tests/test_audit.py · PQC Bootloader for AI Appliances

tests/test_audit.py

1.7 KB · 54 lines · python Raw

1	`"""Tests for BootAttestationLog."""`
2
3	`from __future__ import annotations`
4
5	`import json`
6
7	`from pqc_bootloader.audit import BootAttestationLog`
8
9
10	`def test_log_accept_and_reject_append() -> None:`
11	`log = BootAttestationLog()`
12	`log.log_accept("fw", "1.0.0", "ab" * 32, reason="all good")`
13	`log.log_reject("fw", "1.0.1", "cd" * 32, reason="bad signature")`
14	`entries = log.entries(limit=10)`
15	`assert len(entries) == 2`
16	`decisions = sorted(e.decision for e in entries)`
17	`assert decisions == ["accept", "reject"]`
18
19
20	`def test_filter_by_decision() -> None:`
21	`log = BootAttestationLog()`
22	`log.log_accept("fw", "1.0.0", "ab" * 32)`
23	`log.log_reject("fw", "1.0.1", "cd" * 32, reason="bad sig")`
24	`log.log_accept("fw", "1.0.2", "ef" * 32)`
25
26	`accepts = log.entries(decision="accept")`
27	`rejects = log.entries(decision="reject")`
28	`assert len(accepts) == 2`
29	`assert len(rejects) == 1`
30	`assert rejects[0].reason == "bad sig"`
31
32
33	`def test_max_entries_rotation() -> None:`
34	`log = BootAttestationLog(max_entries=3)`
35	`for i in range(5):`
36	`log.log_accept("fw", f"1.0.{i}", f"{i:064x}")`
37	`assert len(log) == 3`
38	`# The first two should have rotated out; only 1.0.2, 1.0.3, 1.0.4 remain`
39	`versions = sorted(e.firmware_version for e in log.entries(limit=10))`
40	`assert versions == ["1.0.2", "1.0.3", "1.0.4"]`
41
42
43	`def test_export_json_valid() -> None:`
44	`log = BootAttestationLog()`
45	`log.log_accept("fw", "1.0.0", "ab" * 32, pcr_value_after="cd" * 32)`
46	`log.log_reject("fw", "1.0.1", "ef" * 32, reason="unsigned")`
47
48	`blob = log.export_json()`
49	`parsed = json.loads(blob)`
50	`assert isinstance(parsed, list)`
51	`assert len(parsed) == 2`
52	`assert parsed[0]["decision"] == "accept"`
53	`assert parsed[1]["decision"] == "reject"`
54