1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <string> 18 19 #include <base/bind.h> 20 #include <base/callback.h> 21 #include <base/message_loop/message_loop.h> 22 #include <base/run_loop.h> 23 #include <brillo/bind_lambda.h> 24 #include <brillo/data_encoding.h> 25 #include <brillo/http/http_transport_fake.h> 26 #include <brillo/mime_utils.h> 27 #include <gmock/gmock.h> 28 #include <gtest/gtest.h> 29 30 #include "attestation/common/attestation_ca.pb.h" 31 #include "attestation/common/mock_crypto_utility.h" 32 #include "attestation/common/mock_tpm_utility.h" 33 #include "attestation/server/attestation_service.h" 34 #include "attestation/server/mock_database.h" 35 #include "attestation/server/mock_key_store.h" 36 37 using brillo::http::fake::ServerRequest; 38 using brillo::http::fake::ServerResponse; 39 using testing::_; 40 using testing::DoAll; 41 using testing::NiceMock; 42 using testing::Return; 43 using testing::ReturnRef; 44 using testing::SetArgumentPointee; 45 46 namespace attestation { 47 48 class AttestationServiceTest : public testing::Test { 49 public: 50 enum FakeCAState { 51 kSuccess, // Valid successful response. 52 kCommandFailure, // Valid error response. 53 kHttpFailure, // Responds with an HTTP error. 54 kBadMessageID, // Valid successful response but a message ID mismatch. 55 }; 56 57 ~AttestationServiceTest() override = default; 58 void SetUp() override { 59 service_.reset(new AttestationService); 60 service_->set_database(&mock_database_); 61 service_->set_crypto_utility(&mock_crypto_utility_); 62 fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>(); 63 service_->set_http_transport(fake_http_transport_); 64 service_->set_key_store(&mock_key_store_); 65 service_->set_tpm_utility(&mock_tpm_utility_); 66 // Setup a fake wrapped EK certificate by default. 67 mock_database_.GetMutableProtobuf()->mutable_credentials()-> 68 mutable_default_encrypted_endorsement_credential()-> 69 set_wrapping_key_id("default"); 70 // Setup a fake Attestation CA for success by default. 71 SetupFakeCAEnroll(kSuccess); 72 SetupFakeCASign(kSuccess); 73 CHECK(service_->Initialize()); 74 } 75 76 protected: 77 void SetupFakeCAEnroll(FakeCAState state) { 78 fake_http_transport_->AddHandler( 79 service_->attestation_ca_origin() + "/enroll", 80 brillo::http::request_type::kPost, 81 base::Bind(&AttestationServiceTest::FakeCAEnroll, 82 base::Unretained(this), 83 state)); 84 } 85 86 void SetupFakeCASign(FakeCAState state) { 87 fake_http_transport_->AddHandler( 88 service_->attestation_ca_origin() + "/sign", 89 brillo::http::request_type::kPost, 90 base::Bind(&AttestationServiceTest::FakeCASign, 91 base::Unretained(this), 92 state)); 93 } 94 95 std::string GetFakeCertificateChain() { 96 const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n"; 97 const std::string kEndCertificate = "-----END CERTIFICATE-----"; 98 std::string pem = kBeginCertificate; 99 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert"); 100 pem += kEndCertificate + "\n" + kBeginCertificate; 101 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert"); 102 pem += kEndCertificate + "\n" + kBeginCertificate; 103 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2"); 104 pem += kEndCertificate; 105 return pem; 106 } 107 108 CreateGoogleAttestedKeyRequest GetCreateRequest() { 109 CreateGoogleAttestedKeyRequest request; 110 request.set_key_label("label"); 111 request.set_key_type(KEY_TYPE_ECC); 112 request.set_key_usage(KEY_USAGE_SIGN); 113 request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE); 114 request.set_username("user"); 115 request.set_origin("origin"); 116 return request; 117 } 118 119 void Run() { 120 run_loop_.Run(); 121 } 122 123 void RunUntilIdle() { 124 run_loop_.RunUntilIdle(); 125 } 126 127 void Quit() { 128 run_loop_.Quit(); 129 } 130 131 std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_; 132 NiceMock<MockCryptoUtility> mock_crypto_utility_; 133 NiceMock<MockDatabase> mock_database_; 134 NiceMock<MockKeyStore> mock_key_store_; 135 NiceMock<MockTpmUtility> mock_tpm_utility_; 136 std::unique_ptr<AttestationService> service_; 137 138 private: 139 void FakeCAEnroll(FakeCAState state, 140 const ServerRequest& request, 141 ServerResponse* response) { 142 AttestationEnrollmentRequest request_pb; 143 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString())); 144 if (state == kHttpFailure) { 145 response->ReplyText(brillo::http::status_code::NotFound, std::string(), 146 brillo::mime::application::kOctet_stream); 147 return; 148 } 149 AttestationEnrollmentResponse response_pb; 150 if (state == kCommandFailure) { 151 response_pb.set_status(SERVER_ERROR); 152 response_pb.set_detail("fake_enroll_error"); 153 } else if (state == kSuccess) { 154 response_pb.set_status(OK); 155 response_pb.set_detail(""); 156 response_pb.mutable_encrypted_identity_credential()-> 157 set_asym_ca_contents("1234"); 158 response_pb.mutable_encrypted_identity_credential()-> 159 set_sym_ca_attestation("5678"); 160 } else { 161 NOTREACHED(); 162 } 163 std::string tmp; 164 response_pb.SerializeToString(&tmp); 165 response->ReplyText(brillo::http::status_code::Ok, tmp, 166 brillo::mime::application::kOctet_stream); 167 } 168 169 void FakeCASign(FakeCAState state, 170 const ServerRequest& request, 171 ServerResponse* response) { 172 AttestationCertificateRequest request_pb; 173 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString())); 