diff --git a/credentials/generate_revocation_set.py b/credentials/generate_revocation_set.py index 6a1374828d43ae..bb2f5b6e9a8d33 100755 --- a/credentials/generate_revocation_set.py +++ b/credentials/generate_revocation_set.py @@ -1006,14 +1006,11 @@ def setUp(self): def get_test_file_path(self, filename): return os.path.join(self.test_base_dir, 'test', filename) - def compare_revocation_sets(self, generated_set, expected_file): - with open(os.path.join(self.test_base_dir, expected_file), 'r') as f: - expected_set = [RevocationSet(**r) for r in json.load(f)] - - # Compare the contents - self.assertEqual(len([generated_set]), len(expected_set)) - expected = expected_set[0] + def get_expected_revocation_set(self, idx): + with open(os.path.join(self.test_base_dir, 'test/revoked-attestation-certificates/revocation-sets/revocation-set.json'), 'r') as f: + return RevocationSet(**json.load(f)[idx]) + def compare_revocation_sets(self, generated_set, expected): # Compare required fields self.assertEqual(generated_set.type, expected.type) self.assertEqual(generated_set.issuer_subject_key_id, expected.issuer_subject_key_id) @@ -1038,10 +1035,7 @@ def test_paa_revocation_set(self): revocation_set = generate_revocation_set_from_crl( crl, crl_signer, ca_name_b64, ca_akid_hex, None) - self.compare_revocation_sets( - revocation_set, - 'test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json' - ) + self.compare_revocation_sets(revocation_set, self.get_expected_revocation_set(0)) def test_pai_revocation_set(self): """Test generation of PAI revocation set""" @@ -1057,10 +1051,23 @@ def test_pai_revocation_set(self): revocation_set = generate_revocation_set_from_crl( crl, crl_signer, ca_name_b64, ca_akid_hex, None) - self.compare_revocation_sets( - revocation_set, - 'test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json' - ) + self.compare_revocation_sets(revocation_set, self.get_expected_revocation_set(1)) + + def test_revoked_pai_revocation_set(self): + """Test generation of revocation set of revoked PAI""" + with open(self.get_test_file_path('revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem'), 'rb') as f: + crl = x509.load_pem_x509_crl(f.read()) + with open(self.get_test_file_path('revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-Cert.pem'), 'rb') as f: + crl_signer = x509.load_pem_x509_certificate(f.read()) + with open(self.get_test_file_path('revoked-attestation-certificates/Chip-Test-PAA-FFF1-Cert.pem'), 'rb') as f: + paa = x509.load_pem_x509_certificate(f.read()) + + ca_name_b64, ca_akid_hex = get_certificate_authority_details( + crl_signer, None, paa, False) + revocation_set = generate_revocation_set_from_crl( + crl, crl_signer, ca_name_b64, ca_akid_hex, None) + + self.compare_revocation_sets(revocation_set, self.get_expected_revocation_set(2)) if __name__ == "__main__": diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der new file mode 100644 index 00000000000000..bb928ec9d973a8 Binary files /dev/null and b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der differ diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem new file mode 100644 index 00000000000000..a4ab090693d34f --- /dev/null +++ b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICAjCCAaigAwIBAgIIc151wP6PWsUwCgYIKoZIzj0EAwIwRjEuMCwGA1UEAwwl +TWF0dGVyIFRlc3QgUEFJIDB4RkZGMSBubyBQSUQgUmV2b2tlZDEUMBIGCisGAQQB +gqJ8AgEMBEZGRjEwIBcNMjUwMzI1MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMGQx +NjA0BgNVBAMMLU1hdHRlciBUZXN0IFJldm9rZWQgREFDIFNpZ25lZCBieSBSZXZv +a2VkIFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4 +MDAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaELP83azv5+vdJg+vmO/g6td +Z9obWLWWZdgatid+/x5leASGpBEgL0pEv1UZ74ol4bK6S287eQKrIAZB2xdqWaNg +MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFDO1Scke +5qNNVdIn4aGgsbGhUWs6MB8GA1UdIwQYMBaAFJEzfFz+e7KTdv6IfTyU5/Wd2D0v +MAoGCCqGSM49BAMCA0gAMEUCIGO/qO9oglMxDEPMplwri0o31iRLg/p+qAyhtUC1 +DiWxAiEAgv4UPAsPjvj1gPMWaLe9xnbrZOuXg+7bjOFPeODItFc= +-----END CERTIFICATE----- diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der new file mode 100644 index 00000000000000..f393b8aafbe496 Binary files /dev/null and b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der differ diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem new file mode 100644 index 00000000000000..55a749be4988f1 --- /dev/null +++ b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJoLKewrsvBa4y0m97yUkHqvZHBNjl32M5xbK15Q+ShHoAoGCCqGSM49 +AwEHoUQDQgAEaELP83azv5+vdJg+vmO/g6tdZ9obWLWWZdgatid+/x5leASGpBEg +L0pEv1UZ74ol4bK6S287eQKrIAZB2xdqWQ== +-----END EC PRIVATE KEY----- diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der new file mode 100644 index 00000000000000..a9d5970ba2b64d Binary files /dev/null and b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der differ diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem new file mode 100644 index 00000000000000..78eb90079932aa --- /dev/null +++ b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem @@ -0,0 +1,9 @@ +-----BEGIN X509 CRL----- +MIIBHjCBxQIBATAKBggqhkjOPQQDAjBGMS4wLAYDVQQDDCVNYXR0ZXIgVGVzdCBQ +QUkgMHhGRkYxIG5vIFBJRCBSZXZva2VkMRQwEgYKKwYBBAGConwCAQwERkZGMRcN +MjUwMzI2MDYyODU2WhgPMjEyNTAzMjcwNjI4NTZaMBswGQIIc151wP6PWsUXDTI1 +MDMyNjA2Mjg1NlqgLzAtMB8GA1UdIwQYMBaAFJEzfFz+e7KTdv6IfTyU5/Wd2D0v +MAoGA1UdFAQDAgEAMAoGCCqGSM49BAMCA0gAMEUCIQDM4thiU6vEOH5jwGaFypV2 +P9InyjTJKpMo5bR4QEMMRgIgYge7z2UStTlJzS2gVm/MVld7SNnD+020LOVP1SWb +ufk= +-----END X509 CRL----- diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json index 0477c4b6c82b7f..e7f20cdd94b5ce 100644 --- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json @@ -1,5 +1,5 @@ { - "description": "Indirect revoked PAI 03: use this with revocation-sets/indirect-revocation-set.json", + "description": "Indirect revoked PAI 03: use this with revocation-sets/revocation-set.json", "basic_info_pid": 32769, "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", "pai_cert": "308201ce30820173a00302010202145433500af72d566dd0c0fd2710ab6f8562bd6f8f300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3235303130393130303431375a180f32313234313231363130303431375a3033311b301906035504030c124d617474657220546573742050414920303331143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bb1a980f395d0a448f315df82f820564b127398e9c1396916195ef3bba5fbc247445ceaa589ca835ca99058b1b7c1b2aef55dbec4338a3d8382a100c7f199dada366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e04160414f97059a4f532b98b3b808592cd943a91004acd6d301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020349003046022100ad4364c9b8c18ed56b11239ec95468981f598beece1e6904eddf7c67a7f533980221008a0428bbbcd9b725341deab309de87569b76fbae735bac659ce83c84b209d91f", diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json index c26ef1b63e945b..475372a3294f76 100644 --- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json @@ -1,5 +1,5 @@ { - "description": "Indirect revoked DAC 01: use this with revocation-sets/indirect-revocation-set.json", + "description": "Indirect revoked DAC 01: use this with revocation-sets/revocation-set.json", "basic_info_pid": 32769, "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", "pai_cert": "308201cd30820173a003020102021455c52c44f44d371237c9d42f8371658e560627dc300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3235303130393130303430395a180f32313234313231363130303430395a3033311b301906035504030c124d617474657220546573742050414920303131143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004dab17c35080a4ddc84d72945d52c90aad2da072196bdf24a986103a902611eb4496408d8305566f9a00f3c43ff7651cc9a134ad629f60f117745004ad06ce20fa366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e041604149d7718f23bd91000c15308db3a63b9c1faea0d33301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d040302034800304502200c83bca257d7012b539908b8f2c2bb1a6e263d9f41e26e735287c206a1fe11e902210089adfcfd3b917d572723f09c2da262fc16454830aaa1273dc01e689cdc142592", diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json