Test: TC-DA-1-9: Device attestation revocation test cases (#38128)
* da-revocation: add test data for dac and pai both revoked case
Clubbed the different revocation set into single file and adjusted the
doc accordingly.
* Added certification test cases for TC-DA-1-9
Added the test cases for testing device attestation revocation feature
* fix the yaml indentation
* Restyled by whitespace
* Restyled by prettier-json
* Restyled by prettier-markdown
* Restyled by prettier-yaml
* Add CRL for revoked PAI CA and adjust the unit tests after clubbing data
into single file
* remove manual test case for TC-DA-1-9
* update comment in dac provider test vectors
* merge revocation sets
* add python test for tc-da-1-9
* Restyled by autopep8
* Restyled by isort
* remove unnecessary if
* skip running tc-da-1-9 in ci
* Restyled by prettier-yaml
* change test case as per python testing requirements
* enable tc-da in ci
* add a todo
* Restyled by autopep8
* fix the app path
* Restyled by autopep8
* fix paths for ci
* remove unused commnet
* address review comments
* add asserts when required arguments are not present and use the default
log path for storing app logs, also fix the ci by passing --PICS
argument
---------
Co-authored-by: Restyled.io <commits@restyled.io>
diff --git a/credentials/generate_revocation_set.py b/credentials/generate_revocation_set.py
index 6a13748..bb2f5b6 100755
--- a/credentials/generate_revocation_set.py
+++ b/credentials/generate_revocation_set.py
@@ -1006,14 +1006,11 @@
def get_test_file_path(self, filename):
return os.path.join(self.test_base_dir, 'test', filename)
- def compare_revocation_sets(self, generated_set, expected_file):
- with open(os.path.join(self.test_base_dir, expected_file), 'r') as f:
- expected_set = [RevocationSet(**r) for r in json.load(f)]
+ def get_expected_revocation_set(self, idx):
+ with open(os.path.join(self.test_base_dir, 'test/revoked-attestation-certificates/revocation-sets/revocation-set.json'), 'r') as f:
+ return RevocationSet(**json.load(f)[idx])
- # Compare the contents
- self.assertEqual(len([generated_set]), len(expected_set))
- expected = expected_set[0]
-
+ def compare_revocation_sets(self, generated_set, expected):
# Compare required fields
self.assertEqual(generated_set.type, expected.type)
self.assertEqual(generated_set.issuer_subject_key_id, expected.issuer_subject_key_id)
@@ -1038,10 +1035,7 @@
revocation_set = generate_revocation_set_from_crl(
crl, crl_signer, ca_name_b64, ca_akid_hex, None)
- self.compare_revocation_sets(
- revocation_set,
- 'test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json'
- )
+ self.compare_revocation_sets(revocation_set, self.get_expected_revocation_set(0))
def test_pai_revocation_set(self):
"""Test generation of PAI revocation set"""
@@ -1057,10 +1051,23 @@
revocation_set = generate_revocation_set_from_crl(
crl, crl_signer, ca_name_b64, ca_akid_hex, None)
- self.compare_revocation_sets(
- revocation_set,
- 'test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json'
- )
+ self.compare_revocation_sets(revocation_set, self.get_expected_revocation_set(1))
+
+ def test_revoked_pai_revocation_set(self):
+ """Test generation of revocation set of revoked PAI"""
+ with open(self.get_test_file_path('revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem'), 'rb') as f:
+ crl = x509.load_pem_x509_crl(f.read())
+ with open(self.get_test_file_path('revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-Cert.pem'), 'rb') as f:
+ crl_signer = x509.load_pem_x509_certificate(f.read())
+ with open(self.get_test_file_path('revoked-attestation-certificates/Chip-Test-PAA-FFF1-Cert.pem'), 'rb') as f:
+ paa = x509.load_pem_x509_certificate(f.read())
+
+ ca_name_b64, ca_akid_hex = get_certificate_authority_details(
+ crl_signer, None, paa, False)
+ revocation_set = generate_revocation_set_from_crl(
+ crl, crl_signer, ca_name_b64, ca_akid_hex, None)
+
+ self.compare_revocation_sets(revocation_set, self.get_expected_revocation_set(2))
