1 // Copyright 2020 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CHROMEOS_DBUS_ATTESTATION_FAKE_ATTESTATION_CLIENT_H_
6 #define CHROMEOS_DBUS_ATTESTATION_FAKE_ATTESTATION_CLIENT_H_
7
8 #include "chromeos/dbus/attestation/attestation_client.h"
9
10 #include <deque>
11 #include <map>
12 #include <set>
13 #include <string>
14 #include <utility>
15 #include <vector>
16
17 #include "base/component_export.h"
18 #include "base/time/time.h"
19 #include "chromeos/dbus/attestation/interface.pb.h"
20 #include "dbus/object_proxy.h"
21
22 namespace chromeos {
23
COMPONENT_EXPORT(CHROMEOS_DBUS_ATTESTATION)24 class COMPONENT_EXPORT(CHROMEOS_DBUS_ATTESTATION) FakeAttestationClient
25 : public AttestationClient,
26 public AttestationClient::TestInterface {
27 public:
28 FakeAttestationClient();
29 ~FakeAttestationClient() override;
30
31 // Not copyable or movable.
32 FakeAttestationClient(const FakeAttestationClient&) = delete;
33 FakeAttestationClient& operator=(const FakeAttestationClient&) = delete;
34 FakeAttestationClient(FakeAttestationClient&&) = delete;
35 FakeAttestationClient& operator=(FakeAttestationClient&&) = delete;
36
37 // AttestationClient:
38 void GetKeyInfo(const ::attestation::GetKeyInfoRequest& request,
39 GetKeyInfoCallback callback) override;
40 void GetEndorsementInfo(
41 const ::attestation::GetEndorsementInfoRequest& request,
42 GetEndorsementInfoCallback callback) override;
43 void GetAttestationKeyInfo(
44 const ::attestation::GetAttestationKeyInfoRequest& request,
45 GetAttestationKeyInfoCallback callback) override;
46 void ActivateAttestationKey(
47 const ::attestation::ActivateAttestationKeyRequest& request,
48 ActivateAttestationKeyCallback callback) override;
49 void CreateCertifiableKey(
50 const ::attestation::CreateCertifiableKeyRequest& request,
51 CreateCertifiableKeyCallback callback) override;
52 void Decrypt(const ::attestation::DecryptRequest& request,
53 DecryptCallback callback) override;
54 void Sign(const ::attestation::SignRequest& request,
55 SignCallback callback) override;
56 void RegisterKeyWithChapsToken(
57 const ::attestation::RegisterKeyWithChapsTokenRequest& request,
58 RegisterKeyWithChapsTokenCallback callback) override;
59 void GetEnrollmentPreparations(
60 const ::attestation::GetEnrollmentPreparationsRequest& request,
61 GetEnrollmentPreparationsCallback callback) override;
62 void GetStatus(const ::attestation::GetStatusRequest& request,
63 GetStatusCallback callback) override;
64 void Verify(const ::attestation::VerifyRequest& request,
65 VerifyCallback callback) override;
66 void CreateEnrollRequest(
67 const ::attestation::CreateEnrollRequestRequest& request,
68 CreateEnrollRequestCallback callback) override;
69 void FinishEnroll(const ::attestation::FinishEnrollRequest& request,
70 FinishEnrollCallback callback) override;
71 void CreateCertificateRequest(
72 const ::attestation::CreateCertificateRequestRequest& request,
73 CreateCertificateRequestCallback callback) override;
74 void FinishCertificateRequest(
75 const ::attestation::FinishCertificateRequestRequest& request,
76 FinishCertificateRequestCallback callback) override;
77 void Enroll(const ::attestation::EnrollRequest& request,
78 EnrollCallback callback) override;
79 void GetCertificate(const ::attestation::GetCertificateRequest& request,
80 GetCertificateCallback callback) override;
81 void SignEnterpriseChallenge(
82 const ::attestation::SignEnterpriseChallengeRequest& request,
83 SignEnterpriseChallengeCallback callback) override;
84 void SignSimpleChallenge(
85 const ::attestation::SignSimpleChallengeRequest& request,
86 SignSimpleChallengeCallback callback) override;
87 void SetKeyPayload(const ::attestation::SetKeyPayloadRequest& request,
88 SetKeyPayloadCallback callback) override;
