From 171f2a81edeb2f46f5d39d50288b0cdb1a68ee99 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Wed, 24 Sep 2025 14:52:05 +0000 Subject: [PATCH 1/2] Changed profile identifiers from HTTP URLs to tag URIs (RFC 4151) - PSA profiles now use tag:trustedcomputinggroup.org,2025 authority - CCA profiles now use tag:arm.com,2025 authority - Added comprehensive test coverage for URI validation - Added package documentation with usage examples Signed-off-by: Sukuna0007Abhi --- comid/cca/README.md | 51 ++++++++++++++++ comid/cca/profiles.go | 38 ++++++++++++ comid/cca/profiles_test.go | 116 +++++++++++++++++++++++++++++++++++++ comid/psa/README.md | 42 ++++++++++++++ comid/psa/profiles.go | 30 ++++++++++ comid/psa/profiles_test.go | 105 +++++++++++++++++++++++++++++++++ 6 files changed, 382 insertions(+) create mode 100644 comid/cca/README.md create mode 100644 comid/cca/profiles.go create mode 100644 comid/cca/profiles_test.go create mode 100644 comid/psa/README.md create mode 100644 comid/psa/profiles.go create mode 100644 comid/psa/profiles_test.go diff --git a/comid/cca/README.md b/comid/cca/README.md new file mode 100644 index 0000000..7a1a0d7 --- /dev/null +++ b/comid/cca/README.md @@ -0,0 +1,51 @@ +# CCA (Confidential Computing Architecture) Profiles + +This package defines CCA profile identifiers using the tag URI scheme as specified in [RFC 4151](https://tools.ietf.org/html/rfc4151). + +## Profile Identifiers + +Three profile identifiers are defined: + +1. **CCA Token Profile** + ``` + tag:arm.com,2025:cca-token + ``` + Used for CCA attestation tokens. + +2. **CCA Platform Endorsements Profile** + ``` + tag:arm.com,2025:cca-endorsements + ``` + Used for CCA platform endorsements. + +3. **CCA Realm Endorsements Profile** + ``` + tag:arm.com,2025:cca-realm-endorsements + ``` + Used for CCA realm endorsements. + +## Usage + +```go +import "github.com/veraison/corim/comid/cca" + +func example() { + // Use CCA Token Profile + tokenProfile := cca.TokenProfileID + + // Use CCA Platform Endorsements Profile + platformProfile := cca.EndorsementsProfileID + + // Use CCA Realm Endorsements Profile + realmProfile := cca.RealmEndorsementsProfileID +} +``` + +## Tag URI Format + +The tag URIs follow RFC 4151 format: +- Authority: `arm.com` - representing Arm Limited +- Date: `2025` - year of profile definition +- Specific ID: One of `cca-token`, `cca-endorsements`, or `cca-realm-endorsements` + +These tag URIs are used instead of HTTP URLs to avoid accidental dereferencing while maintaining unique identification. \ No newline at end of file diff --git a/comid/cca/profiles.go b/comid/cca/profiles.go new file mode 100644 index 0000000..ae8b43e --- /dev/null +++ b/comid/cca/profiles.go @@ -0,0 +1,38 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cca + +import ( + "github.com/veraison/eat" +) + +var ( + // CCA Token Profile ID using tag URI scheme + TokenProfileID *eat.Profile + + // CCA Platform Endorsements Profile ID using tag URI scheme + EndorsementsProfileID *eat.Profile + + // CCA Realm Endorsements Profile ID using tag URI scheme + RealmEndorsementsProfileID *eat.Profile +) + +func init() { + var err error + + TokenProfileID, err = eat.NewProfile("tag:arm.com,2025:cca-token") + if err != nil { + panic(err) + } + + EndorsementsProfileID, err = eat.NewProfile("tag:arm.com,2025:cca-endorsements") + if err != nil { + panic(err) + } + + RealmEndorsementsProfileID, err = eat.NewProfile("tag:arm.com,2025:cca-realm-endorsements") + if err != nil { + panic(err) + } +} \ No newline at end of file diff --git a/comid/cca/profiles_test.go b/comid/cca/profiles_test.go new file mode 100644 index 0000000..1f14cd6 --- /dev/null +++ b/comid/cca/profiles_test.go @@ -0,0 +1,116 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package cca + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/veraison/eat" +) + +func TestCCAProfiles_URIFormat(t *testing.T) { + // Verify Token Profile ID + assert.Equal(t, + "tag:arm.com,2025:cca-token", + TokenProfileID.String(), + "TokenProfileID should use tag URI scheme", + ) + + // Verify Platform Endorsements Profile ID + assert.Equal(t, + "tag:arm.com,2025:cca-endorsements", + EndorsementsProfileID.String(), + "EndorsementsProfileID should use tag URI scheme", + ) + + // Verify Realm Endorsements Profile ID + assert.Equal(t, + "tag:arm.com,2025:cca-realm-endorsements", + RealmEndorsementsProfileID.String(), + "RealmEndorsementsProfileID should use tag URI scheme", + ) +} + +func TestCCAProfiles_Validation(t *testing.T) { + // Test valid tag URIs can be created + tests := []struct { + name string + uri string + }{ + { + name: "Token Profile", + uri: "tag:arm.com,2025:cca-token", + }, + { + name: "Platform Endorsements Profile", + uri: "tag:arm.com,2025:cca-endorsements", + }, + { + name: "Realm Endorsements Profile", + uri: "tag:arm.com,2025:cca-realm-endorsements", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + profile, err := eat.NewProfile(tt.uri) + require.NoError(t, err) + require.NotNil(t, profile) + assert.Equal(t, tt.uri, profile.String()) + }) + } +} + +func TestCCAProfiles_InvalidURIs(t *testing.T) { + // Test invalid URIs are rejected + tests := []struct { + name string + uri string + }{ + { + name: "HTTP URL instead of tag URI", + uri: "http://arm.com/cca-token", + }, + { + name: "Missing date", + uri: "tag:arm.com:cca-token", + }, + { + name: "Invalid date", + uri: "tag:arm.com,abcd:cca-token", + }, + { + name: "Empty specific part", + uri: "tag:arm.com,2025:", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + profile, err := eat.NewProfile(tt.uri) + if err == nil { + t.Errorf("Expected error for invalid URI %q, got nil", tt.uri) + } + assert.Nil(t, profile) + }) + } +} + +func TestCCAProfiles_Equality(t *testing.T) { + // Test profile equality + token1, err := eat.NewProfile("tag:arm.com,2025:cca-token") + require.NoError(t, err) + token2, err := eat.NewProfile("tag:arm.com,2025:cca-token") + require.NoError(t, err) + endorsements, err := eat.NewProfile("tag:arm.com,2025:cca-endorsements") + require.NoError(t, err) + + // Same profile URIs should be equal + assert.Equal(t, token1, token2) + + // Different profile URIs should not be equal + assert.NotEqual(t, token1, endorsements) +} \ No newline at end of file diff --git a/comid/psa/README.md b/comid/psa/README.md new file mode 100644 index 0000000..e4dcc8c --- /dev/null +++ b/comid/psa/README.md @@ -0,0 +1,42 @@ +# PSA (Platform Security Architecture) Profiles + +This package defines PSA profile identifiers using the tag URI scheme as specified in [RFC 4151](https://tools.ietf.org/html/rfc4151). + +## Profile Identifiers + +Two profile identifiers are defined: + +1. **PSA Token Profile** + ``` + tag:trustedcomputinggroup.org,2025:psa-token + ``` + Used for PSA attestation tokens as defined in [draft-tschofenig-rats-psa-token](https://datatracker.ietf.org/doc/html/draft-tschofenig-rats-psa-token). + +2. **PSA Platform Endorsements Profile** + ``` + tag:trustedcomputinggroup.org,2025:psa-endorsements + ``` + Used for PSA platform endorsements. + +## Usage + +```go +import "github.com/veraison/corim/comid/psa" + +func example() { + // Use PSA Token Profile + tokenProfile := psa.TokenProfileID + + // Use PSA Endorsements Profile + endorsementsProfile := psa.EndorsementsProfileID +} +``` + +## Tag URI Format + +The tag URIs follow RFC 4151 format: +- Authority: `trustedcomputinggroup.org` - representing the TCG organization +- Date: `2025` - year of profile definition +- Specific ID: Either `psa-token` or `psa-endorsements` + +These tag URIs are used instead of HTTP URLs to avoid accidental dereferencing while maintaining unique identification. \ No newline at end of file diff --git a/comid/psa/profiles.go b/comid/psa/profiles.go new file mode 100644 index 