File: verify_service_async.py

package info (click to toggle)
python-azure 20250603%2Bgit-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 851,724 kB
  • sloc: python: 7,362,925; ansic: 804; javascript: 287; makefile: 195; sh: 145; xml: 109
file content (121 lines) | stat: -rw-r--r-- 5,024 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# -------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for
# license information.
# --------------------------------------------------------------------------

"""
FILE: verify_service_async.py
DESCRIPTION:
    This sample demonstrates methods that may be used to check conditions about the Confidential
    Ledger service. This sample will print the results of verification methods.
USAGE:
    python verify_service_async.py
    Set the environment variables with your own values before running the sample:
    1) CONFIDENTIALLEDGER_ENDPOINT - the endpoint of the Confidential Ledger.
"""

import asyncio
import hashlib
import logging
import os
import sys
import tempfile

from azure.confidentialledger.aio import ConfidentialLedgerClient
from azure.confidentialledger.certificate.aio import (
    ConfidentialLedgerCertificateClient,
)
from azure.identity.aio import DefaultAzureCredential


logging.basicConfig(level=logging.ERROR)
LOG = logging.getLogger()


async def main():
    # Set the values of the client ID, tenant ID, and client secret of the AAD application as
    # environment variables:
    #   AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_CLIENT_SECRET, CONFIDENTIALLEDGER_ENDPOINT
    try:
        ledger_endpoint = os.environ["CONFIDENTIALLEDGER_ENDPOINT"]
    except KeyError:
        LOG.error(
            "Missing environment variable 'CONFIDENTIALLEDGER_ENDPOINT' - "
            "please set it before running the example"
        )
        sys.exit(1)

    # Under the current URI format, the ledger id is the first part of the ledger endpoint.
    # i.e. https://<ledger id>.confidential-ledger.azure.com
    ledger_id = ledger_endpoint.replace("https://", "").split(".")[0]

    identity_service_client = ConfidentialLedgerCertificateClient()  # type: ignore[call-arg]
    async with identity_service_client:
        ledger_certificate = await identity_service_client.get_ledger_identity(
            ledger_id
        )

    # The Confidential Ledger's TLS certificate must be written to a file to be used by the
    # ConfidentialLedgerClient. Here, we write it to a temporary file so that is is cleaned up
    # automatically when the program exits.
    with tempfile.TemporaryDirectory() as tempdir:
        ledger_cert_file = os.path.join(tempdir, f"{ledger_id}.pem")
        with open(ledger_cert_file, "w") as outfile:
            outfile.write(ledger_certificate["ledgerTlsCertificate"])

        print(
            f"Ledger certificate has been written to {ledger_cert_file}. "
            "It will be deleted when the script completes."
        )

        # Build a client through AAD
        credential = DefaultAzureCredential()
        ledger_client = ConfidentialLedgerClient(
            ledger_endpoint,
            credential=credential,
            ledger_certificate_path=ledger_cert_file,
        )

        # Using the async objects as a context manager ensures they are properly closed after use.
        async with credential:
            async with ledger_client:
                print("Retrieving information that can be used to validate a Confidential Ledger.")
                print(
                    "Consortium members can manage and alter the "
                    "Confidential Ledger. Microsoft participates in the consortium to maintain the "
                    "Confidential Ledger instance."
                )
                consortium = ledger_client.list_consortium_members()
                async for member in consortium:
                    print(
                        f'\tMember {member["id"]} has certificate (truncated) '
                        f'{member["certificate"][:24]}...'
                    )

                print(
                    "The constitution is a collection of JavaScript code that defines actions "
                    "available to members and vets proposals by members to execute those actions."
                )

                constitution = await ledger_client.get_constitution()
                assert (
                    constitution["digest"].lower() ==
                    hashlib.sha256(constitution["script"].encode()).hexdigest().lower()
                )
                print(f'\tConstitution (truncated): {constitution["script"][:24]}...')
                print(f'\tConstitution digest: {constitution["digest"]}')

                print(
                    "Enclave quotes contain material that can be used to cryptographically verify "
                    "the validity and contents of an enclave."
                )
                ledger_enclaves = await ledger_client.get_enclave_quotes()
                for node_id, quote in ledger_enclaves["enclaveQuotes"].items():
                    print(
                        f"\tMRENCLAVE for node {node_id}: {quote['mrenclave']}"
                    )


if __name__ == "__main__":
    asyncio.run(main())