if __name__ == "__main__":
diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der
new file mode 100644
index 0000000..bb928ec
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.der
Binary files differ
diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem
new file mode 100644
index 0000000..a4ab090
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Cert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICAjCCAaigAwIBAgIIc151wP6PWsUwCgYIKoZIzj0EAwIwRjEuMCwGA1UEAwwl
+TWF0dGVyIFRlc3QgUEFJIDB4RkZGMSBubyBQSUQgUmV2b2tlZDEUMBIGCisGAQQB
+gqJ8AgEMBEZGRjEwIBcNMjUwMzI1MDAwMDAwWhgPOTk5OTEyMzEyMzU5NTlaMGQx
+NjA0BgNVBAMMLU1hdHRlciBUZXN0IFJldm9rZWQgREFDIFNpZ25lZCBieSBSZXZv
+a2VkIFBBSTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDAQ4
+MDAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaELP83azv5+vdJg+vmO/g6td
+Z9obWLWWZdgatid+/x5leASGpBEgL0pEv1UZ74ol4bK6S287eQKrIAZB2xdqWaNg
+MF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFDO1Scke
+5qNNVdIn4aGgsbGhUWs6MB8GA1UdIwQYMBaAFJEzfFz+e7KTdv6IfTyU5/Wd2D0v
+MAoGCCqGSM49BAMCA0gAMEUCIGO/qO9oglMxDEPMplwri0o31iRLg/p+qAyhtUC1
+DiWxAiEAgv4UPAsPjvj1gPMWaLe9xnbrZOuXg+7bjOFPeODItFc=
+-----END CERTIFICATE-----
diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der
new file mode 100644
index 0000000..f393b8a
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.der
Binary files differ
diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem
new file mode 100644
index 0000000..55a749b
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/Chip-Test-DAC-FFF1-8001-Revoked-Signed-By-Revoked-PAI-Key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJoLKewrsvBa4y0m97yUkHqvZHBNjl32M5xbK15Q+ShHoAoGCCqGSM49
+AwEHoUQDQgAEaELP83azv5+vdJg+vmO/g6tdZ9obWLWWZdgatid+/x5leASGpBEg
+L0pEv1UZ74ol4bK6S287eQKrIAZB2xdqWQ==
+-----END EC PRIVATE KEY-----
diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der
new file mode 100644
index 0000000..a9d5970
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.der
Binary files differ
diff --git a/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem
new file mode 100644
index 0000000..78eb900
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/Chip-Test-PAI-FFF1-noPID-Revoked-CRL.pem
@@ -0,0 +1,9 @@
+-----BEGIN X509 CRL-----
+MIIBHjCBxQIBATAKBggqhkjOPQQDAjBGMS4wLAYDVQQDDCVNYXR0ZXIgVGVzdCBQ
+QUkgMHhGRkYxIG5vIFBJRCBSZXZva2VkMRQwEgYKKwYBBAGConwCAQwERkZGMRcN
+MjUwMzI2MDYyODU2WhgPMjEyNTAzMjcwNjI4NTZaMBswGQIIc151wP6PWsUXDTI1
+MDMyNjA2Mjg1NlqgLzAtMB8GA1UdIwQYMBaAFJEzfFz+e7KTdv6IfTyU5/Wd2D0v
+MAoGA1UdFAQDAgEAMAoGCCqGSM49BAMCA0gAMEUCIQDM4thiU6vEOH5jwGaFypV2
+P9InyjTJKpMo5bR4QEMMRgIgYge7z2UStTlJzS2gVm/MVld7SNnD+020LOVP1SWb
+ufk=
+-----END X509 CRL-----
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json
index 0477c4b..e7f20cd 100644
--- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01-pai-03.json
@@ -1,5 +1,5 @@
{
- "description": "Indirect revoked PAI 03: use this with revocation-sets/indirect-revocation-set.json",
+ "description": "Indirect revoked PAI 03: use this with revocation-sets/revocation-set.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201ce30820173a00302010202145433500af72d566dd0c0fd2710ab6f8562bd6f8f300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3235303130393130303431375a180f32313234313231363130303431375a3033311b301906035504030c124d617474657220546573742050414920303331143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bb1a980f395d0a448f315df82f820564b127398e9c1396916195ef3bba5fbc247445ceaa589ca835ca99058b1b7c1b2aef55dbec4338a3d8382a100c7f199dada366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e04160414f97059a4f532b98b3b808592cd943a91004acd6d301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020349003046022100ad4364c9b8c18ed56b11239ec95468981f598beece1e6904eddf7c67a7f533980221008a0428bbbcd9b725341deab309de87569b76fbae735bac659ce83c84b209d91f",
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json
index c26ef1b..475372a 100644
--- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-dac-01.json
@@ -1,5 +1,5 @@
{
- "description": "Indirect revoked DAC 01: use this with revocation-sets/indirect-revocation-set.json",
+ "description": "Indirect revoked DAC 01: use this with revocation-sets/revocation-set.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cd30820173a003020102021455c52c44f44d371237c9d42f8371658e560627dc300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3235303130393130303430395a180f32313234313231363130303430395a3033311b301906035504030c124d617474657220546573742050414920303131143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004dab17c35080a4ddc84d72945d52c90aad2da072196bdf24a986103a902611eb4496408d8305566f9a00f3c43ff7651cc9a134ad629f60f117745004ad06ce20fa366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e041604149d7718f23bd91000c15308db3a63b9c1faea0d33301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d040302034800304502200c83bca257d7012b539908b8f2c2bb1a6e263d9f41e26e735287c206a1fe11e902210089adfcfd3b917d572723f09c2da262fc16454830aaa1273dc01e689cdc142592",
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json
index a9577fa..b7fc480 100644
--- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/indirect-revoked-pai-03.json
@@ -1,5 +1,5 @@
{
- "description": "Indirect revoked PAI 03: use this with revocation-sets/indirect-revocation-set.json",
+ "description": "Indirect revoked PAI 03: use this with revocation-sets/revocation-set.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201ce30820173a00302010202145433500af72d566dd0c0fd2710ab6f8562bd6f8f300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3235303130393130303431375a180f32313234313231363130303431375a3033311b301906035504030c124d617474657220546573742050414920303331143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bb1a980f395d0a448f315df82f820564b127398e9c1396916195ef3bba5fbc247445ceaa589ca835ca99058b1b7c1b2aef55dbec4338a3d8382a100c7f199dada366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d0e04160414f97059a4f532b98b3b808592cd943a91004acd6d301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020349003046022100ad4364c9b8c18ed56b11239ec95468981f598beece1e6904eddf7c67a7f533980221008a0428bbbcd9b725341deab309de87569b76fbae735bac659ce83c84b209d91f",
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json
index 05dc6b0..52eed62 100644
--- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json
@@ -1,5 +1,5 @@
{
- "description": "Revoked DAC 01: use this with revocation-sets/revocation-set-for-pai.json",
+ "description": "Revoked DAC 01: use this with revocation-sets/revocation-sets/revocation-set.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json
index ab3f927..0a7c9ac 100644
--- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json
@@ -1,5 +1,5 @@
{
- "description": "Revoked DAC 02: use this with revocation-sets/revocation-set-for-pai.json",
+ "description": "Revoked DAC 02: use this with revocation-sets/revocation-set.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json
index a629f86..cfc1442 100644
--- a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json
@@ -1,5 +1,5 @@
{
- "description": "Revoked DAC 03: use this with revocation-sets/revocation-set-for-pai.json",
+ "description": "Revoked DAC 03: use this with revocation-sets/revocation-set.json",
"basic_info_pid": 32769,
"certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
"pai_cert": "308201cb30820171a003020102020856ad8222ad945b64300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3232303230353030303030305a180f39393939313233313233353935395a303d3125302306035504030c1c4d6174746572204465762050414920307846464631206e6f2050494431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004419a9315c2173e0c8c876d03ccfc944852647f7fec5e5082f4059928eca894c594151309ac631e4cb03392af684b0bafb7e65b3b8162c2f52bf931b8e77aaa82a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041463540e47f64b1c38d13884a462d16c195d8ffb3c301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d0403020348003045022100b2ef27f49ae9b50fb91eeac94c4d0bdbb8d7929c6cb88face529368d12054c0c0220655dc92b86bd909882a6c62177b825d7d05edbe7c22f9fea71220e7ea703f891",
diff --git a/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json
new file mode 100644
index 0000000..83b2d12
--- /dev/null
+++ b/credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json
@@ -0,0 +1,9 @@
+{
+ "description": "Revoked DAC and PAI",
+ "basic_info_pid": 32769,
+ "certification_declaration": "3081e706092a864886f70d010702a081d93081d6020103310d300b0609608648016503040201304306092a864886f70d010701a0360434152400012501f1ff3602050180182403162c0413435341303030303053574330303030302d303124050024060024070124080018317d307b020103801462fa823359acfaa9963e1cfa140addf504f37160300b0609608648016503040201300a06082a8648ce3d0403020447304502204dc6be89beeb5a49adec51ee7f0e6d1263ffc9e6238f2044385a5e0c86751b83022100ed902842f7a5784368d63eba6a2fb90086dd65a0ce3c283d86b915a3536afdac",
+ "pai_cert": "308201d43082017aa0030201020208302664392b8a3f2a300a06082a8648ce3d04030230303118301606035504030c0f4d617474657220546573742050414131143012060a2b0601040182a27c02010c04464646313020170d3234313231333030303030305a180f39393939313233313233353935395a3046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313059301306072a8648ce3d020106082a8648ce3d03010703420004bd58a84f7862e0751c4e56280f149697df7c51aadc5a4fa393c96277a59079de40907ab7860d069de652ea8bc8f7053bfe7c3a8ef4700d76b9cc20db312caf91a366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020106301d0603551d0e0416041491337c5cfe7bb29376fe887d3c94e7f59dd83d2f301f0603551d230418301680146afd22771f511fecbf1641976710dcdc31a1717e300a06082a8648ce3d04030203480030450221009c74f6a84b3acb5a369de90399114ebf0a55150babd3d52b2898708847bc9c6e0220651881c81b7a20c346b97c68313c4be1c0a88f4f3a4072ed3c7ea11dc60984fc",
+ "dac_cert": "30820202308201a8a0030201020208735e75c0fe8f5ac5300a06082a8648ce3d0403023046312e302c06035504030c254d617474657220546573742050414920307846464631206e6f20504944205265766f6b656431143012060a2b0601040182a27c02010c04464646313020170d3235303332353030303030305a180f39393939313233313233353935395a30643136303406035504030c2d4d61747465722054657374205265766f6b656420444143205369676e6564206279205265766f6b65642050414931143012060a2b0601040182a27c02010c044646463131143012060a2b0601040182a27c02020c04383030313059301306072a8648ce3d020106082a8648ce3d030107034200046842cff376b3bf9faf74983ebe63bf83ab5d67da1b58b59665d81ab6277eff1e65780486a411202f4a44bf5519ef8a25e1b2ba4b6f3b7902ab200641db176a59a360305e300c0603551d130101ff04023000300e0603551d0f0101ff040403020780301d0603551d0e0416041433b549c91ee6a34d55d227e1a1a0b1b1a1516b3a301f0603551d2304183016801491337c5cfe7bb29376fe887d3c94e7f59dd83d2f300a06082a8648ce3d0403020348003045022063bfa8ef688253310c43cca65c2b8b4a37d6244b83fa7ea80ca1b540b50e25b102210082fe143c0b0f8ef8f580f31668b7bdc676eb64eb9783eedb8ce14f78e0c8b457",
+ "dac_private_key": "9a0b29ec2bb2f05ae32d26f7bc94907aaf64704d8e5df6339c5b2b5e50f92847",
+ "dac_public_key": "046842cff376b3bf9faf74983ebe63bf83ab5d67da1b58b59665d81ab6277eff1e65780486a411202f4a44bf5519ef8a25e1b2ba4b6f3b7902ab200641db176a59"
+}
diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json
deleted file mode 100644
index 93edb94..0000000
--- a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json
+++ /dev/null
@@ -1,9 +0,0 @@
-[
- {
- "type": "revocation_set",
- "issuer_subject_key_id": "6AFD22771F511FECBF1641976710DCDC31A1717E",
- "issuer_name": "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=",
- "revoked_serial_numbers": ["302664392B8A3F2A"],
- "crl_signer_cert": "MIIBvTCCAWSgAwIBAgIITqjoMYLUHBwwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLbLY3KIfyko9brIGqnZOuJDHK2p154kL2UXfvnO2TKijs0Duq9qj8oYShpQNUKWDUU/MD8fGUIddR6Pjxqam3WjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAfBgNVHSMEGDAWgBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAKBggqhkjOPQQDAgNHADBEAiBQqoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpHmUkpxyqvChVI1A0DTVFLJd4="
- }
-]
diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json
