def test_19_A7_base_delta(self): """Test Delta Certificates A7 - Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component""" logging.info( "*****************test_19_A7 - beginning of delta certificate test *****************" ) logging.info( "Provisioning with Good Base Platform, 2 Good Delta Certs and 1 Bad Delta Cert with non present component" ) # Upload the VARDeltaCertA2 and provision AcaPortal.upload_pk_cert(VARDeltaCertA2_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_A7_base_delta SHOULD FAIL provisioning using: %s" % (VARDeltaCertA2_LOCATION)) print("test_19_A7_base_delta run output: {0}".format(provisioner_out)) # Provisioning should fail since the Delta contains a component thats not in the Base self.assertIn("Provisioning failed", format(provisioner_out)) # Upload the VARDeltaCertA2_resolved and provision AcaPortal.upload_pk_cert(VARDeltaCertA2_resolved_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_A7_base_delta SHOULD PASS provisioning using: %s" % (VARDeltaCertA2_resolved_LOCATION)) print("test_19_A7_base_delta run output: {0}".format(provisioner_out)) # verify device has been updated with supply chain appraisal result devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
def test_15_supply_chain_validation_summary_stored_after_second_provisioning(self): """Test that running the hirs provisioner, a second time, results in storing a supply chain validation record in the database""" logging.info("*****************beginning of provisioner + supply chain validation summary test *****************") if is_tpm2(TPM_VERSION): logging.info("Using TPM 2.0") logging.info("Uploading CA cert: " + CA_CERT_LOCATION) AcaPortal.upload_ca_cert(CA_CERT_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) else: # Supply chain validation only supported on CentOS 7 if CLIENT_OS == "centos7": AcaPortal.upload_ca_cert(EK_CA_CERT_LOCATION) AcaPortal.enable_ec_validation() provisioner_out = run_hirs_provisioner(CLIENT) print("Second provisioner run output: {0}".format(provisioner_out)) supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries() # verify this is one SCVS record indicating PASS self.assertEqual(supply_chain_validation_summaries['recordsTotal'], 2) self.assertEqual(supply_chain_validation_summaries['data'][0]['overallValidationResult'], "PASS") self.assertEqual(supply_chain_validation_summaries['data'][1]['overallValidationResult'], "PASS") # verify device has been updated with supply chain appraisal result devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
def test_13_tpm2_initial_provision(self): """Test that running the tpm2 hirs provisioner works""" logging.info( "*****************beginning of initial provisioner run *****************" ) # Run the provisioner to ensure that it provisions successfully provisioner_out = run_hirs_provisioner_tpm2(CLIENT)
def test_19_B3_base_delta(self): """Test Delta Certificates B3 - Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved""" logging.info( "*****************test_19_B3 - beginning of delta certificate test *****************" ) logging.info( "Provisioning with Bad Platform Cert Base and 2 Good delta with all component resolved" ) # Verify device supply chain appraisal result is FAIL devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL") # Upload the VARDeltaCertB1 and provision AcaPortal.upload_pk_cert(VARDeltaCertB1_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_B3_base_delta run output: {0}".format(provisioner_out)) # Verify device has been updated with supply chain appraisal of PASS devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
def test_19_B2_base_delta(self): """Test Delta Certificates B2 - Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved""" logging.info( "*****************test_19_B2 - beginning of delta certificate test *****************" ) logging.info( "Provisioning with Bad Platform Cert Base and 1 Good delta with 1 bad component unresolved" ) logging.info("Uploading Delta Platform Cert: " + SIDeltaCertB1_LOCATION) # Verify device supply chain appraisal result is FAIL devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "FAIL") # Upload the SIDeltaCertB1 and provision AcaPortal.upload_pk_cert(SIDeltaCertB1_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_B2_base_delta SHOULD FAIL provisioning using: %s" % (SIDeltaCertB1_LOCATION)) print("test_19_B2_base_delta run output: {0}".format(provisioner_out)) # Provisioning should fail since the delta contains FAULTY component. self.assertIn("Provisioning failed", format(provisioner_out))
def test_19_A3_base_delta(self): """Test Delta Certificates A3 - Provisioning with Good Base Platform Cert Base and 1 Delta Cert""" logging.info( "*****************test_19_A3 - beginning of delta certificate test *****************" ) logging.info( "Provisioning with Good Base Platform Cert Base and 1 Delta Cert") # Verify device supply chain appraisal result is PASS devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS") # Upload the SIDelta cert and provision AcaPortal.upload_pk_cert(SIDeltaCertA1_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_A3_base_delta run output: {0}".format(provisioner_out)) supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries( ) # verify this is one SCVS record indicating PASS self.assertEqual(supply_chain_validation_summaries['recordsTotal'], 2) self.assertEqual( supply_chain_validation_summaries['data'][0] ['overallValidationResult'], "PASS") self.assertEqual( supply_chain_validation_summaries['data'][1] ['overallValidationResult'], "PASS") # verify device has been updated with supply chain appraisal result devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
def test_19_B1_base_delta(self): """Test Base/Delta Certificates B1 - Provisioning with Bad Platform Cert Base """ logging.info("*****************test_19_B1 - beginning of delta certificate test *****************") logging.info("Provisioning with Bad Platform Cert Base") logging.info("Check if ACA is online...") AcaPortal.check_is_online() if is_tpm2(TPM_VERSION): logging.info("Using TPM 2.0") logging.info("Uploading CA cert: " + CA_CERT_LOCATION) AcaPortal.upload_ca_cert(CA_CERT_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("Bad Base Certificate provisioner run output: {0}".format(provisioner_out)) # Provisioning should fail since the PC contains FAULTY components. self.assertIn("Provisioning failed", format(provisioner_out))
def test_19_A8_base_delta(self): """Test Delta Certificates A8 - Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate""" logging.info( "*****************test_19_A8 - beginning of delta certificate test *****************" ) logging.info( "Provisioning with Good Base Platform, 2 Good Delta Certs with 1 Delta cert replacing component from previous, using the Delta as a base certificate" ) # Upload the SIDeltaCertA3 and provision AcaPortal.upload_pk_cert(SIDeltaCertA3_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_A8_base_delta run output: {0}".format(provisioner_out)) supply_chain_validation_summaries = AcaPortal.get_supply_chain_validation_summaries( ) # Verify device has been updated with supply chain appraisal result devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
def test_19_A1_base_delta(self): """Test Delta Certificates A1 - Provisioning with Good Base Platform Cert Base (via Platform Cert on TPM)""" logging.info( "*****************test_19_A1 - beginning of delta certificate test *****************" ) logging.info( "Provisioning with Good Base Platform Cert (via Platform Cert on TPM Emulator)" ) logging.info("Check if ACA is online...") AcaPortal.check_is_online() logging.info("Uploading CA cert: " + CA_CERT_LOCATION) AcaPortal.upload_ca_cert(CA_CERT_LOCATION) AcaPortal.enable_supply_chain_validations() provisioner_out = run_hirs_provisioner_tpm2(CLIENT) print("test_19_A1_base_delta run output: {0}".format(provisioner_out)) # Verify device supply chain appraisal result is PASS devices = AcaPortal.get_devices() self.assertEqual(devices['data'][0]['device']['supplyChainStatus'], "PASS")
def test_13_tpm2_initial_provision(self): """Test that running the tpm2 hirs provisioner works""" logging.info("*****************beginning of initial provisioner run *****************") # Run the provisioner to ensure that it provisions successfully provisioner_out = run_hirs_provisioner_tpm2(CLIENT)