Clean up remaining IsCA support filters so CertifyKey verification tests

run

verification/client/abi.go

@@ -149,11 +149,6 @@ type GetProfileResp struct {
 // CertifyKeyFlags is the input flags to CertifyKey
 type CertifyKeyFlags uint32
 
-// Supported flags to CertifyKey
-const (
-	CertifyAddIsCA CertifyKeyFlags = 1 << 30
-)
-
 // CertifyKeyFormat is the requested output format of the DPE key certification
 type CertifyKeyFormat uint32
 

verification/testing/certifyKey.go

@@ -144,7 +144,7 @@ func TestCertifyKeyCsr(d client.TestDPEInstance, c client.DPEClient, t *testing.
 	}
 	digestLen := profile.GetDigestSize()
 
-	flags := client.CertifyKeyFlags(client.CertifyAddIsCA)
+	flags := client.CertifyKeyFlags(0)
 	label := make([]byte, digestLen)
 
 	// Get DPE leaf certificate from CertifyKey
@@ -490,6 +490,10 @@ func checkCertificateStructure(t *testing.T, certBytes []byte) *x509.Certificate
 			// We will need to truncate the serial numbers for those certs and
 			// then enable this lint.
 			"e_subject_dn_serial_number_max_length",
+			// CertifKey does not support CA certificates.
+			"e_ext_authority_key_identifier_no_key_identifier",
+			// subject key identifiers are optional in leaf certificates.
+			"w_ext_subject_key_identifier_missing_sub_cert",
 		},
 	})
 	if err != nil {
@@ -549,8 +553,8 @@ func testCertifyKey(d client.TestDPEInstance, c client.DPEClient, t *testing.T,
 	}
 
 	certifyKeyParams := []CertifyKeyParams{
-		{Label: make([]byte, digestLen), Flags: client.CertifyKeyFlags(client.CertifyAddIsCA)},
-		{Label: seqLabel, Flags: client.CertifyKeyFlags(client.CertifyAddIsCA)},
+		{Label: make([]byte, digestLen), Flags: client.CertifyKeyFlags(0)},
+		{Label: seqLabel, Flags: client.CertifyKeyFlags(0)},
 	}
 
 	for _, params := range certifyKeyParams {

verification/testing/deriveContext.go

@@ -192,7 +192,7 @@ func TestPrivilegesEscalation(d client.TestDPEInstance, c client.DPEClient, t *t
 
 	// Similarly, when commands like CertifyKey try to make use of features/flags that are unsupported
 	// by child context, it will fail.
-	if _, err = c.CertifyKey(handle, make([]byte, digestLen), client.CertifyKeyX509, client.CertifyAddIsCA); err == nil {
+	if _, err = c.CertifyKey(handle, make([]byte, digestLen), client.CertifyKeyX509, 0); err == nil {
 		t.Errorf("[ERROR]: Should return %q, but returned no error", client.StatusInvalidArgument)
 	} else if !errors.Is(err, client.StatusInvalidArgument) {
 		t.Errorf("[ERROR]: Incorrect error type. Should return %q, but returned %q", client.StatusInvalidArgument, err)

verification/testing/verification.go

@@ -39,17 +39,17 @@ var InitializeContextSimulationTestCase = TestCase{
 
 // CertifyKeyTestCase tests CertifyKey
 var CertifyKeyTestCase = TestCase{
-	"CertifyKey", TestCertifyKey, []string{"AutoInit", "X509", "IsCA"},
+	"CertifyKey", TestCertifyKey, []string{"AutoInit", "X509"},
 }
 
 // client.CertifyKeyCsrTestCase tests CertifyKey with type = CSR
 var CertifyKeyCsrTestCase = TestCase{
-	"CertifyKeyCsr", TestCertifyKeyCsr, []string{"AutoInit", "Csr", "IsCA"},
+	"CertifyKeyCsr", TestCertifyKeyCsr, []string{"AutoInit", "Csr"},
 }
 
 // CertifyKeySimulationTestCase tests CertifyKey on Simulation mode contexts
 var CertifyKeySimulationTestCase = TestCase{
-	"CertifyKeySimulation", TestCertifyKeySimulation, []string{"AutoInit", "Simulation", "X509", "IsCA"},
+	"CertifyKeySimulation", TestCertifyKeySimulation, []string{"AutoInit", "Simulation", "X509"},
 }
 
 // GetCertificateChainTestCase tests GetCertificateChain
@@ -129,7 +129,7 @@ var DeriveContextLocalityTestCase = TestCase{
 
 // DeriveContextPrivilegeEscalationTestCase tests that commands trying to use features that are unsupported by child context fail.
 var DeriveContextPrivilegeEscalationTestCase = TestCase{
-	"DeriveContext_PrivilegeEscalation", TestPrivilegesEscalation, []string{"AutoInit", "X509", "IsCA"},
+	"DeriveContext_PrivilegeEscalation", TestPrivilegesEscalation, []string{"AutoInit", "X509"},
 }
 
 // DeriveContextInputFlagsTestCase tests DeriveContext with the input flags InternalDiceInfo and InternalInputInfo.