1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

// SPDX-License-Identifier: AGPL-3.0-or-later
//! Module containing [TpmCredStoreHarness].

use btlib::{
    crypto::{
        tpm::{TpmCredStore, TpmCreds},
        CredStore, CredStoreMut, Creds,
    },
    error::AnyhowErrorExt,
    Epoch, Principaled, Result,
};
use core::time::Duration;
use swtpm_harness::SwtpmHarness;

/// A test harness which allows a [TpmCredStore] to be accessed.
pub struct TpmCredStoreHarness {
    root_passwd: String,
    cred_store: TpmCredStore,
    swtpm: SwtpmHarness,
}

impl TpmCredStoreHarness {
    /// Creates a new test harness by starting a new instance of swtpm, generating root and node
    /// creds, and issuing a writecap to the node creds.
    pub fn new(root_passwd: String) -> Result<Self> {
        let swtpm = SwtpmHarness::new().bterr()?;
        let cred_store =
            TpmCredStore::from_context(swtpm.context()?, swtpm.state_path().to_owned())?;
        let root_creds = cred_store.gen_root_creds(&root_passwd).unwrap();
        let mut node_creds = cred_store.node_creds().unwrap();
        let expires = Epoch::now() + Duration::from_secs(3600);
        let writecap = root_creds
            .issue_writecap(node_creds.principal(), &mut std::iter::empty(), expires)
            .unwrap();
        cred_store
            .assign_node_writecap(&mut node_creds, writecap)
            .unwrap();
        Ok(Self {
            root_passwd,
            swtpm,
            cred_store,
        })
    }

    pub fn root_passwd(&self) -> &str {
        &self.root_passwd
    }

    pub fn swtpm(&self) -> &SwtpmHarness {
        &self.swtpm
    }

    pub fn cred_store(&self) -> &TpmCredStore {
        &self.cred_store
    }

    pub fn root_creds(&self) -> Result<TpmCreds> {
        self.cred_store.root_creds(&self.root_passwd)
    }
}