/// <summary>
/// Adds the specified new signing certificate to the set of policy management certificates.
/// </summary>
/// <param name="newSigningCertificate">The new certificate to add.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(
X509Certificate2 newSigningCertificate,
AttestationTokenSigningKey existingSigningKey,
CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(existingSigningKey, nameof(existingSigningKey));
Argument.AssertNotNull(newSigningCertificate, nameof(newSigningCertificate));
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToAdd = new AttestationToken(
BinaryData.FromObjectAsJson(new PolicyCertificateModification(newSigningCertificate)),
existingSigningKey);
var result = await _policyManagementClient.AddAsync(tokenToAdd.Serialize(), cancellationToken).ConfigureAwait(false);
var token = AttestationToken.Deserialize(result.Value.Token, _clientDiagnostics);
if (_options.TokenOptions.ValidateToken)
{
var signers = await GetSignersAsync(true, cancellationToken).ConfigureAwait(false);
if (!await token.ValidateTokenInternal(_options.TokenOptions, signers, true, cancellationToken).ConfigureAwait(false))
{
AttestationTokenValidationFailedException.ThrowFailure(signers, token);
}
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Adds the specified new signing certificate to the set of policy management certificates.
/// </summary>
/// <param name="newSigningCertificate">The new certificate to add.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(
X509Certificate2 newSigningCertificate,
TokenSigningKey existingSigningKey,
CancellationToken cancellationToken = default)
{
Argument.AssertNotNull(existingSigningKey, nameof(existingSigningKey));
Argument.AssertNotNull(newSigningCertificate, nameof(newSigningCertificate));
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToAdd = new AttestationToken(
new PolicyCertificateModification(newSigningCertificate),
existingSigningKey);
var result = await _policyManagementClient.AddAsync(tokenToAdd.ToString(), cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.TokenOptions.ValidateToken)
{
await token.ValidateTokenAsync(_options.TokenOptions, await GetSignersAsync(cancellationToken).ConfigureAwait(false), cancellationToken).ConfigureAwait(false);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Adds the specified new signing certificate to the set of policy management certificates.
/// </summary>
/// <param name="newSigningCertificate">The new certificate to add.</param>
/// <param name="existingSigningKey">An existing key corresponding to the existing certificate.</param>
/// <param name="existingSigningCertificate">One of the existing policy management certificates.</param>
/// <param name="cancellationToken">Cancellation token used to cancel this operation.</param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(
X509Certificate2 newSigningCertificate,
AsymmetricAlgorithm existingSigningKey,
X509Certificate2 existingSigningCertificate,
CancellationToken cancellationToken = default)
{
if (newSigningCertificate is null)
{
throw new ArgumentNullException(nameof(newSigningCertificate));
}
if (existingSigningKey is null)
{
throw new ArgumentNullException(nameof(existingSigningKey));
}
if (existingSigningCertificate is null)
{
throw new ArgumentNullException(nameof(existingSigningCertificate));
}
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
scope.Start();
try
{
var tokenToAdd = new SecuredAttestationToken(
new PolicyCertificateModification(newSigningCertificate),
existingSigningKey,
existingSigningCertificate);
var result = await _policyManagementClient.AddAsync(tokenToAdd.ToString(), cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
/// <summary>
/// Retrieves the attesttion policy for the specified <see cref="AttestationType"/>.
/// </summary>
/// <param name="certificateToAdd">Attestation Type to retrive.</param>
/// <param name="cancellationToken"></param>
/// <returns>An <see cref="AttestationResponse{PolicyCertificatesModificationResult}"/> with the policy for the specified attestation type.</returns>
public virtual async Task <AttestationResponse <PolicyCertificatesModificationResult> > AddPolicyManagementCertificateAsync(SecuredAttestationToken certificateToAdd, CancellationToken cancellationToken = default)
{
using DiagnosticScope scope = _clientDiagnostics.CreateScope($"{nameof(AttestationAdministrationClient)}.{nameof(AddPolicyManagementCertificate)}");
scope.Start();
try
{
var result = await _policyManagementClient.AddAsync(certificateToAdd.ToString(), cancellationToken).ConfigureAwait(false);
var token = new AttestationToken(result.Value.Token);
if (_options.ValidateAttestationTokens)
{
token.ValidateToken(GetSigners(), _options.ValidationCallback);
}
return(new AttestationResponse <PolicyCertificatesModificationResult>(result.GetRawResponse(), token));
}
catch (Exception ex)
{
scope.Failed(ex);
throw;
}
}
