Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / a78d8948fac68edd004d1f7070d7e217cb4fb602^! / . / tests / testapk
commita78d8948fac68edd004d1f7070d7e217cb4fb602[log] [tgz]
authorAlice Wang <aliceywang@google.com>Thu Mar 21 12:55:41 2024 +0000
committerAlice Wang <aliceywang@google.com>Fri Mar 22 16:24:13 2024 +0000
tree50a882ad6b9148043ee570a5efda9c8c75839a9b
parent1511945705923157ad3753af549b656962e85c96 [diff]
[test] Check vm attestation certificate chain in CTS tests

This cl also contains a refactoring that moves the X509
verification methods for AVF e2e tests to an independent
library. The new library no longer depends on rkpd for
certificates verification.

This refactoring allows us to reuse these methods within CTS
tests for VM attestation.

Bug: 330662600
Test: atest AvfRkpdVmAttestationTestApp
Change-Id: I1c0e94c08d8c61c6221685783e7cea28c0a19740

diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 1ed48d0..84bf098 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp

@@ -39,6 +39,7 @@
     srcs: ["src/java/**/*.java"],
     static_libs: [
         "MicrodroidDeviceTestHelper",
+        "VmAttestationTestUtil",
         "androidx.test.runner",
         "androidx.test.ext.junit",
         "authfs_test_apk_assets",

diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index aae1068..c3d9757 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java

@@ -69,6 +69,7 @@
 import com.android.microdroid.testservice.IAppCallback;
 import com.android.microdroid.testservice.ITestService;
 import com.android.microdroid.testservice.IVmCallback;
+import com.android.virt.vm_attestation.util.X509Utils;
 
 import com.google.common.base.Strings;
 import com.google.common.truth.BooleanSubject;
@@ -96,6 +97,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.cert.X509Certificate;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
 import java.util.ArrayList;
@@ -117,6 +119,7 @@
 @RunWith(Parameterized.class)
 public class MicrodroidTests extends MicrodroidDeviceTestBase {
     private static final String TAG = "MicrodroidTests";
+    private static final String TEST_APP_PACKAGE_NAME = "com.android.microdroid.test";
     private static final String VM_ATTESTATION_PAYLOAD_PATH = "libvm_attestation_test_payload.so";
     private static final String VM_ATTESTATION_MESSAGE = "Hello RKP from AVF!";
 
@@ -277,8 +280,13 @@
                 .isAnyOf(
                         AttestationStatus.ATTESTATION_OK,
                         AttestationStatus.ATTESTATION_ERROR_ATTESTATION_FAILED);
-        // TODO(b/330662600): Check the certificate chain and the signature after refactoring the
-        // x509 util method in RkpdVmAttestationTest.
+        if (signingResult.status == AttestationStatus.ATTESTATION_OK) {
+            X509Certificate[] certs =
+                    X509Utils.validateAndParseX509CertChain(signingResult.certificateChain);
+            X509Utils.verifyAvfRelatedCerts(certs, challenge, TEST_APP_PACKAGE_NAME);
+            X509Utils.verifySignature(
+                    certs[0], VM_ATTESTATION_MESSAGE.getBytes(), signingResult.signature);
+        }
     }
 
     @Test