public async Task ProvisioningServiceClient_GetIndividualEnrollmentAttestation(AttestationMechanismType attestationType)
{
ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
IndividualEnrollment individualEnrollment = await CreateIndividualEnrollment(provisioningServiceClient, attestationType, null, AllocationPolicy.Static, null, null, null);
AttestationMechanism attestationMechanism = await provisioningServiceClient.GetIndividualEnrollmentAttestationAsync(individualEnrollment.RegistrationId);
if (attestationType == AttestationMechanismType.SymmetricKey)
{
Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((SymmetricKeyAttestation)individualEnrollment.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(((SymmetricKeyAttestation)individualEnrollment.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((X509Attestation)individualEnrollment.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint);
Assert.AreEqual(((X509Attestation)individualEnrollment.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
else
{
Assert.AreEqual(AttestationMechanismType.Tpm, attestationMechanism.Type);
TpmAttestation tpmAttestation = (TpmAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((TpmAttestation)individualEnrollment.Attestation).EndorsementKey, tpmAttestation.EndorsementKey);
Assert.AreEqual(((TpmAttestation)individualEnrollment.Attestation).StorageRootKey, tpmAttestation.StorageRootKey);
}
}
public void AttestationMechanismConstructorJSONSucceedOnSymmetricKeyType()
{
// arrange
string samplePrimaryKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("000000000000000000"));
string sampleSecondaryKey = Convert.ToBase64String(Encoding.UTF8.GetBytes("111111111111111111"));
string symmetricKeyJson =
"{\n" +
" \"type\":\"symmetricKey\",\n" +
" \"symmetricKey\":{\n" +
" \"primaryKey\":\"" + samplePrimaryKey + "\",\n" +
" \"secondaryKey\":\"" + sampleSecondaryKey + "\"\n" +
" }\n" +
"}";
// act
AttestationMechanism attestationMechanism = JsonConvert.DeserializeObject <AttestationMechanism>(symmetricKeyJson);
//assert
Assert.IsNotNull(attestationMechanism);
Assert.IsTrue(attestationMechanism.Type == AttestationMechanismType.SymmetricKey);
Assert.IsTrue(attestationMechanism.GetAttestation() is SymmetricKeyAttestation);
var symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(samplePrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(sampleSecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
public async Task ProvisioningServiceClient_GetIndividualEnrollmentAttestation(AttestationMechanismType attestationType)
{
using var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(TestConfiguration.Provisioning.ConnectionString);
string registrationId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
IndividualEnrollment individualEnrollment = await CreateIndividualEnrollmentAsync(
provisioningServiceClient,
registrationId,
attestationType,
null,
null,
AllocationPolicy.Static,
null,
null,
null,
Logger)
.ConfigureAwait(false);
AttestationMechanism attestationMechanism = null;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
attestationMechanism = await provisioningServiceClient.GetIndividualEnrollmentAttestationAsync(individualEnrollment.RegistrationId);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (attestationMechanism == null)
{
throw new ArgumentException($"The attestation mechanism for enrollment with registration Id {individualEnrollment.RegistrationId} could not retrieved, exiting test.");
}
if (attestationType == AttestationMechanismType.SymmetricKey)
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.SymmetricKey);
var symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
symmetricKeyAttestation.PrimaryKey.Should().Be(((SymmetricKeyAttestation)individualEnrollment.Attestation).PrimaryKey);
symmetricKeyAttestation.SecondaryKey.Should().Be(((SymmetricKeyAttestation)individualEnrollment.Attestation).SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.X509);
var x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint.Should().Be(((X509Attestation)individualEnrollment.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint);
x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint.Should().Be(((X509Attestation)individualEnrollment.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
else
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.Tpm);
var tpmAttestation = (TpmAttestation)attestationMechanism.GetAttestation();
tpmAttestation.EndorsementKey.Should().Be(((TpmAttestation)individualEnrollment.Attestation).EndorsementKey);
