public override void ExecuteCmdlet()
{
PSAttestation attestation;
switch (ParameterSetName)
{
case DefaultProviderParameterSet:
if (string.IsNullOrEmpty(Location))
{
this.WriteObject(AttestationClient.ListDefaultAttestation(), true);
}
else
{
attestation = AttestationClient.GetDefaultAttestationByLocation(Location);
this.WriteObject(attestation);
}
break;
case NameParameterSet:
case ResourceIdParameterSet:
if (ResourceId != null)
{
var resourceIdentifier = new ResourceIdentifier(ResourceId);
Name = resourceIdentifier.ResourceName;
ResourceGroupName = resourceIdentifier.ResourceGroupName;
}
attestation = AttestationClient.GetAttestation(Name, ResourceGroupName);
this.WriteObject(attestation);
break;
default:
throw new ArgumentException(Resources.BadParameterSetName);
}
}
public async Task SettingAttestationPolicy()
{
var endpoint = TestEnvironment.SharedEusTest;
#region Snippet:GetPolicy
var client = new AttestationAdministrationClient(new Uri(endpoint), new DefaultAzureCredential());
var attestClient = new AttestationClient(new Uri(endpoint), new DefaultAzureCredential(),
new AttestationClientOptions(validationCallback: (attestationToken, signer) => true));
var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave);
var result = policyResult.Value.AttestationPolicy;
#endregion
#region Snippet:SetPolicy
string attestationPolicy = "version=1.0; authorizationrules{=> allow();}; issuancerules{};";
var policyTokenSigner = TestEnvironment.PolicyCertificate0;
AttestationToken policySetToken = new SecuredAttestationToken(
new StoredAttestationPolicy {
AttestationPolicy = Base64Url.EncodeString(attestationPolicy),
},
policyTokenSigner);
var setResult = client.SetPolicy(AttestationType.SgxEnclave, policySetToken);
#endregion
var resetResult = client.ResetPolicy(AttestationType.SgxEnclave);
// When the attestation instance is in Isolated mode, the ResetPolicy API requires using a signing key/certificate to authorize the user.
var resetResult2 = client.ResetPolicy(
AttestationType.SgxEnclave,
new SecuredAttestationToken(policyTokenSigner));
return;
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(Name, Resources.CreateAttestation))
{
JSONWebKeySet jsonWebKeySet = null;
if (this.PolicySigningCertificateFile != null)
{
FileInfo certFile = new FileInfo(ResolveUserPath(this.PolicySigningCertificateFile));
if (!certFile.Exists)
{
throw new FileNotFoundException(string.Format(AttestationProperties.Resources.CertificateFileNotFound, this.PolicySigningCertificateFile));
}
var pem = System.IO.File.ReadAllText(certFile.FullName);
X509Certificate2Collection certificateCollection = AttestationClient.GetX509CertificateFromPEM(pem, "CERTIFICATE");
if (certificateCollection.Count != 0)
{
jsonWebKeySet = AttestationClient.GetJSONWebKeySet(certificateCollection);
}
}
var newAttestation = AttestationClient.CreateNewAttestation(new AttestationCreationParameters()
{
ProviderName = this.Name,
ResourceGroupName = this.ResourceGroupName,
AttestationPolicy = this.AttestationPolicy,
PolicySigningCertificates = jsonWebKeySet
});
this.WriteObject(newAttestation);
}
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(Name, Resources.CreateAttestation))
{
var newServiceParameters = new AttestationCreationParameters
{
ResourceGroupName = this.ResourceGroupName,
ProviderName = this.Name,
CreationParameters = new AttestationServiceCreationParams
{
Location = this.Location,
Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true),
Properties = new AttestationServiceCreationSpecificParams
{
AttestationPolicy = null,
