TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / tf-m-tools / 5ebf48316c28e60da98df0fb5749942d14ffc150 / . / iat-verifier / tests / test_verifier.py
blob: 17658f1d843e0d3ba339f2063aa8091910829404 [file] [log] [blame]
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]1# -----------------------------------------------------------------------------
Mate Toth-Pal916a3de2024-05-03 09:34:41 +0200[diff] [blame]2# Copyright (c) 2019-2024, Arm Limited. All rights reserved.
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6# -----------------------------------------------------------------------------
7
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]8"""Unittests for iat-verifier using PSAIoTProfile1TokenVerifier"""
9
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]10import os
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]11import unittest
12
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]13from pycose.algorithms import Es256, Es384
14
Mate Toth-Pal1cb66cd2022-04-26 15:40:07 +0200[diff] [blame]15from iatverifier.psa_iot_profile1_token_verifier import PSAIoTProfile1TokenVerifier
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]16from iatverifier.cca_token_verifier import CCATokenVerifier, CCAPlatformTokenVerifier
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]17from iatverifier.util import read_keyfile
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]18from iatverifier.attest_token_verifier import AttestationClaim, VerifierConfiguration
19from iatverifier.attest_token_verifier import AttestationTokenVerifier
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]20from test_utils import create_and_read_iat, read_iat, create_token_tmp_file
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]21
22
23THIS_DIR = os.path.dirname(__file__)
24
25DATA_DIR = os.path.join(THIS_DIR, 'data')
26KEYFILE = os.path.join(DATA_DIR, 'key.pem')
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]27KEYFILE_CCA_PLAT = os.path.join(DATA_DIR, 'cca_platform.pem')
28KEYFILE_CCA_REALM = os.path.join(DATA_DIR, 'cca_realm.pem')
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]29KEYFILE_CCA_REALM2= os.path.join(DATA_DIR, 'cca_realm2.pem')
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]30KEYFILE_ALT = os.path.join(DATA_DIR, 'key-alt.pem')
31
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]32class TestIatVerifier(unittest.TestCase):
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]33 """A class used for testing iat-verifier.
34
35 This class uses the claim and token definitions for PSA Attestation Token"""
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]36
37 def setUp(self):
38 self.config = VerifierConfiguration()
39
40 def test_validate_signature(self):
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]41 """Testing Signature validation"""
42 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]43 cose_alg=Es256
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]44
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]45 signing_key = read_keyfile(KEYFILE, method)
46 verifier_good_sig = PSAIoTProfile1TokenVerifier(
47 method=method,
48 cose_alg=cose_alg,
49 signing_key=signing_key,
50 configuration=self.config)
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]51 good_sig = create_token_tmp_file(DATA_DIR, 'valid-iat.yaml', verifier_good_sig)
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]52
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]53 signing_key = read_keyfile(KEYFILE_ALT, method)
54 verifier_bad_sig = PSAIoTProfile1TokenVerifier(
55 method=method,
56 cose_alg=cose_alg,
57 signing_key=signing_key,
58 configuration=self.config)
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]59 bad_sig = create_token_tmp_file(DATA_DIR, 'valid-iat.yaml', verifier_bad_sig)
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]60
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]61 #dump_file_binary(good_sig)
62
63 with open(good_sig, 'rb') as wfh:
Mate Toth-Palc7404e92022-07-15 11:11:13 +0200[diff] [blame]64 token_item = verifier_good_sig.parse_token(
65 token=wfh.read(),
Mate Toth-Palc7404e92022-07-15 11:11:13 +0200[diff] [blame]66 lower_case_key=False)
67 token_item.verify()
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]68
69 with self.assertRaises(ValueError) as test_ctx:
70 with open(bad_sig, 'rb') as wfh:
Mate Toth-Palc7404e92022-07-15 11:11:13 +0200[diff] [blame]71 token_item = verifier_good_sig.parse_token(
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]72 token=wfh.read(),
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]73 lower_case_key=False)
Mate Toth-Palc7404e92022-07-15 11:11:13 +0200[diff] [blame]74 token_item.verify()
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]75
76 self.assertIn('Bad signature', test_ctx.exception.args[0])
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]77
78 def test_validate_iat_structure(self):
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]79 """Testing IAT structure validation"""
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]80 keep_going_conf = VerifierConfiguration(keep_going=True)
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]81 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]82 cose_alg=Es256
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]83 signing_key = read_keyfile(KEYFILE, method)
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]84 realm_token_key = read_keyfile(KEYFILE_CCA_REALM, method)
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]85 realm_token_key2 = read_keyfile(KEYFILE_CCA_REALM2, method)
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]86 platform_token_key = read_keyfile(KEYFILE_CCA_PLAT, method)
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]87
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]88 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]89 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]90 'valid-iat.yaml',
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]91 PSAIoTProfile1TokenVerifier(
92 method=method,
93 cose_alg=cose_alg,
94 signing_key=signing_key,
95 configuration=self.config))
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]96
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]97 create_and_read_iat(
98 DATA_DIR,
99 'valid-cca-token.yaml',
100 CCATokenVerifier(
101 realm_token_method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]102 realm_token_cose_alg=Es384,
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]103 realm_token_key=realm_token_key,
104 platform_token_method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]105 platform_token_cose_alg=Es384,
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]106 platform_token_key=platform_token_key,
107 configuration=self.config))
108
109 create_and_read_iat(
110 DATA_DIR,
111 'cca_platform_token.yaml',
112 CCAPlatformTokenVerifier(
113 method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]114 cose_alg=Es384,
Mate Toth-Pal5ebca512022-03-24 16:45:51 +0100[diff] [blame]115 signing_key=platform_token_key,
116 configuration=self.config,
117 necessity=AttestationClaim.MANDATORY))
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]118
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]119 with self.assertRaises(ValueError) as test_ctx:
120 create_and_read_iat(
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]121 DATA_DIR,
Mate Toth-Palc5dbad02022-09-01 22:17:26 +0200[diff] [blame]122 'cca-invalid-plat-challenge.yaml',
123 CCATokenVerifier(
124 realm_token_method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]125 realm_token_cose_alg=Es384,
Mate Toth-Palc5dbad02022-09-01 22:17:26 +0200[diff] [blame]126 realm_token_key=realm_token_key,
127 platform_token_method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]128 platform_token_cose_alg=Es384,
Mate Toth-Palc5dbad02022-09-01 22:17:26 +0200[diff] [blame]129 platform_token_key=platform_token_key,
130 configuration=self.config))
131 self.assertIn("Invalid CCA_PLATFORM_CHALLENGE byte at 16: 0x00 instead of 0xe4", test_ctx.exception.args[0])
132
133 with self.assertRaises(ValueError) as test_ctx:
134 create_and_read_iat(
135 DATA_DIR,
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]136 'valid-cca-token.yaml',
137 CCATokenVerifier(
138 realm_token_method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]139 realm_token_cose_alg=Es384,
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]140 realm_token_key=realm_token_key2,
141 platform_token_method=method,
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]142 platform_token_cose_alg=Es384,
Mate Toth-Palb21ae522022-09-01 12:02:21 +0200[diff] [blame]143 platform_token_key=platform_token_key,
144 configuration=self.config))
145 self.assertIn("Realm signature doesn't match Realm Public Key claim in Realm token", test_ctx.exception.args[0])
146
147 with self.assertRaises(ValueError) as test_ctx:
148 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]149 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]150 'invalid-profile-id.yaml',
