AttestationResult TpmCertOperations::IsAkCertProvisioned()

in client-library/src/Attestation/AttestationClient/lib/TpmCertOperations.cpp [283:345]

• 54 lines of code
• 10 McCabe index (conditional complexity)

AttestationResult TpmCertOperations::IsAkCertProvisioned(X509* ak_cert_x509) {
	
	constexpr char Trusted_VM_CERT_ISSUER_NAME_PREFIX[] = "/CN=MICROSOFT AZURE TRUSTED VM RSA";
	AttestationResult result = AttestationResult(AttestationResult::ErrorCode::SUCCESS);

	const char* cert_issuer_name = X509_NAME_oneline(X509_get_issuer_name(ak_cert_x509), 0, 0);
	std::string s_cert_issuer_name = std::string(cert_issuer_name);
	CLIENT_LOG_INFO("Ak Cert issuer name %s", s_cert_issuer_name.c_str());
	if (telemetry_reporting.get() != nullptr) {
        telemetry_reporting->UpdateEvent("AkCertProvisioning", 
													s_cert_issuer_name, 
													TelemetryReportingBase::EventLevel::AK_CERT_GET_ISSUER);
	}

	const char* cert_subject_name = X509_NAME_oneline(X509_get_subject_name(ak_cert_x509), 0, 0);
	std::string s_cert_subject_name = std::string(cert_subject_name);
	CLIENT_LOG_INFO("Ak Cert subject name %s", s_cert_subject_name.c_str());
	if (telemetry_reporting.get() != nullptr) {
        telemetry_reporting->UpdateEvent("AkCertProvisioning", 
													s_cert_subject_name, 
													TelemetryReportingBase::EventLevel::AK_CERT_GET_SUBJECT);
	}

	unsigned char ak_cert_thumbprint[SHA256_DIGEST_LENGTH];
	if (X509_digest(ak_cert_x509, EVP_sha256(), ak_cert_thumbprint, NULL) != 1) {
    	CLIENT_LOG_ERROR("X509_Digest() failed while calculating thumbprint");
		if(telemetry_reporting.get() != nullptr) {
        	telemetry_reporting->UpdateEvent("AkCertProvisioning", 
												"Failed while calculating thumbprint",
												TelemetryReportingBase::EventLevel::AK_CERT_PARSING_FAILURE);
		}
	}

	std::string s_ak_cert_thumbprint = attest::base64::binary_to_base64(std::vector<unsigned char>(ak_cert_thumbprint, ak_cert_thumbprint + sizeof(ak_cert_thumbprint)/sizeof(unsigned char))).c_str();
	if (telemetry_reporting.get() != nullptr) {
        telemetry_reporting->UpdateEvent("AkCertProvisioning", 
													s_ak_cert_thumbprint, 
													TelemetryReportingBase::EventLevel::AK_CERT_GET_THUMBPRINT);
	}

	std::string ak_pub;
	if ((result = ReadAikPubFromTpm(ak_pub)).code_ != AttestationResult::ErrorCode::SUCCESS) {
		if (telemetry_reporting.get()!= nullptr){
			telemetry_reporting->UpdateEvent("AkCertProvisioning",
												"Failed while reading AkPub" + result.description_,
												TelemetryReportingBase::EventLevel::AK_GET_PUB);
		}
	}

	if (telemetry_reporting.get() != nullptr) {
		telemetry_reporting->UpdateEvent("AkCertProvisioning", 
											ak_pub, 
											TelemetryReportingBase::EventLevel::AK_GET_PUB);
	}

	if (s_cert_issuer_name.find(std::string(Trusted_VM_CERT_ISSUER_NAME_PREFIX)) != std::string::npos) {
		result.code_ = AttestationResult::ErrorCode::ERROR_AK_CERT_PROVISIONING_FAILED;
		result.description_ = "AkCert provisioning failed";
		return result;
	}

	return result;
}