microsoft · beejones · Jul 25, 2024 · Jul 18, 2024 · Jul 18, 2024 · Jul 18, 2024
diff --git a/.devcontainer/Dockerfile.devcontainer b/.devcontainer/Dockerfile.devcontainer
@@ -1,7 +1,7 @@
 # Base container image which is built nightly
 # Used as a starting point to make building other containers fast
 
-ARG BASE_CCF_IMAGE=5.0.0-dev10-virtual
+ARG BASE_CCF_IMAGE=5.0.0-rc0-virtual
 ARG ENVIRONMENT=devcontainer
 
 # ignore this hadolint error as BASE_IMAGE contains an image tag
@@ -12,6 +12,8 @@ ENV NVM_DIR /root/.nvm
 ENV TINKEY_VERSION=tinkey-1.10.1
 COPY .devcontainer/install_packages.sh .devcontainer/install_nodejs.sh .devcontainer/setup_tinkey.sh /src/
 
+# "Install necessary packages."
 RUN /src/install_packages.sh
 RUN /src/install_nodejs.sh
 RUN /src/setup_tinkey.sh
+# "All necessary packages and tinkey setup completed."
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -4,7 +4,7 @@
     "dockerfile": "Dockerfile.devcontainer",
     "context": ".."
   },
-  "postCreateCommand": "cd /workspaces/azure-privacy-sandbox-kms && npm i && make build",
+  "postCreateCommand": "cd /workspaces/azure-privacy-sandbox-kms && scripts/set_python_env.sh && npm i && make build",
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {
       "version": "latest",
@@ -27,6 +27,5 @@
     "settings": {
       "editor.defaultFormatter": "ms-python.black-formatter"
     }
-  },
-  "postStartCommand": "pip install -r .devcontainer/requirements.txt && pre-commit install"
+  }
 }
diff --git a/.devcontainer/install_nodejs.sh b/.devcontainer/install_nodejs.sh
@@ -14,5 +14,5 @@ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
     && nvm install node \
     && nvm use node
 
-. $NVM_DIR/nvm.sh \
-    && npm install -g npm@latest
+echo "Install rollup"
+npm install -g [email protected]
diff --git a/.github/Dockerfile.ci b/.github/Dockerfile.ci
@@ -1,37 +1,17 @@
 # Base container image which is built nightly
 # Used as a starting point to make building other containers fast
 
-ARG BASE_CCF_IMAGE=5.0.0-dev10-virtual
+ARG BASE_CCF_IMAGE=5.0.0-rc0-virtual
 ARG ENVIRONMENT=ci
 
 # ignore this hadolint error as BASE_IMAGE contains an image tag
 # hadolint ignore=DL3006
 FROM mcr.microsoft.com/ccf/app/dev:${BASE_CCF_IMAGE} as base
 
-# Custom Deps
-RUN apt-get update && apt-get install -y \
-    python3-pip \
-    openssh-client \
-    make \
-    libuv1 \
-    jq \
-    lsof \
-    sudo \
-    tar \
-    default-jre
+COPY .devcontainer/install_packages.sh .devcontainer/install_nodejs.sh .devcontainer/setup_tinkey.sh /src/
 
-# Install Node.js
-RUN curl -fsSL https://deb.nodesource.com/setup_current.x | bash -
-RUN apt-get install -y nodejs
-RUN pip install --upgrade pip setuptools
-
-RUN apt-get -y autoremove \
- && apt-get -y clean
-
-# Setup tinkey
-ENV TINKEY_VERSION=tinkey-1.10.1
-RUN curl -O https://storage.googleapis.com/tinkey/$TINKEY_VERSION.tar.gz
-RUN tar -xzvf $TINKEY_VERSION.tar.gz
-RUN cp tinkey /usr/bin/
-RUN cp tinkey_deploy.jar /usr/bin/
-RUN rm tinkey tinkey_deploy.jar tinkey.bat $TINKEY_VERSION.tar.gz
+# "Install necessary packages."
+RUN /src/install_packages.sh
+RUN /src/install_nodejs.sh
+RUN /src/setup_tinkey.sh
+# "All necessary packages and tinkey setup completed."
diff --git a/.github/devcontainer.json b/.github/devcontainer.json
@@ -4,7 +4,7 @@
     "dockerfile": "Dockerfile.ci",
     "context": ".."
   },
-  "postCreateCommand": "cd /workspaces/azure-privacy-sandbox-kms && npm i && make build",
+  "postCreateCommand": "cd /workspaces/azure-privacy-sandbox-kms && scripts/set_python_env.sh && npm i && make build",
   "features": {
     "ghcr.io/devcontainers/features/docker-in-docker:2": {
       "version": "latest",

diff --git a/Makefile b/Makefile
@@ -124,6 +124,6 @@ lint: ## 🔍 Lint the code base (but don't fix)
 
 # Keep this at the bottom.
 clean: ## 🧹 Clean the working folders created during build/demo
-	@rm -rf .venv_ccf_sandbox
+	@rm -rf ${PYTHON_VENV}
 	@rm -rf ${KMS_WORKSPACE}
-	@rm -rf dist
+	@rm -rf dist
diff --git a/package.json b/package.json
@@ -11,50 +11,39 @@
     "node": ">=16"
   },
   "dependencies": {
-    "@bufbuild/buf": "^1.30.0",
-    "@bufbuild/protobuf": "^1.8.0",
-    "@bufbuild/protoc-gen-es": "^1.8.0",
-    "@microsoft/ccf-app": "^5.0.0-dev6",
-    "express": "^4.19.2",
-    "i": "^0.3.7",
-    "js-base64": "^3.5.2",
-    "jsrsasign": "^11.0.0",
-    "jsrsasign-util": "^1.0.2",
-    "jwt-decode": "^3.0.0",
-    "lodash-es": "^4.17.15",
-    "node-forge": "^1.3.1",
-    "npm": "^10.5.0",
-    "pem-jwk": "^2.0.0"
+    "@bufbuild/protobuf": "1.10.0",
+    "@microsoft/ccf-app": "5.0.0",
+    "js-base64": "3.7.7",
+    "node-forge": "1.3.1",
+    "npm": "10.8.2",
+    "pem-jwk": "2.0.0"
   },
   "devDependencies": {
-    "@babel/core": "^7.20.5",
-    "@babel/preset-env": "^7.20.2",
-    "@babel/preset-typescript": "^7.22.15",
-    "@jest/globals": "^29.7.0",
-    "@rollup/plugin-commonjs": "^17.1.0",
-    "@rollup/plugin-node-resolve": "^11.2.1",
-    "@rollup/plugin-typescript": "^8.2.0",
-    "@types/jasmine": "^4.3.0",
-    "@types/jest": "^29.5.5",
-    "@types/jsrsasign": "^8.0.7",
-    "@types/lodash-es": "^4.17.3",
-    "@types/node": "^18.18.13",
-    "axios": "^1.5.0",
-    "babel-jest": "^29.3.1",
-    "del-cli": "^5.0.0",
-    "http-server": "^0.13.0",
+    "@babel/core": "7.24.9",
+    "@babel/preset-env": "7.24.8",
+    "@babel/preset-typescript": "7.24.7",
+    "@jest/globals": "29.7.0",
+    "@rollup/plugin-commonjs": "26.0.1",
+    "@rollup/plugin-node-resolve": "15.2.3",
+    "@rollup/plugin-typescript": "11.1.6",
+    "@types/jasmine": "5.1.4",
+    "@types/jest": "29.5.12",
+    "@types/node": "20.14.11",
+    "axios": "1.7.2",
+    "babel-jest": "29.7.0",
+    "express": "4.19.2",
     "inquirer": "9.1.4",
-    "jest": "^29.7.0",
-    "js-crypto-key-utils": "^1.0.7",
-    "js-crypto-rsa": "^1.0.7",
-    "jsonwebtoken": "^9.0.0",
-    "node-fetch": "^3.3.2",
-    "rollup": "^2.79.1",
-    "ts-jest": "^29.1.5",
-    "ts-node": "^10.9.2",
-    "tslib": "^2.0.1",
-    "typescript": "^5.4.5",
-    "uglify-js": "^3.17.4"
+    "jest": "29.7.0",
+    "js-crypto-key-utils": "1.0.7",
+    "js-crypto-rsa": "1.0.7",
+    "jsonwebtoken": "9.0.2",
+    "node-fetch": "3.3.2",
+    "rollup": "4.18.1",
+    "ts-jest": "29.2.2",
+    "ts-node": "10.9.2",
+    "tslib": "2.6.3",
+    "typescript": "5.5.3",
+    "uglify-js": "3.19.0"
   },
   "jest": {
     "preset": "ts-jest/presets/default-esm",

diff --git a/requirements.txt b/requirements.txt
@@ -1,31 +1,135 @@
-ccf
+adtk==0.6.2
+anyio==4.4.0
+asn1crypto==1.5.1
+attrs==23.2.0
+azure-core==1.30.2
+azure-storage-blob==12.21.0
+bcrypt==4.1.3
+better-exceptions==0.3.3
+blinker==1.8.2
+Brotli==1.1.0
+cbor2==5.6.4
+ccf==5.0.0
+certifi==2024.7.4
+certvalidator==0.11.1
+cffi==1.16.0
+cfgv==3.4.0
+charset-normalizer==3.3.2
+cimetrics==0.3.15
+click==8.1.7
+colorama==0.4.6
+Columnar==1.4.1
+ConfigArgParse==1.7
+contourpy==1.1.1
+cramjam==2.8.3
+cryptography==42.0.8
+cycler==0.12.1
+detect-secrets==1.5.0
+distlib==0.3.8
+dnspython==2.6.1
+docker==7.1.0
+docutils==0.20.1
+ecdsa==0.19.0
+exceptiongroup==1.2.2
+fastparquet==2023.10.1
+filelock==3.15.4
+flask==3.0.3
+Flask-Cors==4.0.1
+Flask-Login==0.6.3
+fonttools==4.53.1
+fsspec==2024.6.1
+gevent==24.2.1
+geventhttpclient==2.0.12
+gitdb==4.0.11
+GitPython==3.1.43
+greenlet==3.0.3
+grpcio==1.65.1
+grpcio-tools==1.44.0
+h11==0.14.0
+h2==4.1.0
+hpack==4.0.0
+httpcore==0.16.3
+httpx==0.23.3
+hyperframe==6.0.1
+identify==2.6.0
+idna==3.7
+importlib-metadata==8.0.0
+importlib-resources==6.4.0
+isodate==0.6.1
+itsdangerous==2.2.0
+jinja2==3.1.4
+joblib==1.4.2
+jsonschema==4.23.0
+jsonschema-path==0.3.3
+jsonschema-specifications==2023.12.1
+jwcrypto==1.5.6
+kiwisolver==1.4.5
+lazy-object-proxy==1.10.0
+locust==2.25.0
+loguru==0.7.2
+markdown-it-py==3.0.0
+MarkupSafe==2.1.5
+matplotlib==3.7.5
+mdurl==0.1.2
+msgpack==1.0.8
+nodeenv==1.9.1
+numpy==1.24.4
+openapi-schema-validator==0.6.2
+openapi-spec-validator==0.7.1
+oscrypto==1.3.0
+packaging==24.1
+pandas==2.0.3
+paramiko==3.4.0
+pathable==0.4.3
+patsy==0.5.6
+pillow==10.4.0
+pkgutil-resolve-name==1.3.10
+platformdirs==4.2.2
+plotext==5.2.8
+polars==1.2.1
+pre-commit==3.5.0
+prettytable==3.10.2
+protobuf==3.20.3
+psutil==6.0.0
+py-spy==0.3.14
+pyasn1==0.6.0
+pycose==1.1.0
+pycparser==2.22
+pygments==2.18.0
+PyJWT==2.8.0
+pymongo==4.8.0
+PyNaCl==1.5.0
+pyOpenSSL==24.2.1
+pyparsing==2.4.7
+python-dateutil==2.9.0.post0
+python-iptables==1.0.1
+pytz==2024.1
+PyYAML==6.0.1
+pyzmq==26.0.3
 referencing==0.31.0
-wheel
-paramiko
-loguru
-psutil
-cimetrics>=0.2.1
-openapi-spec-validator
-PyJWT
-docutils
-python-iptables
-py-spy
-GitPython
-docker
-better_exceptions
-pyasn1
-Jinja2
-httpx[http2] == 0.23.*
-locust
-pyOpenSSL
-grpcio-tools == 1.44.0 # Pin to a working version for SNP platform
-JWCrypto == 1.5.*
-pycose
-rich
-# Piccolo dependencies
-fastparquet==2023.*
-prettytable==3.*
-polars
-plotext
-pre-commit
-detect-secrets
+requests==2.32.3
+rfc3339-validator==0.1.4
+rfc3986==1.5.0
+rich==13.7.1
+roundrobin==0.0.4
+rpds-py==0.19.0
+scikit-learn==1.3.2
+scipy==1.10.1
+six==1.16.0
+smmap==5.0.1
+sniffio==1.3.1
+statsmodels==0.14.1
+string-color==1.2.3
+tabulate==0.9.0
+threadpoolctl==3.5.0
+tomli==2.0.1
+toolz==0.12.1
+typing-extensions==4.12.2
+tzdata==2024.1
+urllib3==2.2.2
+virtualenv==20.26.3
+wcwidth==0.2.13
+werkzeug==3.0.3
+zipp==3.19.2
+zope.event==5.0
+zope.interface==6.4.post2
diff --git a/scripts/set_python_env.sh b/scripts/set_python_env.sh
@@ -11,6 +11,7 @@ if [ ! -d "$PYTHON_VENV" ]; then
 	python3.8 -m venv $PYTHON_VENV
 	echo "Activating virtual environment and installing dependencies..."
 	source $PYTHON_VENV/bin/activate
+	pip install wheel
 	pip install -U -r ./requirements.txt
 else
 	echo "Activating existing virtual environment..."