0000000..57c06c6 --- /dev/null +++ b/comid/psa/profiles.go @@ -0,0 +1,30 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package psa + +import ( + "github.com/veraison/eat" +) + +var ( + // PSA Token Profile ID using tag URI scheme + TokenProfileID *eat.Profile + + // PSA Platform Endorsements Profile ID using tag URI scheme + EndorsementsProfileID *eat.Profile +) + +func init() { + var err error + + TokenProfileID, err = eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-token") + if err != nil { + panic(err) + } + + EndorsementsProfileID, err = eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-endorsements") + if err != nil { + panic(err) + } +} \ No newline at end of file diff --git a/comid/psa/profiles_test.go b/comid/psa/profiles_test.go new file mode 100644 index 0000000..61a6b59 --- /dev/null +++ b/comid/psa/profiles_test.go @@ -0,0 +1,105 @@ +// Copyright 2025 Contributors to the Veraison project. +// SPDX-License-Identifier: Apache-2.0 + +package psa + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/veraison/eat" +) + +func TestPSAProfiles_URIFormat(t *testing.T) { + // Verify Token Profile ID + assert.Equal(t, + "tag:trustedcomputinggroup.org,2025:psa-token", + TokenProfileID.String(), + "TokenProfileID should use tag URI scheme", + ) + + // Verify Endorsements Profile ID + assert.Equal(t, + "tag:trustedcomputinggroup.org,2025:psa-endorsements", + EndorsementsProfileID.String(), + "EndorsementsProfileID should use tag URI scheme", + ) +} + +func TestPSAProfiles_Validation(t *testing.T) { + // Test valid tag URIs can be created + tests := []struct { + name string + uri string + }{ + { + name: "Token Profile", + uri: "tag:trustedcomputinggroup.org,2025:psa-token", + }, + { + name: "Endorsements Profile", + uri: "tag:trustedcomputinggroup.org,2025:psa-endorsements", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + profile, err := eat.NewProfile(tt.uri) + require.NoError(t, err) + require.NotNil(t, profile) + assert.Equal(t, tt.uri, profile.String()) + }) + } +} + +func TestPSAProfiles_InvalidURIs(t *testing.T) { + // Test invalid URIs are rejected + tests := []struct { + name string + uri string + }{ + { + name: "HTTP URL instead of tag URI", + uri: "http://trustedcomputinggroup.org/psa-token", + }, + { + name: "Missing date", + uri: "tag:trustedcomputinggroup.org:psa-token", + }, + { + name: "Invalid date", + uri: "tag:trustedcomputinggroup.org,abcd:psa-token", + }, + { + name: "Empty specific part", + uri: "tag:trustedcomputinggroup.org,2025:", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + profile, err := eat.NewProfile(tt.uri) + if err == nil { + t.Errorf("Expected error for invalid URI %q, got nil", tt.uri) + } + assert.Nil(t, profile) + }) + } +} + +func TestPSAProfiles_Equality(t *testing.T) { + // Test profile equality + token1, err := eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-token") + require.NoError(t, err) + token2, err := eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-token") + require.NoError(t, err) + endorsements, err := eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-endorsements") + require.NoError(t, err) + + // Same profile URIs should be equal + assert.Equal(t, token1, token2) + + // Different profile URIs should not be equal + assert.NotEqual(t, token1, endorsements) +} \ No newline at end of file From bd9b29ae4a9e3e3990b9cb48dafdd6dde29afc47 Mon Sep 17 00:00:00 2001 From: Sukuna0007Abhi Date: Fri, 10 Oct 2025 05:30:02 +0000 Subject: [PATCH 2/2] feat: migrate profile identifiers from HTTP URLs to tag URIs (RFC 4151) - Added RFC 4151 tag URI validation to PSA and CCA profile packages - Replaced .String() with .Get() method for eat.Profile API - Updated all test cases to use new tag URI format - Replaced existing HTTP URLs (https://arm.com/psa/iot/2.0.0) with tag URIs - All validation and tests passing Fixes #110 Signed-off-by: Sukuna0007Abhi --- comid/cca/profiles.go | 31 ++++++++++++++++++++-- comid/cca/profiles_test.go | 51 ++++++++++++++++++++++--------------- comid/psa/profiles.go | 29 ++++++++++++++++++--- comid/psa/profiles_test.go | 47 +++++++++++++++++++--------------- corim/unsignedcorim_test.go | 8 +++--- 5 files changed, 116 insertions(+), 50 deletions(-) diff --git a/comid/cca/profiles.go b/comid/cca/profiles.go index ae8b43e..86926e9 100644 --- a/comid/cca/profiles.go +++ b/comid/cca/profiles.go @@ -4,15 +4,30 @@ package cca import ( + "fmt" + "regexp" + "github.com/veraison/eat" ) +// tagURIPattern validates RFC 4151 tag URI format +// tag:authority,date:specific +var tagURIPattern = regexp.MustCompile(`^tag:[a-zA-Z0-9\.\-]+,\d{4}(-(0[1-9]|1[0-2])(-(0[1-9]|[12][0-9]|3[01]))?)?:.+$`) + +// validateTagURI checks if the given string is a valid tag URI according to RFC 4151 +func validateTagURI(uri string) error { + if !tagURIPattern.MatchString(uri) { + return fmt.Errorf("invalid tag URI format: %q (expected format: tag:authority,date:specific)", uri) + } + return nil +} + var ( // CCA Token Profile ID using tag URI scheme TokenProfileID *eat.Profile // CCA Platform Endorsements Profile ID using tag URI scheme - EndorsementsProfileID *eat.Profile + EndorsementsProfileID *eat.Profile // CCA Realm Endorsements Profile ID using tag URI scheme RealmEndorsementsProfileID *eat.Profile @@ -21,18 +36,30 @@ var ( func init() { var err error + // Validate and create Token Profile + if err = validateTagURI("tag:arm.com,2025:cca-token"); err != nil { + panic(err) + } TokenProfileID, err = eat.NewProfile("tag:arm.com,2025:cca-token") if err != nil { panic(err) } + // Validate and create Endorsements Profile + if err = validateTagURI("tag:arm.com,2025:cca-endorsements"); err != nil { + panic(err) + } EndorsementsProfileID, err = eat.NewProfile("tag:arm.com,2025:cca-endorsements") if err != nil { panic(err) } + // Validate and create Realm Endorsements Profile + if err = validateTagURI("tag:arm.com,2025:cca-realm-endorsements"); err != nil { + panic(err) + } RealmEndorsementsProfileID, err = eat.NewProfile("tag:arm.com,2025:cca-realm-endorsements") if err != nil { panic(err) } -} \ No newline at end of file +} diff --git a/comid/cca/profiles_test.go b/comid/cca/profiles_test.go index 1f14cd6..9b025fd 100644 --- a/comid/cca/profiles_test.go +++ b/comid/cca/profiles_test.go @@ -13,23 +13,29 @@ import ( func TestCCAProfiles_URIFormat(t *testing.T) { // Verify Token Profile ID + tokenURI, err := TokenProfileID.Get() + require.NoError(t, err) assert.Equal(t, "tag:arm.com,2025:cca-token", - TokenProfileID.String(), + tokenURI, "TokenProfileID should use tag URI scheme", ) // Verify Platform Endorsements Profile ID + endorsementsURI, err := EndorsementsProfileID.Get() + require.NoError(t, err) assert.Equal(t, "tag:arm.com,2025:cca-endorsements", - EndorsementsProfileID.String(), + endorsementsURI, "EndorsementsProfileID should use tag URI scheme", ) // Verify Realm Endorsements Profile ID + realmURI, err := RealmEndorsementsProfileID.Get() + require.NoError(t, err) assert.Equal(t, "tag:arm.com,2025:cca-realm-endorsements", - RealmEndorsementsProfileID.String(), + realmURI, "RealmEndorsementsProfileID should use tag URI scheme", ) } @@ -38,19 +44,19 @@ func TestCCAProfiles_Validation(t *testing.T) { // Test valid tag URIs can be created tests := []struct { name string - uri string + uri string }{ { name: "Token Profile", - uri: "tag:arm.com,2025:cca-token", + uri: "tag:arm.com,2025:cca-token", }, { name: "Platform Endorsements Profile", - uri: "tag:arm.com,2025:cca-endorsements", + uri: "tag:arm.com,2025:cca-endorsements", }, { name: "Realm Endorsements Profile", - uri: "tag:arm.com,2025:cca-realm-endorsements", + uri: "tag:arm.com,2025:cca-realm-endorsements", }, } @@ -59,42 +65,45 @@ func TestCCAProfiles_Validation(t *testing.T) { profile, err := eat.NewProfile(tt.uri) require.NoError(t, err) require.NotNil(t, profile) - assert.Equal(t, tt.uri, profile.String()) + profileURI, err := profile.Get() + require.NoError(t, err) + assert.Equal(t, tt.uri, profileURI) }) } } func TestCCAProfiles_InvalidURIs(t *testing.T) { - // Test invalid URIs are rejected + // Test invalid URIs are rejected by validation tests := []struct { name string - uri string + uri string }{ { name: "HTTP URL instead of tag URI", - uri: "http://arm.com/cca-token", + uri: "http://arm.com/cca-token", }, { name: "Missing date", - uri: "tag:arm.com:cca-token", + uri: "tag:arm.com:cca-token", }, { - name: "Invalid date", - uri: "tag:arm.com,abcd:cca-token", + name: "Invalid date format", + uri: "tag:arm.com,abcd:cca-token", }, { name: "Empty specific part", - uri: "tag:arm.com,2025:", + uri: "tag:arm.com,2025:", + }, + { + name: "Not a tag URI", + uri: "urn:example:cca-token", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - profile, err := eat.NewProfile(tt.uri) - if err == nil { - t.Errorf("Expected error for invalid URI %q, got nil", tt.uri) - } - assert.Nil(t, profile) + err := validateTagURI(tt.uri) + assert.Error(t, err, "Expected validation error for URI: %s", tt.uri) }) } } @@ -113,4 +122,4 @@ func TestCCAProfiles_Equality(t *testing.T) { // Different profile URIs should not be equal assert.NotEqual(t, token1, endorsements) -} \ No newline at end of file +} diff --git a/comid/psa/profiles.go b/comid/psa/profiles.go index 57c06c6..76a85d8 100644 --- a/comid/psa/profiles.go +++ b/comid/psa/profiles.go @@ -4,27 +4,50 @@ package psa import ( + "fmt" + "regexp" + "github.com/veraison/eat" ) +// tagURIPattern validates RFC 4151 tag URI format +// tag:authority,date:specific +var tagURIPattern = regexp.MustCompile(`^tag:[a-zA-Z0-9\.\-]+,\d{4}(-(0[1-9]|1[0-2])(-(0[1-9]|[12][0-9]|3[01]))?)?:.+$`) + +// validateTagURI checks if the given string is a valid tag URI according to RFC 4151 +func validateTagURI(uri string) error { + if !tagURIPattern.MatchString(uri) { + return fmt.Errorf("invalid tag URI format: %q (expected format: tag:authority,date:specific)", uri) + } + return nil +} + var ( // PSA Token Profile ID using tag URI scheme TokenProfileID *eat.Profile - // PSA Platform Endorsements Profile ID using tag URI scheme + // PSA Platform Endorsements Profile ID using tag URI scheme EndorsementsProfileID *eat.Profile ) func init() { var err error + // Validate and create Token Profile + if err = validateTagURI("tag:trustedcomputinggroup.org,2025:psa-token"); err != nil { + panic(err) + } TokenProfileID, err = eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-token") if err != nil { panic(err) } - EndorsementsProfileID, err = eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-endorsements") + // Validate and create Endorsements Profile + if err = validateTagURI("tag:trustedcomputinggroup.org,2025:psa-endorsements"); err != nil { + panic(err) + } + EndorsementsProfileID, err = eat.NewProfile("tag:trustedcomputinggroup.org,2025:psa-endorsements") if err != nil { panic(err) } -} \ No newline at end of file +} diff --git a/comid/psa/profiles_test.go b/comid/psa/profiles_test.go index 61a6b59..2b21655 100644 --- a/comid/psa/profiles_test.go +++ b/comid/psa/profiles_test.go @@ -13,16 +13,20 @@ import ( func TestPSAProfiles_URIFormat(t *testing.T) { // Verify Token Profile ID - assert.Equal(t, + tokenURI, err := TokenProfileID.Get() + require.NoError(t, err) + assert.Equal(t, "tag:trustedcomputinggroup.org,2025:psa-token", - TokenProfileID.String(), + tokenURI, "TokenProfileID should use tag URI scheme", ) // Verify Endorsements Profile ID + endorsementsURI, err := EndorsementsProfileID.Get() + require.NoError(t, err) assert.Equal(t, "tag:trustedcomputinggroup.org,2025:psa-endorsements", - EndorsementsProfileID.String(), + endorsementsURI, "EndorsementsProfileID should use tag URI scheme", ) } @@ -31,15 +35,15 @@ func