func runFinalizeTests()

in cmd/conformance/main.go [1238:1316]

• 73 lines of code
• 6 McCabe index (conditional complexity)

func runFinalizeTests(ctx context.Context) {
	finalizeTestCases := []finalizeTest{
		{
			testName:      "Valid request requesting null attestation",
			expectErr:     false,
			evidenceTypes: []aepb.AttestationEvidenceType{aepb.AttestationEvidenceType_NULL_ATTESTATION},
		},
		{
			testName:        "Valid request requesting vTPM attestation evidence",
			fullAttestation: true,
			expectErr:       false,
			evidenceTypes: []aepb.AttestationEvidenceType{
				aepb.AttestationEvidenceType_TPM2_QUOTE,
				aepb.AttestationEvidenceType_TCG_EVENT_LOG,
			},
		},
		{
			testName:  "Invalid attestation records",
			expectErr: true,
			evidenceTypes: []aepb.AttestationEvidenceType{
				aepb.AttestationEvidenceType_TPM2_QUOTE,
				aepb.AttestationEvidenceType_TCG_EVENT_LOG,
			},
			mockAttestation: &apb.Attestation{AkPub: []byte("badestation")},
		},
		{
			testName:         "Invalid session key",
			expectErr:        true,
			evidenceTypes:    []aepb.AttestationEvidenceType{aepb.AttestationEvidenceType_NULL_ATTESTATION},
			mutateSessionKey: emptyFn,
		},
		{
			testName:  "Evidence doesn't match negotiated",
			expectErr: true,
			evidenceTypes: []aepb.AttestationEvidenceType{
				aepb.AttestationEvidenceType_TPM2_QUOTE,
				aepb.AttestationEvidenceType_TCG_EVENT_LOG,
			},
		},
		{
			testName:      "JWT has invalid signature",
			expectErr:     true,
			mutateJWT:     invalidateJwtSignature,
			evidenceTypes: []aepb.AttestationEvidenceType{aepb.AttestationEvidenceType_NULL_ATTESTATION},
			optional:      true,
		},
		{
			testName:      "JWT has a bad audience",
			expectErr:     true,
			mutateJWT:     badAudience,
			evidenceTypes: []aepb.AttestationEvidenceType{aepb.AttestationEvidenceType_NULL_ATTESTATION},
			optional:      true,
		},
	}

	// Check for TPM and root privileges to determine if we can generate attestations.
	_, err := tpm2.OpenTPM("/dev/tpmrm0")
	canAttest := err == nil

	if !canAttest {
		colour.Println("^5Note: Skipping test cases that require generating attestations.^R")
	}

	for _, testCase := range finalizeTestCases {
		if testCase.fullAttestation && !canAttest {
			colour.Printf(" - ^5%v [skipped]^R\n", testCase.testName)
			continue
		}

		err := runFinalizeTestCase(ctx, testCase)
		testPassed := testCase.expectErr == (err != nil)

		if testPassed {
			colour.Printf(" - ^2%v^R\n", testCase.testName)
		} else {
			printError(testCase.testName, err, testCase.optional)
		}
	}
}