/// <summary>
/// Removes one of the attestation policy management certificates.
/// </summary>
/// <param name="certificateToRemove">The certificate to remove.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="existingSigningCertificate">One of the existing policy management certificates.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > RemovePolicyManagementCertificateAsync(
X509Certificate2 certificateToRemove,
AsymmetricAlgorithm existingSigningKey,
X509Certificate2 existingSigningCertificate,
CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(RemovePolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToRemove = new SecuredAttestationToken(
new PolicyCertificateModification(certificateToRemove),
existingSigningKey,
existingSigningCertificate);
var result = await _policyManagementClient.RemoveAsync(tokenToRemove.ToString(), cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Removes one of the attestation policy management certificates.
/// </summary>
/// <param name="certificateToRemove">The certificate to remove.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > RemovePolicyManagementCertificateAsync(
X509Certificate2 certificateToRemove,
AttestationTokenSigningKey existingSigningKey,
CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(RemovePolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToRemove = new AttestationToken(
BinaryData.FromObjectAsJson(new PolicyCertificateModification(certificateToRemove)),
existingSigningKey);
var result = await _policyManagementClient.RemoveAsync(tokenToRemove.Serialize(), cancellationToken).ConfigureAwait(false);
var token = AttestationToken.Deserialize(result.Value.Token, _clientDiagnostics);
if (_options.TokenOptions.ValidateToken)
{
var signers = await GetSignersAsync(true, cancellationToken).ConfigureAwait(false);
if (!await token.ValidateTokenAsync(_options.TokenOptions, signers, cancellationToken).ConfigureAwait(false))
{
AttestationTokenValidationFailedException.ThrowFailure(signers, token);
}
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
