/// <summary> /// Removes one of the attestation policy management certificates. /// </summary> /// <param name="certificateToRemove">The certificate to remove.</param> /// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param> /// <param name="existingSigningCertificate">One of the existing policy management certificates.</param> /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param> /// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns> public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > RemovePolicyManagementCertificateAsync( X509Certificate2 certificateToRemove, AsymmetricAlgorithm existingSigningKey, X509Certificate2 existingSigningCertificate, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(RemovePolicyManagementCertificate)}"); scope.Start(); try { var tokenToRemove = new SecuredAttestationToken( new PolicyCertificateModification(certificateToRemove), existingSigningKey, existingSigningCertificate); var result = await _policyManagementClient.RemoveAsync(tokenToRemove.ToString(), cancellationToken).ConfigureAwait(false); var token = new AttestationToken(result.Value.Token); if (_options.ValidateAttestationTokens) { token.ValidateToken(GetSigners(), _options.ValidationCallback); } return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token)); } catch (Exception ex) { scope.Failed(ex); throw; } }
/// <summary> /// Removes one of the attestation policy management certificates. /// </summary> /// <param name="certificateToRemove">The certificate to remove.</param> /// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param> /// <param name="cancellationToken">Cancellation token used to cancel this operation.</param> /// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns> public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > RemovePolicyManagementCertificateAsync( X509Certificate2 certificateToRemove, AttestationTokenSigningKey existingSigningKey, CancellationToken cancellationToken = default) { using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(RemovePolicyManagementCertificate)}"); scope.Start(); try { var tokenToRemove = new AttestationToken( BinaryData.FromObjectAsJson(new PolicyCertificateModification(certificateToRemove)), existingSigningKey); var result = await _policyManagementClient.RemoveAsync(tokenToRemove.Serialize(), cancellationToken).ConfigureAwait(false); var token = AttestationToken.Deserialize(result.Value.Token, _clientDiagnostics); if (_options.TokenOptions.ValidateToken) { var signers = await GetSignersAsync(true, cancellationToken).ConfigureAwait(false); if (!await token.ValidateTokenAsync(_options.TokenOptions, signers, cancellationToken).ConfigureAwait(false)) { AttestationTokenValidationFailedException.ThrowFailure(signers, token); } } return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token)); } catch (Exception ex) { scope.Failed(ex); throw; } }