151 PSAIoTProfile1TokenVerifier(method=method,
152 cose_alg=cose_alg,
153 signing_key=signing_key,
154 configuration=self.config))
155 self.assertIn('Invalid PROFILE_ID', test_ctx.exception.args[0])
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]156
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]157 with self.assertRaises(ValueError) as test_ctx:
158 read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]159 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]160 'malformed.cbor',
161 PSAIoTProfile1TokenVerifier(method=method,
162 cose_alg=cose_alg,
163 signing_key=signing_key,
164 configuration=self.config))
165 self.assertIn('Bad COSE', test_ctx.exception.args[0])
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]166
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]167 with self.assertRaises(ValueError) as test_ctx:
168 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]169 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]170 'missing-claim.yaml',
171 PSAIoTProfile1TokenVerifier(method=method,
172 cose_alg=cose_alg,
173 signing_key=signing_key,
174 configuration=self.config))
175 self.assertIn('missing MANDATORY claim', test_ctx.exception.args[0])
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]176
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]177 with self.assertRaises(ValueError) as test_ctx:
178 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]179 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]180 'submod-missing-claim.yaml',
181 PSAIoTProfile1TokenVerifier(method=method,
182 cose_alg=cose_alg,
183 signing_key=signing_key,
184 configuration=self.config))
185 self.assertIn('missing MANDATORY claim', test_ctx.exception.args[0])
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]186
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]187 with self.assertRaises(ValueError) as test_ctx:
188 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]189 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]190 'missing-sw-comps.yaml',
191 PSAIoTProfile1TokenVerifier(method=method,
192 cose_alg=cose_alg,
193 signing_key=signing_key,
194 configuration=self.config))
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]195 self.assertIn('NO_MEASUREMENTS claim is not present',
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]196 test_ctx.exception.args[0])
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]197
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]198 with self.assertLogs() as test_ctx:
199 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]200 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]201 'missing-signer-id.yaml',
202 PSAIoTProfile1TokenVerifier(method=method,
203 cose_alg=cose_alg,
204 signing_key=signing_key,
205 configuration=self.config))
Mate Toth-Pald10a9142022-04-28 15:34:13 +0200[diff] [blame]206 self.assertIn('Missing RECOMMENDED claim "SIGNER_ID" from SW_COMPONENTS',
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]207 test_ctx.records[0].getMessage())
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]208
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]209 with self.assertLogs() as test_ctx:
210 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]211 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]212 'invalid-type-length.yaml',
213 PSAIoTProfile1TokenVerifier(method=method,
214 cose_alg=cose_alg,
215 signing_key=signing_key,
216 configuration=keep_going_conf))
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]217 self.assertIn("Invalid PROFILE_ID: must be a(n) <class 'str'>: found <class 'int'>",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]218 test_ctx.records[0].getMessage())
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]219 self.assertIn("Invalid SIGNER_ID: must be a(n) <class 'bytes'>: found <class 'str'>",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]220 test_ctx.records[1].getMessage())
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]221 self.assertIn("Invalid SIGNER_ID length: must be at least 32 bytes, found 12 bytes",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]222 test_ctx.records[2].getMessage())
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]223 self.assertIn("Invalid MEASUREMENT length: must be at least 32 bytes, found 28 bytes",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]224 test_ctx.records[3].getMessage())
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]225
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]226 with self.assertLogs() as test_ctx:
