• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright 2019, The Android Open Source Project, Inc.
2  *
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *   http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 package com.google.android.attestation;
17 
18 import static com.google.common.truth.Truth.assertThat;
19 import static java.nio.charset.StandardCharsets.UTF_8;
20 
21 import com.google.android.attestation.CertificateRevocationStatus.Reason;
22 import com.google.android.attestation.CertificateRevocationStatus.Status;
23 import java.io.ByteArrayInputStream;
24 import java.math.BigInteger;
25 import java.security.cert.CertificateFactory;
26 import java.security.cert.X509Certificate;
27 import java.util.HashMap;
28 import java.util.HashSet;
29 import org.junit.Test;
30 import org.junit.runner.RunWith;
31 import org.junit.runners.JUnit4;
32 
33 /**
34  * Test for {@link CertificateRevocationStatus}.
35  */
36 @RunWith(JUnit4.class)
37 public final class CertificateRevocationStatusTest {
38 
39   private static final String TEST_STATUS_LIST_PATH = "src/test/resources/status.json";
40 
41   // Certificate generated by TestDPC with RSA Algorithm and StrongBox Security Level
42   private static final String TEST_CERT =
43       "-----BEGIN CERTIFICATE-----\n"
44           + "MIIB8zCCAXqgAwIBAgIRAMxm6ak3E7bmQ7JsFYeXhvcwCgYIKoZIzj0EAwIwOTEM"
45           + "MAoGA1UEDAwDVEVFMSkwJwYDVQQFEyA0ZjdlYzg1N2U4MDU3NDdjMWIxZWRhYWVm"
46           + "ODk1NDk2ZDAeFw0xOTA4MTQxOTU0MTBaFw0yOTA4MTExOTU0MTBaMDkxDDAKBgNV"
47           + "BAwMA1RFRTEpMCcGA1UEBRMgMzJmYmJiNmRiOGM5MTdmMDdhYzlhYjZhZTQ4MTAz"
48           + "YWEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQzg+sx9lLrkNIZwLYZerzL1bPK"
49           + "2zi75zFEuuI0fIr35DJND1B4Z8RPZ3djzo3FOdAObqvoZ4CZVxcY3iQ1ffMMo2Mw"
50           + "YTAdBgNVHQ4EFgQUzZOUqhJOO7wttSe9hYemjceVsgIwHwYDVR0jBBgwFoAUWlnI"
51           + "9iPzasns60heYXIP+h+Hz8owDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC"
52           + "AgQwCgYIKoZIzj0EAwIDZwAwZAIwUFz/AKheCOPaBiRGDk7LaSEDXVYmTr0VoU8T"
53           + "bIqrKGWiiMwsGEmW+Jdo8EcKVPIwAjAoO7n1ruFh+6mEaTAukc6T5BW4MnmYadkk"
54           + "FSIjzDAaJ6lAq+nmmGQ1KlZpqi4Z/VI=\n"
55           + "-----END CERTIFICATE-----";
56 
57   @Test
loadTestSerial()58   public void loadTestSerial() throws Exception {
59     CertificateFactory factory = CertificateFactory.getInstance("X509");
60     X509Certificate cert =
61         (X509Certificate)
62             factory.generateCertificate(new ByteArrayInputStream(TEST_CERT.getBytes(UTF_8)));
63     BigInteger serialNumber = cert.getSerialNumber();
64     CertificateRevocationStatus statusEntry = CertificateRevocationStatus
65         .loadStatusFromFile(serialNumber, TEST_STATUS_LIST_PATH);
66     assertThat(statusEntry).isNotNull();
67     assertThat(statusEntry.status).isEqualTo(Status.SUSPENDED);
68     assertThat(statusEntry.reason).isEqualTo(Reason.KEY_COMPROMISE);
69   }
70 
71   @Test
loadBadSerial()72   public void loadBadSerial() throws Exception {
73     assertThat(CertificateRevocationStatus.loadStatusFromFile("badbeef", TEST_STATUS_LIST_PATH))
74         .isNull();
75     assertThat(CertificateRevocationStatus.loadStatusFromFile(BigInteger.valueOf(0xbadbeef), TEST_STATUS_LIST_PATH))
76         .isNull();
77   }
78 
79   @Test
loadAllTestEntries()80   public void loadAllTestEntries() throws Exception {
81     HashSet<String> allTestSerialNumbers = new HashSet<>();
82     allTestSerialNumbers.add("6681152659205225093");
83     allTestSerialNumbers.add("8350192447815228107");
84     allTestSerialNumbers.add("9408173275444922801");
85     allTestSerialNumbers.add("11244410301401252959");
86     allTestSerialNumbers.add("cc66e9a93713b6e643b26c15879786f7");
87 
88     HashMap<String, CertificateRevocationStatus> statusMap =
89             CertificateRevocationStatus.loadAllEntriesFromFile(TEST_STATUS_LIST_PATH);
90 
91     assertThat(statusMap.keySet()).isEqualTo(allTestSerialNumbers);
92     assertThat(statusMap.get("8350192447815228107").status)
93             .isEqualTo(CertificateRevocationStatus.Status.REVOKED);
94     assertThat(statusMap.get("8350192447815228107").reason)
95             .isEqualTo(CertificateRevocationStatus.Reason.KEY_COMPROMISE);
96     assertThat(statusMap.get("cc66e9a93713b6e643b26c15879786f7").status)
97             .isEqualTo(CertificateRevocationStatus.Status.SUSPENDED);
98     assertThat(statusMap.get("cc66e9a93713b6e643b26c15879786f7").reason)
99             .isEqualTo(CertificateRevocationStatus.Reason.KEY_COMPROMISE);
100     assertThat(statusMap.get("cc66e9a93713b6e643b26c15879786f7").comment)
101             .isEqualTo("Entry for testing only");
102   }
103 }
104