174 if (state == kHttpFailure) { 175 response->ReplyText(brillo::http::status_code::NotFound, std::string(), 176 brillo::mime::application::kOctet_stream); 177 return; 178 } 179 AttestationCertificateResponse response_pb; 180 if (state == kCommandFailure) { 181 response_pb.set_status(SERVER_ERROR); 182 response_pb.set_detail("fake_sign_error"); 183 } else if (state == kSuccess || state == kBadMessageID) { 184 response_pb.set_status(OK); 185 response_pb.set_detail(""); 186 if (state == kSuccess) { 187 response_pb.set_message_id(request_pb.message_id()); 188 } 189 response_pb.set_certified_key_credential("fake_cert"); 190 response_pb.set_intermediate_ca_cert("fake_ca_cert"); 191 *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 192 } 193 std::string tmp; 194 response_pb.SerializeToString(&tmp); 195 response->ReplyText(brillo::http::status_code::Ok, tmp, 196 brillo::mime::application::kOctet_stream); 197 } 198 199 base::MessageLoop message_loop_; 200 base::RunLoop run_loop_; 201 }; 202 203 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) { 204 // Set expectations on the outputs. 205 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 206 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 207 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain()); 208 EXPECT_FALSE(reply.has_server_error()); 209 Quit(); 210 }; 211 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 212 Run(); 213 } 214 215 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) { 216 // Set expectations on the outputs. 217 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 218 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 219 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain()); 220 EXPECT_FALSE(reply.has_server_error()); 221 Quit(); 222 }; 223 CreateGoogleAttestedKeyRequest request = GetCreateRequest(); 224 request.clear_username(); 225 service_->CreateGoogleAttestedKey(request, base::Bind(callback)); 226 Run(); 227 } 228 229 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) { 230 SetupFakeCAEnroll(kHttpFailure); 231 // Set expectations on the outputs. 232 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 233 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status()); 234 EXPECT_FALSE(reply.has_certificate_chain()); 235 EXPECT_EQ("", reply.server_error()); 236 Quit(); 237 }; 238 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 239 Run(); 240 } 241 242 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) { 243 SetupFakeCASign(kHttpFailure); 244 // Set expectations on the outputs. 245 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 246 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status()); 247 EXPECT_FALSE(reply.has_certificate_chain()); 248 EXPECT_EQ("", reply.server_error()); 249 Quit(); 250 }; 251 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 252 Run(); 253 } 254 255 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) { 256 SetupFakeCAEnroll(kCommandFailure); 257 // Set expectations on the outputs. 258 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 259 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status()); 260 EXPECT_FALSE(reply.has_certificate_chain()); 261 EXPECT_EQ("fake_enroll_error", reply.server_error()); 262 Quit(); 263 }; 264 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 265 Run(); 266 } 267 268 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) { 269 SetupFakeCASign(kCommandFailure); 270 // Set expectations on the outputs. 271 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 272 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status()); 273 EXPECT_FALSE(reply.has_certificate_chain()); 274 EXPECT_EQ("fake_sign_error", reply.server_error()); 275 Quit(); 276 }; 277 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 278 Run(); 279 } 280 281 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) { 282 SetupFakeCASign(kBadMessageID); 283 // Set expectations on the outputs. 284 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 285 EXPECT_NE(STATUS_SUCCESS, reply.status()); 286 EXPECT_FALSE(reply.has_certificate_chain()); 287 EXPECT_EQ("", reply.server_error()); 288 Quit(); 289 }; 290 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 291 Run(); 292 } 293 294 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) { 295 // Remove the default credential setup. 296 mock_database_.GetMutableProtobuf()->clear_credentials(); 297 // Set expectations on the outputs. 298 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 299 EXPECT_NE(STATUS_SUCCESS, reply.status()); 300 EXPECT_FALSE(reply.has_certificate_chain()); 301 EXPECT_EQ("", reply.server_error()); 302 Quit(); 303 }; 304 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 305 Run(); 306 } 307 308 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) { 309 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) 310 .WillRepeatedly(Return(false)); 311 // Set expectations on the outputs. 312 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 313 EXPECT_NE(STATUS_SUCCESS, reply.status()); 314 EXPECT_FALSE(reply.has_certificate_chain()); 315 EXPECT_EQ("", reply.server_error()); 316 Quit(); 317 }; 318 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 319 Run(); 320 } 321 322 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) { 323 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) 324 .WillOnce(Return(true)) 325 .WillRepeatedly(Return(false)); 326 // Set expectations on the outputs. 