/// <inheritdoc/>
public override void Write(Utf8JsonWriter writer, StoredAttestationPolicy value, JsonSerializerOptions options)
{
writer.WriteStartObject();
writer.WritePropertyName("AttestationPolicy");
writer.WriteStringValue(Base64Url.EncodeString(value.AttestationPolicy));
writer.WriteEndObject();
}
public async Task SettingAttestationPolicy()
{
var endpoint = TestEnvironment.AadAttestationUrl;
#region Snippet:GetPolicy
var client = new AttestationAdministrationClient(new Uri(endpoint), new DefaultAzureCredential());
var policyResult = await client.GetPolicyAsync(AttestationType.SgxEnclave);
var result = policyResult.Value.AttestationPolicy;
#endregion
#region Snippet:SetPolicy
string attestationPolicy = "version=1.0; authorizationrules{=> permit();}; issuancerules{};";
var policyTokenSigner = TestEnvironment.PolicyCertificate0;
AttestationToken policySetToken = new SecuredAttestationToken(
new StoredAttestationPolicy {
AttestationPolicy = Base64Url.EncodeString(attestationPolicy),
},
TestEnvironment.PolicySigningKey0,
policyTokenSigner);
var setResult = client.SetPolicy(AttestationType.SgxEnclave, policySetToken);
#endregion
var resetResult = client.ResetPolicy(AttestationType.SgxEnclave);
// When the attestation instance is in Isolated mode, the ResetPolicy API requires using a signing key/certificate to authorize the user.
var resetResult2 = client.ResetPolicy(
AttestationType.SgxEnclave,
new SecuredAttestationToken(TestEnvironment.PolicySigningKey0, policyTokenSigner));
return;
}
public string ExportToHeaderString()
{
var jsonValue = JsonConvert.SerializeObject(this, new JsonSerializerSettings {
ContractResolver = new CamelCasePropertyNamesContractResolver()
});
return(Base64Url.EncodeString(jsonValue));
}
private string GetMockJwt(TimeSpan expireIn)
{
long expireOn = (DateTimeOffset.UtcNow + expireIn).ToUnixTimeSeconds();
string decodedHeader = "{header}";
string decodedBody = $"{{ \"exp\": {expireOn} }}";
string decodedSignature = "{signature}";
return($"{Base64Url.EncodeString(decodedHeader)}.{Base64Url.EncodeString(decodedBody)}.{Base64Url.EncodeString(decodedSignature)}");
}
public void ValidateEncodeDecodeStringZeroLength()
{
var data = string.Empty;
var encoded = Base64Url.EncodeString(data);
Assert.AreEqual(string.Empty, encoded);
var decoded = Base64Url.DecodeString(encoded);
Assert.AreEqual(data, decoded);
}
public ContainerRegistryRecordedTestSanitizer()
{
DateTimeOffset expiresOn = DateTimeOffset.UtcNow + TimeSpan.FromDays(365 * 30); // Never expire in software years
string encodedBody = Base64Url.EncodeString($"{{\"exp\":{expiresOn.ToUnixTimeSeconds()}}}");
var jwtSanitizedValue = $"{SanitizeValue}.{encodedBody}.{SanitizeValue}";
AddJsonPathSanitizer("$..refresh_token", _ => JToken.FromObject(jwtSanitizedValue));
FormEncodedBodySanitizers.Add("access_token");
FormEncodedBodySanitizers.Add("refresh_token");
}
public ContainerRegistryRecordedTestBase(bool isAsync, RecordedTestMode?mode = default) : base(isAsync, mode)
{
DateTimeOffset expiresOn = DateTimeOffset.UtcNow + TimeSpan.FromDays(365 * 30); // Never expire in software years
string encodedBody = Base64Url.EncodeString($"{{\"exp\":{expiresOn.ToUnixTimeSeconds()}}}");
var jwtSanitizedValue = $"{SanitizeValue}.{encodedBody}.{SanitizeValue}";
BodyKeySanitizers.Add(new BodyKeySanitizer(jwtSanitizedValue)
{
JsonPath = "$..refresh_token"
});
BodyRegexSanitizers.Add(new BodyRegexSanitizer(@"access_token=(?<group>.*?)(?=&|$)", SanitizeValue)
{
GroupForReplace = "group"
});
BodyRegexSanitizers.Add(new BodyRegexSanitizer(@"refresh_token=(?<group>.*?)(?=&|$)", SanitizeValue)
{
GroupForReplace = "group"
});
}
public void ValidateEncodeDecodeStringRandom()
{
var seed = new Random().Next();
var rand = new Random(seed);
for (int i = 1; i <= 512; i++)
{
for (int j = 0; j < 32; j++)
{
var data = GenerateRandomString(rand, i);
var encoded = Base64Url.EncodeString(data);
var decoded = Base64Url.DecodeString(encoded);
Assert.AreEqual(data, decoded, "String round trip failed. Seed {0}", seed);
}
}
}
private static string CreateUnsealedJwt(object body)
{
string returnValue = "eyJhbGciOiJub25lIn0.";
string encodedDocument;
if (body != null)
{
string bodyString = JsonSerializer.Serialize(body);
// Either base64 or json encode the policy depending on the setting of the encodePolicyBody parameter.
encodedDocument = Base64Url.EncodeString(bodyString);
}
else
{
encodedDocument = string.Empty;
}
returnValue += encodedDocument;
returnValue += ".";
return(returnValue);
}
public string ExportToHeaderString()
{
var jsonValue = JsonConvert.SerializeObject(this);
return(Base64Url.EncodeString(jsonValue));
}