Example #1
0
        /// <summary>
        /// Returns the set of policy management certificates currently configured for the attestation service.
        ///
        /// If the service is running in AAD mode, this list will be empty.
        /// </summary>
        /// <param name="cancellationToken">Cancellation token used to cancel the operation.</param>
        /// <returns>A set of <see cref="X509Certificate2"/> objects representing the set of root certificates for policy management.</returns>
        public virtual async Task <AttestationResponse <PolicyCertificatesResult> > GetPolicyManagementCertificatesAsync(CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicyManagementCertificates)}");
            scope.Start();
            try
            {
                var result = await _policyManagementClient.GetAsync(cancellationToken).ConfigureAwait(false);

                var token = new AttestationToken(result.Value.Token);
                if (_options.ValidateAttestationTokens)
                {
                    token.ValidateToken(GetSigners(), _options.ValidationCallback);
                }
                return(new AttestationResponse <PolicyCertificatesResult>(result.GetRawResponse(), token));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
Example #2
0
        /// <summary>
        /// Returns the set of policy management certificates currently configured for the attestation service instance.
        ///
        /// If the service instance is running in AAD mode, this list will always be empty.
        /// </summary>
        /// <param name="cancellationToken">Cancellation token used to cancel the operation.</param>
        /// <param name="async">True if this request should be processed asyncly.</param>
        /// <returns>A set of <see cref="X509Certificate2"/> objects representing the set of root certificates for policy management.</returns>
        private async Task <AttestationResponse <IReadOnlyList <X509Certificate2> > > GetPolicyManagementCertificatesInternalAsync(bool async, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicyManagementCertificates)}");
            scope.Start();
            try
            {
                Response <PolicyCertificatesResponse> result;
                if (async)
                {
                    result = await _policyManagementClient.GetAsync(cancellationToken).ConfigureAwait(false);
                }
                else
                {
                    result = _policyManagementClient.Get(cancellationToken);
                }
                var token = AttestationToken.Deserialize(result.Value.Token);
                if (_options.TokenOptions.ValidateToken)
                {
                    var signers = await GetSignersAsync(async, cancellationToken).ConfigureAwait(false);

                    if (!await token.ValidateTokenInternal(_options.TokenOptions, signers, async, cancellationToken).ConfigureAwait(false))
                    {
                        AttestationTokenValidationFailedException.ThrowFailure(signers, token);
                    }
                }
                List <X509Certificate2> certificates = new List <X509Certificate2>();
                foreach (var cert in token.GetBody <PolicyCertificatesResult>().InternalPolicyCertificates.Keys)
                {
                    certificates.Add(new X509Certificate2(Convert.FromBase64String(cert.X5C[0])));
                }
                return(new AttestationResponse <IReadOnlyList <X509Certificate2> >(result.GetRawResponse(), token, certificates.AsReadOnly()));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }