wip fix test

open-amt-cloud-toolkit · May 24, 2024 · 0c27eb4 · 0c27eb4
1 parent a132b99
commit 0c27eb4
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 63 deletions.
diff --git a/internal/usecase/devices/certificates.go b/internal/usecase/devices/certificates.go
@@ -32,80 +32,93 @@ type ProfileAssociation struct {
 	Key               interface{} `json:"PublicKey,omitempty"`
 }
 
-func processCertificates(contextItems []credential.CredentialContext, response wsman.Certificates, profileType string, securitySettings *SecuritySettings) {
-	for _, cert := range contextItems {
-		var profileAssociation ProfileAssociation
-		// var isNewCertificate bool = true
-		var isNewProfileAssociation bool = true
-		profileAssociation.Type = profileType
-		profileAssociation.ProfileID = strings.TrimPrefix(cert.ElementProvidingContext.ReferenceParameters.SelectorSet.Selectors[0].Text, "Intel(r) AMT:IEEE 802.1x Settings ")
-		certificateHandle := cert.ElementInContext.ReferenceParameters.SelectorSet.Selectors[0].Text
+func buildCertificateAssociations(profileAssociation ProfileAssociation, securitySettings *SecuritySettings) {
+	var publicKeyHandle string
+
+	// If a client cert, update the associated public key w/ the cert's handle
+	if profileAssociation.ClientCertificate != nil {
+		// Loop thru public keys looking for the one that matches the current profileAssociation's key
+		for i, existingKeyPair := range securitySettings.Keys.(publicprivate.RefinedPullResponse).PublicPrivateKeyPairItems {
+			// If found update that key with the profileAssociation's certificate handle
+			if existingKeyPair.InstanceID == profileAssociation.Key.(publicprivate.RefinedPublicPrivateKeyPair).InstanceID {
+				securitySettings.Keys.(publicprivate.RefinedPullResponse).PublicPrivateKeyPairItems[i].CertificateHandle = profileAssociation.ClientCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID
+				// save this public key handle since we know it pairs with the profileAssociation's certificate
+				publicKeyHandle = securitySettings.Keys.(publicprivate.RefinedPullResponse).PublicPrivateKeyPairItems[i].InstanceID
+				break
+			}
+		}
+	}
 
-		for _, publicKeyCert := range response.PublicKeyCertificateResponse.PublicKeyCertificateItems {
-			if publicKeyCert.InstanceID == certificateHandle {
-				if publicKeyCert.TrustedRootCertificate {
-					profileAssociation.RootCertificate = publicKeyCert
-				} else {
-					profileAssociation.ClientCertificate = publicKeyCert
-					for _, privateKeyPair := range response.ConcreteDependencyResponse.Items {
-						if privateKeyPair.Antecedent.ReferenceParameters.SelectorSet.Selectors[0].Text == certificateHandle {
-							keyHandle := privateKeyPair.Dependent.ReferenceParameters.SelectorSet.Selectors[0].Text
-							for _, key := range response.PublicPrivateKeyPairResponse.PublicPrivateKeyPairItems {
-								if key.InstanceID == keyHandle {
-									profileAssociation.Key = key
-								}
+	// Loop thru certificates looking for the one that matches the current profileAssociation's certificate and append profile name
+	for i, existingCert := range securitySettings.Certificates.(publickey.RefinedPullResponse).PublicKeyCertificateItems {
+		if (profileAssociation.ClientCertificate != nil && existingCert.InstanceID == profileAssociation.ClientCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID) ||
+			(profileAssociation.RootCertificate != nil && existingCert.InstanceID == profileAssociation.RootCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID) {
+			// if client cert found, associate the previously found key handle with it
+			if !existingCert.TrustedRootCertificate {
+				securitySettings.Certificates.(publickey.RefinedPullResponse).PublicKeyCertificateItems[i].PublicKeyHandle = publicKeyHandle
+			}
+			securitySettings.Certificates.(publickey.RefinedPullResponse).PublicKeyCertificateItems[i].AssociatedProfiles = append(securitySettings.Certificates.(publickey.RefinedPullResponse).PublicKeyCertificateItems[i].AssociatedProfiles, profileAssociation.ProfileID)
+			break
+		}
+	}
+}
+
+func buildProfileAssociations(certificateHandle string, profileAssociation *ProfileAssociation, response wsman.Certificates, securitySettings *SecuritySettings) {
+	var isNewProfileAssociation bool = true
+
+	for _, publicKeyCert := range response.PublicKeyCertificateResponse.PublicKeyCertificateItems {
+		if publicKeyCert.InstanceID == certificateHandle {
+			if publicKeyCert.TrustedRootCertificate {
+				profileAssociation.RootCertificate = publicKeyCert
+			} else {
+				profileAssociation.ClientCertificate = publicKeyCert
+				for _, privateKeyPair := range response.ConcreteDependencyResponse.Items {
+					if privateKeyPair.Antecedent.ReferenceParameters.SelectorSet.Selectors[0].Text == certificateHandle {
+						keyHandle := privateKeyPair.Dependent.ReferenceParameters.SelectorSet.Selectors[0].Text
+						for _, key := range response.PublicPrivateKeyPairResponse.PublicPrivateKeyPairItems {
+							if key.InstanceID == keyHandle {
+								profileAssociation.Key = key
 							}
 						}
 					}
 				}
 			}
 		}
+	}
 
-		// Check if the certificate is already in the list
-		for i, existingCertificate := range securitySettings.ProfileAssociation {
-			if existingCertificate.ProfileID == profileAssociation.ProfileID {
-				if profileAssociation.RootCertificate != nil {
-					securitySettings.ProfileAssociation[i].RootCertificate = profileAssociation.RootCertificate
-				}
-				if profileAssociation.ClientCertificate != nil {
-					securitySettings.ProfileAssociation[i].ClientCertificate = profileAssociation.ClientCertificate
-				}
-				if profileAssociation.Key != nil {
-					securitySettings.ProfileAssociation[i].Key = profileAssociation.Key
-				}
-				isNewProfileAssociation = false
-				break
+	// Check if the certificate is already in the list
+	for i, existingCertificate := range securitySettings.ProfileAssociation {
+		if existingCertificate.ProfileID == profileAssociation.ProfileID {
+			if profileAssociation.RootCertificate != nil {
+				securitySettings.ProfileAssociation[i].RootCertificate = profileAssociation.RootCertificate
+			}
+			if profileAssociation.ClientCertificate != nil {
+				securitySettings.ProfileAssociation[i].ClientCertificate = profileAssociation.ClientCertificate
+			}
+			if profileAssociation.Key != nil {
+				securitySettings.ProfileAssociation[i].Key = profileAssociation.Key
 			}
+			isNewProfileAssociation = false
+			break
 		}
+	}
 
-		// If the profile is not in the list, add it
-		if isNewProfileAssociation {
-			securitySettings.ProfileAssociation = append(securitySettings.ProfileAssociation, profileAssociation)
-		}
+	// If the profile is not in the list, add it
+	if isNewProfileAssociation {
+		securitySettings.ProfileAssociation = append(securitySettings.ProfileAssociation, *profileAssociation)
+	}
+}
 
-		// If a client cert, update the associated public key w/ the cert's handle
-		if profileAssociation.ClientCertificate != nil {
-			var publicKeyHandle string
-			// Loop thru public keys looking for the one that matches the current profileAssociation's key
-			for i, existingKeyPair := range securitySettings.Keys.(publicprivate.RefinedPullResponse).PublicPrivateKeyPairItems {
-				// If found update that key with the profileAssociation's certificate handle
-				if existingKeyPair.InstanceID == profileAssociation.Key.(publicprivate.RefinedPublicPrivateKeyPair).InstanceID {
-					securitySettings.Keys.(publicprivate.RefinedPullResponse).PublicPrivateKeyPairItems[i].CertificateHandle = profileAssociation.ClientCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID
-					// save this public key handle since we know it pairs with the profileAssociation's certificate
-					publicKeyHandle = securitySettings.Keys.(publicprivate.RefinedPullResponse).PublicPrivateKeyPairItems[i].InstanceID
-					break
-				}
-			}
+func processCertificates(contextItems []credential.CredentialContext, response wsman.Certificates, profileType string, securitySettings *SecuritySettings) {
+	for _, cert := range contextItems {
+		var profileAssociation ProfileAssociation
 
-			// Loop thru certificates looking for the one that matches the current profileAssociation's certificate
-			for i, existingCert := range securitySettings.Certificates.(publickey.RefinedPullResponse).PublicKeyCertificateItems {
-				// if found associate the previously found key handle with it
-				if existingCert.InstanceID == profileAssociation.ClientCertificate.(publickey.RefinedPublicKeyCertificateResponse).InstanceID {
-					securitySettings.Certificates.(publickey.RefinedPullResponse).PublicKeyCertificateItems[i].PublicKeyHandle = publicKeyHandle
-					break
-				}
-			}
-		}
+		profileAssociation.Type = profileType
+		profileAssociation.ProfileID = strings.TrimPrefix(cert.ElementProvidingContext.ReferenceParameters.SelectorSet.Selectors[0].Text, "Intel(r) AMT:IEEE 802.1x Settings ")
+		certificateHandle := cert.ElementInContext.ReferenceParameters.SelectorSet.Selectors[0].Text
+
+		buildProfileAssociations(certificateHandle, &profileAssociation, response, securitySettings)
+		buildCertificateAssociations(profileAssociation, securitySettings)
 	}
 }
 

diff --git a/internal/usecase/devices/mocks_test.go b/internal/usecase/devices/mocks_test.go