Beispiel #1
0
        /// <summary>
        /// Adds the specified new signing certificate to the set of policy management certificates.
        /// </summary>
        /// <param name="newSigningCertificate">The new certificate to add.</param>
        /// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
        /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
        /// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
        public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(
            X509Certificate2 newSigningCertificate,
            AttestationTokenSigningKey existingSigningKey,
            CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNull(existingSigningKey, nameof(existingSigningKey));
            Argument.AssertNotNull(newSigningCertificate, nameof(newSigningCertificate));

            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
            scope.Start();
            try
            {
                var tokenToAdd = new AttestationToken(
                    BinaryData.FromObjectAsJson(new PolicyCertificateModification(newSigningCertificate)),
                    existingSigningKey);
                var result = await _policyManagementClient.AddAsync(tokenToAdd.Serialize(), cancellationToken).ConfigureAwait(false);

                var token = AttestationToken.Deserialize(result.Value.Token, _clientDiagnostics);
                if (_options.TokenOptions.ValidateToken)
                {
                    var signers = await GetSignersAsync(true, cancellationToken).ConfigureAwait(false);

                    if (!await token.ValidateTokenInternal(_options.TokenOptions, signers, true, cancellationToken).ConfigureAwait(false))
                    {
                        AttestationTokenValidationFailedException.ThrowFailure(signers, token);
                    }
                }
                return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
        /// <summary>
        /// Adds the specified new signing certificate to the set of policy management certificates.
        /// </summary>
        /// <param name="newSigningCertificate">The new certificate to add.</param>
        /// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
        /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
        /// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
        public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(
            X509Certificate2 newSigningCertificate,
            TokenSigningKey existingSigningKey,
            CancellationToken cancellationToken = default)
        {
            Argument.AssertNotNull(existingSigningKey, nameof(existingSigningKey));
            Argument.AssertNotNull(newSigningCertificate, nameof(newSigningCertificate));

            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
            scope.Start();
            try
            {
                var tokenToAdd = new AttestationToken(
                    new PolicyCertificateModification(newSigningCertificate),
                    existingSigningKey);
                var result = await _policyManagementClient.AddAsync(tokenToAdd.ToString(), cancellationToken).ConfigureAwait(false);

                var token = new AttestationToken(result.Value.Token);
                if (_options.TokenOptions.ValidateToken)
                {
                    await token.ValidateTokenAsync(_options.TokenOptions, await GetSignersAsync(cancellationToken).ConfigureAwait(false), cancellationToken).ConfigureAwait(false);
                }
                return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
Beispiel #3
0
        /// <summary>
        /// Adds the specified new signing certificate to the set of policy management certificates.
        /// </summary>
        /// <param name="newSigningCertificate">The new certificate to add.</param>
        /// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
        /// <param name="existingSigningCertificate">One of the existing policy management certificates.</param>
        /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
        /// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
        public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(
            X509Certificate2 newSigningCertificate,
            AsymmetricAlgorithm existingSigningKey,
            X509Certificate2 existingSigningCertificate,
            CancellationToken cancellationToken = default)
        {
            if (newSigningCertificate is null)
            {
                throw new ArgumentNullException(nameof(newSigningCertificate));
            }

            if (existingSigningKey is null)
            {
                throw new ArgumentNullException(nameof(existingSigningKey));
            }

            if (existingSigningCertificate is null)
            {
                throw new ArgumentNullException(nameof(existingSigningCertificate));
            }

            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
            scope.Start();
            try
            {
                var tokenToAdd = new SecuredAttestationToken(
                    new PolicyCertificateModification(newSigningCertificate),
                    existingSigningKey,
                    existingSigningCertificate);
                var result = await _policyManagementClient.AddAsync(tokenToAdd.ToString(), cancellationToken).ConfigureAwait(false);

                var token = new AttestationToken(result.Value.Token);
                if (_options.ValidateAttestationTokens)
                {
                    token.ValidateToken(GetSigners(), _options.ValidationCallback);
                }
                return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
Beispiel #4
0
        /// <summary>
        /// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
        /// </summary>
        /// <param name="certificateToAdd">Attestation Type to retrive.</param>
        /// <param name="cancellationToken"></param>
        /// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
        public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(SecuredAttestationToken certificateToAdd, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
            scope.Start();
            try
            {
                var result = await _policyManagementClient.AddAsync(certificateToAdd.ToString(), cancellationToken).ConfigureAwait(false);

                var token = new AttestationToken(result.Value.Token);
                if (_options.ValidateAttestationTokens)
                {
                    token.ValidateToken(GetSigners(), _options.ValidationCallback);
                }
                return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }