private async Task ResetAttestationPolicy(AttestationAdministrationClient adminClient, AttestationType attestationType, bool isSecuredToken, bool isIsolated)
{
X509Certificate2 x509Certificate = null;
RSA rsaKey = null;
if (isSecuredToken)
{
if (isIsolated)
{
x509Certificate = TestEnvironment.PolicyManagementCertificate;
rsaKey = TestEnvironment.PolicyManagementKey;
}
else
{
x509Certificate = TestEnvironment.PolicyCertificate0;
rsaKey = TestEnvironment.PolicySigningKey0;
}
}
else
{
}
var policySetResult = await adminClient.ResetPolicyAsync(AttestationType.OpenEnclave, (rsaKey != null ? new TokenSigningKey(rsaKey, x509Certificate) : null));
Assert.AreEqual(200, policySetResult.GetRawResponse().Status);
Assert.AreEqual(PolicyModification.Removed, policySetResult.Value.PolicyResolution);
}
public async Task SetPolicySecured(AttestationAdministrationClient adminClient, bool isIsolated)
{
// Reset the current attestation policy to a known state. Necessary if there were previous runs that failed.
await ResetAttestationPolicy(adminClient, AttestationType.OpenEnclave, true, isIsolated);
string originalPolicy = await adminClient.GetPolicyAsync(AttestationType.OpenEnclave);
X509Certificate2 x509Certificate;
RSA rsaKey;
if (isIsolated)
{
x509Certificate = TestEnvironment.PolicyManagementCertificate;
rsaKey = TestEnvironment.PolicyManagementKey;
}
else
{
x509Certificate = TestEnvironment.PolicyCertificate0;
rsaKey = TestEnvironment.PolicySigningKey0;
}
byte[] disallowDebuggingHash;
{
var policySetResult = await adminClient.SetPolicyAsync(AttestationType.OpenEnclave, disallowDebugging, new TokenSigningKey(rsaKey, x509Certificate));
var shaHasher = SHA256Managed.Create();
var policySetToken = new AttestationToken(
new StoredAttestationPolicy {
AttestationPolicy = disallowDebugging
}, new TokenSigningKey(rsaKey, x509Certificate));
disallowDebuggingHash = shaHasher.ComputeHash(Encoding.UTF8.GetBytes(policySetToken.ToString()));
Assert.AreEqual(200, policySetResult.GetRawResponse().Status);
Assert.AreEqual(PolicyModification.Updated, policySetResult.Value.PolicyResolution);
CollectionAssert.AreEqual(disallowDebuggingHash, policySetResult.Value.PolicyTokenHash);
Assert.AreEqual(x509Certificate, policySetResult.Value.PolicySigner.SigningCertificates[0]);
}
{
var policyResult = await adminClient.GetPolicyAsync(AttestationType.OpenEnclave);
Assert.AreEqual(disallowDebugging, policyResult.Value);
}
{
var policySetResult = await adminClient.ResetPolicyAsync(AttestationType.OpenEnclave, new TokenSigningKey(rsaKey, x509Certificate));
Assert.AreEqual(200, policySetResult.GetRawResponse().Status);
Assert.AreEqual(PolicyModification.Removed, policySetResult.Value.PolicyResolution);
}
{
var policyResult = await adminClient.GetPolicyAsync(AttestationType.OpenEnclave);
// And when we're done, policy should be reset to the original value.
Assert.AreEqual(originalPolicy, policyResult.Value);
}
}