deleted file mode 100644
index 46c3c1b..0000000
--- a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json
+++ /dev/null
@@ -1,13 +0,0 @@
-[
- {
- "type": "revocation_set",
- "issuer_subject_key_id": "63540E47F64B1C38D13884A462D16C195D8FFB3C",
- "issuer_name": "MD0xJTAjBgNVBAMMHE1hdHRlciBEZXYgUEFJIDB4RkZGMSBubyBQSUQxFDASBgorBgEEAYKifAIBDARGRkYx",
- "revoked_serial_numbers": [
- "0AB042494323FE54",
- "19367D978EAC533A",
- "2569383D24BB36EA"
- ],
- "crl_signer_cert": "MIIByzCCAXGgAwIBAgIIVq2CIq2UW2QwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMjAyMDUwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowPTElMCMGA1UEAwwcTWF0dGVyIERldiBQQUkgMHhGRkYxIG5vIFBJRDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBmpMVwhc+DIyHbQPM/JRIUmR/f+xeUIL0BZko7KiUxZQVEwmsYx5MsDOSr2hLC6+35ls7gWLC9Sv5MbjneqqCo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUY1QOR/ZLHDjROISkYtFsGV2P+zwwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZIzj0EAwIDSAAwRQIhALLvJ/Sa6bUPuR7qyUxNC9u415KcbLiPrOUpNo0SBUwMAiBlXckrhr2QmIKmxiF3uCXX0F7b58Ivn+pxIg5+pwP4kQ=="
- }
-]
diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/indirect-revocation-set.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json
similarity index 68%
rename from credentials/test/revoked-attestation-certificates/revocation-sets/indirect-revocation-set.json
rename to credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json
index 6d22cd9..91a49b3 100644
--- a/credentials/test/revoked-attestation-certificates/revocation-sets/indirect-revocation-set.json
+++ b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json
@@ -3,6 +3,31 @@
"type": "revocation_set",
"issuer_subject_key_id": "6AFD22771F511FECBF1641976710DCDC31A1717E",
"issuer_name": "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=",
+ "revoked_serial_numbers": ["302664392B8A3F2A"],
+ "crl_signer_cert": "MIIBvTCCAWSgAwIBAgIITqjoMYLUHBwwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLbLY3KIfyko9brIGqnZOuJDHK2p154kL2UXfvnO2TKijs0Duq9qj8oYShpQNUKWDUU/MD8fGUIddR6Pjxqam3WjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAfBgNVHSMEGDAWgBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAKBggqhkjOPQQDAgNHADBEAiBQqoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpHmUkpxyqvChVI1A0DTVFLJd4="
+ },
+ {
+ "type": "revocation_set",
+ "issuer_subject_key_id": "63540E47F64B1C38D13884A462D16C195D8FFB3C",
+ "issuer_name": "MD0xJTAjBgNVBAMMHE1hdHRlciBEZXYgUEFJIDB4RkZGMSBubyBQSUQxFDASBgorBgEEAYKifAIBDARGRkYx",
+ "revoked_serial_numbers": [
+ "0AB042494323FE54",
+ "19367D978EAC533A",
+ "2569383D24BB36EA"
+ ],
+ "crl_signer_cert": "MIIByzCCAXGgAwIBAgIIVq2CIq2UW2QwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMjAyMDUwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowPTElMCMGA1UEAwwcTWF0dGVyIERldiBQQUkgMHhGRkYxIG5vIFBJRDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBmpMVwhc+DIyHbQPM/JRIUmR/f+xeUIL0BZko7KiUxZQVEwmsYx5MsDOSr2hLC6+35ls7gWLC9Sv5MbjneqqCo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUY1QOR/ZLHDjROISkYtFsGV2P+zwwHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZIzj0EAwIDSAAwRQIhALLvJ/Sa6bUPuR7qyUxNC9u415KcbLiPrOUpNo0SBUwMAiBlXckrhr2QmIKmxiF3uCXX0F7b58Ivn+pxIg5+pwP4kQ=="
+ },
+ {
+ "type": "revocation_set",
+ "issuer_subject_key_id": "91337C5CFE7BB29376FE887D3C94E7F59DD83D2F",
+ "issuer_name": "MEYxLjAsBgNVBAMMJU1hdHRlciBUZXN0IFBBSSAweEZGRjEgbm8gUElEIFJldm9rZWQxFDASBgorBgEEAYKifAIBDARGRkYx",
+ "revoked_serial_numbers": ["735E75C0FE8F5AC5"],
+ "crl_signer_cert": "MIIB1DCCAXqgAwIBAgIIMCZkOSuKPyowCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yNDEyMTMwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowRjEuMCwGA1UEAwwlTWF0dGVyIFRlc3QgUEFJIDB4RkZGMSBubyBQSUQgUmV2b2tlZDEUMBIGCisGAQQBgqJ8AgEMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9WKhPeGLgdRxOVigPFJaX33xRqtxaT6OTyWJ3pZB53kCQereGDQad5lLqi8j3BTv+fDqO9HANdrnMINsxLK+Ro2YwZDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUkTN8XP57spN2/oh9PJTn9Z3YPS8wHwYDVR0jBBgwFoAUav0idx9RH+y/FkGXZxDc3DGhcX4wCgYIKoZIzj0EAwIDSAAwRQIhAJx09qhLOstaNp3pA5kRTr8KVRULq9PVKyiYcIhHvJxuAiBlGIHIG3ogw0a5fGgxPEvhwKiPTzpAcu08fqEdxgmE/A=="
