1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include <string> 18 19 #include <base/bind.h> 20 #include <base/callback.h> 21 #include <base/message_loop/message_loop.h> 22 #include <base/run_loop.h> 23 #include <brillo/bind_lambda.h> 24 #include <brillo/data_encoding.h> 25 #include <brillo/http/http_transport_fake.h> 26 #include <brillo/mime_utils.h> 27 #include <gmock/gmock.h> 28 #include <gtest/gtest.h> 29 30 #include "attestation/common/attestation_ca.pb.h" 31 #include "attestation/common/mock_crypto_utility.h" 32 #include "attestation/common/mock_tpm_utility.h" 33 #include "attestation/server/attestation_service.h" 34 #include "attestation/server/mock_database.h" 35 #include "attestation/server/mock_key_store.h" 36 37 using brillo::http::fake::ServerRequest; 38 using brillo::http::fake::ServerResponse; 39 using testing::_; 40 using testing::DoAll; 41 using testing::NiceMock; 42 using testing::Return; 43 using testing::ReturnRef; 44 using testing::SetArgumentPointee; 45 46 namespace attestation { 47 48 class AttestationServiceTest : public testing::Test { 49 public: 50 enum FakeCAState { 51 kSuccess, // Valid successful response. 52 kCommandFailure, // Valid error response. 53 kHttpFailure, // Responds with an HTTP error. 54 kBadMessageID, // Valid successful response but a message ID mismatch. 55 }; 56 57 ~AttestationServiceTest() override = default; 58 void SetUp() override { 59 service_.reset(new AttestationService); 60 service_->set_database(&mock_database_); 61 service_->set_crypto_utility(&mock_crypto_utility_); 62 fake_http_transport_ = std::make_shared<brillo::http::fake::Transport>(); 63 service_->set_http_transport(fake_http_transport_); 64 service_->set_key_store(&mock_key_store_); 65 service_->set_tpm_utility(&mock_tpm_utility_); 66 // Setup a fake wrapped EK certificate by default. 67 mock_database_.GetMutableProtobuf() 68 ->mutable_credentials() 69 ->mutable_default_encrypted_endorsement_credential() 70 ->set_wrapping_key_id("default"); 71 // Setup a fake Attestation CA for success by default. 72 SetupFakeCAEnroll(kSuccess); 73 SetupFakeCASign(kSuccess); 74 CHECK(service_->Initialize()); 75 } 76 77 protected: 78 void SetupFakeCAEnroll(FakeCAState state) { 79 fake_http_transport_->AddHandler( 80 service_->attestation_ca_origin() + "/enroll", 81 brillo::http::request_type::kPost, 82 base::Bind(&AttestationServiceTest::FakeCAEnroll, 83 base::Unretained(this), state)); 84 } 85 86 void SetupFakeCASign(FakeCAState state) { 87 fake_http_transport_->AddHandler( 88 service_->attestation_ca_origin() + "/sign", 89 brillo::http::request_type::kPost, 90 base::Bind(&AttestationServiceTest::FakeCASign, base::Unretained(this), 91 state)); 92 } 93 94 std::string GetFakeCertificateChain() { 95 const std::string kBeginCertificate = "-----BEGIN CERTIFICATE-----\n"; 96 const std::string kEndCertificate = "-----END CERTIFICATE-----"; 97 std::string pem = kBeginCertificate; 98 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_cert"); 99 pem += kEndCertificate + "\n" + kBeginCertificate; 100 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert"); 101 pem += kEndCertificate + "\n" + kBeginCertificate; 102 pem += brillo::data_encoding::Base64EncodeWrapLines("fake_ca_cert2"); 103 pem += kEndCertificate; 104 return pem; 105 } 106 107 CreateGoogleAttestedKeyRequest GetCreateRequest() { 108 CreateGoogleAttestedKeyRequest request; 109 request.set_key_label("label"); 110 request.set_key_type(KEY_TYPE_ECC); 111 request.set_key_usage(KEY_USAGE_SIGN); 112 request.set_certificate_profile(ENTERPRISE_MACHINE_CERTIFICATE); 113 request.set_username("user"); 114 request.set_origin("origin"); 115 return request; 116 } 117 118 void Run() { run_loop_.Run(); } 119 120 void RunUntilIdle() { run_loop_.RunUntilIdle(); } 121 122 void Quit() { run_loop_.Quit(); } 123 124 std::shared_ptr<brillo::http::fake::Transport> fake_http_transport_; 125 NiceMock<MockCryptoUtility> mock_crypto_utility_; 126 NiceMock<MockDatabase> mock_database_; 127 NiceMock<MockKeyStore> mock_key_store_; 128 NiceMock<MockTpmUtility> mock_tpm_utility_; 129 std::unique_ptr<AttestationService> service_; 130 131 private: 132 void FakeCAEnroll(FakeCAState state, 133 const ServerRequest& request, 134 ServerResponse* response) { 135 AttestationEnrollmentRequest request_pb; 136 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString())); 137 if (state == kHttpFailure) { 138 response->ReplyText(brillo::http::status_code::NotFound, std::string(), 139 brillo::mime::application::kOctet_stream); 140 return; 141 } 142 AttestationEnrollmentResponse response_pb; 143 if (state == kCommandFailure) { 144 response_pb.set_status(SERVER_ERROR); 145 response_pb.set_detail("fake_enroll_error"); 146 } else if (state == kSuccess) { 147 response_pb.set_status(OK); 148 response_pb.set_detail(""); 149 response_pb.mutable_encrypted_identity_credential()->set_asym_ca_contents( 150 "1234"); 151 response_pb.mutable_encrypted_identity_credential() 152 ->set_sym_ca_attestation("5678"); 153 } else { 154 NOTREACHED(); 155 } 156 std::string tmp; 157 response_pb.SerializeToString(&tmp); 158 response->ReplyText(brillo::http::status_code::Ok, tmp, 159 brillo::mime::application::kOctet_stream); 160 } 161 162 void FakeCASign(FakeCAState state, 163 const ServerRequest& request, 164 ServerResponse* response) { 165 AttestationCertificateRequest request_pb; 166 EXPECT_TRUE(request_pb.ParseFromString(request.GetDataAsString())); 167 if (state == kHttpFailure) { 168 response->ReplyText(brillo::http::status_code::NotFound, std::string(), 169 brillo::mime::application::kOctet_stream); 170 return; 171 } 172 AttestationCertificateResponse response_pb; 173 if (state == kCommandFailure) { 174 response_pb.set_status(SERVER_ERROR); 175 response_pb.set_detail("fake_sign_error"); 176 } else if (state == kSuccess || state == kBadMessageID) { 177 response_pb.set_status(OK); 178 response_pb.set_detail(""); 179 if (state == kSuccess) { 180 response_pb.set_message_id(request_pb.message_id()); 181 } 182 response_pb.set_certified_key_credential("fake_cert"); 183 response_pb.set_intermediate_ca_cert("fake_ca_cert"); 184 *response_pb.