Exemple #1
0
        /// <summary>
        /// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
        /// </summary>
        /// <param name="attestationType">Attestation Type to retrive.</param>
        /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
        /// <returns>An <see cref="AttestationResponse{String}"/> with the policy for the specified attestation type.</returns>
        /// <remarks>
        /// This API returns the underlying attestation policy object stored in the attestation service for this <paramref name="attestationType"/>.
        ///
        /// The actual service response to the API is an RFC 7519 JSON Web Token. This token can be retrieved from <see cref="AttestationResponse{T}.Token"/>.
        /// For the GetPolicyAsync API, the body of the <see cref="AttestationResponse{T}.Token"/> is a <see cref="StoredAttestationPolicy"/> object, NOT a string.
        /// </remarks>
        public virtual async Task <AttestationResponse <string> > GetPolicyAsync(AttestationType attestationType, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicy)}");
            scope.Start();
            try
            {
                var result = await _policyClient.GetAsync(attestationType, cancellationToken).ConfigureAwait(false);

                var token = new AttestationToken(result.Value.Token);
                if (_options.ValidateAttestationTokens)
                {
                    token.ValidateToken(GetSigners(), _options.ValidationCallback);
                }
                using var document = JsonDocument.Parse(token.TokenBody);
                PolicyResult policyResult = PolicyResult.DeserializePolicyResult(document.RootElement);
                var          response     = new AttestationResponse <StoredAttestationPolicy>(result.GetRawResponse(), policyResult.PolicyToken);

                return(new AttestationResponse <string>(result.GetRawResponse(), policyResult.PolicyToken, response.Value.AttestationPolicy));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }
Exemple #2
0
        /// <summary>
        /// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
        /// </summary>
        /// <param name="attestationType"><see cref="AttestationType"/> to retrive.</param>
        /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
        /// <param name="async">True if the call should be asynchronous.</param>
        /// <returns>An <see cref="AttestationResponse{String}"/> with the policy for the specified attestation type.</returns>
        /// <remarks>
        /// This API returns the underlying attestation policy object stored in the attestation service for this <paramref name="attestationType"/>.
        ///
        /// The actual service response to the API is an RFC 7519 JSON Web Token (see https://tools.ietf.org/html/rfc7519"). This token can be retrieved from <see cref="AttestationResponse{T}.Token"/>.
        /// For the GetPolicy API, the body of the <see cref="AttestationResponse{T}.Token"/> is a <see cref="StoredAttestationPolicy"/> object, NOT a string.
        /// </remarks>
        private async Task <AttestationResponse <string> > GetPolicyInternalAsync(AttestationType attestationType, bool async, CancellationToken cancellationToken = default)
        {
            using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicy)}");
            scope.Start();
            try
            {
                Response <PolicyResponse> result;
                if (async)
                {
                    result = await _policyClient.GetAsync(attestationType, cancellationToken).ConfigureAwait(false);
                }
                else
                {
                    result = _policyClient.Get(attestationType, cancellationToken);
                }

                var token = AttestationToken.Deserialize(result.Value.Token, _clientDiagnostics);
                if (_options.TokenOptions.ValidateToken)
                {
                    var signers = await GetSignersAsync(async, cancellationToken).ConfigureAwait(false);

                    if (!await token.ValidateTokenInternal(_options.TokenOptions, signers, async, cancellationToken).ConfigureAwait(false))
                    {
                        AttestationTokenValidationFailedException.ThrowFailure(signers, token);
                    }
                }

                PolicyModificationResult policyResult = token.GetBody <PolicyModificationResult>();

                var response = new AttestationResponse <StoredAttestationPolicy>(result.GetRawResponse(), policyResult.PolicyToken);

                return(new AttestationResponse <string>(result.GetRawResponse(), token, response.Value.AttestationPolicy));
            }
            catch (Exception ex)
            {
                scope.Failed(ex);
                throw;
            }
        }