+ },
+ {
+ "type": "revocation_set",
+ "issuer_subject_key_id": "6AFD22771F511FECBF1641976710DCDC31A1717E",
+ "issuer_name": "MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE=",
"revoked_serial_numbers": ["5433500AF72D566DD0C0FD2710AB6F8562BD6F8F"],
"crl_signer_cert": "MIIBqzCCAVGgAwIBAgIUXW/ACwFp8g4/ggzUuEv9UF2neywwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yNTAxMDkwOTU3MzdaGA8yMTI0MTIxNjA5NTczN1owFzEVMBMGA1UEAwwMUEFBIERlbGVnYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQrA57jV+Fp6fRFPc5nh1w3sZoDaBVIpTA9kFQ4HxwHlVL4X+cV40JRYvfoFz5T/ODkxBypk/Air9kGtMz+Yo9KNgMF4wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCAQIwHQYDVR0OBBYEFK0B3AudYWs+yb8OfosFL8yvc0/yMB8GA1UdIwQYMBaAFGr9IncfUR/svxZBl2cQ3NwxoXF+MAoGCCqGSM49BAMCA0gAMEUCIQCOLt9F4MmItvqDQHVpY1m/gFfJ9ucjBzCtGEoun1mHQQIga8oBW2T46R8t6Dshi/xZQo3IrAdN38Oj3QrfXo3Yo1k=",
"crl_signer_delegator": "MIIBvTCCAWSgAwIBAgIITqjoMYLUHBwwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTAgFw0yMTA2MjgxNDIzNDNaGA85OTk5MTIzMTIzNTk1OVowMDEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLbLY3KIfyko9brIGqnZOuJDHK2p154kL2UXfvnO2TKijs0Duq9qj8oYShpQNUKWDUU/MD8fGUIddR6Pjxqam3WjZjBkMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAfBgNVHSMEGDAWgBRq/SJ3H1Ef7L8WQZdnENzcMaFxfjAKBggqhkjOPQQDAgNHADBEAiBQqoAC9NkyqaAFOPZTaK0P/8jvu8m+t9pWmDXPmqdRDgIgI7rI/g8j51RFtlM5CBpHmUkpxyqvChVI1A0DTVFLJd4="
diff --git a/docs/guides/device-attestation-revocation-guide.md b/docs/guides/device-attestation-revocation-guide.md
index 6ee4fee..04c38d4 100644
--- a/docs/guides/device-attestation-revocation-guide.md
+++ b/docs/guides/device-attestation-revocation-guide.md
@@ -44,9 +44,14 @@
### Test Vectors
-| Description | DAC Provider | Revocation Set | Expected Result |
-| --------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- |
-| PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | [revocation-set-for-paa.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-paa.json) | Commissioning fails with `kPaiRevoked` (202) |
-| DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) |
-| DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) |
-| DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | [revocation-set-for-pai.json](../../credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json) | Commissioning fails with `kDacRevoked` (302) |
+Please use
+`credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set.json`
+as revocation set
+
+| Description | DAC Provider | Expected Result |
+| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| PAI revoked by PAA | [revoked-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-pai.json) | Commissioning fails with `kPaiRevoked` (202) |
+| DAC-01 revoked by PAI | [revoked-dac-01.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-01.json) | Commissioning fails with `kDacRevoked` (302) |
+| DAC-02 revoked by PAI | [revoked-dac-02.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-02.json) | Commissioning fails with `kDacRevoked` (302) |
+| DAC-03 revoked by PAI | [revoked-dac-03.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-03.json) | Commissioning fails with `kDacRevoked` (302) |
+| DAC and PAI revoked | [revoked-dac-and-pai.json](../../credentials/test/revoked-attestation-certificates/dac-provider-test-vectors/revoked-dac-and-pai.json) | Commissioning fails with `kPaiAndDacRevoked` (208) |
diff --git a/src/python_testing/TC_DA_1_9.py b/src/python_testing/TC_DA_1_9.py
new file mode 100644
index 0000000..8bc2c24
--- /dev/null
+++ b/src/python_testing/TC_DA_1_9.py
@@ -0,0 +1,217 @@
+#!/usr/bin/env -S python3 -B
+#
+# Copyright (c) 2025 Project CHIP Authors
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This script is intended for QA use only and does not automatically
+# verify the results of the commissioning process. Please use with caution.