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 185 } 186 std::string tmp; 187 response_pb.SerializeToString(&tmp); 188 response->ReplyText(brillo::http::status_code::Ok, tmp, 189 brillo::mime::application::kOctet_stream); 190 } 191 192 base::MessageLoop message_loop_; 193 base::RunLoop run_loop_; 194 }; 195 196 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccess) { 197 // Set expectations on the outputs. 198 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 199 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 200 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain()); 201 EXPECT_FALSE(reply.has_server_error()); 202 Quit(); 203 }; 204 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 205 Run(); 206 } 207 208 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeySuccessNoUser) { 209 // Set expectations on the outputs. 210 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 211 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 212 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate_chain()); 213 EXPECT_FALSE(reply.has_server_error()); 214 Quit(); 215 }; 216 CreateGoogleAttestedKeyRequest request = GetCreateRequest(); 217 request.clear_username(); 218 service_->CreateGoogleAttestedKey(request, base::Bind(callback)); 219 Run(); 220 } 221 222 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithEnrollHttpError) { 223 SetupFakeCAEnroll(kHttpFailure); 224 // Set expectations on the outputs. 225 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 226 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status()); 227 EXPECT_FALSE(reply.has_certificate_chain()); 228 EXPECT_EQ("", reply.server_error()); 229 Quit(); 230 }; 231 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 232 Run(); 233 } 234 235 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithSignHttpError) { 236 SetupFakeCASign(kHttpFailure); 237 // Set expectations on the outputs. 238 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 239 EXPECT_EQ(STATUS_CA_NOT_AVAILABLE, reply.status()); 240 EXPECT_FALSE(reply.has_certificate_chain()); 241 EXPECT_EQ("", reply.server_error()); 242 Quit(); 243 }; 244 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 245 Run(); 246 } 247 248 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCAEnrollFailure) { 249 SetupFakeCAEnroll(kCommandFailure); 250 // Set expectations on the outputs. 251 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 252 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status()); 253 EXPECT_FALSE(reply.has_certificate_chain()); 254 EXPECT_EQ("fake_enroll_error", reply.server_error()); 255 Quit(); 256 }; 257 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 258 Run(); 259 } 260 261 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithCASignFailure) { 262 SetupFakeCASign(kCommandFailure); 263 // Set expectations on the outputs. 264 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 265 EXPECT_EQ(STATUS_REQUEST_DENIED_BY_CA, reply.status()); 266 EXPECT_FALSE(reply.has_certificate_chain()); 267 EXPECT_EQ("fake_sign_error", reply.server_error()); 268 Quit(); 269 }; 270 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 271 Run(); 272 } 273 274 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithBadCAMessageID) { 275 SetupFakeCASign(kBadMessageID); 276 // Set expectations on the outputs. 277 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 278 EXPECT_NE(STATUS_SUCCESS, reply.status()); 279 EXPECT_FALSE(reply.has_certificate_chain()); 280 EXPECT_EQ("", reply.server_error()); 281 Quit(); 282 }; 283 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 284 Run(); 285 } 286 287 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithNoEKCertificate) { 288 // Remove the default credential setup. 289 mock_database_.GetMutableProtobuf()->clear_credentials(); 290 // Set expectations on the outputs. 291 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 292 EXPECT_NE(STATUS_SUCCESS, reply.status()); 293 EXPECT_FALSE(reply.has_certificate_chain()); 294 EXPECT_EQ("", reply.server_error()); 295 Quit(); 296 }; 297 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 298 Run(); 299 } 300 301 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure) { 302 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) 303 .WillRepeatedly(Return(false)); 304 // Set expectations on the outputs. 305 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 306 EXPECT_NE(STATUS_SUCCESS, reply.status()); 307 EXPECT_FALSE(reply.has_certificate_chain()); 308 EXPECT_EQ("", reply.server_error()); 309 Quit(); 310 }; 311 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 312 Run(); 313 } 314 315 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithRNGFailure2) { 316 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) 317 .WillOnce(Return(true)) 318 .WillRepeatedly(Return(false)); 319 // Set expectations on the outputs. 