From 9673ed81642db7278be1598df160072fdca453ef Mon Sep 17 00:00:00 2001 From: beejones Date: Wed, 18 Sep 2024 10:11:53 +0000 Subject: [PATCH 1/4] Add script to add hostdata value to the key release policy --- scripts/add_hostdata_keyreleasepolicy.sh | 98 ++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100755 scripts/add_hostdata_keyreleasepolicy.sh diff --git a/scripts/add_hostdata_keyreleasepolicy.sh b/scripts/add_hostdata_keyreleasepolicy.sh new file mode 100755 index 00000000..8e984e31 --- /dev/null +++ b/scripts/add_hostdata_keyreleasepolicy.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT license. + +set -euo pipefail + +function usage { + echo "" + echo "Add hostdata to the key release policy." + echo "" + echo "usage: ./add_hostdata_keyreleasepolicy.sh --network-url string --hostdata string --certificate-dir string" + echo "" + echo " --network-url string ccf network url (example: https://test.confidential-ledger.azure.com)" + echo " --certificate-dir string The directory where the certificates are" + echo " --hostdata string hostdata value we want to add to the key release policy" + echo " --member-count number number of network members need to approve the proposal" + echo "" + exit 0 +} + +function failed { + printf "Script failed: %s\n\n" "$1" + exit 1 +} + +# Initialize the variables to empty strings +network_url="" +certificate_dir="" +hostdata="" +member_count=1 + +while [ $# -gt 0 ] +do + name="${1/--/}" + name="${name/-/_}" + case "--$name" in + --network_url) network_url="$2"; shift;; + --hostdata) hostdata="$2"; shift;; + --certificate_dir) certificate_dir="$2"; shift;; + --member_count) member_count=$2; shift;; + --help) usage; exit 0; shift;; + --) shift;; + esac + shift; +done + +# Escape double quotes +slurp_file() { + cat "$1" | sed 's/"/\\"/g' +} + +echo "Network URL: $network_url" +echo "Certificate Directory: $certificate_dir" +echo "Hostdata: $hostdata" + +# validate parameters +if [[ -z $network_url ]]; then + failed "Missing parameter --network-url" +elif [[ -z $certificate_dir ]]; then + failed "You must supply --certificate-dir" +elif [[ -z $hostdata ]]; then + failed "You must supply --hostdata" +fi + +common_dir=$certificate_dir # common folder + +service_cert="$certificate_dir/service_cert.pem" +signing_cert="$certificate_dir/member0_cert.pem" +signing_key="$certificate_dir/member0_privk.pem" + +echo "Add hostdata policy: $hostdata" +# Create the JSON content +json_key_release_policy=$(cat < "$common_dir/hostdata_krp.json" + +# Read the file and output its content as a string +#escaped_js=$(jq -Rs . < "$common_dir/constitution.js") +#serialized="$escaped_js" + +# propose and vote +./scripts/submit_proposal.sh --network-url "${network_url}" --proposal-file "$common_dir/hostdata_krp.json" --certificate-dir "${certificate_dir}" --member-count ${member_count} From 8c67428b4e7f0da2959eb4913ed96100742f49c0 Mon Sep 17 00:00:00 2001 From: beejones Date: Wed, 18 Sep 2024 13:45:13 +0000 Subject: [PATCH 2/4] add scripts/add_hostdata_keyreleasepolicy.sh to e2e tests --- test/e2e-test/src/index.ts | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/test/e2e-test/src/index.ts b/test/e2e-test/src/index.ts index 42814536..cb8edc96 100644 --- a/test/e2e-test/src/index.ts +++ b/test/e2e-test/src/index.ts @@ -126,8 +126,6 @@ class Demo { .replace(/\\n/g, "\n"); console.log(`Private wrapping key: `, private_wrapping_key); - process.chdir("../../"); - this.printTestSectionHeader("🔬 [TEST]: Key generation Service"); const notUndefinedString = (key: string | number | any[]) => { @@ -302,6 +300,33 @@ class Demo { } } while (statusCode !== 200); + + console.log(`📝 Get initial key-Bad hostdata in key release policy...