/// <summary>
/// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
/// </summary>
/// <param name="attestationType">Attestation Type to retrive.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{String}"/> with the policy for the specified attestation type.</returns>
/// <remarks>
/// This API returns the underlying attestation policy object stored in the attestation service for this <paramref name="attestationType"/>.
///
/// The actual service response to the API is an RFC 7519 JSON Web Token. This token can be retrieved from <see cref="AttestationResponse{T}.Token"/>.
/// For the GetPolicyAsync API, the body of the <see cref="AttestationResponse{T}.Token"/> is a <see cref="StoredAttestationPolicy"/> object, NOT a string.
/// </remarks>
public virtual async Task <AttestationResponse <string> > GetPolicyAsync(AttestationType attestationType, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicy)}");
scope.Start();
try
{
var result = await _policyClient.GetAsync(attestationType, cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
using var document = JsonDocument.Parse(token.TokenBody);
PolicyResult policyResult = PolicyResult.DeserializePolicyResult(document.RootElement);
var response = new AttestationResponse <StoredAttestationPolicy>(result.GetRawResponse(), policyResult.PolicyToken);
return(new AttestationResponse <string>(result.GetRawResponse(), policyResult.PolicyToken, response.Value.AttestationPolicy));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
public async Task <Response <AttestationResponse> > AttestOpenEnclaveAsync(AttestOpenEnclaveRequest request, CancellationToken cancellationToken = default)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
using var message = CreateAttestOpenEnclaveRequest(request);
await _pipeline.SendAsync(message, cancellationToken).ConfigureAwait(false);
switch (message.Response.Status)
{
case 200:
{
AttestationResponse value = default;
using var document = await JsonDocument.ParseAsync(message.Response.ContentStream, default, cancellationToken).ConfigureAwait(false);
value = AttestationResponse.DeserializeAttestationResponse(document.RootElement);
return(Response.FromValue(value, message.Response));
}
/// <summary>
/// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
/// </summary>
/// <param name="attestationType"><see cref="AttestationType"/> to retrive.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <param name="async">True if the call should be asynchronous.</param>
/// <returns>An <see cref="AttestationResponse{String}"/> with the policy for the specified attestation type.</returns>
/// <remarks>
/// This API returns the underlying attestation policy object stored in the attestation service for this <paramref name="attestationType"/>.
///
/// The actual service response to the API is an RFC 7519 JSON Web Token (see https://tools.ietf.org/html/rfc7519"). This token can be retrieved from <see cref="AttestationResponse{T}.Token"/>.
/// For the GetPolicy API, the body of the <see cref="AttestationResponse{T}.Token"/> is a <see cref="StoredAttestationPolicy"/> object, NOT a string.
/// </remarks>
private async Task <AttestationResponse <string> > GetPolicyInternalAsync(AttestationType attestationType, bool async, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(GetPolicy)}");
scope.Start();
try
{
Response <PolicyResponse> result;
if (async)
{
result = await _policyClient.GetAsync(attestationType, cancellationToken).ConfigureAwait(false);
}
else
{
result = _policyClient.Get(attestationType, cancellationToken);
}
var token = AttestationToken.Deserialize(result.Value.Token, _clientDiagnostics);
if (_options.TokenOptions.ValidateToken)
{
var signers = await GetSignersAsync(async, cancellationToken).ConfigureAwait(false);
if (!await token.ValidateTokenInternal(_options.TokenOptions, signers, async, cancellationToken).ConfigureAwait(false))
{
AttestationTokenValidationFailedException.ThrowFailure(signers, token);
}
}
PolicyModificationResult policyResult = token.GetBody <PolicyModificationResult>();
var response = new AttestationResponse <StoredAttestationPolicy>(result.GetRawResponse(), policyResult.PolicyToken);
return(new AttestationResponse <string>(result.GetRawResponse(), token, response.Value.AttestationPolicy));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