index a9577fa2b41e68..b7fc480990ae4f 100644 --- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json @@ -1,5 +1,5 @@ { - "description": "Indirect revoked PAI 03: use this with revocation-sets/indirect-revocation-set.json", + "description": "Indirect revoked PAI 03: use this with revocation-sets/revocation-set.json", "basic_info_pid": 32769, "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", "pai_cert": "308201ce30820173a00302010202145433500af72d566dd0c0fd2710ab6f8562bd6f8f300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3235303130393130303431375a180f32313234313231363130303431375a3033311b301906035504030c124d617474657220546573742050414920303331143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bb1a980f395d0a448f315df82f820564b127398e9c1396916195ef3bba5fbc247445ceaa589ca835ca99058b1b7c1b2aef55dbec4338a3d8382a100c7f199dada366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e04160414f97059a4f532b98b3b808592cd943a91004acd6d301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020349003046022100ad4364c9b8c18ed56b11239ec95468981f598beece1e6904eddf7c67a7f533980221008a0428bbbcd9b725341deab309de87569b76fbae735bac659ce83c84b209d91f", diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json index 05dc6b0cc80dcb..52eed624ccf5da 100644 --- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json @@ -1,5 +1,5 @@ { - "description": "Revoked DAC 01: use this with revocation-sets/revocation-set-for-pai.json", + "description": "Revoked DAC 01: use this with revocation-sets/revocation-sets/revocation-set.json", "basic_info_pid": 32769, "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", "pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891", diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json index ab3f927e8bd3ae..0a7c9ac81dabb1 100644 --- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json @@ -1,5 +1,5 @@ { - "description": "Revoked DAC 02: use this with revocation-sets/revocation-set-for-pai.json", + "description": "Revoked DAC 02: use this with revocation-sets/revocation-set.json", "basic_info_pid": 32769, "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", "pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891", diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json index a629f86bd5708c..cfc1442cedd73a 100644 --- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json @@ -1,5 +1,5 @@ { - "description": "Revoked DAC 03: use this with revocation-sets/revocation-set-for-pai.json", + "description": "Revoked DAC 03: use this with revocation-sets/revocation-set.json", "basic_info_pid": 32769, "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", "pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891", diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json new file mode 100644 index 00000000000000..83b2d12752e81a --- /dev/null +++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json @@ -0,0 +1,9 @@ +{ + "description": "Revoked DAC and PAI", + "basic_info_pid": 32769, + "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac", + "pai_cert": "308201d43082017aa0030201020208302664392b8a3f2a300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a3046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bd58a84f7862e0751c4e56280f149697df7c51aadc5a4fa393c96277a59079de40907ab7860d069de652ea8bc8f7053bfe7c3a8ef4700d76b9cc20db312caf91a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041491337c5cfe7bb29376fe887d3c94e7f59dd83d2f301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d04030203480030450221009c74f6a84b3acb5a369de90399114ebf0a55150babd3d52b2898708847bc9c6e0220651881c81b7a20c346b97c68313c4be1c0a88f4f3a4072ed3c7ea11dc60984fc", + "dac_cert": "30820202308201a8a0030201020208735e75c0fe8f5ac5300a06082a8648ce3d0403023046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313020170d3235303332353030303030305a180f39393939313233313233353935395a30643136303406035504030c2d4d61747465722054657374205265766f6b656420444143205369676e6564206279