private async Task ResetAttestationPolicy(AttestationAdministrationClient adminClient, AttestationType attestationType, bool isSecuredToken, bool isIsolated) { X509Certificate2 x509Certificate = null; RSA rsaKey = null; if (isSecuredToken) { if (isIsolated) { x509Certificate = TestEnvironment.PolicyManagementCertificate; rsaKey = TestEnvironment.PolicyManagementKey; } else { x509Certificate = TestEnvironment.PolicyCertificate0; rsaKey = TestEnvironment.PolicySigningKey0; } } else { } var policySetResult = await adminClient.ResetPolicyAsync(AttestationType.OpenEnclave, (rsaKey != null ? new TokenSigningKey(rsaKey, x509Certificate) : null)); Assert.AreEqual(200, policySetResult.GetRawResponse().Status); Assert.AreEqual(PolicyModification.Removed, policySetResult.Value.PolicyResolution); }
public async Task SetPolicySecured(AttestationAdministrationClient adminClient, bool isIsolated) { // Reset the current attestation policy to a known state. Necessary if there were previous runs that failed. await ResetAttestationPolicy(adminClient, AttestationType.OpenEnclave, true, isIsolated); string originalPolicy = await adminClient.GetPolicyAsync(AttestationType.OpenEnclave); X509Certificate2 x509Certificate; RSA rsaKey; if (isIsolated) { x509Certificate = TestEnvironment.PolicyManagementCertificate; rsaKey = TestEnvironment.PolicyManagementKey; } else { x509Certificate = TestEnvironment.PolicyCertificate0; rsaKey = TestEnvironment.PolicySigningKey0; } byte[] disallowDebuggingHash; { var policySetResult = await adminClient.SetPolicyAsync(AttestationType.OpenEnclave, disallowDebugging, new TokenSigningKey(rsaKey, x509Certificate)); var shaHasher = SHA256Managed.Create(); var policySetToken = new AttestationToken( new StoredAttestationPolicy { AttestationPolicy = disallowDebugging }, new TokenSigningKey(rsaKey, x509Certificate)); disallowDebuggingHash = shaHasher.ComputeHash(Encoding.UTF8.GetBytes(policySetToken.ToString())); Assert.AreEqual(200, policySetResult.GetRawResponse().Status); Assert.AreEqual(PolicyModification.Updated, policySetResult.Value.PolicyResolution); CollectionAssert.AreEqual(disallowDebuggingHash, policySetResult.Value.PolicyTokenHash); Assert.AreEqual(x509Certificate, policySetResult.Value.PolicySigner.SigningCertificates[0]); } { var policyResult = await adminClient.GetPolicyAsync(AttestationType.OpenEnclave); Assert.AreEqual(disallowDebugging, policyResult.Value); } { var policySetResult = await adminClient.ResetPolicyAsync(AttestationType.OpenEnclave, new TokenSigningKey(rsaKey, x509Certificate)); Assert.AreEqual(200, policySetResult.GetRawResponse().Status); Assert.AreEqual(PolicyModification.Removed, policySetResult.Value.PolicyResolution); } { var policyResult = await adminClient.GetPolicyAsync(AttestationType.OpenEnclave); // And when we're done, policy should be reset to the original value. Assert.AreEqual(originalPolicy, policyResult.Value); } }