-
Notifications
You must be signed in to change notification settings - Fork 2
/
attestation_object_test.go
131 lines (124 loc) · 4.9 KB
/
attestation_object_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
package webauthn
import (
"encoding/base64"
"encoding/json"
"os"
"sort"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestUnmarshalAttestationObject(t *testing.T) {
readAttestationObject := func(name string) []byte {
raw, err := os.ReadFile("testdata/attestation" + name + "Response.json")
require.NoError(t, err)
var obj struct {
Response struct {
AttestationObject string `json:"attestationObject"`
} `json:"response"`
}
err = json.Unmarshal(raw, &obj)
require.NoError(t, err)
raw, err = base64.RawURLEncoding.DecodeString(obj.Response.AttestationObject)
require.NoError(t, err)
return raw
}
mapKeys := func(m map[string]interface{}) []string {
var ks []string
for k := range m {
ks = append(ks, k)
}
sort.Strings(ks)
return ks
}
t.Run("android key", func(t *testing.T) {
raw := readAttestationObject("AndroidKey")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatAndroidKey, attestationObject.Format)
assert.Equal(t, []string{"alg", "sig", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("apple", func(t *testing.T) {
raw := readAttestationObject("Apple")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatApple, attestationObject.Format)
assert.Equal(t, []string{"alg", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("at key", func(t *testing.T) {
raw := readAttestationObject("ATKey")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatPacked, attestationObject.Format)
assert.Equal(t, []string{"alg", "sig", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("none", func(t *testing.T) {
raw := readAttestationObject("None")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatNone, attestationObject.Format)
assert.Equal(t, []string(nil), mapKeys(attestationObject.Statement))
})
t.Run("packed", func(t *testing.T) {
raw := readAttestationObject("Packed")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatPacked, attestationObject.Format)
assert.Equal(t, []string{"alg", "sig", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("packed 512", func(t *testing.T) {
raw := readAttestationObject("Packed512")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatPacked, attestationObject.Format)
assert.Equal(t, []string{"alg", "sig"}, mapKeys(attestationObject.Statement))
})
t.Run("tpm sha1", func(t *testing.T) {
raw := readAttestationObject("TPMSHA1")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatTPM, attestationObject.Format)
assert.Equal(t, []string{"alg", "certInfo", "pubArea", "sig", "ver", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("tpm sha256", func(t *testing.T) {
raw := readAttestationObject("TPMSHA256")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatTPM, attestationObject.Format)
assert.Equal(t, []string{"alg", "certInfo", "pubArea", "sig", "ver", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("trust key t110", func(t *testing.T) {
raw := readAttestationObject("TrustKeyT110")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatPacked, attestationObject.Format)
assert.Equal(t, []string{"alg", "sig", "x5c"}, mapKeys(attestationObject.Statement))
})
t.Run("u2f", func(t *testing.T) {
raw := readAttestationObject("U2F")
attestationObject, remaining, err := UnmarshalAttestationObject(raw)
assert.NoError(t, err)
assert.Empty(t, remaining)
assert.NotEmpty(t, attestationObject.AuthData)
assert.Equal(t, AttestationFormatFIDOU2F, attestationObject.Format)
assert.Equal(t, []string{"sig", "x5c"}, mapKeys(attestationObject.Statement))
})
}