205265766f6b65642050414931143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d030107034200046842cff376b3bf9faf74983ebe63bf83ab5d67da1b58b59665d81ab6277eff1e65780486a411202f4a44bf5519ef8a25e1b2ba4b6f3b7902ab200641db176a59a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e0416041433b549c91ee6a34d55d227e1a1a0b1b1a1516b3a301f0603551d2304183016801491337c5cfe7bb29376fe887d3c94e7f59dd83d2f300a06082a8648ce3d0403020348003045022063bfa8ef688253310c43cca65c2b8b4a37d6244b83fa7ea80ca1b540b50e25b102210082fe143c0b0f8ef8f580f31668b7bdc676eb64eb9783eedb8ce14f78e0c8b457", + "dac_private_key": "9a0b29ec2bb2f05ae32d26f7bc94907aaf64704d8e5df6339c5b2b5e50f92847", + "dac_public_key": "046842cff376b3bf9faf74983ebe63bf83ab5d67da1b58b59665d81ab6277eff1e65780486a411202f4a44bf5519ef8a25e1b2ba4b6f3b7902ab200641db176a59" +} diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json deleted file mode 100644 index 93edb94c129df0..00000000000000 --- a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json +++ /dev/null @@ -1,9 +0,0 @@ -[ - { - "type": "revocation_set", - "issuer_subject_key_id": "6AFD22771F511FECBF1641976710DCDC31A1717E", - "issuer_name": "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=", - "revoked_serial_numbers": ["302664392B8A3F2A"], - "crl_signer_cert": "MIIBvTCCAWSgAwIBAgIITqjoMYLUHBwwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLbLY3KIfyko9brIGqnZOuJDHK2p154kL2UXfvnO2TKijs0Duq9qj8oYShpQNUKWDUU/MD8fGUIddR6Pjxqam3WjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAfBgNVHSMEGDAWgBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAKBggqhkjOPQQDAgNHADBEAiBQqoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpHmUkpxyqvChVI1A0DTVFLJd4=" - } -] diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json deleted file mode 100644 index 46c3c1b66cddd8..00000000000000 --- a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json +++ /dev/null @@ -1,13 +0,0 @@ -[ - { - "type": "revocation_set", - "issuer_subject_key_id": "63540E47F64B1C38D13884A462D16C195D8FFB3C", - "issuer_name": "MD0xJTAjBgNVBAMMHE1hdHRlciBEZXYgUEFJIDB4RkZGMSBubyBQSUQxFDASBgorBgEEAYKifAIBDARGRkYx", - "revoked_serial_numbers": [ - "0AB042494323FE54", - "19367D978EAC533A", - "2569383D24BB36EA" - ], - "crl_signer_cert": "MIIByzCCAXGgAwIBAgIIVq2CIq2UW2QwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMjAyMDUwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowPTElMCMGA1UEAwwcTWF0dGVyIERldiBQQUkgMHhGRkYxIG5vIFBJRDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBmpMVwhc+DIyHbQPM/JRIUmR/f+xeUIL0BZko7KiUxZQVEwmsYx5MsDOSr2hLC6+35ls7gWLC9Sv5MbjneqqCo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUY1QOR/ZLHDjROISkYtFsGV2P+zwwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZIzj0EAwIDSAAwRQIhALLvJ/Sa6bUPuR7qyUxNC9u415KcbLiPrOUpNo0SBUwMAiBlXckrhr2QmIKmxiF3uCXX0F7b58Ivn+pxIg5+pwP4kQ==" - } -] diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/indirect-revocation-set.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json similarity index 68% rename from credentials/test/revoked-attestation-certificates/revocation-sets/indirect-revocation-set.json rename to credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json index 6d22cd9b1cc9e6..91a49b391a3df5 100644 --- a/credentials/test/revoked-attestation-certificates/revocation-sets/indirect-revocation-set.json +++ b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json @@ -1,4 +1,29 @@ [ + { + "type": "revocation_set", + "issuer_subject_key_id": "6AFD22771F511FECBF1641976710DCDC31A1717E", + "issuer_name": "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=", + "revoked_serial_numbers": ["302664392B8A3F2A"], + "crl_signer_cert": "MIIBvTCCAWSgAwIBAgIITqjoMYLUHBwwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLbLY3KIfyko9brIGqnZOuJDHK2p154kL2UXfvnO2TKijs0Duq9qj8oYShpQNUKWDUU/MD8fGUIddR6Pjxqam3WjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAfBgNVHSMEGDAWgBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAKBggqhkjOPQQDAgNHADBEAiBQqoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpHmUkpxyqvChVI1A0DTVFLJd4=" + }, + { + "type": "revocation_set", + "issuer_subject_key_id": "63540E47F64B1C38D13884A462D16C195D8FFB3C", + "issuer_name": "MD0xJTAjBgNVBAMMHE1hdHRlciBEZXYgUEFJIDB4RkZGMSBubyBQSUQxFDASBgorBgEEAYKifAIBDARGRkYx", + "revoked_serial_numbers": [ + "0AB042494323FE54", + "19367D978EAC533A", + "2569383D24BB36EA" + ], + "crl_signer_cert": "MIIByzCCAXGgAwIBAgIIVq2CIq2UW2QwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMjAyMDUwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowPTElMCMGA1UEAwwcTWF0dGVyIERldiBQQUkgMHhGRkYxIG5vIFBJRDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBmpMVwhc+DIyHbQPM/JRIUmR/f+xeUIL0BZko7KiUxZQVEwmsYx5MsDOSr2hLC6+35ls7gWLC9Sv5MbjneqqCo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUY1QOR/ZLHDjROISkYtFsGV2P+zwwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZIzj0EAwIDSAAwRQIhALLvJ/Sa6bUPuR7qyUxNC9u415KcbLiPrOUpNo0SBUwMAiBlXckrhr2QmIKmxiF3uCXX0F7b58Ivn+pxIg5+pwP4kQ==" + }, + { + "type": "revocation_set", + "issuer_subject_key_id": "91337C5CFE7BB29376FE887D3C94E7F59DD83D2F", + "issuer_name": "MEYxLjAsBgNVBAMMJU1hdHRlciBUZXN0IFBBSSAweEZGRjEgbm8gUElEIFJldm9rZWQxFDASBgorBgEEAYKifAIBDARGRkYx", + "revoked_serial_numbers": ["735E75C0FE8F5AC5"], + "crl_signer_cert": "MIIB1DCCAXqgAwIBAgIIMCZkOSuKPyowCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yNDEyMTMwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowRjEuMCwGA1UEAwwlTWF0dGVyIFRlc3QgUEFJIDB4RkZGMSBubyBQSUQgUmV2b2tlZDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9WKhPeGLgdRxOVigPFJaX33xRqtxaT6OTyWJ3pZB53kCQereGDQad5lLqi8j3BTv+fDqO9HANdrnMINsxLK+Ro2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUkTN8XP57spN2/oh9PJTn9Z3YPS8wHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZIzj0EAwIDSAAwRQIhAJx09qhLOstaNp3pA5kRTr8KVRULq9PVKyiYcIhHvJxuAiBlGIHIG3ogw0a5fGgxPEvhwKiPTzpAcu08fqEdxgmE/A==" + }, { "type": "revocation_set", "issuer_subject_key_id": "6AFD22771F511FECBF1641976710DCDC31A1717E", diff --git a/docs/guides/device-attestation-revocation-guide.md b/docs/guides/device-attestation-revocation-guide.md index 6ee4fee8461c23..04c38d4e25ffc4 100644 --- a/docs/guides/device-attestation-revocation-guide.md +++ b/docs/guides/device-attestation-revocation-guide.md @@ -44,9 +44,14 @@ pre-generated using the `generate_revocation_set.py` script. ### Test Vectors -| Description | DAC Provider | Revocation Set | Expected Result | -| --------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | -| PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | [revocation-set-for-paa.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json) | Commissioning fails with `kPaiRevoked` (202) | -| DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) | -| DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) | -| DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) | +Please use +`credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json` +as revocation set + +| Description | DAC Provider | Expected Result | +| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | +| PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | Commissioning fails with `kPaiRevoked` (202) | +| DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | Commissioning fails with `kDacRevoked` (302) | +| DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | Commissioning fails with `kDacRevoked` (302) | +| DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | Commissioning fails with `kDacRevoked` (302) | +| DAC and PAI revoked | [revoked-dac-and-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json) | Commissioning fails with `kPaiAndDacRevoked` (208) | diff --git a/src/python_testing/TC_DA_1_9.py b/src/python_testing/TC_DA_1_9.py new file mode 100644 index 00000000000000..8bc2c243f73c63 --- /dev/null +++ b/src/python_testing/TC_DA_1_9.py @@ -0,0 +1,217 @@ +#!