1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
from u2flib_server.model import Transport
from u2flib_server.attestation.metadata import MetadataProvider
from u2flib_server.attestation.resolvers import create_resolver
from u2flib_server.attestation.data import YUBICO
from u2flib_server.attestation.model import (
VendorInfo, Selector,
DeviceInfo, MetadataObject
)
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from base64 import b64decode
import json
import unittest
ATTESTATION_CERT = b64decode(b"""
MIICGzCCAQWgAwIBAgIEdaP2dTALBgkqhkiG9w0BAQswLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBS
b290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAwWhgPMjA1MDA5MDQwMDAwMDBa
MCoxKDAmBgNVBAMMH1l1YmljbyBVMkYgRUUgU2VyaWFsIDE5NzM2Nzk3MzMwWTATBgcqhkjOPQIB
BggqhkjOPQMBBwNCAAQZo35Damtpl81YdmcbhEuXKAr7xDcQzAy5n3ftAAhtBbu8EeGU4ynfSgLo
nckqX6J2uXLBppTNE3v2bt+Yf8MLoxIwEDAOBgorBgEEAYLECgECBAAwCwYJKoZIhvcNAQELA4IB
AQC9LbiNPgs0sQYOHAJcg+lMk+HCsiWRlYVnbT4I/5lnqU907vY17XYAORd432bU3Nnhsbkvjz76
kQJGXeNAF4DPANGGlz8JU+LNEVE2PWPGgEM0GXgB7mZN5Sinfy1AoOdO+3c3bfdJQuXlUxHbo+nD
pxxKpzq9gr++RbokF1+0JBkMbaA/qLYL4WdhY5NvaOyMvYpO3sBxlzn6FcP67hlotGH1wU7qhCeh
+uur7zDeAWVh7c4QtJOXHkLJQfV3Z7ZMvhkIA6jZJAX99hisABU/SSa5DtgX7AfsHwa04h69AAAW
DUzSk3HgOXbUd1FaSOPdlVFkG2N2JllFHykyO3zO
""")
ATTESTATION_CERT_WITH_TRANSPORT = b64decode(b"""
MIICIjCCAQygAwIBAgIEIHHwozALBgkqhkiG9w0BAQswDzENMAsGA1UEAxMEdGVz
dDAeFw0xNTA4MTEwOTAwMzNaFw0xNjA4MTAwOTAwMzNaMCkxJzAlBgNVBAMTHll1
YmljbyBVMkYgRUUgU2VyaWFsIDU0NDMzODA4MzBZMBMGByqGSM49AgEGCCqGSM49
AwEHA0IABPdFG1pBjBBQVhLrD39Qg1vKjuR2kRdBZnwLI/zgzztQpf4ffpkrkB/3
E0TXj5zg8gN9sgMkX48geBe+tBEpvMmjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYu
MS40LjEuNDE0ODIuMS4yMBMGCysGAQQBguUcAgEBBAQDAgQwMAsGCSqGSIb3DQEB
CwOCAQEAb3YpnmHHduNuWEXlLqlnww9034ZeZaojhPAYSLR8d5NPk9gc0hkjQKmI
aaBM7DsaHbcHMKpXoMGTQSC++NCZTcKvZ0Lt12mp5HRnM1NNBPol8Hte5fLmvW4t
Q9EzLl4gkz7LSlORxTuwTbae1eQqNdxdeB+0ilMFCEUc+3NGCNM0RWd+sP5+gzMX
BDQAI1Sc9XaPIg8t3du5JChAl1ifpu/uERZ2WQgtxeBDO6z1Xoa5qz4svf5oURjP
ZjxS0WUKht48Z2rIjk5lZzERSaY3RrX3UtrnZEIzCmInXOrcRPeAD4ZutpiwuHe6
2ABsjuMRnKbATbOUiLdknNyPYYQz2g==
""")
ATTESTATION_CERT_WITH_KEY_VALUE_IDENTIFIER = b64decode(b"""
MIICQzCCAS2gAwIBAgIEF/DtRjALBgkqhkiG9w0BAQswLjEsMCoGA1UEAxMjWXVi
aWNvIFUyRiBSb290IENBIFNlcmlhbCA0NTcyMDA2MzEwIBcNMTQwODAxMDAwMDAw
WhgPMjA1MDA5MDQwMDAwMDBaMCkxJzAlBgNVBAMMHll1YmljbyBVMkYgRUUgU2Vy
aWFsIDQwMTY2NTM1MDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABEPqOukfQCYH
iqB+oNxSP1l5r3cVBcv/0wK3iW55eORN9qygi0DMtp5ypZWbNVX2V9d+hX/6UC4V
K9gQdAuvUaWjOzA5MCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS4y
MBMGCysGAQQBguUcAgEBBAQDAgQwMAsGCSqGSIb3DQEBCwOCAQEAL8JwapHJJDrk
N+UvUyTQx0rgKncEMESW3heCgQxBt2TR3W9QHEuRi9RX8whiIggGFaTL2kGUoRMY
r0QttOD5Su8o+MywhXbNHhe1Ohh/YeiTcWZy1xnFwQApOud5M5BwZ+y7yyKbOFPv
udCtsNIAULuRzPgdXr/113NDAw+FlsJbGNUnS/8PzhUPo6Oblgg/7Lq5kviKnLuV
ZWZ7Vsz3SKUnhc5xho+3aRsweu+n0LEDos4IBAdIpFprq/Eqoo5azXDBQJb6tHjQ
M1jUQwru/G+mndWp8KwBCnGp6kA64eAWxD3pfT/xrOhbfeB2D8ZHyxTxXmjCXcAE
jHl3VfEmFQ==
""")
