public void AttestationMechanism_ConstructorJSON_SucceedForX509()
{
// arrange
AttestationMechanism attestationMechanism = JsonConvert.DeserializeObject <AttestationMechanism>(SampleX509AttestationJson);
// act - assert
Assert.IsNotNull(attestationMechanism);
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
Assert.IsTrue(attestationMechanism.GetAttestation() is X509Attestation);
}
public void AttestationMechanism_Constructor_SucceedOnX509Attestation()
{
// arrange - act
AttestationMechanism attestationMechanism = new AttestationMechanism(SampleX509RootAttestation);
// assert
Assert.IsNotNull(attestationMechanism);
Assert.AreEqual(SamplePublicKeyCertificateString, ((X509Attestation)attestationMechanism.GetAttestation()).RootCertificates.Primary.Certificate);
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
}
public void AttestationMechanismConstructorSucceedOnTPMAttestation()
{
// arrange - act
AttestationMechanism attestationMechanism = new AttestationMechanism(SampleTpmAttestation);
// assert
Assert.IsNotNull(attestationMechanism);
Assert.AreEqual(SampleEndorsementKey, ((TpmAttestation)attestationMechanism.GetAttestation()).EndorsementKey);
Assert.AreEqual(AttestationMechanismType.Tpm, attestationMechanism.Type);
}
/**********************************************************************************
* Retrieve attestation from DPS
*********************************************************************************/
public async Task <AttestationMechanism> GetDpsAttestationMechanism(string registrationId)
{
AttestationMechanism attestation = null;
try
{
attestation = await _provisioningServiceClient.GetIndividualEnrollmentAttestationAsync(registrationId).ConfigureAwait(false);
}
catch (Exception e)
{
_logger.LogError($"Exception in GetDpsEnrollment() : {e.Message}");
}
return(attestation);
}
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType)
{
using var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(TestConfiguration.Provisioning.ConnectionString);
string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroupAsync(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null, Logger);
AttestationMechanism attestationMechanism = null;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (attestationMechanism == null)
{
throw new ArgumentException($"The attestation mechanism for enrollment with group Id {enrollmentGroup.EnrollmentGroupId} could not retrieved, exiting test.");
}
// Note that tpm is not a supported attestation type for group enrollments
if (attestationType == AttestationMechanismType.SymmetricKey)
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.SymmetricKey);
var symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
symmetricKeyAttestation.PrimaryKey.Should().Be(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey);
symmetricKeyAttestation.SecondaryKey.Should().Be(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.X509);
var x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint.Should().Be(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint);
x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint.Should().Be(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
}
public async Task <ActionResult> GetDpsEnrollment(string registrationId)
{
IndividualEnrollment enrollment;
DPS_ENROLLMENT_DATA enrollmentData = new DPS_ENROLLMENT_DATA();
try
{
// retrieve the enrollment
enrollment = await _helper.GetDpsEnrollment(registrationId).ConfigureAwait(false);
if (enrollment == null)
{
_logger.LogWarning($"Individual enrollment {registrationId} not found");
return(BadRequest());
}
AttestationMechanism attestationMechanism = await _helper.GetDpsAttestationMechanism(registrationId).ConfigureAwait(false);
if (attestationMechanism == null)
{
_logger.LogWarning($"Attestation Mechanism for {registrationId} not found");
return(BadRequest());
}
if (attestationMechanism.Type.Equals(AttestationMechanismType.SymmetricKey))
{
SymmetricKeyAttestation attestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
enrollmentData.registrationId = enrollment.RegistrationId;
enrollmentData.primaryKey = attestation.PrimaryKey;
enrollmentData.secondaryKey = attestation.SecondaryKey;
enrollmentData.status = enrollment.ProvisioningStatus.ToString();
}
}
catch (Exception e)
{
_logger.LogError($"Exception in GetEnrollment() : {e.Message}");
}
return(Json(enrollmentData));
}
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType)
{
ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null);
AttestationMechanism attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId);
// Note that tpm is not a supported attestation type for group enrollments
if (attestationType == AttestationMechanismType.SymmetricKey)
{
Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint);
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
}