/usr/bin/env -S python3 -B +# +# Copyright (c) 2025 Project CHIP Authors +# All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This script is intended for QA use only and does not automatically +# verify the results of the commissioning process. Please use with caution. +# +# [TC-DA-1.9] Device Attestation Revocation [DUT-Commissioner] +# +# This test is about commissioning a device configured with a revoked DAC and/or PAI +# and checking if the commissioner warns about the device attestation error. +# The test case will be successful if the commissioner warns about the device +# attestation error and the device is not commissioned. + +# See https://github.com/project-chip/connectedhomeip/blob/master/docs/testing/python.md#defining-the-ci-test-arguments +# for details about the block below. +# +# === BEGIN CI TEST ARGUMENTS === +# test-runner-runs: +# run1: +# script-args: > +# --storage-path admin_storage.json +# --PICS src/app/tests/suites/certification/ci-pics-values +# --string-arg app_path:out/linux-x64-all-clusters-ipv6only-no-ble-no-wifi-tsan-clang-test/chip-all-clusters-app +# --string-arg dac_provider_base_path:credentials/test/revoked-attestation-certificates/dac-provider-test-vectors +# --string-arg revocation_set_base_path:credentials/test/revoked-attestation-certificates/revocation-sets +# --string-arg app_log_path:/tmp/TC_DA_1_9 +# --trace-to json:${TRACE_TEST_JSON}.json +# --trace-to perfetto:${TRACE_TEST_PERFETTO}.perfetto +# factory-reset: true +# quiet: true +# === END CI TEST ARGUMENTS === + +import os +import signal +import subprocess + +from chip.testing.matter_testing import MatterBaseTest, TestStep, async_test_body, default_matter_test_main +from mobly import asserts + + +class TC_DA_1_9(MatterBaseTest): + def setup_class(self): + super().setup_class() + + self.app_path = self.matter_test_config.global_test_params.get('app_path') + self.dac_provider_base_path = self.matter_test_config.global_test_params.get('dac_provider_base_path') + self.revocation_set_base_path = self.matter_test_config.global_test_params.get('revocation_set_base_path') + + if self.app_path is None or not os.path.exists(self.app_path): + asserts.fail("--string-arg app_path: is required for this test, please provide the path to the app (eg: all-clusters-app)") + + if self.dac_provider_base_path is None or not os.path.exists(self.dac_provider_base_path): + asserts.fail("--string-arg dac_provider_base_path: is required for this test, please provide the path to the dac provider test vectors, it can be found in Matter SDK at: credentials/test/revoked-attestation-certificates/dac-provider-test-vectors") + + if self.revocation_set_base_path is None or not os.path.exists(self.revocation_set_base_path): + asserts.fail("--string-arg revocation_set_base_path: is required for this test, please provide the path to the revocation set, it can be found in Matter SDK at: credentials/test/revoked-attestation-certificates/revocation-sets") + + def desc_TC_DA_1_9(self) -> str: + return "[TC-DA-1.9] Device Attestation Revocation [DUT-Commissioner]" + + def pics_TC_DA_1_9(self) -> list[str]: + pics = [ + "MCORE.ROLE.COMMISSIONER", + ] + return pics + + def steps_TC_DA_1_9(self) -> list[TestStep]: + return [ + TestStep(1, "Test commissioning with revoked DAC", + "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"), + TestStep(2, "Test commissioning with revoked PAI", + "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"), + TestStep(3, "Test commissioning with both DAC and PAI revoked", + "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"), + TestStep(4, "Test commissioning with revoked DAC using delegated CRL signer", + "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"), + TestStep(5, "Test commissioning with revoked PAI using delegated CRL signer", + "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"), + TestStep(6, "Test commissioning with both DAC and PAI revoked using delegated CRL signer", + "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"), + TestStep(7, "Test commissioning with valid DAC and