public void X509AttestationGetX509CertificateInfoSucceedOnPrimaryAndSecondaryRoottCertificates()
{
// arrange
string json = MakeX509AttestationJson("signingCertificates");
X509Attestation attestation = Newtonsoft.Json.JsonConvert.DeserializeObject <X509Attestation>(json);
// act - assert
Assert.IsNotNull(attestation.GetPrimaryX509CertificateInfo());
Assert.IsNotNull(attestation.GetSecondaryX509CertificateInfo());
}
public void X509Attestation_GetX509CertificateInfo_SucceedOnPrimaryOnlyClientCertificates()
{
// arrange
string json = MakeX509AttestationJson("clientCertificates", true);
X509Attestation attestation = Newtonsoft.Json.JsonConvert.DeserializeObject <X509Attestation>(json);
// act - assert
Assert.IsNotNull(attestation.GetPrimaryX509CertificateInfo());
Assert.IsNull(attestation.GetSecondaryX509CertificateInfo());
}
public void X509AttestationGetX509CertificateInfoSucceedOnPrimaryAndSecondaryCAReferences()
{
// arrange
string json =
"{" +
" \"caReferences\": {" +
" \"primary\": \"" + CA_REFERENCE_STRING + "\"," +
" \"secondary\": \"" + CA_REFERENCE_STRING + "\"" +
" }" +
"}";
X509Attestation attestation = Newtonsoft.Json.JsonConvert.DeserializeObject <X509Attestation>(json);
// act - assert
Assert.IsNull(attestation.GetPrimaryX509CertificateInfo());
Assert.IsNull(attestation.GetSecondaryX509CertificateInfo());
}
public async Task ProvisioningServiceClient_GetEnrollmentGroupAttestation(AttestationMechanismType attestationType)
{
ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
string groupId = AttestationTypeToString(attestationType) + "-" + Guid.NewGuid();
EnrollmentGroup enrollmentGroup = await CreateEnrollmentGroup(provisioningServiceClient, attestationType, groupId, null, AllocationPolicy.Static, null, null, null);
AttestationMechanism attestationMechanism = await provisioningServiceClient.GetEnrollmentGroupAttestationAsync(enrollmentGroup.EnrollmentGroupId);
// Note that tpm is not a supported attestation type for group enrollments
if (attestationType == AttestationMechanismType.SymmetricKey)
{
Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(((SymmetricKeyAttestation)enrollmentGroup.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint);
Assert.AreEqual(((X509Attestation)enrollmentGroup.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
}
public async Task ProvisioningServiceClient_GetIndividualEnrollmentAttestation(AttestationMechanismType attestationType)
{
ProvisioningServiceClient provisioningServiceClient = ProvisioningServiceClient.CreateFromConnectionString(Configuration.Provisioning.ConnectionString);
IndividualEnrollment individualEnrollment = await CreateIndividualEnrollment(provisioningServiceClient, attestationType, null, AllocationPolicy.Static, null, null, null);
AttestationMechanism attestationMechanism = await provisioningServiceClient.GetIndividualEnrollmentAttestationAsync(individualEnrollment.RegistrationId);
if (attestationType == AttestationMechanismType.SymmetricKey)
{
Assert.AreEqual(AttestationMechanismType.SymmetricKey, attestationMechanism.Type);
SymmetricKeyAttestation symmetricKeyAttestation = (SymmetricKeyAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((SymmetricKeyAttestation)individualEnrollment.Attestation).PrimaryKey, symmetricKeyAttestation.PrimaryKey);
Assert.AreEqual(((SymmetricKeyAttestation)individualEnrollment.Attestation).SecondaryKey, symmetricKeyAttestation.SecondaryKey);
}
else if (attestationType == AttestationMechanismType.X509)
{
Assert.AreEqual(AttestationMechanismType.X509, attestationMechanism.Type);
X509Attestation x509Attestation = (X509Attestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((X509Attestation)individualEnrollment.Attestation).GetPrimaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetPrimaryX509CertificateInfo().SHA1Thumbprint);
Assert.AreEqual(((X509Attestation)individualEnrollment.Attestation).GetSecondaryX509CertificateInfo().SHA1Thumbprint, x509Attestation.GetSecondaryX509CertificateInfo().SHA1Thumbprint);
}
else
{
Assert.AreEqual(AttestationMechanismType.Tpm, attestationMechanism.Type);
TpmAttestation tpmAttestation = (TpmAttestation)attestationMechanism.GetAttestation();
Assert.AreEqual(((TpmAttestation)individualEnrollment.Attestation).EndorsementKey, tpmAttestation.EndorsementKey);
Assert.AreEqual(((TpmAttestation)individualEnrollment.Attestation).StorageRootKey, tpmAttestation.StorageRootKey);
}
}
