/// <summary>
/// Attest an Open Enclave enclave.
/// </summary>
/// <param name="request">Aggregate type containing the information needed to perform an attestation operation.</param>
/// <param name="async">true if the API call should be asynchronous, false otherwise.</param>
/// <param name="cancellationToken">Cancellation token used to cancel the request.</param>
/// <returns>An <see cref="AttestationResponse{AttestationResult}"/> which contains the validated claims for the supplied <paramref name="request"/>.</returns>
/// <remarks>The <see cref="AttestationRequest.Evidence"/> must be an OpenEnclave Report or OpenEnclave Evidence.</remarks>
/// <seealso href="https://github.com/openenclave/openenclave"/> for more information.
private async Task <AttestationResponse <AttestationResult> > AttestOpenEnclaveInternalAsync(AttestationRequest request, bool async, CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(request, nameof(request));
Argument.AssertNotNull(request.Evidence, nameof(request.Evidence));
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationClient)}.{nameof(AttestOpenEnclave)}");
scope.Start();
try
{
var attestOpenEnclaveRequest = new AttestOpenEnclaveRequest
{
Report = request.Evidence.ToArray(),
DraftPolicyForAttestation = request.DraftPolicyForAttestation,
RuntimeData = null,
InitTimeData = null,
};
if (request.InittimeData != null)
{
attestOpenEnclaveRequest.InitTimeData = new InitTimeData
{
Data = request.InittimeData.BinaryData.ToArray(),
DataType = request.InittimeData.DataIsJson ? DataType.Json : DataType.Binary,
};
}
if (request.RuntimeData != null)
{
attestOpenEnclaveRequest.RuntimeData = new RuntimeData
{
Data = request.RuntimeData.BinaryData.ToArray(),
DataType = request.RuntimeData.DataIsJson ? DataType.Json : DataType.Binary,
};
}
var response = async ? await _restClient.AttestOpenEnclaveAsync(attestOpenEnclaveRequest, cancellationToken).ConfigureAwait(false)
: _restClient.AttestOpenEnclave(attestOpenEnclaveRequest, cancellationToken);
var attestationToken = AttestationToken.Deserialize(response.Value.Token, _clientDiagnostics);
if (_options.TokenOptions.ValidateToken)
{
var signers = await GetSignersAsync(async, cancellationToken).ConfigureAwait(false);
if (!await attestationToken.ValidateTokenInternal(_options.TokenOptions, signers, async, cancellationToken).ConfigureAwait(false))
{
AttestationTokenValidationFailedException.ThrowFailure(signers, attestationToken);
}
}
return(new AttestationResponse <AttestationResult>(response.GetRawResponse(), attestationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
public async Task <Response <AttestationResponse> > AttestOpenEnclaveAsync(AttestOpenEnclaveRequest request, CancellationToken cancellationToken = default)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
using var message = CreateAttestOpenEnclaveRequest(request);
await _pipeline.SendAsync(message, cancellationToken).ConfigureAwait(false);
switch (message.Response.Status)
{
case 200:
{
AttestationResponse value = default;
using var document = await JsonDocument.ParseAsync(message.Response.ContentStream, default, cancellationToken).ConfigureAwait(false);
value = AttestationResponse.DeserializeAttestationResponse(document.RootElement);
return(Response.FromValue(value, message.Response));
}
internal HttpMessage CreateAttestOpenEnclaveRequest(AttestOpenEnclaveRequest request)
{
var message = _pipeline.CreateMessage();
var request0 = message.Request;
request0.Method = RequestMethod.Post;
var uri = new RawRequestUriBuilder();
uri.AppendRaw(instanceUrl, false);
uri.AppendPath("/attest/OpenEnclave", false);
uri.AppendQuery("api-version", apiVersion, true);
request0.Uri = uri;
request0.Headers.Add("Accept", "application/json");
request0.Headers.Add("Content-Type", "application/json");
var content = new Utf8JsonRequestContent();
content.JsonWriter.WriteObjectValue(request);
request0.Content = content;
return(message);
}
/// <summary>
/// Attest an Open Enclave enclave.
/// </summary>
/// <param name="report">An Open Enclave "report".
/// See https://github.com/openenclave/openenclave for more information.</param>
/// <param name="initTimeData"></param>
/// <param name="initTimeDataIsObject"></param>
/// <param name="runTimeData">Data provided when the quote was generated.</param>
/// <param name="runTimeDataIsObject"></param>
/// <param name="async">true if the API call should be asynchronous, false otherwise.</param>
/// <param name="cancellationToken">Cancellation token used to cancel the request.</param>
/// <returns>An <see cref="AttestationResponse{AttestationResult}"/> which contains the validated claims for the supplied <paramref name="report"/>, <paramref name="runTimeData"/>, and <paramref name="initTimeData"/></returns>
private async Task <AttestationResponse <AttestationResult> > AttestOpenEnclaveInternalAsync(ReadOnlyMemory <byte> report, BinaryData initTimeData, bool initTimeDataIsObject, BinaryData runTimeData, bool runTimeDataIsObject, bool async, CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(runTimeData, nameof(runTimeData));
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationClient)}.{nameof(AttestOpenEnclave)}");
scope.Start();
try
{
AttestOpenEnclaveRequest request = new AttestOpenEnclaveRequest
{
Report = report.ToArray(),
InitTimeData = initTimeData != null ? new InitTimeData
{
Data = initTimeData.ToArray(),
DataType = initTimeDataIsObject ? DataType.Json : DataType.Binary,
} : null,
RuntimeData = runTimeData != null ? new RuntimeData
{
Data = runTimeData.ToArray(),
DataType = runTimeDataIsObject ? DataType.Json : DataType.Binary,
} : null,
};
var response = async ? await _restClient.AttestOpenEnclaveAsync(request, cancellationToken).ConfigureAwait(false)
: _restClient.AttestOpenEnclave(request, cancellationToken);
var attestationToken = new AttestationToken(response.Value.Token);
if (_options.TokenOptions.ValidateToken)
{
await attestationToken.ValidateTokenInternalAsync(_options.TokenOptions, await GetSignersAsync(cancellationToken).ConfigureAwait(false), async, cancellationToken).ConfigureAwait(false);
}
return(new AttestationResponse <AttestationResult>(response.GetRawResponse(), attestationToken));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}