89 void DeleteKeys(const ::attestation::DeleteKeysRequest& request,
90 DeleteKeysCallback callback) override;
91 void ResetIdentity(const ::attestation::ResetIdentityRequest& request,
92 ResetIdentityCallback callback) override;
93 void GetEnrollmentId(const ::attestation::GetEnrollmentIdRequest& request,
94 GetEnrollmentIdCallback callback) override;
95 void GetCertifiedNvIndex(
96 const ::attestation::GetCertifiedNvIndexRequest& request,
97 GetCertifiedNvIndexCallback callback) override;
98
99 // AttestationClient::TestInterface:
100 void ConfigureEnrollmentPreparations(bool is_prepared) override;
101 void ConfigureEnrollmentPreparationsSequence(
102 std::deque<bool> sequence) override;
103 void ConfigureEnrollmentPreparationsStatus(
104 ::attestation::AttestationStatus status) override;
105 ::attestation::GetStatusReply* mutable_status_reply() override;
106 void AllowlistCertificateRequest(
107 const ::attestation::GetCertificateRequest& request) override;
108 const std::vector<::attestation::DeleteKeysRequest>& delete_keys_history()
109 const override;
110 void ClearDeleteKeysHistory() override;
111 void set_enrollment_id_ignore_cache(const std::string& id) override;
112 void set_cached_enrollment_id(const std::string& id) override;
113 void set_enrollment_id_dbus_error_count(int count) override;
114 ::attestation::GetKeyInfoReply* GetMutableKeyInfoReply(
115 const std::string& username,
116 const std::string& label) override;
117 void set_key_info_dbus_error_count(int count) override;
118 int key_info_dbus_error_count() const override;
119 bool VerifySimpleChallengeResponse(
120 const std::string& challenge,
121 const ::attestation::SignedData& signed_data) override;
122 void set_sign_simple_challenge_status(
123 ::attestation::AttestationStatus status) override;
124 void AllowlistSignSimpleChallengeKey(const std::string& username,
125 const std::string& label) override;
126 void set_register_key_status(
127 ::attestation::AttestationStatus status) override;
128 void AllowlistRegisterKey(const std::string& username,
129 const std::string& label) override;
130 void set_sign_enterprise_challenge_status(
131 ::attestation::AttestationStatus status) override;
132 void AllowlistSignEnterpriseChallengeKey(
133 const ::attestation::SignEnterpriseChallengeRequest& request) override;
134 std::string GetEnterpriseChallengeFakeSignature(
135 const std::string& challenge,
136 bool include_spkac) const override;
137 void set_sign_enterprise_challenge_delay(
138 const base::TimeDelta& delay) override;
139 void set_enroll_request_status(
140 ::attestation::AttestationStatus status) override;
141 std::string GetFakePcaEnrollRequest() const override;
142 std::string GetFakePcaEnrollResponse() const override;
143 void AllowlistLegacyCreateCertificateRequest(
144 const std::string& username,
145 const std::string& request_origin,
146 ::attestation::CertificateProfile profile,
147 ::attestation::KeyType key_type) override;
148 void set_cert_request_status(
149 ::attestation::AttestationStatus status) override;
150 std::string GetFakePcaCertRequest() const override;
151 std::string GetFakePcaCertResponse() const override;
152 std::string GetFakeCertificate() const override;
153
154 AttestationClient::TestInterface* GetTestInterface() override;
155
156 private:
157 ::attestation::AttestationStatus preparations_status_ =
158 ::attestation::STATUS_SUCCESS;
159 bool is_prepared_ = true;
160 std::deque<bool> preparation_sequences_;
161
162 ::attestation::GetStatusReply status_reply_;
163
164 // Maintains the allowlisted certificate requests.
165 std::vector<::attestation::GetCertificateRequest> allowlisted_requests_;
166
167 // Maintains the allowlisted legacy create-certificate requests.