PAI", + "Commissioning succeeds without any attestation errors"), + ] + + @async_test_body + async def test_TC_DA_1_9(self): + test_vectors = [ + { + 'name': 'tc_dac_revoked', + 'dac_provider': 'revoked-dac-01.json', + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': False, + 'manual_pairing_code': '14970112338', + 'discriminator': 0x700, + }, + { + 'name': 'tc_pai_revoked', + 'dac_provider': 'revoked-pai.json', + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': False, + 'manual_pairing_code': '20054912334', + 'discriminator': 0x800, + }, + { + 'name': 'tc_dac_and_pai_revoked', + 'dac_provider': 'revoked-dac-and-pai.json', + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': False, + 'manual_pairing_code': '21693312337', + 'discriminator': 0x900, + }, + { + 'name': 'tc_dac_revoked_using_delegated_crl_signer', + 'dac_provider': 'indirect-revoked-dac-01.json', + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': False, + 'manual_pairing_code': '23331712339', + 'discriminator': 0xA00, + }, + { + 'name': 'tc_pai_revoked_using_delegated_crl_signer', + 'dac_provider': 'indirect-revoked-pai-03.json', + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': False, + 'manual_pairing_code': '24970112330', + 'discriminator': 0xB00, + }, + { + 'name': 'tc_dac_and_pai_revoked_using_delegated_crl_signer', + 'dac_provider': 'indirect-revoked-dac-01-pai-03.json', + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': False, + 'manual_pairing_code': '30054912331', + 'discriminator': 0xC00, + }, + { + 'name': 'tc_dac_and_pai_valid', + 'dac_provider': None, + 'revocation_set': 'revocation-set.json', + 'expects_commissioning_success': True, + 'manual_pairing_code': '31693312339', + 'discriminator': 0xD00, + } + ] + + for idx, test_case in enumerate(test_vectors): + self.step(idx + 1) + + # Clean up any existing KVS files + subprocess.call("rm -f all-clusters-kvs*", shell=True) + + # Create log files for this test case + log_path = os.path.join(self.matter_test_config.logs_path, 'TC_DA_1_9') + os.makedirs(log_path, exist_ok=True) + app_log_file_name = os.path.join(log_path, f"{test_case['name']}_app.log") + + with open(app_log_file_name, 'w') as app_log_file: + # Start the all-clusters-app with appropriate DAC provider + app_args = '--trace_decode 1 --KVS all-clusters-kvs' + if test_case['dac_provider']: + dac_provider_path = os.path.join(self.dac_provider_base_path, test_case['dac_provider']) + app_args += f' --dac_provider {dac_provider_path}' + + if test_case['discriminator']: + discriminator = test_case['discriminator'] + app_args += f' --discriminator {discriminator}' + + app_cmd = f"{self.app_path} {app_args}" + + # Run the all-clusters-app in background + app_process = subprocess.Popen(app_cmd.split(), stdout=app_log_file, stderr=app_log_file) + + # Prompt user with instructions + prompt_msg = ( + f"\nPlease commission the DUT with:\n" + f" Manual Pairing Code: '{test_case['manual_pairing_code']}'\n" + f" Revocation Set: {os.path.join(self.revocation_set_base_path, test_case['revocation_set'])}\n\n" + f"Input 'Y' if DUT successfully commissions without any warnings\n" + f"Input 'N' if commissioner warns about commissioning the non-genuine device, " + f"Or Commissioning fails with device appropriate attestation error\n" + ) + + # TODO: Run Python commissioner, commission the DUT, and check the return code + if self.is_pics_sdk_ci_only: + resp = 'Y' if test_case['expects_commissioning_success'] else 'N' + else: + resp = self.wait_for_user_input(prompt_msg) + + commissioning_success = resp.lower() == 'y' + + # Verify results + asserts.assert_equal( + commissioning_success, + test_case['expects_commissioning_success'], + f"Commissioning {'succeeded' if commissioning_success else 'failed'} when it should have {'succeeded' if test_case['expects_commissioning_success'] else 'failed'}" + ) + + app_process.send_signal(signal.SIGTERM.value) + app_process.wait() + + +if __name__ == "__main__": + default_matter_test_main()