327 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 328 EXPECT_NE(STATUS_SUCCESS, reply.status()); 329 EXPECT_FALSE(reply.has_certificate_chain()); 330 EXPECT_EQ("", reply.server_error()); 331 Quit(); 332 }; 333 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 334 Run(); 335 } 336 337 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) { 338 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 339 // Set expectations on the outputs. 340 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 341 EXPECT_NE(STATUS_SUCCESS, reply.status()); 342 EXPECT_FALSE(reply.has_certificate_chain()); 343 EXPECT_EQ("", reply.server_error()); 344 Quit(); 345 }; 346 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 347 Run(); 348 } 349 350 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) { 351 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 352 // Set expectations on the outputs. 353 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 354 EXPECT_NE(STATUS_SUCCESS, reply.status()); 355 EXPECT_FALSE(reply.has_certificate_chain()); 356 EXPECT_EQ("", reply.server_error()); 357 Quit(); 358 }; 359 CreateGoogleAttestedKeyRequest request = GetCreateRequest(); 360 request.clear_username(); 361 service_->CreateGoogleAttestedKey(request, base::Bind(callback)); 362 Run(); 363 } 364 365 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) { 366 EXPECT_CALL(mock_key_store_, Write(_, _, _)) 367 .WillRepeatedly(Return(false)); 368 // Set expectations on the outputs. 369 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 370 EXPECT_NE(STATUS_SUCCESS, reply.status()); 371 EXPECT_FALSE(reply.has_certificate_chain()); 372 EXPECT_EQ("", reply.server_error()); 373 Quit(); 374 }; 375 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 376 Run(); 377 } 378 379 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) { 380 EXPECT_CALL(mock_tpm_utility_, IsTpmReady()) 381 .WillRepeatedly(Return(false)); 382 // Set expectations on the outputs. 383 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 384 EXPECT_NE(STATUS_SUCCESS, reply.status()); 385 EXPECT_FALSE(reply.has_certificate_chain()); 386 EXPECT_EQ("", reply.server_error()); 387 Quit(); 388 }; 389 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 390 Run(); 391 } 392 393 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) { 394 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _)) 395 .WillRepeatedly(Return(false)); 396 // Set expectations on the outputs. 397 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 398 EXPECT_NE(STATUS_SUCCESS, reply.status()); 399 EXPECT_FALSE(reply.has_certificate_chain()); 400 EXPECT_EQ("", reply.server_error()); 401 Quit(); 402 }; 403 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 404 Run(); 405 } 406 407 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) { 408 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _)) 409 .WillRepeatedly(Return(false)); 410 // Set expectations on the outputs. 411 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 412 EXPECT_NE(STATUS_SUCCESS, reply.status()); 413 EXPECT_FALSE(reply.has_certificate_chain()); 414 EXPECT_EQ("", reply.server_error()); 415 Quit(); 416 }; 417 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 418 Run(); 419 } 420 421 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) { 422 // Set expectations on the outputs. 423 int callback_count = 0; 424 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) { 425 callback_count++; 426 }; 427 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 428 // Bring down the service, which should cancel any callbacks. 429 service_.reset(); 430 EXPECT_EQ(0, callback_count); 431 } 432 433 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) { 434 // Set expectations on the outputs. 435 int callback_count = 0; 436 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) { 437 callback_count++; 438 }; 439 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 440 // Give threads a chance to run. 441 base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10)); 442 // Bring down the service, which should cancel any callbacks. 443 service_.reset(); 444 // Pump the loop to make sure no callbacks were posted. 445 RunUntilIdle(); 446 EXPECT_EQ(0, callback_count); 447 } 448 449 TEST_F(AttestationServiceTest, GetKeyInfoSuccess) { 450 // Setup a certified key in the key store. 451 CertifiedKey key; 452 key.set_public_key("public_key"); 453 key.set_certified_key_credential("fake_cert"); 454 key.set_intermediate_ca_cert("fake_ca_cert"); 455 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 456 key.set_key_name("label"); 457 key.set_certified_key_info("certify_info"); 458 key.set_certified_key_proof("signature"); 459 key.set_key_type(KEY_TYPE_RSA); 460 key.set_key_usage(KEY_USAGE_SIGN); 461 std::string key_bytes; 462 key.SerializeToString(&key_bytes); 463 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 464 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 465 466 // Set expectations on the outputs. 467 auto callback = [this](const GetKeyInfoReply& reply) { 468 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 469 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type()); 470 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage()); 471 EXPECT_EQ("public_key", reply.public_key()); 472 EXPECT_EQ("certify_info", reply.certify_info()); 473 EXPECT_EQ("signature", reply.certify_info_signature()); 474 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate()); 475 Quit(); 476 }; 477 GetKeyInfoRequest request; 478 request.set_key_label("label"); 479 request.set_username("user"); 480 service_->GetKeyInfo(request, base::Bind(callback)); 481 Run(); 482 } 483 484 TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) { 485 // Setup a certified key in the device key store. 486 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys(); 487 key.set_public_key("public_key"); 488 key.set_certified_key_credential("fake_cert"); 489 key.set_intermediate_ca_cert("fake_ca_cert"); 490 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 491 key.set_key_name("label"); 492 key.set_certified_key_info("certify_info"); 493 key.set_certified_key_proof("signature"); 494 key.set_key_type(KEY_TYPE_RSA); 495 key.set_key_usage(KEY_USAGE_SIGN); 496 497 // Set expectations on the outputs. 498 auto callback = [this](const GetKeyInfoReply& reply) { 499 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 500 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type()); 501 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage()); 502 EXPECT_EQ("public_key", reply.public_key()); 503 EXPECT_EQ("certify_info", reply.certify_info()); 504 EXPECT_EQ("signature", reply.certify_info_signature()); 505 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate()); 506 Quit(); 507 }; 508 GetKeyInfoRequest request; 509 request.set_key_label("label"); 510 service_->GetKeyInfo(request, base::Bind(callback)); 511 Run(); 512 } 513 514 TEST_F(AttestationServiceTest, GetKeyInfoNoKey) { 515 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 516 .WillRepeatedly(Return(false)); 517 518 // Set expectations on the outputs. 519 auto callback = [this](const GetKeyInfoReply& reply) { 520 EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status()); 521 Quit(); 522 }; 523 GetKeyInfoRequest request; 524 request.set_key_label("label"); 525 request.set_username("user"); 526 service_->GetKeyInfo(request, base::Bind(callback)); 527 Run(); 528 } 529 530 TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) { 531 EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _)) 532 .WillRepeatedly(Return(false)); 533 534 // Set expectations on the outputs. 535 auto callback = [this](const GetKeyInfoReply& reply) { 536 EXPECT_NE(STATUS_SUCCESS, reply.status()); 537 Quit(); 538 }; 539 GetKeyInfoRequest request; 540 request.set_key_label("label"); 541 request.set_username("user"); 542 service_->GetKeyInfo(request, base::Bind(callback)); 543 Run(); 544 } 545 546 TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) { 547 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 548 database->mutable_credentials()->set_endorsement_public_key("public_key"); 549 database->mutable_credentials()->set_endorsement_credential("certificate"); 550 // Set expectations on the outputs. 551 auto callback = [this](const GetEndorsementInfoReply& reply) { 552 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 553 EXPECT_EQ("public_key", reply.ek_public_key()); 554 EXPECT_EQ("certificate", reply.ek_certificate()); 555 Quit(); 556 }; 557 GetEndorsementInfoRequest request; 558 request.set_key_type(KEY_TYPE_RSA); 559 service_->GetEndorsementInfo(request, base::Bind(callback)); 560 Run(); 561 } 562 563 TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) { 564 // Set expectations on the outputs. 565 auto callback = [this](const GetEndorsementInfoReply& reply) { 566 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status()); 567 EXPECT_FALSE(reply.has_ek_public_key()); 568 EXPECT_FALSE(reply.has_ek_certificate()); 569 Quit(); 570 }; 571 GetEndorsementInfoRequest request; 572 request.set_key_type(KEY_TYPE_RSA); 573 service_->GetEndorsementInfo(request, base::Bind(callback)); 574 Run(); 575 } 576 577 TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) { 578 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 579 database->mutable_credentials()->set_endorsement_public_key("public_key"); 580 // Set expectations on the outputs. 581 auto callback = [this](const GetEndorsementInfoReply& reply) { 582 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 583 EXPECT_EQ("public_key", reply.ek_public_key()); 584 EXPECT_FALSE(reply.has_ek_certificate()); 585 Quit(); 586 }; 587 GetEndorsementInfoRequest request; 588 request.set_key_type(KEY_TYPE_RSA); 589 service_->GetEndorsementInfo(request, base::Bind(callback)); 590 Run(); 591 } 592 593 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) { 594 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 595 database->mutable_identity_key()->set_identity_public_key("public_key"); 596 database->mutable_identity_key()->set_identity_credential("certificate"); 597 database->mutable_pcr0_quote()->set_quote("pcr0"); 598 database->mutable_pcr1_quote()->set_quote("pcr1"); 599 database->mutable_identity_binding()->set_identity_public_key("public_key2"); 600 // Set expectations on the outputs. 601 auto callback = [this](const GetAttestationKeyInfoReply& reply) { 602 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 603 EXPECT_EQ("public_key", reply.public_key()); 604 EXPECT_EQ("public_key2", reply.public_key_tpm_format()); 605 EXPECT_EQ("certificate", reply.certificate()); 606 EXPECT_EQ("pcr0", reply.pcr0_quote().quote()); 607 EXPECT_EQ("pcr1", reply.pcr1_quote().quote()); 608 Quit(); 609 }; 610 GetAttestationKeyInfoRequest request; 611 request.set_key_type(KEY_TYPE_RSA); 612 service_->GetAttestationKeyInfo(request, base::Bind(callback)); 613 Run(); 614 } 615 616 TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) { 617 // Set expectations on the outputs. 