header{}
|
|
|
|
res.Header.Set("Content-Type", "application/json")
|
|
|
|
res.StatusCode = http.StatusOK
|
|
|
|
return res, nil
|
2023-06-12 10:04:54 -04:00
|
|
|
} else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/azure-sev-snp/%s", f.latestVersion) {
|
2023-05-25 12:43:44 -04:00
|
|
|
res := &http.Response{}
|
2023-06-09 06:48:12 -04:00
|
|
|
bt, err := json.Marshal(latestVersion)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
res.Body = io.NopCloser(bytes.NewReader(bt))
|
|
|
|
res.StatusCode = http.StatusOK
|
|
|
|
return res, nil
|
|
|
|
|
2023-06-12 10:04:54 -04:00
|
|
|
} else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/azure-sev-snp/%s", f.olderVersion) {
|
2023-06-09 06:48:12 -04:00
|
|
|
res := &http.Response{}
|
|
|
|
bt, err := json.Marshal(olderVersion)
|
2023-05-25 12:43:44 -04:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
res.Body = io.NopCloser(bytes.NewReader(bt))
|
|
|
|
res.StatusCode = http.StatusOK
|
|
|
|
return res, nil
|
|
|
|
|
2023-06-12 10:04:54 -04:00
|
|
|
} else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/azure-sev-snp/%s.sig", f.latestVersion) {
|
2023-06-01 07:55:46 -04:00
|
|
|
res := &http.Response{}
|
2023-06-07 10:16:32 -04:00
|
|
|
obj := AzureSEVSNPVersionSignature{
|
2023-06-09 06:48:12 -04:00
|
|
|
Signature: signature,
|
|
|
|
}
|
|
|
|
bt, err := json.Marshal(obj)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
res.Body = io.NopCloser(bytes.NewReader(bt))
|
|
|
|
res.StatusCode = http.StatusOK
|
|
|
|
return res, nil
|
|
|
|
|
2023-06-12 10:04:54 -04:00
|
|
|
} else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/azure-sev-snp/%s.sig", f.olderVersion) {
|
2023-06-09 06:48:12 -04:00
|
|
|
res := &http.Response{}
|
|
|
|
obj := AzureSEVSNPVersionSignature{
|
|
|
|
Signature: signature,
|
2023-06-05 10:10:44 -04:00
|
|
|
}
|
|
|
|
bt, err := json.Marshal(obj)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
res.Body = io.NopCloser(bytes.NewReader(bt))
|
2023-06-01 07:55:46 -04:00
|
|
|
res.StatusCode = http.StatusOK
|
|
|
|
return res, nil
|
|
|
|
|
2023-05-25 12:43:44 -04:00
|
|
|
}
|
|
|
|
return nil, errors.New("no endpoint found")
|
|
|
|
}
|
2023-06-09 06:48:12 -04:00
|
|
|
|
|
|
|
type dummyVerifier struct{}
|
|
|
|
|
|
|
|
func (s dummyVerifier) VerifySignature(_, _, _ []byte) error {
|
|
|
|
return nil
|
|
|
|
}
|