/// <summary>
/// Removes one of the attestation policy management certificates.
/// </summary>
/// <param name="certificateToRemove">The certificate to remove.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="existingSigningCertificate">One of the existing policy management certificates.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > RemovePolicyManagementCertificateAsync(
X509Certificate2 certificateToRemove,
AsymmetricAlgorithm existingSigningKey,
X509Certificate2 existingSigningCertificate,
CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(RemovePolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToRemove = new SecuredAttestationToken(
new PolicyCertificateModification(certificateToRemove),
existingSigningKey,
existingSigningCertificate);
var result = await _policyManagementClient.RemoveAsync(tokenToRemove.ToString(), cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Adds the specified new signing certificate to the set of policy management certificates.
/// </summary>
/// <param name="newSigningCertificate">The new certificate to add.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="existingSigningCertificate">One of the existing policy management certificates.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
/// <remarks>
/// </remarks>
public virtual AttestationResponse <PolicyCertificatesModificationResult> AddPolicyManagementCertificate(
X509Certificate2 newSigningCertificate,
AsymmetricAlgorithm existingSigningKey,
X509Certificate2 existingSigningCertificate,
CancellationToken cancellationToken = default)
{
if (newSigningCertificate is null)
{
throw new ArgumentNullException(nameof(newSigningCertificate));
}
if (existingSigningKey is null)
{
throw new ArgumentNullException(nameof(existingSigningKey));
}
if (existingSigningCertificate is null)
{
throw new ArgumentNullException(nameof(existingSigningCertificate));
}
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToAdd = new SecuredAttestationToken(
new PolicyCertificateModification(newSigningCertificate),
existingSigningKey,
existingSigningCertificate);
var result = _policyManagementClient.Add(tokenToAdd.ToString(), cancellationToken);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
/// </summary>
/// <param name="certificateToAdd">Attestation Type to retrive.</param>
/// <param name="cancellationToken"></param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual AttestationResponse <PolicyCertificatesModificationResult> RemovePolicyManagementCertificate(SecuredAttestationToken certificateToAdd, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(RemovePolicyManagementCertificate)}");
scope.Start();
try
{
var result = _policyManagementClient.Remove(certificateToAdd.ToString(), cancellationToken);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