618 auto callback = [this](const GetAttestationKeyInfoReply& reply) { 619 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status()); 620 EXPECT_FALSE(reply.has_public_key()); 621 EXPECT_FALSE(reply.has_public_key_tpm_format()); 622 EXPECT_FALSE(reply.has_certificate()); 623 EXPECT_FALSE(reply.has_pcr0_quote()); 624 EXPECT_FALSE(reply.has_pcr1_quote()); 625 Quit(); 626 }; 627 GetAttestationKeyInfoRequest request; 628 request.set_key_type(KEY_TYPE_RSA); 629 service_->GetAttestationKeyInfo(request, base::Bind(callback)); 630 Run(); 631 } 632 633 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) { 634 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 635 database->mutable_identity_key()->set_identity_credential("certificate"); 636 database->mutable_pcr1_quote()->set_quote("pcr1"); 637 // Set expectations on the outputs. 638 auto callback = [this](const GetAttestationKeyInfoReply& reply) { 639 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 640 EXPECT_FALSE(reply.has_public_key()); 641 EXPECT_FALSE(reply.has_public_key_tpm_format()); 642 EXPECT_EQ("certificate", reply.certificate()); 643 EXPECT_FALSE(reply.has_pcr0_quote()); 644 EXPECT_EQ("pcr1", reply.pcr1_quote().quote()); 645 Quit(); 646 }; 647 GetAttestationKeyInfoRequest request; 648 request.set_key_type(KEY_TYPE_RSA); 649 service_->GetAttestationKeyInfo(request, base::Bind(callback)); 650 Run(); 651 } 652 653 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) { 654 EXPECT_CALL(mock_database_, SaveChanges()).Times(1); 655 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1", 656 "encrypted2", _)) 657 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")), 658 Return(true))); 659 // Set expectations on the outputs. 660 auto callback = [this](const ActivateAttestationKeyReply& reply) { 661 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 662 EXPECT_EQ("certificate", reply.certificate()); 663 Quit(); 664 }; 665 ActivateAttestationKeyRequest request; 666 request.set_key_type(KEY_TYPE_RSA); 667 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 668 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 669 request.set_save_certificate(true); 670 service_->ActivateAttestationKey(request, base::Bind(callback)); 671 Run(); 672 } 673 674 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) { 675 EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0); 676 EXPECT_CALL(mock_database_, SaveChanges()).Times(0); 677 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1", 678 "encrypted2", _)) 679 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")), 680 Return(true))); 681 // Set expectations on the outputs. 682 auto callback = [this](const ActivateAttestationKeyReply& reply) { 683 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 684 EXPECT_EQ("certificate", reply.certificate()); 685 Quit(); 686 }; 687 ActivateAttestationKeyRequest request; 688 request.set_key_type(KEY_TYPE_RSA); 689 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 690 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 691 request.set_save_certificate(false); 692 service_->ActivateAttestationKey(request, base::Bind(callback)); 693 Run(); 694 } 695 696 TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) { 697 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 698 // Set expectations on the outputs. 699 auto callback = [this](const ActivateAttestationKeyReply& reply) { 700 EXPECT_NE(STATUS_SUCCESS, reply.status()); 701 Quit(); 702 }; 703 ActivateAttestationKeyRequest request; 704 request.set_key_type(KEY_TYPE_RSA); 705 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 706 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 707 request.set_save_certificate(true); 708 service_->ActivateAttestationKey(request, base::Bind(callback)); 709 Run(); 710 } 711 712 TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) { 713 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, "encrypted1", 714 "encrypted2", _)) 715 .WillRepeatedly(Return(false)); 716 // Set expectations on the outputs. 717 auto callback = [this](const ActivateAttestationKeyReply& reply) { 718 EXPECT_NE(STATUS_SUCCESS, reply.status()); 719 Quit(); 720 }; 721 ActivateAttestationKeyRequest request; 722 request.set_key_type(KEY_TYPE_RSA); 723 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 724 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 725 request.set_save_certificate(true); 726 service_->ActivateAttestationKey(request, base::Bind(callback)); 727 Run(); 728 } 729 730 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) { 731 // Configure a fake TPM response. 732 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC, 733 KEY_USAGE_SIGN, 734 _, _, _, _, _, _, _)) 735 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")), 736 SetArgumentPointee<7>(std::string("certify_info")), 737 SetArgumentPointee<8>( 738 std::string("certify_info_signature")), 739 Return(true))); 740 // Expect the key to be written exactly once. 741 EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1); 742 // Set expectations on the outputs. 