diff --git a/src/attestation/SnpAttestationClaims.ts b/src/attestation/SnpAttestationClaims.ts
@@ -83,7 +83,7 @@ export class SnpAttestationClaims {
     // report_id_ma
     // reported_tcb
     // chip_id
-    // committed_tcb
+    // committed_tcbx`
     // current_minor
     // current_build
     // committed_minor

diff --git a/src/authorization/AuthenticationService.ts b/src/authorization/AuthenticationService.ts
@@ -47,8 +47,11 @@ export class AuthenticationService implements IAuthenticationService {
    */
   public isAuthenticated(
     request: ccfapp.Request<any>,
-  ): [ccfapp.AuthnIdentityCommon, ServiceResult<string>] {
-    let caller: ccfapp.AuthnIdentityCommon;
+  ): [
+    ccfapp.AuthnIdentityCommon | undefined,
+    ServiceResult<string> | undefined,
+  ] {
+    let caller: ccfapp.AuthnIdentityCommon | undefined = undefined;
     try {
       const caller = request.caller as unknown as ccfapp.AuthnIdentityCommon;
       if (!caller) {
@@ -61,7 +64,7 @@ export class AuthenticationService implements IAuthenticationService {
       const validator = this.validators.get(
         <CcfAuthenticationPolicyEnum>caller.policy,
       );
-      return [caller, validator.validate(request)];
+      return [caller, validator?.validate(request)];
     } catch (ex) {
       return [
         caller,