tpmAttestation.StorageRootKey.Should().Be(((TpmAttestation)individualEnrollment.Attestation).StorageRootKey);
}
}
public void AttestationMechanismConstructorSucceedOnTPMAttestation()
{
// arrange - act
AttestationMechanism attestationMechanism = new AttestationMechanism(SampleTpmAttestation);
// assert
Assert.IsNotNull(attestationMechanism);
Assert.AreEqual(SampleEndorsementKey, ((TpmAttestation)attestationMechanism.GetAttestation()).EndorsementKey);
Assert.AreEqual(AttestationMechanismType.Tpm, attestationMechanism.Type);
}
public void AttestationMechanismConstructorJSONSucceedForX509()
{
// arrange
AttestationMechanism attestationMechanism = JsonConvert.DeserializeObject <AttestationMechanism>(SampleX509AttestationJson);
// act - assert
Assert.IsNotNull(attestationMechanism);
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
Assert.IsTrue(attestationMechanism.GetAttestation() is X509Attestation);
}
public void AttestationMechanismConstructorSucceedOnX509Attestation()
{
// arrange - act
AttestationMechanism attestationMechanism = new AttestationMechanism(SampleX509RootAttestation);
// assert
Assert.IsNotNull(attestationMechanism);
Assert.AreEqual(SamplePublicKeyCertificateString, ((X509Attestation)attestationMechanism.GetAttestation()).RootCertificates.Primary.Certificate);
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
}
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType)
{
using var provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(TestConfiguration.Provisioning.ConnectionString);
string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroupAsync(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null, Logger);
AttestationMechanism attestationMechanism = null;
await RetryOperationHelper
.RetryOperationsAsync(
async() =>
{
attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId);
},
s_provisioningServiceRetryPolicy,
s_retryableExceptions,
Logger)
.ConfigureAwait(false);
if (attestationMechanism == null)
{
throw new ArgumentException($"The attestation mechanism for enrollment with group Id {enrollmentGroup.EnrollmentGroupId} could not retrieved, exiting test.");
}
// Note that tpm is not a supported attestation type for group enrollments
if (attestationType == AttestationMechanismType.SymmetricKey)
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.SymmetricKey);
var symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
symmetricKeyAttestation.PrimaryKey.Should().Be(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey);
symmetricKeyAttestation.SecondaryKey.Should().Be(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
attestationMechanism.Type.Should().Be(AttestationMechanismType.X509);
var x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint.Should().Be(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint);
x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint.Should().Be(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
}
public async Task <ActionResult> GetDpsEnrollment(string registrationId)
{
IndividualEnrollment enrollment;
DPS_ENROLLMENT_DATA enrollmentData = new DPS_ENROLLMENT_DATA();
try
{
// retrieve the enrollment
enrollment = await _helper.GetDpsEnrollment(registrationId).ConfigureAwait(false);
if (enrollment == null)
{
_logger.LogWarning($"Individual enrollment {registrationId} not found");
return(BadRequest());
}
AttestationMechanism attestationMechanism = await _helper.GetDpsAttestationMechanism(registrationId).ConfigureAwait(false);
if (attestationMechanism == null)
{
_logger.LogWarning($"Attestation Mechanism for {registrationId} not found");
return(BadRequest());
}
if (attestationMechanism.Type.Equals(AttestationMechanismType.SymmetricKey))
{
SymmetricKeyAttestation attestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
enrollmentData.registrationId = enrollment.RegistrationId;
enrollmentData.primaryKey = attestation.PrimaryKey;
enrollmentData.secondaryKey = attestation.SecondaryKey;
enrollmentData.status = enrollment.ProvisioningStatus.ToString();
}
}
catch (Exception e)
{
_logger.LogError($"Exception in GetEnrollment() : {e.Message}");
}
return(Json(enrollmentData));
}
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType)
{
ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null);
AttestationMechanism attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId);
// Note that tpm is not a supported attestation type for group enrollments
if (attestationType == AttestationMechanismType.SymmetricKey)
{
Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint);
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
}