File: statement_spec.rb

package info (click to toggle)
ruby-android-key-attestation 0.3.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye
  • size: 216 kB
  • sloc: ruby: 352; makefile: 7; sh: 4
file content (118 lines) | stat: -rw-r--r-- 3,367 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
 
# frozen_string_literal: true

RSpec.describe AndroidKeyAttestation::Statement do
  subject { described_class.new(test_certificate) }

  context "#attestation_certificate" do
    it "returns true the first certificate in the chain" do
      expect(subject.attestation_certificate.to_pem).to eq(test_certificate.to_pem)
    end
  end

  context "#verify_challenge" do
    it "returns true if the challenge matches" do
      expect(subject.verify_challenge("abc")).to be true
    end

    it "raises an error if the challenge does not match" do
      expect { subject.verify_challenge("foo") }.to raise_error(AndroidKeyAttestation::ChallengeMismatchError)
    end

    it "raises an error if the challenge is of different length" do
      expect { subject.verify_challenge("foobar") }.to raise_error(AndroidKeyAttestation::ChallengeMismatchError)
    end
  end

  context "#verify_certificate_chain" do
    subject { described_class.new(intermediate_certificate) }

    let(:spec_path) { File.join(".", "spec") }
    let(:root_certificate) do
      OpenSSL::X509::Certificate.new(File.read(File.join(spec_path, "google_software_attestation_root.pem")))
    end
    let(:intermediate_certificate) do
      OpenSSL::X509::Certificate.new(File.read(File.join(spec_path, "google_software_attestation_intermediate.pem")))
    end
    let(:time) { Time.utc(2019, 12, 31) }

    it "returns true if the chain is valid" do
      expect(subject.verify_certificate_chain(root_certificates: [root_certificate], time: time)).to be true
    end

    it "raises error if the chain is not valid" do
      expect { subject.verify_certificate_chain(time: time) }.to(
        raise_error(AndroidKeyAttestation::CertificateVerificationError)
      )
    end
  end

  context "#key_description" do
    it "raises an error is the extension data is missing" do
      expect { described_class.new(OpenSSL::X509::Certificate.new).key_description }.to(
        raise_error(AndroidKeyAttestation::ExtensionMissingError)
      )
    end
  end

  context "#attestation_version" do
    specify do
      expect(subject.attestation_version).to eq(3)
    end
  end

  context "#attestation_security_level" do
    specify do
      expect(subject.attestation_security_level).to eq(:trusted_environment)
    end
  end

  context "#keymaster_version" do
    specify do
      expect(subject.keymaster_version).to eq(4)
    end
  end

  context "#keymaster_security_level" do
    specify do
      expect(subject.keymaster_security_level).to eq(:trusted_environment)
    end
  end

  context "#unique_id" do
    specify do
      expect(subject.unique_id).to eq("")
    end
  end

  context "#tee_enforced" do
    subject { described_class.new(test_certificate).tee_enforced }

    context "#purpose" do
      specify do
        expect(subject.purpose).to match_array([:sign, :verify])
      end
    end

    context "#origin" do
      specify do
        expect(subject.origin).to eq(:generated)
      end
    end
  end

  context "#software_enforced" do
    subject { described_class.new(test_certificate).software_enforced }

    context "#creation_date" do
      specify do
        expect(subject.creation_date).to eq(Time.utc(2018, 07, 29, 12, 31, 54))
      end
    end

    context "#all_applications" do
      specify do
        expect(subject.all_applications).to be false
      end
    end
  end
end