PolicySigningCertificates =
JwksHelper.GetJwks(ResolveUserPath(this.PolicySignersCertificateFile))
}
}
};
var newAttestation = AttestationClient.CreateNewAttestation(newServiceParameters);
this.WriteObject(newAttestation);
}
}
public AttestationClient CreateAttestationClient()
{
string accessToken = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkJCOENlRlZxeWFHckdOdWVoSklpTDRkZmp6dyIsImtpZCI6IkJCOENlRlZxeWFHckdOdWVoSklpTDRkZmp6dyJ9.eyJhdWQiOiJodHRwczovL2F0dGVzdC5henVyZS5uZXQiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMWRiNDcvIiwiaWF0IjoxNTc2MDE4MTI1LCJuYmYiOjE1NzYwMTgxMjUsImV4cCI6MTU3NjAyMjAyNSwiX2NsYWltX25hbWVzIjp7Imdyb3VwcyI6InNyYzEifSwiX2NsYWltX3NvdXJjZXMiOnsic3JjMSI6eyJlbmRwb2ludCI6Imh0dHBzOi8vZ3JhcGgud2luZG93cy5uZXQvNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3VzZXJzL2U0ZDA2ZWU4LWNhYjctNDc1My1hOThlLTJlNmU0OTM1MjllNS9nZXRNZW1iZXJPYmplY3RzIn19LCJhY3IiOiIxIiwiYWlvIjoiQVVRQXUvOE5BQUFBelE2a2FNOUlmanV6dlZoK3V5eWlobnhBVHorVURzMHNJUHBNVUZ6b1lJNnFvTEc2ZE82QTh0UTZVbzM1bHJOeXg4bDFZMXlSTTZScG5vM3dWc1psZnc9PSIsImFtciI6WyJyc2EiLCJtZmEiXSwiYXBwaWQiOiJkMzU5MGVkNi01MmIzLTQxMDItYWVmZi1hYWQyMjkyYWIwMWMiLCJhcHBpZGFjciI6IjAiLCJkZXZpY2VpZCI6IjRhYWIxMjIxLWVlMDktNDFjYi05ODRkLTdlNzQ2OThhNDdlYSIsImZhbWlseV9uYW1lIjoiTGVpIiwiZ2l2ZW5fbmFtZSI6IlNodWFuZ3lhbiIsImlwYWRkciI6IjEzMS4xMDcuMTYwLjE2MyIsIm5hbWUiOiJTaHVhbmd5YW4gTGVpIiwib2lkIjoiZTRkMDZlZTgtY2FiNy00NzUzLWE5OGUtMmU2ZTQ5MzUyOWU1Iiwib25wcmVtX3NpZCI6IlMtMS01LTIxLTIxMjc1MjExODQtMTYwNDAxMjkyMC0xODg3OTI3NTI3LTM1MjIzMTc5IiwicHVpZCI6IjEwMDMyMDAwNDQ1Q0Y1MjgiLCJzY3AiOiJ1c2VyX2ltcGVyc29uYXRpb24iLCJzdWIiOiI5MTYzMjdMaXJBSkdQSFoyNFNJT1BRa2VYTHQ5Q2ZReF9Nbm8tZ0pvTGY4IiwidGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3IiwidW5pcXVlX25hbWUiOiJzaGxlaUBtaWNyb3NvZnQuY29tIiwidXBuIjoic2hsZWlAbWljcm9zb2Z0LmNvbSIsInV0aSI6IlZDQm5DS3pyRGsyMG1oRFhmaDRKQUEiLCJ2ZXIiOiIxLjAifQ.JMuwfFYBecyM73ECf7AHubct8Hpe7cZOVUub9niL6Yid7F3LXQ-wfTgGQlBQV-7gZ6PxTrA3bzFzENw867_mcsKaEdeRT6Wd43-nUjirf8dNz7NCEitGlcVZamLGu0bkiQeTkpPbFg6i_KGKRt4gWHbrZXsFGNBf_VSKtHQZ-Q5F3jIdxcj0fQjt_k7xT1x_901qfWtQl6QrFvloFclR9u_Xwy44GOiU23zkFNolpRc3V1GxlY25IQ3xQb7C8SF-TqGAmo2xBV3MTAwRKexEYrdtB46AOPtR6_A3jLNi62HZG52vmFihFEAT7QFZndVSoketibbniR60fWwMeIGcxg";
AttestationCredentials credentials = new AttestationCredentials(accessToken);
var myclient = new AttestationClient(credentials, GetHandlers());
return(myclient);
}
public async Task GetAttestationPolicy()
{
var client = new AttestationAdministrationClient(new Uri(TestEnvironment.AadAttestationUrl), new DefaultAzureCredential());
var attestClient = new AttestationClient(new Uri(TestEnvironment.AadAttestationUrl), new DefaultAzureCredential(),
new AttestationClientOptions(validationCallback: (attestationToken, signer) => true));
IReadOnlyList <AttestationSigner> signingCertificates = attestClient.GetSigningCertificates().Value;
var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave);
var result = policyResult.Value;
}
public async Task GetCertificates()
{
AttestationClient attestationClient = GetAttestationClient();
IReadOnlyList <AttestationSigner> certs = (await attestationClient.GetSigningCertificatesAsync()).Value;
Assert.AreNotEqual(0, certs.Count);
return;
}
public override void ExecuteCmdlet()
{
if (ShouldProcess(Name, Resources.CreateAttestation))
{
var newAttestation = AttestationClient.CreateNewAttestation(new AttestationCreationParameters()
{
ProviderName = this.Name,
ResourceGroupName = this.ResourceGroupName,
AttestationPolicy = this.AttestationPolicy
});
this.WriteObject(newAttestation);
}
}