743 auto callback = [this](const CreateCertifiableKeyReply& reply) { 744 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 745 EXPECT_EQ("public_key", reply.public_key()); 746 EXPECT_EQ("certify_info", reply.certify_info()); 747 EXPECT_EQ("certify_info_signature", reply.certify_info_signature()); 748 Quit(); 749 }; 750 CreateCertifiableKeyRequest request; 751 request.set_key_label("label"); 752 request.set_key_type(KEY_TYPE_ECC); 753 request.set_key_usage(KEY_USAGE_SIGN); 754 request.set_username("user"); 755 service_->CreateCertifiableKey(request, base::Bind(callback)); 756 Run(); 757 } 758 759 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) { 760 // Configure a fake TPM response. 761 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(KEY_TYPE_ECC, 762 KEY_USAGE_SIGN, 763 _, _, _, _, _, _, _)) 764 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("public_key")), 765 SetArgumentPointee<7>(std::string("certify_info")), 766 SetArgumentPointee<8>( 767 std::string("certify_info_signature")), 768 Return(true))); 769 // Expect the key to be written exactly once. 770 EXPECT_CALL(mock_database_, SaveChanges()).Times(1); 771 // Set expectations on the outputs. 772 auto callback = [this](const CreateCertifiableKeyReply& reply) { 773 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 774 EXPECT_EQ("public_key", reply.public_key()); 775 EXPECT_EQ("certify_info", reply.certify_info()); 776 EXPECT_EQ("certify_info_signature", reply.certify_info_signature()); 777 Quit(); 778 }; 779 CreateCertifiableKeyRequest request; 780 request.set_key_label("label"); 781 request.set_key_type(KEY_TYPE_ECC); 782 request.set_key_usage(KEY_USAGE_SIGN); 783 service_->CreateCertifiableKey(request, base::Bind(callback)); 784 Run(); 785 } 786 787 TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) { 788 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) 789 .WillRepeatedly(Return(false)); 790 // Set expectations on the outputs. 791 auto callback = [this](const CreateCertifiableKeyReply& reply) { 792 EXPECT_NE(STATUS_SUCCESS, reply.status()); 793 EXPECT_FALSE(reply.has_public_key()); 794 EXPECT_FALSE(reply.has_certify_info()); 795 EXPECT_FALSE(reply.has_certify_info_signature()); 796 Quit(); 797 }; 798 CreateCertifiableKeyRequest request; 799 request.set_key_label("label"); 800 request.set_key_type(KEY_TYPE_ECC); 801 request.set_key_usage(KEY_USAGE_SIGN); 802 service_->CreateCertifiableKey(request, base::Bind(callback)); 803 Run(); 804 } 805 806 TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) { 807 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _)) 808 .WillRepeatedly(Return(false)); 809 // Set expectations on the outputs. 810 auto callback = [this](const CreateCertifiableKeyReply& reply) { 811 EXPECT_NE(STATUS_SUCCESS, reply.status()); 812 EXPECT_FALSE(reply.has_public_key()); 813 EXPECT_FALSE(reply.has_certify_info()); 814 EXPECT_FALSE(reply.has_certify_info_signature()); 815 Quit(); 816 }; 817 CreateCertifiableKeyRequest request; 818 request.set_key_label("label"); 819 request.set_key_type(KEY_TYPE_ECC); 820 request.set_key_usage(KEY_USAGE_SIGN); 821 service_->CreateCertifiableKey(request, base::Bind(callback)); 822 Run(); 823 } 824 825 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) { 826 EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false)); 827 // Set expectations on the outputs. 828 auto callback = [this](const CreateCertifiableKeyReply& reply) { 829 EXPECT_NE(STATUS_SUCCESS, reply.status()); 830 EXPECT_FALSE(reply.has_public_key()); 831 EXPECT_FALSE(reply.has_certify_info()); 832 EXPECT_FALSE(reply.has_certify_info_signature()); 833 Quit(); 834 }; 835 CreateCertifiableKeyRequest request; 836 request.set_key_label("label"); 837 request.set_key_type(KEY_TYPE_ECC); 838 request.set_key_usage(KEY_USAGE_SIGN); 839 request.set_username("username"); 840 service_->CreateCertifiableKey(request, base::Bind(callback)); 841 Run(); 842 } 843 844 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) { 845 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 846 // Set expectations on the outputs. 847 auto callback = [this](const CreateCertifiableKeyReply& reply) { 848 EXPECT_NE(STATUS_SUCCESS, reply.status()); 849 EXPECT_FALSE(reply.has_public_key()); 850 EXPECT_FALSE(reply.has_certify_info()); 851 EXPECT_FALSE(reply.has_certify_info_signature()); 852 Quit(); 853 }; 854 CreateCertifiableKeyRequest request; 855 request.set_key_label("label"); 856 request.set_key_type(KEY_TYPE_ECC); 857 request.set_key_usage(KEY_USAGE_SIGN); 858 service_->CreateCertifiableKey(request, base::Bind(callback)); 859 Run(); 860 } 861 862 TEST_F(AttestationServiceTest, DecryptSuccess) { 863 // Set expectations on the outputs. 864 auto callback = [this](const DecryptReply& reply) { 865 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 866 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"), 867 reply.decrypted_data()); 868 Quit(); 869 }; 870 DecryptRequest request; 871 request.set_key_label("label"); 872 request.set_username("user"); 873 request.set_encrypted_data("data"); 874 service_->Decrypt(request, base::Bind(callback)); 875 Run(); 876 } 877 878 TEST_F(AttestationServiceTest, DecryptSuccessNoUser) { 879 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label"); 880 // Set expectations on the outputs. 