예제 #1
0
    async def test_TC_DA_1_7(self):
        # Option to allow SDK roots (skip step 4 check 2)
        allow_sdk_dac = self.user_params.get("allow_sdk_dac", False)

        logging.info("Pre-condition: load all PAAs SKIDs")
        conf = self.matter_test_config
        paa_by_skid = load_all_paa(conf.paa_trust_store_path)
        logging.info("Found %d PAAs" % len(paa_by_skid))

        logging.info("Step 1: Commissioning, already done")
        dev_ctrl = self.default_controller

        logging.info("Step 2: Get PAI of DUT1 with certificate chain request")
        result = await dev_ctrl.SendCommand(
            self.dut_node_id, 0,
            Clusters.OperationalCredentials.Commands.CertificateChainRequest(2)
        )
        pai_1 = result.certificate
        asserts.assert_less_equal(len(pai_1), 600,
                                  "PAI cert must be at most 600 bytes")
        self.record_data({"pai_1": hex_from_bytes(pai_1)})

        logging.info("Step 3: Get DAC of DUT1 with certificate chain request")
        result = await dev_ctrl.SendCommand(
            self.dut_node_id, 0,
            Clusters.OperationalCredentials.Commands.CertificateChainRequest(1)
        )
        dac_1 = result.certificate
        asserts.assert_less_equal(len(dac_1), 600,
                                  "DAC cert must be at most 600 bytes")
        self.record_data({"dac_1": hex_from_bytes(dac_1)})

        logging.info(
            "Step 4 check 1: Ensure PAI's AKID matches a PAA and signature is valid"
        )
        pai1_cert = load_der_x509_certificate(pai_1)
        pai1_akid = extract_akid(pai1_cert)
        if pai1_akid not in paa_by_skid:
            asserts.fail("DUT1's PAI (%s) not matched in PAA trust store" %
                         hex_from_bytes(pai1_akid))

        filename, paa_cert = paa_by_skid[pai1_akid]
        logging.info("Matched PAA file %s, subject: %s" %
                     (filename, paa_cert.subject))
        public_key = paa_cert.public_key()

        try:
            public_key.verify(signature=pai1_cert.signature,
                              data=pai1_cert.tbs_certificate_bytes,
                              signature_algorithm=ec.ECDSA(hashes.SHA256()))
        except InvalidSignature as e:
            asserts.fail(
                "Failed to verify PAI signature against PAA public key: %s" %
                str(e))
        logging.info("Validated PAI signature against PAA")

        logging.info(
            "Step 4 check 2: Verify PAI AKID not in denylist of SDK PAIs")
        if allow_sdk_dac:
            logging.warn("===> TEST STEP SKIPPED: Allowing SDK DACs!")
        else:
            for candidate in FORBIDDEN_AKID:
                asserts.assert_not_equal(hex_from_bytes(pai1_akid),
                                         hex_from_bytes(candidate),
                                         "PAI AKID must not be in denylist")

        logging.info("Step 5: Extract subject public key of DAC and save")
        dac1_cert = load_der_x509_certificate(dac_1)
        pk_1 = dac1_cert.public_key().public_bytes(
            encoding=Encoding.X962, format=PublicFormat.UncompressedPoint)
        logging.info("Subject public key pk_1: %s" % hex_from_bytes(pk_1))
        self.record_data({"pk_1": hex_from_bytes(pk_1)})
예제 #2
0
 def test_assert_not_equal_fail_with_msg_and_extras(self):
     with self.assertRaises(signals.TestFailure) as cm:
         asserts.assert_not_equal(1, 1, msg='Message', extras='Extras')
     self.assertEqual(cm.exception.details, '1 == 1 Message')
     self.assertEqual(cm.exception.extras, 'Extras')
예제 #3
0
 def test_assert_not_equal_pass_with_msg_and_extras(self):
     asserts.assert_not_equal(1, 2, msg='Message', extras='Extras')
예제 #4
0
 def test_assert_not_equal_fail(self):
     with self.assertRaises(signals.TestFailure) as cm:
         asserts.assert_not_equal(1, 1)
     self.assertEqual(cm.exception.details, '1 == 1')
예제 #5
0
 def test_assert_not_equal_pass(self):
     asserts.assert_not_equal(1, 2)