`); + await Demo.executeCommand( + `./scripts/add_hostdata_keyreleasepolicy.sh --network_url $KMS_URL --certificate_dir $KEYS_DIR --hostdata 73973b78xxx`, + ); + [headers, statusCode, keyResponse] = await Api.key( + this.demoProps, + member, + attestation, + private_wrapping_key, + public_wrapping_key, + false, + undefined, + this.createHttpsAgent(member.id, AuthKinds.JWT), + access_token, + ).catch((error) => { + console.log(`keyInitial error: `, error); + throw error; + }); + console.log(`response bad hostdata: `, keyResponse); + Demo.assert("bad hostdata", statusCode == 400); + + // Set correct hostdata so the rest of test will pass + await Demo.executeCommand( + `./scripts/add_hostdata_keyreleasepolicy.sh --network_url $KMS_URL --certificate_dir $KEYS_DIR --hostdata 73973b78d70cc68353426de188db5dfc57e5b766e399935fb73a61127ea26d20`, + ); + // Test with JWT console.log(`📝 Get wrapped key with JWT...`); [headers, statusCode, keyResponse] = (await Api.key( From d96f7428ec4b81437df67574e13265018fe90ed7 Mon Sep 17 00:00:00 2001 From: beejones Date: Wed, 18 Sep 2024 15:17:06 +0000 Subject: [PATCH 3/4] display hostdata response --- test/e2e-test/src/index.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/e2e-test/src/index.ts b/test/e2e-test/src/index.ts index cb8edc96..fc03ea1d 100644 --- a/test/e2e-test/src/index.ts +++ b/test/e2e-test/src/index.ts @@ -302,9 +302,10 @@ class Demo { console.log(`📝 Get initial key-Bad hostdata in key release policy...`); - await Demo.executeCommand( + let hostdataResp = await Demo.executeCommand( `./scripts/add_hostdata_keyreleasepolicy.sh --network_url $KMS_URL --certificate_dir $KEYS_DIR --hostdata 73973b78xxx`, ); + console.log("hostdataResp: ", hostdataResp); [headers, statusCode, keyResponse] = await Api.key( this.demoProps, member, @@ -323,9 +324,10 @@ class Demo { Demo.assert("bad hostdata", statusCode == 400); // Set correct hostdata so the rest of test will pass - await Demo.executeCommand( + hostdataResp = await Demo.executeCommand( `./scripts/add_hostdata_keyreleasepolicy.sh --network_url $KMS_URL --certificate_dir $KEYS_DIR --hostdata 73973b78d70cc68353426de188db5dfc57e5b766e399935fb73a61127ea26d20`, ); + console.log("hostdataResp: ", hostdataResp); // Test with JWT console.log(`📝 Get wrapped key with JWT...`); From ab46f1aba9ab9ad3a40f50ea3e4f0305e86d2ac2 Mon Sep 17 00:00:00 2001 From: beejones Date: Thu, 19 Sep 2024 08:08:04 +0000 Subject: [PATCH 4/4] undo unit test because of lack of support for env variables to run script --- test/e2e-test/src/index.ts | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/test/e2e-test/src/index.ts b/test/e2e-test/src/index.ts index fc03ea1d..ed2f772a 100644 --- a/test/e2e-test/src/index.ts +++ b/test/e2e-test/src/index.ts @@ -301,33 +301,6 @@ class Demo { } while (statusCode !== 200); - console.log(`📝 Get initial key-Bad hostdata in key release policy...`); - let hostdataResp = await Demo.executeCommand( - `./scripts/add_hostdata_keyreleasepolicy.sh --network_url $KMS_URL --certificate_dir $KEYS_DIR --hostdata 73973b78xxx`, - ); - console.log("hostdataResp: ", hostdataResp); - [headers, statusCode, keyResponse] = await Api.key( - this.demoProps, - member, - attestation, - private_wrapping_key, - public_wrapping_key, - false, - undefined, - this.createHttpsAgent(member.id, AuthKinds.JWT), - access_token, - ).catch((error) => { - console.log(`keyInitial error: `, error); - throw error; - }); - console.log(`response bad hostdata: `, keyResponse); - Demo.assert("bad hostdata", statusCode == 400); - - // Set correct hostdata so the rest of test will pass - hostdataResp = await Demo.executeCommand( - `./scripts/add_hostdata_keyreleasepolicy.sh --network_url $KMS_URL --certificate_dir $KEYS_DIR --hostdata 73973b78d70cc68353426de188db5dfc57e5b766e399935fb73a61127ea26d20`, - ); - console.log("hostdataResp: ", hostdataResp); // Test with JWT console.log(`📝 Get wrapped key with JWT...`);