public override void ExecuteCmdlet()
{
if (ResourceId != null)
{
var resourceIdentifier = new ResourceIdentifier(ResourceId);
Name = resourceIdentifier.ResourceName;
ResourceGroupName = resourceIdentifier.ResourceGroupName;
}
PSAttestation attestation = AttestationClient.GetAttestation(Name, ResourceGroupName);
this.WriteObject(attestation);
}
public async Task GetAttestationPolicy()
{
var tokenOptions = new AttestationTokenValidationOptions();
tokenOptions.TokenValidated += (AttestationTokenValidationEventArgs args) => { args.IsValid = true; return(Task.CompletedTask); };
var client = new AttestationAdministrationClient(new Uri(TestEnvironment.AadAttestationUrl), new DefaultAzureCredential());
var attestClient = new AttestationClient(new Uri(TestEnvironment.AadAttestationUrl), new DefaultAzureCredential(),
new AttestationClientOptions(tokenOptions: tokenOptions));
;
IReadOnlyList <AttestationSigner> signingCertificates = attestClient.GetSigningCertificates().Value;
var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave);
var result = policyResult.Value;
}
public async Task RunAsync()
{
// Fetch file
var enclaveInfo = await EnclaveInfo.CreateFromFileAsync(this.fileName);
// Send to service for attestation
string endpoint = "https://" + this.attestDnsName;
// Send to service for attestation
var options = new AttestationClientOptions(tokenOptions: new AttestationTokenValidationOptions
{
ExpectedIssuer = endpoint,
ValidateIssuer = true,
}
);
options.TokenOptions.TokenValidated += (args) =>
{
// Analyze results
Logger.WriteBanner("IN VALIDATION CALLBACK, VALIDATING MAA JWT TOKEN - BASICS");
JwtValidationHelper.ValidateMaaJwt(attestDnsName, args.Token, args.Signer, this.includeDetails);
args.IsValid = true;
return(Task.CompletedTask);
};
var maaService = new AttestationClient(new Uri(endpoint), new DefaultAzureCredential(), options);
BinaryData openEnclaveReport = BinaryData.FromBytes(HexHelper.ConvertHexToByteArray(enclaveInfo.QuoteHex));
BinaryData runtimeData = BinaryData.FromBytes(HexHelper.ConvertHexToByteArray(enclaveInfo.EnclaveHeldDataHex));
var serviceResponse = await maaService.AttestOpenEnclaveAsync(
new AttestationRequest
{
Evidence = openEnclaveReport,
RuntimeData = new AttestationData(runtimeData, false),
});
var serviceJwtToken = serviceResponse.Token.ToString();
Logger.WriteBanner("VALIDATING MAA JWT TOKEN - MATCHES CLIENT ENCLAVE INFO");
enclaveInfo.CompareToMaaServiceJwtToken(serviceResponse.Value, this.includeDetails);
}
public override void ExecuteCmdlet()
{
var resolvedResourceId = (InputObject != null) ? InputObject.Id : ResourceId;
if (resolvedResourceId != null)
{
var resourceIdentifier = new ResourceIdentifier(resolvedResourceId);
Name = resourceIdentifier.ResourceName;
ResourceGroupName = resourceIdentifier.ResourceGroupName;
}
if (ShouldProcess(Name, "RemoveAttestation"))
{
AttestationClient.DeleteAttestation(Name, ResourceGroupName);
if (PassThru)
{
WriteObject(true);
}
}
}
public override void ExecuteCmdlet()
{
if (ResourceId != null)
{
var resourceIdentifier = new ResourceIdentifier(ResourceId);
Name = resourceIdentifier.ResourceName;
ResourceGroupName = resourceIdentifier.ResourceGroupName;
}
if (string.IsNullOrEmpty(Name))
{
throw new CloudException(string.Format("ResourceNotSpecified", Name));
}
if (string.IsNullOrEmpty(ResourceGroupName))
{
throw new CloudException(string.Format("ResourceGroupNotSpecified", ResourceGroupName));
}
PSAttestation attestation = AttestationClient.GetAttestation(Name, ResourceGroupName);
this.WriteObject(attestation);
}