227 create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]228 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]229 'invalid-hw-version.yaml',
Tamas Ban8ac8d172022-07-04 13:01:08 +0200[diff] [blame]230 PSAIoTProfile1TokenVerifier(
231 method=method,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]232 cose_alg=cose_alg,
233 signing_key=signing_key,
234 configuration=keep_going_conf))
Tamas Ban8ac8d172022-07-04 13:01:08 +0200[diff] [blame]235 self.assertIn("Invalid HARDWARE_VERSION length; "
236 "must be 19 characters, found 10 characters",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]237 test_ctx.records[0].getMessage())
Tamas Ban8ac8d172022-07-04 13:01:08 +0200[diff] [blame]238 self.assertIn("Invalid character at position 1",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]239 test_ctx.records[1].getMessage())
Tamas Ban8ac8d172022-07-04 13:01:08 +0200[diff] [blame]240 self.assertIn("Invalid character - at position 4",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]241 test_ctx.records[2].getMessage())
Tamas Ban8ac8d172022-07-04 13:01:08 +0200[diff] [blame]242 self.assertIn("Invalid character a at position 10",
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]243 test_ctx.records[3].getMessage())
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]244
245 def test_binary_string_decoding(self):
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]246 """Test binary_string decoding"""
247 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]248 cose_alg=Es256
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]249 signing_key = read_keyfile(KEYFILE, method)
250 iat = create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]251 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]252 'valid-iat.yaml',
253 PSAIoTProfile1TokenVerifier(method=method,
254 cose_alg=cose_alg,
255 signing_key=signing_key,
Mate Toth-Palc7404e92022-07-15 11:11:13 +0200[diff] [blame]256 configuration=self.config)).get_token_map()
Mate Toth-Pal916a3de2024-05-03 09:34:41 +0200[diff] [blame]257 self.assertEqual(iat['SECURITY_LIFECYCLE'], 'sl_secured_3000')
Mate Toth-Pal51b61982022-03-17 14:19:30 +0100[diff] [blame]258
259 def test_security_lifecycle_decoding(self):
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]260 """Test security lifecycle decoding"""
261 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
Thomas Fossatif4e1ca32024-08-16 16:01:31 +0000[diff] [blame]262 cose_alg=Es256
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]263 signing_key = read_keyfile(KEYFILE, method)
264 iat = create_and_read_iat(
Mate Toth-Palb2508d52022-04-30 14:10:06 +0200[diff] [blame]265 DATA_DIR,
Mate Toth-Palb9057ff2022-04-29 16:03:21 +0200[diff] [blame]266 'valid-iat.yaml',
267 PSAIoTProfile1TokenVerifier(method=method,
268 cose_alg=cose_alg,
269 signing_key=signing_key,
Mate Toth-Palc7404e92022-07-15 11:11:13 +0200[diff] [blame]270 configuration=self.config)).get_token_map()
Mate Toth-Pal916a3de2024-05-03 09:34:41 +0200[diff] [blame]271 self.assertEqual(iat['SECURITY_LIFECYCLE'], 'sl_secured_3000')
Thomas Fossati5ebf4832024-08-26 09:30:05 +0000[diff] [blame^]272
273 def test_profiles(self):
274 """
275 Test that both legacy and new profiles are handled correctly.
276 In particular, ensure that the different RAK encodings are accommodated,
277 and that use of legacy profiles triggers a warning.
278 """
279 method=AttestationTokenVerifier.SIGN_METHOD_SIGN1
280 realm_token_key = read_keyfile(KEYFILE_CCA_REALM, method)
281 platform_token_key = read_keyfile(KEYFILE_CCA_PLAT, method)
282
283 # change directory here to make !inc work
284 os.chdir(DATA_DIR)
285
286 create_and_read_iat(
287 '.',
288 'cca_example_token.yaml',
289 CCATokenVerifier(
290 realm_token_method=method,
291 realm_token_cose_alg=Es384,
292 realm_token_key=realm_token_key,
293 platform_token_method=method,
294 platform_token_cose_alg=Es384,
295 platform_token_key=platform_token_key,
296 configuration=self.config
297 )
298 )
299
300 with self.assertLogs() as test_ctx:
301 create_and_read_iat(
302 '.',
303 'cca_example_token_legacy.yaml',
304 CCATokenVerifier(
305 realm_token_method=method,
306 realm_token_cose_alg=Es384,
307 realm_token_key=realm_token_key,
308 platform_token_method=method,
309 platform_token_cose_alg=Es384,
310 platform_token_key=platform_token_key,
311 configuration=self.config
312 )
313 )
314 self.assertIn('legacy profile http://arm.com/CCA-SSD/1.0.0 is deprecated',
315 test_ctx.records[0].getMessage())