+#
+# [TC-DA-1.9] Device Attestation Revocation [DUT-Commissioner]
+#
+# This test is about commissioning a device configured with a revoked DAC and/or PAI
+# and checking if the commissioner warns about the device attestation error.
+# The test case will be successful if the commissioner warns about the device
+# attestation error and the device is not commissioned.
+
+# See https://github.com/project-chip/connectedhomeip/blob/master/docs/testing/python.md#defining-the-ci-test-arguments
+# for details about the block below.
+#
+# === BEGIN CI TEST ARGUMENTS ===
+# test-runner-runs:
+# run1:
+# script-args: >
+# --storage-path admin_storage.json
+# --PICS src/app/tests/suites/certification/ci-pics-values
+# --string-arg app_path:out/linux-x64-all-clusters-ipv6only-no-ble-no-wifi-tsan-clang-test/chip-all-clusters-app
+# --string-arg dac_provider_base_path:credentials/test/revoked-attestation-certificates/dac-provider-test-vectors
+# --string-arg revocation_set_base_path:credentials/test/revoked-attestation-certificates/revocation-sets
+# --string-arg app_log_path:/tmp/TC_DA_1_9
+# --trace-to json:${TRACE_TEST_JSON}.json
+# --trace-to perfetto:${TRACE_TEST_PERFETTO}.perfetto
+# factory-reset: true
+# quiet: true
+# === END CI TEST ARGUMENTS ===
+
+import os
+import signal
+import subprocess
+
+from chip.testing.matter_testing import MatterBaseTest, TestStep, async_test_body, default_matter_test_main
+from mobly import asserts
+
+
+class TC_DA_1_9(MatterBaseTest):
+ def setup_class(self):
+ super().setup_class()
+
+ self.app_path = self.matter_test_config.global_test_params.get('app_path')
+ self.dac_provider_base_path = self.matter_test_config.global_test_params.get('dac_provider_base_path')
+ self.revocation_set_base_path = self.matter_test_config.global_test_params.get('revocation_set_base_path')
+
+ if self.app_path is None or not os.path.exists(self.app_path):
+ asserts.fail("--string-arg app_path:<app_path> is required for this test, please provide the path to the app (eg: all-clusters-app)")
+
+ if self.dac_provider_base_path is None or not os.path.exists(self.dac_provider_base_path):
+ asserts.fail("--string-arg dac_provider_base_path:<dac_provider_base_path> is required for this test, please provide the path to the dac provider test vectors, it can be found in Matter SDK at: credentials/test/revoked-attestation-certificates/dac-provider-test-vectors")
+
+ if self.revocation_set_base_path is None or not os.path.exists(self.revocation_set_base_path):
+ asserts.fail("--string-arg revocation_set_base_path:<revocation_set_base_path> is required for this test, please provide the path to the revocation set, it can be found in Matter SDK at: credentials/test/revoked-attestation-certificates/revocation-sets")
+
+ def desc_TC_DA_1_9(self) -> str:
+ return "[TC-DA-1.9] Device Attestation Revocation [DUT-Commissioner]"
+
+ def pics_TC_DA_1_9(self) -> list[str]:
+ pics = [
+ "MCORE.ROLE.COMMISSIONER",
+ ]
+ return pics
+
+ def steps_TC_DA_1_9(self) -> list[TestStep]:
+ return [
+ TestStep(1, "Test commissioning with revoked DAC",
+ "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"),
+ TestStep(2, "Test commissioning with revoked PAI",
+ "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"),
+ TestStep(3, "Test commissioning with both DAC and PAI revoked",
+ "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"),
+ TestStep(4, "Test commissioning with revoked DAC using delegated CRL signer",
+ "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"),
+ TestStep(5, "Test commissioning with revoked PAI using delegated CRL signer",
+ "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"),
+ TestStep(6, "Test commissioning with both DAC and PAI revoked using delegated CRL signer",
+ "(DUT)Commissioner warns about commissioning the non-genuine device, Or Commissioning fails with device appropriate attestation error"),
+ TestStep(7, "Test commissioning with valid DAC and PAI",
