/// <summary> /// Attest an Intel SGX enclave. /// </summary> /// <param name="quote">An Intel SGX "quote". /// See https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html for more information.</param> /// <param name="initTimeData">Data provided when the enclave was created.</param> /// <param name="initTimeDataIsObject">true if the initTimeData parameter should be treated as an object, false if it should be treated as binary.</param> /// <param name="runTimeData">Data provided when the quote was generated.</param> /// <param name="runTimeDataIsObject">true if the runTimeData parameter should be treated as an object, false if it should be treated as binary.</param> /// <param name="async">true if the API call should be asynchronous, false otherwise.</param> /// <param name="cancellationToken">Cancellation token used to cancel the request.</param> /// <returns>An <see cref="AttestationResponse{AttestationResult}"/> which contains the validated claims for the supplied <paramref name="quote"/>, <paramref name="runTimeData"/>, and <paramref name="initTimeData"/></returns> private async Task <AttestationResponse <AttestationResult> > AttestSgxEnclaveInternal(ReadOnlyMemory <byte> quote, BinaryData initTimeData, bool initTimeDataIsObject, BinaryData runTimeData, bool runTimeDataIsObject, bool async, CancellationToken cancellationToken = default) { Argument.AssertNotNull(runTimeData, nameof(runTimeData)); using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationClient)}.{nameof(AttestSgxEnclave)}"); scope.Start(); try { var attestSgxEnclaveRequest = new AttestSgxEnclaveRequest { Quote = quote.ToArray(), InitTimeData = initTimeData != null ? new InitTimeData { Data = initTimeData.ToArray(), DataType = initTimeDataIsObject ? DataType.Json : DataType.Binary, } : null, RuntimeData = runTimeData != null ? new RuntimeData { Data = runTimeData.ToArray(), DataType = runTimeDataIsObject ? DataType.Json : DataType.Binary, } : null, }; Response <AttestationResponse> response; if (async) { response = await _restClient.AttestSgxEnclaveAsync(attestSgxEnclaveRequest, cancellationToken).ConfigureAwait(false); } else { response = _restClient.AttestSgxEnclave(attestSgxEnclaveRequest, cancellationToken); } var attestationToken = new AttestationToken(response.Value.Token); if (_options.TokenOptions.ValidateToken) { await attestationToken.ValidateTokenInternalAsync(_options.TokenOptions, await GetSignersAsync(cancellationToken).ConfigureAwait(false), async, cancellationToken).ConfigureAwait(false); } return(new AttestationResponse <AttestationResult>(response.GetRawResponse(), attestationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Attest an Intel SGX enclave. /// </summary> /// <param name="request">Aggregate type containing the information needed to perform an attestation operation.</param> /// <param name="async">true if the API call should be asynchronous, false otherwise.</param> /// <param name="cancellationToken">Cancellation token used to cancel the request.</param> /// <returns>An <see cref="AttestationResponse{AttestationResult}"/> which contains the validated claims for the supplied <paramref name="request"/></returns> /// <remarks>The <see cref="AttestationRequest.Evidence"/> must be an Intel SGX Quote. /// <seealso href="https://software.intel.com/content/www/us/en/develop/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example.html"/> for more information. ///</remarks> private async Task <AttestationResponse <AttestationResult> > AttestSgxEnclaveInternal(AttestationRequest request, bool async, CancellationToken cancellationToken = default) { Argument.AssertNotNull(request, nameof(request)); Argument.AssertNotNull(request.Evidence, nameof(request.Evidence)); using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationClient)}.{nameof(AttestSgxEnclave)}"); scope.Start(); try { var attestSgxEnclaveRequest = new AttestSgxEnclaveRequest { Quote = request.Evidence.ToArray(), DraftPolicyForAttestation = request.DraftPolicyForAttestation, }; if (request.InittimeData != null) { attestSgxEnclaveRequest.InitTimeData = new InitTimeData { Data = request.InittimeData.BinaryData.ToArray(), DataType = request.InittimeData.DataIsJson ? DataType.Json : DataType.Binary, }; } else { attestSgxEnclaveRequest.InitTimeData = null; } if (request.RuntimeData != null) { attestSgxEnclaveRequest.RuntimeData = new RuntimeData { Data = request.RuntimeData.BinaryData.ToArray(), DataType = request.RuntimeData.DataIsJson ? DataType.Json : DataType.Binary, }; } else { attestSgxEnclaveRequest.RuntimeData = null; } Response <AttestationResponse> response; if (async) { response = await _restClient.AttestSgxEnclaveAsync(attestSgxEnclaveRequest, cancellationToken).ConfigureAwait(false); } else { response = _restClient.AttestSgxEnclave(attestSgxEnclaveRequest, cancellationToken); } var attestationToken = AttestationToken.Deserialize(response.Value.Token, _clientDiagnostics); if (_options.TokenOptions.ValidateToken) { var signers = await GetSignersAsync(async, cancellationToken).ConfigureAwait(false); if (!await attestationToken.ValidateTokenInternal(_options.TokenOptions, signers, async, cancellationToken).ConfigureAwait(false)) { AttestationTokenValidationFailedException.ThrowFailure(signers, attestationToken); } } return(new AttestationResponse <AttestationResult>(response.GetRawResponse(), attestationToken)); } catch (Exception ex) { scope.Failed(ex); throw; } }