881 auto callback = [this](const DecryptReply& reply) { 882 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 883 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"), 884 reply.decrypted_data()); 885 Quit(); 886 }; 887 DecryptRequest request; 888 request.set_key_label("label"); 889 request.set_encrypted_data("data"); 890 service_->Decrypt(request, base::Bind(callback)); 891 Run(); 892 } 893 894 TEST_F(AttestationServiceTest, DecryptKeyNotFound) { 895 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 896 .WillRepeatedly(Return(false)); 897 // Set expectations on the outputs. 898 auto callback = [this](const DecryptReply& reply) { 899 EXPECT_NE(STATUS_SUCCESS, reply.status()); 900 EXPECT_FALSE(reply.has_decrypted_data()); 901 Quit(); 902 }; 903 DecryptRequest request; 904 request.set_key_label("label"); 905 request.set_username("user"); 906 request.set_encrypted_data("data"); 907 service_->Decrypt(request, base::Bind(callback)); 908 Run(); 909 } 910 911 TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) { 912 // Set expectations on the outputs. 913 auto callback = [this](const DecryptReply& reply) { 914 EXPECT_NE(STATUS_SUCCESS, reply.status()); 915 EXPECT_FALSE(reply.has_decrypted_data()); 916 Quit(); 917 }; 918 DecryptRequest request; 919 request.set_key_label("label"); 920 request.set_encrypted_data("data"); 921 service_->Decrypt(request, base::Bind(callback)); 922 Run(); 923 } 924 925 TEST_F(AttestationServiceTest, DecryptUnbindFailure) { 926 EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false)); 927 // Set expectations on the outputs. 928 auto callback = [this](const DecryptReply& reply) { 929 EXPECT_NE(STATUS_SUCCESS, reply.status()); 930 EXPECT_FALSE(reply.has_decrypted_data()); 931 Quit(); 932 }; 933 DecryptRequest request; 934 request.set_key_label("label"); 935 request.set_username("user"); 936 request.set_encrypted_data("data"); 937 service_->Decrypt(request, base::Bind(callback)); 938 Run(); 939 } 940 941 TEST_F(AttestationServiceTest, SignSuccess) { 942 // Set expectations on the outputs. 943 auto callback = [this](const SignReply& reply) { 944 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 945 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature()); 946 Quit(); 947 }; 948 SignRequest request; 949 request.set_key_label("label"); 950 request.set_username("user"); 951 request.set_data_to_sign("data"); 952 service_->Sign(request, base::Bind(callback)); 953 Run(); 954 } 955 956 TEST_F(AttestationServiceTest, SignSuccessNoUser) { 957 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label"); 958 // Set expectations on the outputs. 959 auto callback = [this](const SignReply& reply) { 960 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 961 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature()); 962 Quit(); 963 }; 964 SignRequest request; 965 request.set_key_label("label"); 966 request.set_data_to_sign("data"); 967 service_->Sign(request, base::Bind(callback)); 968 Run(); 969 } 970 971 TEST_F(AttestationServiceTest, SignKeyNotFound) { 972 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 973 .WillRepeatedly(Return(false)); 974 // Set expectations on the outputs. 975 auto callback = [this](const SignReply& reply) { 976 EXPECT_NE(STATUS_SUCCESS, reply.status()); 977 EXPECT_FALSE(reply.has_signature()); 978 Quit(); 979 }; 980 SignRequest request; 981 request.set_key_label("label"); 982 request.set_username("user"); 983 request.set_data_to_sign("data"); 984 service_->Sign(request, base::Bind(callback)); 985 Run(); 986 } 987 988 TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) { 989 // Set expectations on the outputs. 990 auto callback = [this](const SignReply& reply) { 991 EXPECT_NE(STATUS_SUCCESS, reply.status()); 992 EXPECT_FALSE(reply.has_signature()); 993 Quit(); 994 }; 995 SignRequest request; 996 request.set_key_label("label"); 997 request.set_data_to_sign("data"); 998 service_->Sign(request, base::Bind(callback)); 999 Run(); 1000 } 1001 1002 TEST_F(AttestationServiceTest, SignUnbindFailure) { 1003 EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false)); 1004 // Set expectations on the outputs. 1005 auto callback = [this](const SignReply& reply) { 1006 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1007 EXPECT_FALSE(reply.has_signature()); 1008 Quit(); 1009 }; 1010 SignRequest request; 1011 request.set_key_label("label"); 1012 request.set_username("user"); 1013 request.set_data_to_sign("data"); 1014 service_->Sign(request, base::Bind(callback)); 1015 Run(); 1016 } 1017 1018 TEST_F(AttestationServiceTest, RegisterSuccess) { 1019 // Setup a key in the user key store. 1020 CertifiedKey key; 1021 key.set_key_blob("key_blob"); 1022 key.set_public_key("public_key"); 1023 key.set_certified_key_credential("fake_cert"); 1024 key.set_intermediate_ca_cert("fake_ca_cert"); 1025 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 1026 key.set_key_name("label"); 1027 key.set_key_type(KEY_TYPE_RSA); 1028 key.set_key_usage(KEY_USAGE_SIGN); 1029 std::string key_bytes; 1030 key.SerializeToString(&key_bytes); 1031 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1032 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1033 // Cardinality is verified here to verify various steps are performed and to 1034 // catch performance regressions. 1035 EXPECT_CALL(mock_key_store_, Register("user", 1036 "label", 1037 KEY_TYPE_RSA, 1038 KEY_USAGE_SIGN, 1039 "key_blob", 1040 "public_key", 1041 "fake_cert")).Times(1); 1042 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert")) 1043 .Times(1); 1044 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2")) 1045 .Times(1); 1046 EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1); 1047 // Set expectations on the outputs. 