+ "Commissioning succeeds without any attestation errors"),
+ ]
+
+ @async_test_body
+ async def test_TC_DA_1_9(self):
+ test_vectors = [
+ {
+ 'name': 'tc_dac_revoked',
+ 'dac_provider': 'revoked-dac-01.json',
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': False,
+ 'manual_pairing_code': '14970112338',
+ 'discriminator': 0x700,
+ },
+ {
+ 'name': 'tc_pai_revoked',
+ 'dac_provider': 'revoked-pai.json',
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': False,
+ 'manual_pairing_code': '20054912334',
+ 'discriminator': 0x800,
+ },
+ {
+ 'name': 'tc_dac_and_pai_revoked',
+ 'dac_provider': 'revoked-dac-and-pai.json',
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': False,
+ 'manual_pairing_code': '21693312337',
+ 'discriminator': 0x900,
+ },
+ {
+ 'name': 'tc_dac_revoked_using_delegated_crl_signer',
+ 'dac_provider': 'indirect-revoked-dac-01.json',
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': False,
+ 'manual_pairing_code': '23331712339',
+ 'discriminator': 0xA00,
+ },
+ {
+ 'name': 'tc_pai_revoked_using_delegated_crl_signer',
+ 'dac_provider': 'indirect-revoked-pai-03.json',
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': False,
+ 'manual_pairing_code': '24970112330',
+ 'discriminator': 0xB00,
+ },
+ {
+ 'name': 'tc_dac_and_pai_revoked_using_delegated_crl_signer',
+ 'dac_provider': 'indirect-revoked-dac-01-pai-03.json',
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': False,
+ 'manual_pairing_code': '30054912331',
+ 'discriminator': 0xC00,
+ },
+ {
+ 'name': 'tc_dac_and_pai_valid',
+ 'dac_provider': None,
+ 'revocation_set': 'revocation-set.json',
+ 'expects_commissioning_success': True,
+ 'manual_pairing_code': '31693312339',
+ 'discriminator': 0xD00,
+ }
+ ]
+
+ for idx, test_case in enumerate(test_vectors):
+ self.step(idx + 1)
+
+ # Clean up any existing KVS files
+ subprocess.call("rm -f all-clusters-kvs*", shell=True)
+
+ # Create log files for this test case
+ log_path = os.path.join(self.matter_test_config.logs_path, 'TC_DA_1_9')
+ os.makedirs(log_path, exist_ok=True)
+ app_log_file_name = os.path.join(log_path, f"{test_case['name']}_app.log")
+
+ with open(app_log_file_name, 'w') as app_log_file:
+ # Start the all-clusters-app with appropriate DAC provider
+ app_args = '--trace_decode 1 --KVS all-clusters-kvs'
+ if test_case['dac_provider']:
+ dac_provider_path = os.path.join(self.dac_provider_base_path, test_case['dac_provider'])
+ app_args += f' --dac_provider {dac_provider_path}'
+
+ if test_case['discriminator']:
+ discriminator = test_case['discriminator']
+ app_args += f' --discriminator {discriminator}'
+
+ app_cmd = f"{self.app_path} {app_args}"
+
+ # Run the all-clusters-app in background
+ app_process = subprocess.Popen(app_cmd.split(), stdout=app_log_file, stderr=app_log_file)
+
+ # Prompt user with instructions
+ prompt_msg = (
+ f"\nPlease commission the DUT with:\n"
+ f" Manual Pairing Code: '{test_case['manual_pairing_code']}'\n"
+ f" Revocation Set: {os.path.join(self.revocation_set_base_path, test_case['revocation_set'])}\n\n"
+ f"Input 'Y' if DUT successfully commissions without any warnings\n"
+ f"Input 'N' if commissioner warns about commissioning the non-genuine device, "
+ f"Or Commissioning fails with device appropriate attestation error\n"
+ )
+
+ # TODO: Run Python commissioner, commission the DUT, and check the return code
+ if self.is_pics_sdk_ci_only:
+ resp = 'Y' if test_case['expects_commissioning_success'] else 'N'
+ else:
+ resp = self.wait_for_user_input(prompt_msg)
+
+ commissioning_success = resp.lower() == 'y'
+
+ # Verify results
+ asserts.assert_equal(
+ commissioning_success,
+ test_case['expects_commissioning_success'],
+ f"Commissioning {'succeeded' if commissioning_success else 'failed'} when it should have {'succeeded' if test_case['expects_commissioning_success'] else 'failed'}"
+ )
+
+ app_process.send_signal(signal.SIGTERM.value)
+ app_process.wait()
+
+
+if __name__ == "__main__":
+ default_matter_test_main()
