def test_immutable_release_policy(self, client, **kwargs): attestation_uri = self._get_attestation_uri() release_policy = get_release_policy(attestation_uri, immutable=True) key_name = self.get_resource_name("key-name") key = self._create_rsa_key(client, key_name, hardware_protected=True, exportable=True, release_policy=release_policy) assert key.properties.release_policy.encoded_policy assert key.properties.release_policy.immutable new_release_policy_json = { "anyOf": [{ "anyOf": [{ "claim": "sdk-test", "equals": False }], "authority": attestation_uri.rstrip("/") + "/" }], "version": "1.0.0" } policy_string = json.dumps(new_release_policy_json).encode() new_release_policy = KeyReleasePolicy(policy_string, immutable=True) with pytest.raises(HttpResponseError): self._update_key_properties(client, key, new_release_policy)
def get_release_policy(attestation_uri): release_policy_json = { "anyOf": [{ "anyOf": [{ "claim": "sdk-test", "equals": True }], "authority": attestation_uri.rstrip("/") + "/" }], "version": "1.0.0" } policy_string = json.dumps(release_policy_json).encode() return KeyReleasePolicy(policy_string)
def test_update_release_policy(self, client, **kwargs): attestation_uri = self._get_attestation_uri() release_policy = get_release_policy(attestation_uri) key_name = self.get_resource_name("key-name") key = self._create_rsa_key(client, key_name, hardware_protected=True, exportable=True, release_policy=release_policy) policy = json.loads( key.properties.release_policy.encoded_policy.decode()) claim_condition = policy["anyOf"][0]["anyOf"][0]["equals"] # for some reason, claim_condition may be 'true' here for KV, but should be True here for MHSM claim_condition = claim_condition if isinstance( claim_condition, bool) else json.loads(claim_condition) assert claim_condition is True new_release_policy_json = { "anyOf": [{ "anyOf": [{ "claim": "sdk-test", "equals": False }], "authority": attestation_uri.rstrip("/") + "/" }], "version": "1.0.0" } policy_string = json.dumps(new_release_policy_json).encode() new_release_policy = KeyReleasePolicy(policy_string) updated_key = self._update_key_properties(client, key, new_release_policy) updated_policy = json.loads( updated_key.properties.release_policy.encoded_policy.decode()) claim_condition = updated_policy["anyOf"][0]["anyOf"][0]["equals"] claim_condition = claim_condition if isinstance( claim_condition, bool) else json.loads(claim_condition) assert claim_condition is False