320 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 321 EXPECT_NE(STATUS_SUCCESS, reply.status()); 322 EXPECT_FALSE(reply.has_certificate_chain()); 323 EXPECT_EQ("", reply.server_error()); 324 Quit(); 325 }; 326 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 327 Run(); 328 } 329 330 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailure) { 331 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 332 // Set expectations on the outputs. 333 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 334 EXPECT_NE(STATUS_SUCCESS, reply.status()); 335 EXPECT_FALSE(reply.has_certificate_chain()); 336 EXPECT_EQ("", reply.server_error()); 337 Quit(); 338 }; 339 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 340 Run(); 341 } 342 343 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithDBFailureNoUser) { 344 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 345 // Set expectations on the outputs. 346 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 347 EXPECT_NE(STATUS_SUCCESS, reply.status()); 348 EXPECT_FALSE(reply.has_certificate_chain()); 349 EXPECT_EQ("", reply.server_error()); 350 Quit(); 351 }; 352 CreateGoogleAttestedKeyRequest request = GetCreateRequest(); 353 request.clear_username(); 354 service_->CreateGoogleAttestedKey(request, base::Bind(callback)); 355 Run(); 356 } 357 358 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithKeyWriteFailure) { 359 EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false)); 360 // Set expectations on the outputs. 361 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 362 EXPECT_NE(STATUS_SUCCESS, reply.status()); 363 EXPECT_FALSE(reply.has_certificate_chain()); 364 EXPECT_EQ("", reply.server_error()); 365 Quit(); 366 }; 367 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 368 Run(); 369 } 370 371 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmNotReady) { 372 EXPECT_CALL(mock_tpm_utility_, IsTpmReady()).WillRepeatedly(Return(false)); 373 // Set expectations on the outputs. 374 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 375 EXPECT_NE(STATUS_SUCCESS, reply.status()); 376 EXPECT_FALSE(reply.has_certificate_chain()); 377 EXPECT_EQ("", reply.server_error()); 378 Quit(); 379 }; 380 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 381 Run(); 382 } 383 384 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmActivateFailure) { 385 EXPECT_CALL(mock_tpm_utility_, ActivateIdentity(_, _, _, _, _, _)) 386 .WillRepeatedly(Return(false)); 387 // Set expectations on the outputs. 388 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 389 EXPECT_NE(STATUS_SUCCESS, reply.status()); 390 EXPECT_FALSE(reply.has_certificate_chain()); 391 EXPECT_EQ("", reply.server_error()); 392 Quit(); 393 }; 394 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 395 Run(); 396 } 397 398 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyWithTpmCreateFailure) { 399 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _)) 400 .WillRepeatedly(Return(false)); 401 // Set expectations on the outputs. 402 auto callback = [this](const CreateGoogleAttestedKeyReply& reply) { 403 EXPECT_NE(STATUS_SUCCESS, reply.status()); 404 EXPECT_FALSE(reply.has_certificate_chain()); 405 EXPECT_EQ("", reply.server_error()); 406 Quit(); 407 }; 408 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 409 Run(); 410 } 411 412 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel) { 413 // Set expectations on the outputs. 414 int callback_count = 0; 415 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) { 416 callback_count++; 417 }; 418 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 419 // Bring down the service, which should cancel any callbacks. 420 service_.reset(); 421 EXPECT_EQ(0, callback_count); 422 } 423 424 TEST_F(AttestationServiceTest, CreateGoogleAttestedKeyAndCancel2) { 425 // Set expectations on the outputs. 426 int callback_count = 0; 427 auto callback = [&callback_count](const CreateGoogleAttestedKeyReply& reply) { 428 callback_count++; 429 }; 430 service_->CreateGoogleAttestedKey(GetCreateRequest(), base::Bind(callback)); 431 // Give threads a chance to run. 432 base::PlatformThread::Sleep(base::TimeDelta::FromMilliseconds(10)); 433 // Bring down the service, which should cancel any callbacks. 434 service_.reset(); 435 // Pump the loop to make sure no callbacks were posted. 436 RunUntilIdle(); 437 EXPECT_EQ(0, callback_count); 438 } 439 440 TEST_F(AttestationServiceTest, GetKeyInfoSuccess) { 441 // Setup a certified key in the key store. 442 CertifiedKey key; 443 key.set_public_key("public_key"); 444 key.set_certified_key_credential("fake_cert"); 445 key.set_intermediate_ca_cert("fake_ca_cert"); 446 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 447 key.set_key_name("label"); 448 key.set_certified_key_info("certify_info"); 449 key.set_certified_key_proof("signature"); 450 key.set_key_type(KEY_TYPE_RSA); 451 key.set_key_usage(KEY_USAGE_SIGN); 452 std::string key_bytes; 453 key.SerializeToString(&key_bytes); 454 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 455 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 456 457 // Set expectations on the outputs. 