def test_immutable_release_policy(self, client, **kwargs):
attestation_uri = self._get_attestation_uri()
release_policy = get_release_policy(attestation_uri, immutable=True)
key_name = self.get_resource_name("key-name")
key = self._create_rsa_key(client,
key_name,
hardware_protected=True,
exportable=True,
release_policy=release_policy)
assert key.properties.release_policy.encoded_policy
assert key.properties.release_policy.immutable
new_release_policy_json = {
"anyOf": [{
"anyOf": [{
"claim": "sdk-test",
"equals": False
}],
"authority": attestation_uri.rstrip("/") + "/"
}],
"version":
"1.0.0"
}
policy_string = json.dumps(new_release_policy_json).encode()
new_release_policy = KeyReleasePolicy(policy_string, immutable=True)
with pytest.raises(HttpResponseError):
self._update_key_properties(client, key, new_release_policy)
async def test_imported_key_release(self, client, **kwargs):
attestation_uri = self._get_attestation_uri()
attestation = get_attestation_token(attestation_uri)
release_policy = get_release_policy(attestation_uri)
imported_key_name = self.get_resource_name("imported-key-name")
key = await self._import_test_key(
client, imported_key_name, hardware_protected=True, exportable=True, release_policy=release_policy
)
assert key.properties.release_policy
assert key.properties.release_policy.encoded_policy
assert key.properties.exportable
release_result = await client.release_key(imported_key_name, attestation)
assert release_result.value
def test_key_release(self, client, **kwargs):
attestation_uri = self._get_attestation_uri()
attestation = get_attestation_token(attestation_uri)
release_policy = get_release_policy(attestation_uri)
rsa_key_name = self.get_resource_name("rsa-key-name")
key = self._create_rsa_key(
client, rsa_key_name, hardware_protected=True, exportable=True, release_policy=release_policy
)
assert key.properties.release_policy
assert key.properties.release_policy.encoded_policy
assert key.properties.exportable
release_result = client.release_key(rsa_key_name, attestation)
assert release_result.value
def test_update_release_policy(self, client, **kwargs):
attestation_uri = self._get_attestation_uri()
release_policy = get_release_policy(attestation_uri)
key_name = self.get_resource_name("key-name")
key = self._create_rsa_key(client,
key_name,
hardware_protected=True,
exportable=True,
release_policy=release_policy)
policy = json.loads(
key.properties.release_policy.encoded_policy.decode())
claim_condition = policy["anyOf"][0]["anyOf"][0]["equals"]
# for some reason, claim_condition may be 'true' here for KV, but should be True here for MHSM
claim_condition = claim_condition if isinstance(
claim_condition, bool) else json.loads(claim_condition)
assert claim_condition is True
new_release_policy_json = {
"anyOf": [{
"anyOf": [{
"claim": "sdk-test",
"equals": False
}],
"authority": attestation_uri.rstrip("/") + "/"
}],
"version":
"1.0.0"
}
policy_string = json.dumps(new_release_policy_json).encode()
new_release_policy = KeyReleasePolicy(policy_string)
updated_key = self._update_key_properties(client, key,
new_release_policy)
updated_policy = json.loads(
updated_key.properties.release_policy.encoded_policy.decode())
claim_condition = updated_policy["anyOf"][0]["anyOf"][0]["equals"]
claim_condition = claim_condition if isinstance(
claim_condition, bool) else json.loads(claim_condition)
assert claim_condition is False