1048 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1049 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 1050 Quit(); 1051 }; 1052 RegisterKeyWithChapsTokenRequest request; 1053 request.set_key_label("label"); 1054 request.set_username("user"); 1055 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1056 Run(); 1057 } 1058 1059 TEST_F(AttestationServiceTest, RegisterSuccessNoUser) { 1060 // Setup a key in the device_keys field. 1061 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys(); 1062 key.set_key_blob("key_blob"); 1063 key.set_public_key("public_key"); 1064 key.set_certified_key_credential("fake_cert"); 1065 key.set_intermediate_ca_cert("fake_ca_cert"); 1066 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 1067 key.set_key_name("label"); 1068 key.set_key_type(KEY_TYPE_RSA); 1069 key.set_key_usage(KEY_USAGE_SIGN); 1070 // Cardinality is verified here to verify various steps are performed and to 1071 // catch performance regressions. 1072 EXPECT_CALL(mock_key_store_, Register("", 1073 "label", 1074 KEY_TYPE_RSA, 1075 KEY_USAGE_SIGN, 1076 "key_blob", 1077 "public_key", 1078 "fake_cert")).Times(1); 1079 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert")) 1080 .Times(1); 1081 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2")) 1082 .Times(1); 1083 // Set expectations on the outputs. 1084 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1085 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 1086 EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size()); 1087 Quit(); 1088 }; 1089 RegisterKeyWithChapsTokenRequest request; 1090 request.set_key_label("label"); 1091 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1092 Run(); 1093 } 1094 1095 TEST_F(AttestationServiceTest, RegisterNoKey) { 1096 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1097 .WillRepeatedly(Return(false)); 1098 // Set expectations on the outputs. 1099 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1100 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1101 Quit(); 1102 }; 1103 RegisterKeyWithChapsTokenRequest request; 1104 request.set_key_label("label"); 1105 request.set_username("user"); 1106 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1107 Run(); 1108 } 1109 1110 TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) { 1111 // Set expectations on the outputs. 1112 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1113 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1114 Quit(); 1115 }; 1116 RegisterKeyWithChapsTokenRequest request; 1117 request.set_key_label("label"); 1118 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1119 Run(); 1120 } 1121 1122 TEST_F(AttestationServiceTest, RegisterFailure) { 1123 // Setup a key in the user key store. 1124 CertifiedKey key; 1125 key.set_key_name("label"); 1126 std::string key_bytes; 1127 key.SerializeToString(&key_bytes); 1128 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1129 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1130 EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _)) 1131 .WillRepeatedly(Return(false)); 1132 // Set expectations on the outputs. 1133 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1134 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1135 Quit(); 1136 }; 1137 RegisterKeyWithChapsTokenRequest request; 1138 request.set_key_label("label"); 1139 request.set_username("user"); 1140 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1141 Run(); 1142 } 1143 1144 TEST_F(AttestationServiceTest, RegisterIntermediateFailure) { 1145 // Setup a key in the user key store. 1146 CertifiedKey key; 1147 key.set_key_name("label"); 1148 key.set_intermediate_ca_cert("fake_ca_cert"); 1149 std::string key_bytes; 1150 key.SerializeToString(&key_bytes); 1151 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1152 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1153 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _)) 1154 .WillRepeatedly(Return(false)); 1155 // Set expectations on the outputs. 1156 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1157 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1158 Quit(); 1159 }; 1160 RegisterKeyWithChapsTokenRequest request; 1161 request.set_key_label("label"); 1162 request.set_username("user"); 1163 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1164 Run(); 1165 } 1166 1167 TEST_F(AttestationServiceTest, RegisterAdditionalFailure) { 1168 // Setup a key in the user key store. 1169 CertifiedKey key; 1170 key.set_key_name("label"); 1171 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 1172 std::string key_bytes; 1173 key.SerializeToString(&key_bytes); 1174 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1175 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1176 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _)) 1177 .WillRepeatedly(Return(false)); 1178 // Set expectations on the outputs. 1179 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1180 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1181 Quit(); 1182 }; 1183 RegisterKeyWithChapsTokenRequest request; 1184 request.set_key_label("label"); 1185 request.set_username("user"); 1186 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1187 Run(); 1188 } 1189 1190 } // namespace attestation 1191