YUBICO_RESOLVER = create_resolver(YUBICO)
EMPTY_RESOLVER = create_resolver([])
class AttestationTest(unittest.TestCase):
def test_resolver(self):
metadata = YUBICO_RESOLVER.resolve(ATTESTATION_CERT)
self.assertEqual(metadata.identifier,
'2fb54029-7613-4f1d-94f1-fb876c14a6fe')
def test_provider(self):
provider = MetadataProvider(YUBICO_RESOLVER)
attestation = provider.get_attestation(ATTESTATION_CERT)
self.assertTrue(attestation.trusted)
def test_device_info_from_empty_oid(self):
provider = MetadataProvider(YUBICO_RESOLVER)
attestation = provider.get_attestation(ATTESTATION_CERT)
self.assertEqual(attestation.device_info['deviceId'],
'1.3.6.1.4.1.41482.1.2')
def test_device_info_from_key_value_oid(self):
provider = MetadataProvider(YUBICO_RESOLVER)
attestation = provider.get_attestation(
ATTESTATION_CERT_WITH_KEY_VALUE_IDENTIFIER)
self.assertEqual(attestation.device_info['deviceId'],
'1.3.6.1.4.1.41482.1.2')
def test_versioning_newer(self):
resolver = create_resolver(YUBICO)
newer = json.loads(json.dumps(YUBICO))
newer['version'] = newer['version'] + 1
newer['trustedCertificates'] = []
resolver.add_metadata(newer)
metadata = resolver.resolve(ATTESTATION_CERT)
self.assertIsNone(metadata)
def test_versioning_older(self):
resolver = create_resolver(YUBICO)
newer = json.loads(json.dumps(YUBICO))
newer['trustedCertificates'] = []
resolver.add_metadata(newer)
metadata = resolver.resolve(ATTESTATION_CERT)
self.assertEqual(metadata.identifier,
'2fb54029-7613-4f1d-94f1-fb876c14a6fe')
def test_transports_from_cert(self):
provider = MetadataProvider(EMPTY_RESOLVER)
attestation = provider.get_attestation(ATTESTATION_CERT_WITH_TRANSPORT)
self.assertSetEqual(set(attestation.transports),
set([Transport.USB, Transport.NFC]))
def test_transports_from_metadata(self):
provider = MetadataProvider(YUBICO_RESOLVER)
cert = x509.load_der_x509_certificate(ATTESTATION_CERT,
default_backend())
attestation = provider.get_attestation(cert)
self.assertEqual(attestation.transports, [Transport.USB])
class DeviceInfoTest(unittest.TestCase):
def test_selectors_empty(self):
self.assertTrue(DeviceInfo().selectors is None)
def test_selectors(self):
devinfo = DeviceInfo(selectors=[{}, {'a': 1}, {'a': 1, 'b': 2}])
self.assertEqual([{}, {'a': 1}, {'a': 1, 'b': 2}], devinfo.selectors)
self.assertTrue(isinstance(devinfo.selectors[0], Selector))
self.assertTrue(isinstance(devinfo.selectors[1], Selector))
self.assertTrue(isinstance(devinfo.selectors[2], Selector))
class MetadataObjectTest(unittest.TestCase):
def test_vendorinfo(self):
metadata = MetadataObject(vendorInfo={})
self.assertEqual({}, metadata.vendorInfo)
self.assertTrue(isinstance(metadata.vendorInfo, VendorInfo))
def test_devices(self):
metadata = MetadataObject(devices=[{}, {'a': 1}, {'a': 1, 'b': 2}])
self.assertEqual([{}, {'a': 1}, {'a': 1, 'b': 2}], metadata.devices)
self.assertTrue(isinstance(metadata.devices[0], DeviceInfo))
self.assertTrue(isinstance(metadata.devices[1], DeviceInfo))
self.assertTrue(isinstance(metadata.devices[2], DeviceInfo))
|