168 std::vector<::attestation::CreateCertificateRequestRequest>
169 allowlisted_create_requests_;
170
171 // Maintains the numbers assigned to the allowlisted requests.
172 std::vector<int> certificate_indices_;
173 // The count of certificates that has been issued.
174 int certificate_count_ = 0;
175
176 // Maintains the input request history of `DeleteKeys()`.
177 std::vector<::attestation::DeleteKeysRequest> delete_keys_history_;
178
179 // Maintains building components reply to `GetEnrollmentId()`.
180 std::string enrollment_id_;
181 std::string enrollment_id_ignore_cache_;
182 int enrollment_id_dbus_error_count_ = 0;
183
184 class GetKeyInfoRequestComparator {
185 public:
186 bool operator()(const ::attestation::GetKeyInfoRequest& r1,
187 const ::attestation::GetKeyInfoRequest& r2) const {
188 return r1.username() == r2.username() ? r1.key_label() < r2.key_label()
189 : r1.username() < r2.username();
190 }
191 };
192 // The fake key info database. std::map is chosen because we don't have to
193 // implement the hash function for the `GetKeyInfoRequest`, which could be
194 // expensive and contributes unreasonable overhead at smaller scale, anyway.
195 std::map<::attestation::GetKeyInfoRequest,
196 ::attestation::GetKeyInfoReply,
197 GetKeyInfoRequestComparator>
198 key_info_database_;
199 int key_info_dbus_error_count_ = 0;
200
201 // The status returned by `SignSimpleChallenge()`.
202 ::attestation::AttestationStatus sign_simple_challenge_status_ =
203 ::attestation::STATUS_SUCCESS;
204 // The table of username-label pairs of which keys can perform simple sign
205 // challenge.
206 std::set<std::pair<std::string, std::string>>
207 allowlisted_sign_simple_challenge_keys_;
208
209 // The status returned by `RegisterKeyWithChapsToken()`.
210 ::attestation::AttestationStatus register_key_status_ =
211 ::attestation::STATUS_SUCCESS;
212 // The table of username-label pairs of which keys can be registered to the
213 // key store.
214 std::set<std::pair<std::string, std::string>> allowlisted_register_keys_;
215
216 // The status returned by `SignEnterpriseChallenge()`.
217 ::attestation::AttestationStatus sign_enterprise_challenge_status_ =
218 ::attestation::STATUS_SUCCESS;
219
220 class SignEnterpriseChallengeRequestComparator {
221 public:
222 bool operator()(
223 const ::attestation::SignEnterpriseChallengeRequest& r1,
224 const ::attestation::SignEnterpriseChallengeRequest& r2) const {
225 // The inputs for signature generation `challenge()` and
226 // `include_signed_public_key()` are ignored.
227 return std::forward_as_tuple(r1.username(), r1.key_label(),
228 r1.key_name_for_spkac(), r1.domain(),
229 r1.device_id(), r1.va_type()) <
230 std::forward_as_tuple(r2.username(), r2.key_label(),
231 r2.key_name_for_spkac(), r2.domain(),
232 r2.device_id(), r2.va_type());
233 }
234 };
235 // The table of `SignEnterpriseChallenge` which can sign enterprise
236 // challenge.
237 std::set<::attestation::SignEnterpriseChallengeRequest,
238 SignEnterpriseChallengeRequestComparator>
239 allowlisted_sign_enterprise_challenge_keys_;
240 // The delay the reply of `SignEnterpriseChallenge()` is posted with.
241 base::TimeDelta sign_enterprise_challenge_delay_;
242
243 // The status returned by `CreateEnrollRequest()`.
244 ::attestation::AttestationStatus enroll_request_status_ =
245 ::attestation::STATUS_SUCCESS;
246 // The status returned by `CreateCertificateRequest()`.
247 ::attestation::AttestationStatus cert_request_status_ =
248 ::attestation::STATUS_SUCCESS;
249 };
250
251 } // namespace chromeos
252
253 #endif // CHROMEOS_DBUS_ATTESTATION_FAKE_ATTESTATION_CLIENT_H_
254