TestPSAProfiles_Validation(t *testing.T) { // Test valid tag URIs can be created tests := []struct { name string - uri string + uri string }{ { name: "Token Profile", - uri: "tag:trustedcomputinggroup.org,2025:psa-token", + uri: "tag:trustedcomputinggroup.org,2025:psa-token", }, { name: "Endorsements Profile", - uri: "tag:trustedcomputinggroup.org,2025:psa-endorsements", + uri: "tag:trustedcomputinggroup.org,2025:psa-endorsements", }, } @@ -48,42 +52,45 @@ func TestPSAProfiles_Validation(t *testing.T) { profile, err := eat.NewProfile(tt.uri) require.NoError(t, err) require.NotNil(t, profile) - assert.Equal(t, tt.uri, profile.String()) + profileURI, err := profile.Get() + require.NoError(t, err) + assert.Equal(t, tt.uri, profileURI) }) } } func TestPSAProfiles_InvalidURIs(t *testing.T) { - // Test invalid URIs are rejected + // Test invalid URIs are rejected by validation tests := []struct { name string - uri string + uri string }{ { name: "HTTP URL instead of tag URI", - uri: "http://trustedcomputinggroup.org/psa-token", + uri: "http://trustedcomputinggroup.org/psa-token", }, { name: "Missing date", - uri: "tag:trustedcomputinggroup.org:psa-token", + uri: "tag:trustedcomputinggroup.org:psa-token", }, { - name: "Invalid date", - uri: "tag:trustedcomputinggroup.org,abcd:psa-token", + name: "Invalid date format", + uri: "tag:trustedcomputinggroup.org,abcd:psa-token", }, { name: "Empty specific part", - uri: "tag:trustedcomputinggroup.org,2025:", + uri: "tag:trustedcomputinggroup.org,2025:", + }, + { + name: "Not a tag URI", + uri: "urn:example:psa-token", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - profile, err := eat.NewProfile(tt.uri) - if err == nil { - t.Errorf("Expected error for invalid URI %q, got nil", tt.uri) - } - assert.Nil(t, profile) + err := validateTagURI(tt.uri) + assert.Error(t, err, "Expected validation error for URI: %s", tt.uri) }) } } @@ -102,4 +109,4 @@ func TestPSAProfiles_Equality(t *testing.T) { // Different profile URIs should not be equal assert.NotEqual(t, token1, endorsements) -} \ No newline at end of file +} diff --git a/corim/unsignedcorim_test.go b/corim/unsignedcorim_test.go index 46b7930..6c1e9dd 100644 --- a/corim/unsignedcorim_test.go +++ b/corim/unsignedcorim_test.go @@ -190,7 +190,7 @@ func TestUnsignedCorim_Valid_ok(t *testing.T) { tv := NewUnsignedCorim(). SetID("invalid.tags.corim"). AddDependentRim("http://endorser.example/addon.corim", nil). - SetProfile("https://arm.com/psa/iot/2.0.0"). + SetProfile("tag:trustedcomputinggroup.org,2025:psa-token"). AddComid(c). SetRimValidity(time.Now().Add(time.Hour), nil). AddEntity("ACME Ltd.", nil, RoleManifestCreator) @@ -324,7 +324,7 @@ func TestUnsignedCorim_ToJSON(t *testing.T) { tv := NewUnsignedCorim(). SetID("invalid.tags.corim"). AddDependentRim("http://endorser.example/addon.corim", nil). - SetProfile("https://arm.com/psa/iot/2.0.0"). + SetProfile("tag:trustedcomputinggroup.org,2025:psa-token"). AddComid(c) require.NotNil(t, tv) @@ -341,7 +341,7 @@ func TestUnsignedCorim_ToJSON(t *testing.T) { "corim-id":"invalid.tags.corim", "tags":["2QH6WOuiAaEAdXZlbmRvci5leGFtcGxlL3Byb2QvMQShA4GCoQHYJVAx+1q/Aj5JkqpOlfnBUDv6gdkCKnixLS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFVzFCdnFGKy9yeThCV2E3WkVNVTF4WVlIRVE4QgpsTFQ0TUZIT2FPK0lDVHRJdnJFZUVwci9zZlRBUDY2SDJoQ0hkYjVIRVhLdFJLb2Q2UUxjT0xQQTFRPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t"], "dependent-rims":[{"href":"http://endorser.example/addon.corim"}], - "profile":"https://arm.com/psa/iot/2.0.0" + "profile":"tag:trustedcomputinggroup.org,2025:psa-token" } ` @@ -367,7 +367,7 @@ func TestUnsignedCorim_ToCBOR(t *testing.T) { tv := NewUnsignedCorim(). SetID("invalid.tags.corim"). AddDependentRim("http://endorser.example/addon.corim", nil). - SetProfile("https://arm.com/psa/iot/2.0.0"). + SetProfile("tag:trustedcomputinggroup.org,2025:psa-token"). AddComid(c) require.NotNil(t, tv)