/// <summary>
/// Returns the set of policy management certificates currently configured for the attestation service.
///
/// If the service is running in AAD mode, this list will be empty.
/// </summary>
/// <param name="cancellationToken">Cancellation token used to cancel the operation.</param>
/// <returns>A set of <see cref="X509Certificate2"/> objects representing the set of root certificates for policy management.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesResult> > GetPolicyManagementCertificatesAsync(CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicyManagementCertificates)}");
scope.Start();
try
{
var result = await _policyManagementClient.GetAsync(cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Returns the set of policy management certificates currently configured for the attestation service instance.
///
/// If the service instance is running in AAD mode, this list will always be empty.
/// </summary>
/// <param name="cancellationToken">Cancellation token used to cancel the operation.</param>
/// <param name="async">True if this request should be processed asyncly.</param>
/// <returns>A set of <see cref="X509Certificate2"/> objects representing the set of root certificates for policy management.</returns>
private async Task <AttestationResponse <IReadOnlyList <X509Certificate2> > > GetPolicyManagementCertificatesInternalAsync(bool async, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicyManagementCertificates)}");
scope.Start();
try
{
Response <PolicyCertificatesResponse> result;
if (async)
{
result = await _policyManagementClient.GetAsync(cancellationToken).ConfigureAwait(false);
}
else
{
result = _policyManagementClient.Get(cancellationToken);
}
var token = AttestationToken.Deserialize(result.Value.Token);
if (_options.TokenOptions.ValidateToken)
{
var signers = await GetSignersAsync(async, cancellationToken).ConfigureAwait(false);
if (!await token.ValidateTokenInternal(_options.TokenOptions, signers, async, cancellationToken).ConfigureAwait(false))
{
AttestationTokenValidationFailedException.ThrowFailure(signers, token);
}
}
List <X509Certificate2> certificates = new List <X509Certificate2>();
foreach (var cert in token.GetBody <PolicyCertificatesResult>().InternalPolicyCertificates.Keys)
{
certificates.Add(new X509Certificate2(Convert.FromBase64String(cert.X5C[0])));
}
return(new AttestationResponse <IReadOnlyList <X509Certificate2> >(result.GetRawResponse(), token, certificates.AsReadOnly()));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}