458 auto callback = [this](const GetKeyInfoReply& reply) { 459 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 460 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type()); 461 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage()); 462 EXPECT_EQ("public_key", reply.public_key()); 463 EXPECT_EQ("certify_info", reply.certify_info()); 464 EXPECT_EQ("signature", reply.certify_info_signature()); 465 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate()); 466 Quit(); 467 }; 468 GetKeyInfoRequest request; 469 request.set_key_label("label"); 470 request.set_username("user"); 471 service_->GetKeyInfo(request, base::Bind(callback)); 472 Run(); 473 } 474 475 TEST_F(AttestationServiceTest, GetKeyInfoSuccessNoUser) { 476 // Setup a certified key in the device key store. 477 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys(); 478 key.set_public_key("public_key"); 479 key.set_certified_key_credential("fake_cert"); 480 key.set_intermediate_ca_cert("fake_ca_cert"); 481 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 482 key.set_key_name("label"); 483 key.set_certified_key_info("certify_info"); 484 key.set_certified_key_proof("signature"); 485 key.set_key_type(KEY_TYPE_RSA); 486 key.set_key_usage(KEY_USAGE_SIGN); 487 488 // Set expectations on the outputs. 489 auto callback = [this](const GetKeyInfoReply& reply) { 490 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 491 EXPECT_EQ(KEY_TYPE_RSA, reply.key_type()); 492 EXPECT_EQ(KEY_USAGE_SIGN, reply.key_usage()); 493 EXPECT_EQ("public_key", reply.public_key()); 494 EXPECT_EQ("certify_info", reply.certify_info()); 495 EXPECT_EQ("signature", reply.certify_info_signature()); 496 EXPECT_EQ(GetFakeCertificateChain(), reply.certificate()); 497 Quit(); 498 }; 499 GetKeyInfoRequest request; 500 request.set_key_label("label"); 501 service_->GetKeyInfo(request, base::Bind(callback)); 502 Run(); 503 } 504 505 TEST_F(AttestationServiceTest, GetKeyInfoNoKey) { 506 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 507 .WillRepeatedly(Return(false)); 508 509 // Set expectations on the outputs. 510 auto callback = [this](const GetKeyInfoReply& reply) { 511 EXPECT_EQ(STATUS_INVALID_PARAMETER, reply.status()); 512 Quit(); 513 }; 514 GetKeyInfoRequest request; 515 request.set_key_label("label"); 516 request.set_username("user"); 517 service_->GetKeyInfo(request, base::Bind(callback)); 518 Run(); 519 } 520 521 TEST_F(AttestationServiceTest, GetKeyInfoBadPublicKey) { 522 EXPECT_CALL(mock_crypto_utility_, GetRSASubjectPublicKeyInfo(_, _)) 523 .WillRepeatedly(Return(false)); 524 525 // Set expectations on the outputs. 526 auto callback = [this](const GetKeyInfoReply& reply) { 527 EXPECT_NE(STATUS_SUCCESS, reply.status()); 528 Quit(); 529 }; 530 GetKeyInfoRequest request; 531 request.set_key_label("label"); 532 request.set_username("user"); 533 service_->GetKeyInfo(request, base::Bind(callback)); 534 Run(); 535 } 536 537 TEST_F(AttestationServiceTest, GetEndorsementInfoSuccess) { 538 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 539 database->mutable_credentials()->set_endorsement_public_key("public_key"); 540 database->mutable_credentials()->set_endorsement_credential("certificate"); 541 // Set expectations on the outputs. 542 auto callback = [this](const GetEndorsementInfoReply& reply) { 543 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 544 EXPECT_EQ("public_key", reply.ek_public_key()); 545 EXPECT_EQ("certificate", reply.ek_certificate()); 546 Quit(); 547 }; 548 GetEndorsementInfoRequest request; 549 request.set_key_type(KEY_TYPE_RSA); 550 service_->GetEndorsementInfo(request, base::Bind(callback)); 551 Run(); 552 } 553 554 TEST_F(AttestationServiceTest, GetEndorsementInfoNoInfo) { 555 // Set expectations on the outputs. 556 auto callback = [this](const GetEndorsementInfoReply& reply) { 557 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status()); 558 EXPECT_FALSE(reply.has_ek_public_key()); 559 EXPECT_FALSE(reply.has_ek_certificate()); 560 Quit(); 561 }; 562 GetEndorsementInfoRequest request; 563 request.set_key_type(KEY_TYPE_RSA); 564 service_->GetEndorsementInfo(request, base::Bind(callback)); 565 Run(); 566 } 567 568 TEST_F(AttestationServiceTest, GetEndorsementInfoNoCert) { 569 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 570 database->mutable_credentials()->set_endorsement_public_key("public_key"); 571 // Set expectations on the outputs. 572 auto callback = [this](const GetEndorsementInfoReply& reply) { 573 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 574 EXPECT_EQ("public_key", reply.ek_public_key()); 575 EXPECT_FALSE(reply.has_ek_certificate()); 576 Quit(); 577 }; 578 GetEndorsementInfoRequest request; 579 request.set_key_type(KEY_TYPE_RSA); 580 service_->GetEndorsementInfo(request, base::Bind(callback)); 581 Run(); 582 } 583 584 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSuccess) { 585 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 586 database->mutable_identity_key()->set_identity_public_key("public_key"); 587 database->mutable_identity_key()->set_identity_credential("certificate"); 588 database->mutable_pcr0_quote()->set_quote("pcr0"); 589 database->mutable_pcr1_quote()->set_quote("pcr1"); 590 database->mutable_identity_binding()->set_identity_public_key("public_key2"); 591 // Set expectations on the outputs. 592 auto callback = [this](const GetAttestationKeyInfoReply& reply) { 593 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 594 EXPECT_EQ("public_key", reply.public_key()); 595 EXPECT_EQ("public_key2", reply.public_key_tpm_format()); 596 EXPECT_EQ("certificate", reply.certificate()); 597 EXPECT_EQ("pcr0", reply.pcr0_quote().quote()); 598 EXPECT_EQ("pcr1", reply.pcr1_quote().quote()); 599 Quit(); 600 }; 601 GetAttestationKeyInfoRequest request; 602 request.set_key_type(KEY_TYPE_RSA); 603 service_->GetAttestationKeyInfo(request, base::Bind(callback)); 604 Run(); 605 } 606 607 TEST_F(AttestationServiceTest, GetAttestationKeyInfoNoInfo) { 608 // Set expectations on the outputs. 609 auto callback = [this](const GetAttestationKeyInfoReply& reply) { 610 EXPECT_EQ(STATUS_NOT_AVAILABLE, reply.status()); 611 EXPECT_FALSE(reply.has_public_key()); 612 EXPECT_FALSE(reply.has_public_key_tpm_format()); 613 EXPECT_FALSE(reply.has_certificate()); 614 EXPECT_FALSE(reply.has_pcr0_quote()); 615 EXPECT_FALSE(reply.has_pcr1_quote()); 616 Quit(); 617 }; 618 GetAttestationKeyInfoRequest request; 619 request.set_key_type(KEY_TYPE_RSA); 620 service_->GetAttestationKeyInfo(request, base::Bind(callback)); 621 Run(); 622 } 623 624 TEST_F(AttestationServiceTest, GetAttestationKeyInfoSomeInfo) { 625 AttestationDatabase* database = mock_database_.GetMutableProtobuf(); 626 database->mutable_identity_key()->set_identity_credential("certificate"); 627 database->mutable_pcr1_quote()->set_quote("pcr1"); 628 // Set expectations on the outputs. 629 auto callback = [this](const GetAttestationKeyInfoReply& reply) { 630 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 631 EXPECT_FALSE(reply.has_public_key()); 632 EXPECT_FALSE(reply.has_public_key_tpm_format()); 633 EXPECT_EQ("certificate", reply.certificate()); 634 EXPECT_FALSE(reply.has_pcr0_quote()); 635 EXPECT_EQ("pcr1", reply.pcr1_quote().quote()); 636 Quit(); 637 }; 638 GetAttestationKeyInfoRequest request; 639 request.set_key_type(KEY_TYPE_RSA); 640 service_->GetAttestationKeyInfo(request, base::Bind(callback)); 641 Run(); 642 } 643 644 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccess) { 645 EXPECT_CALL(mock_database_, SaveChanges()).Times(1); 646 EXPECT_CALL(mock_tpm_utility_, 647 ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _)) 648 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")), 649 Return(true))); 650 // Set expectations on the outputs. 651 auto callback = [this](const ActivateAttestationKeyReply& reply) { 652 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 653 EXPECT_EQ("certificate", reply.certificate()); 654 Quit(); 655 }; 656 ActivateAttestationKeyRequest request; 657 request.set_key_type(KEY_TYPE_RSA); 658 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 659 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 660 request.set_save_certificate(true); 661 service_->ActivateAttestationKey(request, base::Bind(callback)); 662 Run(); 663 } 664 665 TEST_F(AttestationServiceTest, ActivateAttestationKeySuccessNoSave) { 666 EXPECT_CALL(mock_database_, GetMutableProtobuf()).Times(0); 667 EXPECT_CALL(mock_database_, SaveChanges()).Times(0); 668 EXPECT_CALL(mock_tpm_utility_, 669 ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _)) 670 .WillOnce(DoAll(SetArgumentPointee<5>(std::string("certificate")), 671 Return(true))); 672 // Set expectations on the outputs. 673 auto callback = [this](const ActivateAttestationKeyReply& reply) { 674 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 675 EXPECT_EQ("certificate", reply.certificate()); 676 Quit(); 677 }; 678 ActivateAttestationKeyRequest request; 679 request.set_key_type(KEY_TYPE_RSA); 680 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 681 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 682 request.set_save_certificate(false); 683 service_->ActivateAttestationKey(request, base::Bind(callback)); 684 Run(); 685 } 686 687 TEST_F(AttestationServiceTest, ActivateAttestationKeySaveFailure) { 688 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 689 // Set expectations on the outputs. 690 auto callback = [this](const ActivateAttestationKeyReply& reply) { 691 EXPECT_NE(STATUS_SUCCESS, reply.status()); 692 Quit(); 693 }; 694 ActivateAttestationKeyRequest request; 695 request.set_key_type(KEY_TYPE_RSA); 696 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 697 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 698 request.set_save_certificate(true); 699 service_->ActivateAttestationKey(request, base::Bind(callback)); 700 Run(); 701 } 702 703 TEST_F(AttestationServiceTest, ActivateAttestationKeyActivateFailure) { 704 EXPECT_CALL(mock_tpm_utility_, 705 ActivateIdentity(_, _, _, "encrypted1", "encrypted2", _)) 706 .WillRepeatedly(Return(false)); 707 // Set expectations on the outputs. 708 auto callback = [this](const ActivateAttestationKeyReply& reply) { 709 EXPECT_NE(STATUS_SUCCESS, reply.status()); 710 Quit(); 711 }; 712 ActivateAttestationKeyRequest request; 713 request.set_key_type(KEY_TYPE_RSA); 714 request.mutable_encrypted_certificate()->set_asym_ca_contents("encrypted1"); 715 request.mutable_encrypted_certificate()->set_sym_ca_attestation("encrypted2"); 716 request.set_save_certificate(true); 717 service_->ActivateAttestationKey(request, base::Bind(callback)); 718 Run(); 719 } 720 721 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccess) { 722 // Configure a fake TPM response. 723 EXPECT_CALL( 724 mock_tpm_utility_, 725 CreateCertifiedKey(KEY_TYPE_ECC, KEY_USAGE_SIGN, _, _, _, _, _, _, _)) 726 .WillOnce( 727 DoAll(SetArgumentPointee<5>(std::string("public_key")), 728 SetArgumentPointee<7>(std::string("certify_info")), 729 SetArgumentPointee<8>(std::string("certify_info_signature")), 730 Return(true))); 731 // Expect the key to be written exactly once. 732 EXPECT_CALL(mock_key_store_, Write("user", "label", _)).Times(1); 733 // Set expectations on the outputs. 734 auto callback = [this](const CreateCertifiableKeyReply& reply) { 735 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 736 EXPECT_EQ("public_key", reply.public_key()); 737 EXPECT_EQ("certify_info", reply.certify_info()); 738 EXPECT_EQ("certify_info_signature", reply.certify_info_signature()); 739 Quit(); 740 }; 741 CreateCertifiableKeyRequest request; 742 request.set_key_label("label"); 743 request.set_key_type(KEY_TYPE_ECC); 744 request.set_key_usage(KEY_USAGE_SIGN); 745 request.set_username("user"); 746 service_->CreateCertifiableKey(request, base::Bind(callback)); 747 Run(); 748 } 749 750 TEST_F(AttestationServiceTest, CreateCertifiableKeySuccessNoUser) { 751 // Configure a fake TPM response. 752 EXPECT_CALL( 753 mock_tpm_utility_, 754 CreateCertifiedKey(KEY_TYPE_ECC, KEY_USAGE_SIGN, _, _, _, _, _, _, _)) 755 .WillOnce( 756 DoAll(SetArgumentPointee<5>(std::string("public_key")), 757 SetArgumentPointee<7>(std::string("certify_info")), 758 SetArgumentPointee<8>(std::string("certify_info_signature")), 759 Return(true))); 760 // Expect the key to be written exactly once. 761 EXPECT_CALL(mock_database_, SaveChanges()).Times(1); 762 // Set expectations on the outputs. 763 auto callback = [this](const CreateCertifiableKeyReply& reply) { 764 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 765 EXPECT_EQ("public_key", reply.public_key()); 766 EXPECT_EQ("certify_info", reply.certify_info()); 767 EXPECT_EQ("certify_info_signature", reply.certify_info_signature()); 768 Quit(); 769 }; 770 CreateCertifiableKeyRequest request; 771 request.set_key_label("label"); 772 request.set_key_type(KEY_TYPE_ECC); 773 request.set_key_usage(KEY_USAGE_SIGN); 774 service_->CreateCertifiableKey(request, base::Bind(callback)); 775 Run(); 776 } 777 778 TEST_F(AttestationServiceTest, CreateCertifiableKeyRNGFailure) { 779 EXPECT_CALL(mock_crypto_utility_, GetRandom(_, _)) 780 .WillRepeatedly(Return(false)); 781 // Set expectations on the outputs. 782 auto callback = [this](const CreateCertifiableKeyReply& reply) { 783 EXPECT_NE(STATUS_SUCCESS, reply.status()); 784 EXPECT_FALSE(reply.has_public_key()); 785 EXPECT_FALSE(reply.has_certify_info()); 786 EXPECT_FALSE(reply.has_certify_info_signature()); 787 Quit(); 788 }; 789 CreateCertifiableKeyRequest request; 790 request.set_key_label("label"); 791 request.set_key_type(KEY_TYPE_ECC); 792 request.set_key_usage(KEY_USAGE_SIGN); 793 service_->CreateCertifiableKey(request, base::Bind(callback)); 794 Run(); 795 } 796 797 TEST_F(AttestationServiceTest, CreateCertifiableKeyTpmCreateFailure) { 798 EXPECT_CALL(mock_tpm_utility_, CreateCertifiedKey(_, _, _, _, _, _, _, _, _)) 799 .WillRepeatedly(Return(false)); 800 // Set expectations on the outputs. 801 auto callback = [this](const CreateCertifiableKeyReply& reply) { 802 EXPECT_NE(STATUS_SUCCESS, reply.status()); 803 EXPECT_FALSE(reply.has_public_key()); 804 EXPECT_FALSE(reply.has_certify_info()); 805 EXPECT_FALSE(reply.has_certify_info_signature()); 806 Quit(); 807 }; 808 CreateCertifiableKeyRequest request; 809 request.set_key_label("label"); 810 request.set_key_type(KEY_TYPE_ECC); 811 request.set_key_usage(KEY_USAGE_SIGN); 812 service_->CreateCertifiableKey(request, base::Bind(callback)); 813 Run(); 814 } 815 816 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailure) { 817 EXPECT_CALL(mock_key_store_, Write(_, _, _)).WillRepeatedly(Return(false)); 818 // Set expectations on the outputs. 819 auto callback = [this](const CreateCertifiableKeyReply& reply) { 820 EXPECT_NE(STATUS_SUCCESS, reply.status()); 821 EXPECT_FALSE(reply.has_public_key()); 822 EXPECT_FALSE(reply.has_certify_info()); 823 EXPECT_FALSE(reply.has_certify_info_signature()); 824 Quit(); 825 }; 826 CreateCertifiableKeyRequest request; 827 request.set_key_label("label"); 828 request.set_key_type(KEY_TYPE_ECC); 829 request.set_key_usage(KEY_USAGE_SIGN); 830 request.set_username("username"); 831 service_->CreateCertifiableKey(request, base::Bind(callback)); 832 Run(); 833 } 834 835 TEST_F(AttestationServiceTest, CreateCertifiableKeyDBFailureNoUser) { 836 EXPECT_CALL(mock_database_, SaveChanges()).WillRepeatedly(Return(false)); 837 // Set expectations on the outputs. 838 auto callback = [this](const CreateCertifiableKeyReply& reply) { 839 EXPECT_NE(STATUS_SUCCESS, reply.status()); 840 EXPECT_FALSE(reply.has_public_key()); 841 EXPECT_FALSE(reply.has_certify_info()); 842 EXPECT_FALSE(reply.has_certify_info_signature()); 843 Quit(); 844 }; 845 CreateCertifiableKeyRequest request; 846 request.set_key_label("label"); 847 request.set_key_type(KEY_TYPE_ECC); 848 request.set_key_usage(KEY_USAGE_SIGN); 849 service_->CreateCertifiableKey(request, base::Bind(callback)); 850 Run(); 851 } 852 853 TEST_F(AttestationServiceTest, DecryptSuccess) { 854 // Set expectations on the outputs. 855 auto callback = [this](const DecryptReply& reply) { 856 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 857 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"), 858 reply.decrypted_data()); 859 Quit(); 860 }; 861 DecryptRequest request; 862 request.set_key_label("label"); 863 request.set_username("user"); 864 request.set_encrypted_data("data"); 865 service_->Decrypt(request, base::Bind(callback)); 866 Run(); 867 } 868 869 TEST_F(AttestationServiceTest, DecryptSuccessNoUser) { 870 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label"); 871 // Set expectations on the outputs. 