@azure/attestation 1.0.1-alpha.20241209.1 → 1.0.1-alpha.20241211.1

package/dist/browser/attestationAdministrationClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAexD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}
+{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAcxD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}

package/dist/browser/attestationAdministrationClient.js

@@ -7,7 +7,6 @@ import { bytesToString } from "./utils/utf8.js";
 import { StoredAttestationPolicy } from "./models/storedAttestationPolicy.js";
 import { TypeDeserializer } from "./utils/typeDeserializer.js";
 import * as Mappers from "./generated/models/mappers.js";
-// eslint-disable-next-line @typescript-eslint/triple-slash-reference
 /// <reference path="../jsrsasign.d.ts"/>
 import * as jsrsasign from "jsrsasign";
 import { hexToBase64 } from "./utils/helpers.js";

package/dist/browser/attestationAdministrationClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}
+{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}

package/dist/commonjs/attestationAdministrationClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAexD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}
+{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAcxD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}

package/dist/commonjs/attestationAdministrationClient.js

@@ -11,7 +11,6 @@ const utf8_js_1 = require("./utils/utf8.js");
 const storedAttestationPolicy_js_1 = require("./models/storedAttestationPolicy.js");
 const typeDeserializer_js_1 = require("./utils/typeDeserializer.js");
 const Mappers = tslib_1.__importStar(require("./generated/models/mappers.js"));
-// eslint-disable-next-line @typescript-eslint/triple-slash-reference
 /// <reference path="../jsrsasign.d.ts"/>
 const jsrsasign = tslib_1.__importStar(require("jsrsasign"));
 const helpers_js_1 = require("./utils/helpers.js");

package/dist/commonjs/attestationAdministrationClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,uDAAuD;AACvD,uEAAiE;AACjE,2CAAqC;AASrC,6CAAgD;AAUhD,oFAA8E;AAI9E,qEAA+D;AAC/D,+EAAyD;AAEzD,qEAAqE;AACrE,yCAAyC;AACzC,6DAAuC;AACvC,mDAAiD;AACjD,8DAAsE;AACtE,wEAAgF;AAChF,mDAAiE;AACjE,4EAA4E;AAC5E,sEAAoE;AACpE,uDAAuD;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,kBAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,oCAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,0CAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,oDAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,IAAA,kDAAyB,EAC9B,KAAK,EACL,IAAA,uBAAa,EAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,oDAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,0CAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,sCAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,IAAA,kDAAyB,EAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF;AA3gBD,0EA2gBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}
+{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,uDAAuD;AACvD,uEAAiE;AACjE,2CAAqC;AASrC,6CAAgD;AAUhD,oFAA8E;AAI9E,qEAA+D;AAC/D,+EAAyD;AAEzD,yCAAyC;AACzC,6DAAuC;AACvC,mDAAiD;AACjD,8DAAsE;AACtE,wEAAgF;AAChF,mDAAiE;AACjE,4EAA4E;AAC5E,sEAAoE;AACpE,uDAAuD;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,kBAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,oCAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,0CAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,oDAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,IAAA,kDAAyB,EAC9B,KAAK,EACL,IAAA,uBAAa,EAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,oDAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,0CAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,sCAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,IAAA,kDAAyB,EAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF;AA3gBD,0EA2gBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}

package/dist/esm/attestationAdministrationClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAexD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}
+{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAcxD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}

package/dist/esm/attestationAdministrationClient.js

@@ -7,7 +7,6 @@ import { bytesToString } from "./utils/utf8.js";
 import { StoredAttestationPolicy } from "./models/storedAttestationPolicy.js";
 import { TypeDeserializer } from "./utils/typeDeserializer.js";
 import * as Mappers from "./generated/models/mappers.js";
-// eslint-disable-next-line @typescript-eslint/triple-slash-reference
 /// <reference path="../jsrsasign.d.ts"/>
 import * as jsrsasign from "jsrsasign";
 import { hexToBase64 } from "./utils/helpers.js";

package/dist/esm/attestationAdministrationClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}
+{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}

package/dist/react-native/attestationAdministrationClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAexD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}
+{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAcxD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}

package/dist/react-native/attestationAdministrationClient.js

@@ -7,7 +7,6 @@ import { bytesToString } from "./utils/utf8.js";
 import { StoredAttestationPolicy } from "./models/storedAttestationPolicy.js";
 import { TypeDeserializer } from "./utils/typeDeserializer.js";
 import * as Mappers from "./generated/models/mappers.js";
-// eslint-disable-next-line @typescript-eslint/triple-slash-reference
 /// <reference path="../jsrsasign.d.ts"/>
 import * as jsrsasign from "jsrsasign";
 import { hexToBase64 } from "./utils/helpers.js";

package/dist/react-native/attestationAdministrationClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}
+{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@azure/attestation",
-  "version": "1.0.1-alpha.20241209.1",
+  "version": "1.0.1-alpha.20241211.1",
   "description": "Javascript/Typescript client implementation for the Microsoft Azure Attestation service.",
   "sdk-type": "client",
   "main": "./dist/commonjs/index.js",
@@ -34,7 +34,7 @@
     "generate:client": "autorest --typescript ./swagger/README.md",
     "integration-test": "npm run integration-test:node && npm run integration-test:browser",
     "integration-test:browser": "dev-tool run test:vitest --browser",
-    "integration-test:node": "dev-tool run test:vitest -- --test-timeout 5000000",
+    "integration-test:node": "dev-tool run test:vitest --esm -- --test-timeout 5000000",
     "lint": "eslint package.json api-extractor.json src test",
     "lint:fix": "eslint package.json api-extractor.json src test --fix --fix-type [problem,suggestion]",
     "pack": "npm pack 2>&1",
@@ -122,7 +122,8 @@
       "browser",
       "react-native"
     ],
-    "selfLink": false
+    "selfLink": false,
+    "project": "./tsconfig.src.json"
   },
   "exports": {
     "./package.json": "./package.json",