872 auto callback = [this](const DecryptReply& reply) { 873 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 874 EXPECT_EQ(MockTpmUtility::Transform("Unbind", "data"), 875 reply.decrypted_data()); 876 Quit(); 877 }; 878 DecryptRequest request; 879 request.set_key_label("label"); 880 request.set_encrypted_data("data"); 881 service_->Decrypt(request, base::Bind(callback)); 882 Run(); 883 } 884 885 TEST_F(AttestationServiceTest, DecryptKeyNotFound) { 886 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 887 .WillRepeatedly(Return(false)); 888 // Set expectations on the outputs. 889 auto callback = [this](const DecryptReply& reply) { 890 EXPECT_NE(STATUS_SUCCESS, reply.status()); 891 EXPECT_FALSE(reply.has_decrypted_data()); 892 Quit(); 893 }; 894 DecryptRequest request; 895 request.set_key_label("label"); 896 request.set_username("user"); 897 request.set_encrypted_data("data"); 898 service_->Decrypt(request, base::Bind(callback)); 899 Run(); 900 } 901 902 TEST_F(AttestationServiceTest, DecryptKeyNotFoundNoUser) { 903 // Set expectations on the outputs. 904 auto callback = [this](const DecryptReply& reply) { 905 EXPECT_NE(STATUS_SUCCESS, reply.status()); 906 EXPECT_FALSE(reply.has_decrypted_data()); 907 Quit(); 908 }; 909 DecryptRequest request; 910 request.set_key_label("label"); 911 request.set_encrypted_data("data"); 912 service_->Decrypt(request, base::Bind(callback)); 913 Run(); 914 } 915 916 TEST_F(AttestationServiceTest, DecryptUnbindFailure) { 917 EXPECT_CALL(mock_tpm_utility_, Unbind(_, _, _)).WillRepeatedly(Return(false)); 918 // Set expectations on the outputs. 919 auto callback = [this](const DecryptReply& reply) { 920 EXPECT_NE(STATUS_SUCCESS, reply.status()); 921 EXPECT_FALSE(reply.has_decrypted_data()); 922 Quit(); 923 }; 924 DecryptRequest request; 925 request.set_key_label("label"); 926 request.set_username("user"); 927 request.set_encrypted_data("data"); 928 service_->Decrypt(request, base::Bind(callback)); 929 Run(); 930 } 931 932 TEST_F(AttestationServiceTest, SignSuccess) { 933 // Set expectations on the outputs. 934 auto callback = [this](const SignReply& reply) { 935 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 936 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature()); 937 Quit(); 938 }; 939 SignRequest request; 940 request.set_key_label("label"); 941 request.set_username("user"); 942 request.set_data_to_sign("data"); 943 service_->Sign(request, base::Bind(callback)); 944 Run(); 945 } 946 947 TEST_F(AttestationServiceTest, SignSuccessNoUser) { 948 mock_database_.GetMutableProtobuf()->add_device_keys()->set_key_name("label"); 949 // Set expectations on the outputs. 950 auto callback = [this](const SignReply& reply) { 951 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 952 EXPECT_EQ(MockTpmUtility::Transform("Sign", "data"), reply.signature()); 953 Quit(); 954 }; 955 SignRequest request; 956 request.set_key_label("label"); 957 request.set_data_to_sign("data"); 958 service_->Sign(request, base::Bind(callback)); 959 Run(); 960 } 961 962 TEST_F(AttestationServiceTest, SignKeyNotFound) { 963 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 964 .WillRepeatedly(Return(false)); 965 // Set expectations on the outputs. 966 auto callback = [this](const SignReply& reply) { 967 EXPECT_NE(STATUS_SUCCESS, reply.status()); 968 EXPECT_FALSE(reply.has_signature()); 969 Quit(); 970 }; 971 SignRequest request; 972 request.set_key_label("label"); 973 request.set_username("user"); 974 request.set_data_to_sign("data"); 975 service_->Sign(request, base::Bind(callback)); 976 Run(); 977 } 978 979 TEST_F(AttestationServiceTest, SignKeyNotFoundNoUser) { 980 // Set expectations on the outputs. 981 auto callback = [this](const SignReply& reply) { 982 EXPECT_NE(STATUS_SUCCESS, reply.status()); 983 EXPECT_FALSE(reply.has_signature()); 984 Quit(); 985 }; 986 SignRequest request; 987 request.set_key_label("label"); 988 request.set_data_to_sign("data"); 989 service_->Sign(request, base::Bind(callback)); 990 Run(); 991 } 992 993 TEST_F(AttestationServiceTest, SignUnbindFailure) { 994 EXPECT_CALL(mock_tpm_utility_, Sign(_, _, _)).WillRepeatedly(Return(false)); 995 // Set expectations on the outputs. 996 auto callback = [this](const SignReply& reply) { 997 EXPECT_NE(STATUS_SUCCESS, reply.status()); 998 EXPECT_FALSE(reply.has_signature()); 999 Quit(); 1000 }; 1001 SignRequest request; 1002 request.set_key_label("label"); 1003 request.set_username("user"); 1004 request.set_data_to_sign("data"); 1005 service_->Sign(request, base::Bind(callback)); 1006 Run(); 1007 } 1008 1009 TEST_F(AttestationServiceTest, RegisterSuccess) { 1010 // Setup a key in the user key store. 1011 CertifiedKey key; 1012 key.set_key_blob("key_blob"); 1013 key.set_public_key("public_key"); 1014 key.set_certified_key_credential("fake_cert"); 1015 key.set_intermediate_ca_cert("fake_ca_cert"); 1016 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 1017 key.set_key_name("label"); 1018 key.set_key_type(KEY_TYPE_RSA); 1019 key.set_key_usage(KEY_USAGE_SIGN); 1020 std::string key_bytes; 1021 key.SerializeToString(&key_bytes); 1022 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1023 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1024 // Cardinality is verified here to verify various steps are performed and to 1025 // catch performance regressions. 1026 EXPECT_CALL(mock_key_store_, 1027 Register("user", "label", KEY_TYPE_RSA, KEY_USAGE_SIGN, 1028 "key_blob", "public_key", "fake_cert")) 1029 .Times(1); 1030 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert")) 1031 .Times(1); 1032 EXPECT_CALL(mock_key_store_, RegisterCertificate("user", "fake_ca_cert2")) 1033 .Times(1); 1034 EXPECT_CALL(mock_key_store_, Delete("user", "label")).Times(1); 1035 // Set expectations on the outputs. 1036 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1037 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 1038 Quit(); 1039 }; 1040 RegisterKeyWithChapsTokenRequest request; 1041 request.set_key_label("label"); 1042 request.set_username("user"); 1043 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1044 Run(); 1045 } 1046 1047 TEST_F(AttestationServiceTest, RegisterSuccessNoUser) { 1048 // Setup a key in the device_keys field. 1049 CertifiedKey& key = *mock_database_.GetMutableProtobuf()->add_device_keys(); 1050 key.set_key_blob("key_blob"); 1051 key.set_public_key("public_key"); 1052 key.set_certified_key_credential("fake_cert"); 1053 key.set_intermediate_ca_cert("fake_ca_cert"); 1054 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 1055 key.set_key_name("label"); 1056 key.set_key_type(KEY_TYPE_RSA); 1057 key.set_key_usage(KEY_USAGE_SIGN); 1058 // Cardinality is verified here to verify various steps are performed and to 1059 // catch performance regressions. 1060 EXPECT_CALL(mock_key_store_, 1061 Register("", "label", KEY_TYPE_RSA, KEY_USAGE_SIGN, "key_blob", 1062 "public_key", "fake_cert")) 1063 .Times(1); 1064 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert")) 1065 .Times(1); 1066 EXPECT_CALL(mock_key_store_, RegisterCertificate("", "fake_ca_cert2")) 1067 .Times(1); 1068 // Set expectations on the outputs. 1069 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1070 EXPECT_EQ(STATUS_SUCCESS, reply.status()); 1071 EXPECT_EQ(0, mock_database_.GetMutableProtobuf()->device_keys_size()); 1072 Quit(); 1073 }; 1074 RegisterKeyWithChapsTokenRequest request; 1075 request.set_key_label("label"); 1076 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1077 Run(); 1078 } 1079 1080 TEST_F(AttestationServiceTest, RegisterNoKey) { 1081 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1082 .WillRepeatedly(Return(false)); 1083 // Set expectations on the outputs. 1084 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1085 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1086 Quit(); 1087 }; 1088 RegisterKeyWithChapsTokenRequest request; 1089 request.set_key_label("label"); 1090 request.set_username("user"); 1091 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1092 Run(); 1093 } 1094 1095 TEST_F(AttestationServiceTest, RegisterNoKeyNoUser) { 1096 // Set expectations on the outputs. 1097 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1098 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1099 Quit(); 1100 }; 1101 RegisterKeyWithChapsTokenRequest request; 1102 request.set_key_label("label"); 1103 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1104 Run(); 1105 } 1106 1107 TEST_F(AttestationServiceTest, RegisterFailure) { 1108 // Setup a key in the user key store. 1109 CertifiedKey key; 1110 key.set_key_name("label"); 1111 std::string key_bytes; 1112 key.SerializeToString(&key_bytes); 1113 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1114 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1115 EXPECT_CALL(mock_key_store_, Register(_, _, _, _, _, _, _)) 1116 .WillRepeatedly(Return(false)); 1117 // Set expectations on the outputs. 1118 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1119 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1120 Quit(); 1121 }; 1122 RegisterKeyWithChapsTokenRequest request; 1123 request.set_key_label("label"); 1124 request.set_username("user"); 1125 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1126 Run(); 1127 } 1128 1129 TEST_F(AttestationServiceTest, RegisterIntermediateFailure) { 1130 // Setup a key in the user key store. 1131 CertifiedKey key; 1132 key.set_key_name("label"); 1133 key.set_intermediate_ca_cert("fake_ca_cert"); 1134 std::string key_bytes; 1135 key.SerializeToString(&key_bytes); 1136 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1137 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1138 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _)) 1139 .WillRepeatedly(Return(false)); 1140 // Set expectations on the outputs. 1141 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1142 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1143 Quit(); 1144 }; 1145 RegisterKeyWithChapsTokenRequest request; 1146 request.set_key_label("label"); 1147 request.set_username("user"); 1148 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1149 Run(); 1150 } 1151 1152 TEST_F(AttestationServiceTest, RegisterAdditionalFailure) { 1153 // Setup a key in the user key store. 1154 CertifiedKey key; 1155 key.set_key_name("label"); 1156 *key.add_additional_intermediate_ca_cert() = "fake_ca_cert2"; 1157 std::string key_bytes; 1158 key.SerializeToString(&key_bytes); 1159 EXPECT_CALL(mock_key_store_, Read("user", "label", _)) 1160 .WillOnce(DoAll(SetArgumentPointee<2>(key_bytes), Return(true))); 1161 EXPECT_CALL(mock_key_store_, RegisterCertificate(_, _)) 1162 .WillRepeatedly(Return(false)); 1163 // Set expectations on the outputs. 1164 auto callback = [this](const RegisterKeyWithChapsTokenReply& reply) { 1165 EXPECT_NE(STATUS_SUCCESS, reply.status()); 1166 Quit(); 1167 }; 1168 RegisterKeyWithChapsTokenRequest request; 1169 request.set_key_label("label"); 1170 request.set_username("user"); 1171 service_->RegisterKeyWithChapsToken(request, base::Bind(callback)); 1172 Run(); 1173 } 1174 1175 } // namespace attestation 1176