@azure/attestation 1.0.1-alpha.20250110.1 → 1.0.1-alpha.20250114.1

package/README.md

@@ -180,9 +180,13 @@ InitTime data refers to data which is used to configure the SGX enclave being at
 Creates an instance of the Attestation Client at uri `endpoint`, using the default
 azure credentials (`DefaultAzureCredential`).
 
-```ts
+```ts snippet:ReadmeSampleCreateClient_Node
+import { DefaultAzureCredential } from "@azure/identity";
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
 const credentials = new DefaultAzureCredential();
-const client = new AttestationClient(endpoint, { credentials: credentials });
+const client = new AttestationClient(endpoint, credentials);
 
 // Retrieve the set of attestation policy signers from the attestation client.
 const attestationSigners = await client.getAttestationSigners();
@@ -191,7 +195,10 @@ const attestationSigners = await client.getAttestationSigners();
 If you are not calling the `attestTpm` API, you do not need to provide credentials
 to access the attestation client. This means a client can be created simply with:
 
-```ts
+```ts snippet:ReadmeSampleCreateClient_Node_NoCreds
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
 const client = new AttestationClient(endpoint);
 
 // Retrieve the set of attestation policy signers from the attestation client.
@@ -202,7 +209,11 @@ Creates an instance of the Attestation Administration Client at uri `endpoint`.
 
 Note that the administration client _requires_ Azure credentials.
 
-```ts
+```ts snippet:ReadmeSampleCreateAdminClient_Node
+import { AttestationAdministrationClient, KnownAttestationType } from "@azure/attestation";
+import { DefaultAzureCredential } from "@azure/identity";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
 const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());
 
 // Retrieve the SGX policy from the specified attestation instance.
@@ -214,14 +225,14 @@ const policyResponse = await client.getPolicy(KnownAttestationType.SgxEnclave);
 The `getPolicy` method retrieves the attestation policy from the service.
 Attestation Policies are instanced on a per-attestation type basis, the `AttestationType` parameter defines the type of instance to retrieve.
 
-```js
-const policyResult = await adminClient.getPolicy(attestationType);
+```ts snippet:ReadmeSampleGetPolicy
+import { AttestationAdministrationClient, KnownAttestationType } from "@azure/attestation";
+import { DefaultAzureCredential } from "@azure/identity";
 
-// The text policy document is available in the `policyResult.body`
-// property.
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());
 
-// The actual attestation token returned by the MAA service is available
-// in `policyResult.token`.
+const policyResponse = await client.getPolicy(KnownAttestationType.OpenEnclave);
 ```
 
 ### Set an attestation policy for a specified attestation type
@@ -230,7 +241,11 @@ If the attestation service instance is running in Isolated mode, the set_policy
 
 If the service instance is running in AAD mode, the call to setPolicy is as expected:
 
-```js
+```ts snippet:SetPolicy
+import { AttestationAdministrationClient, KnownAttestationType } from "@azure/attestation";
+import { DefaultAzureCredential } from "@azure/identity";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
 const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());
 
 const newPolicy = `<New Attestation Policy>`;
@@ -243,23 +258,23 @@ If the service instance is running in Isolated mode, the call to setPolicy requi
 the client be able to prove that they have access to one of the policy management private keys
 and certificates.
 
-```js
+```ts snippet:SetPolicyIsolated
+import { AttestationAdministrationClient, KnownAttestationType } from "@azure/attestation";
+import { DefaultAzureCredential } from "@azure/identity";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
 const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());
 
 const newPolicy = `<New Policy Document>`;
 
 // Set the new attestation policy. Set the policy as an secured policy.
-const privateKey = <Retrieve isolated mode private key from storage>
-const certificate = <Retrieve certificate associated with that private key>
+const privateKey = "<Retrieve isolated mode private key from storage>";
+const certificate = "<Retrieve certificate associated with that private key>";
 
-const setPolicyResult = await client.setPolicy(
-  KnownAttestationType.OpenEnclave,
-  newPolicy,
-  {
-    privateKey: privateKey,
-    certificate: certificate
-  }
-);
+const setPolicyResult = await client.setPolicy(KnownAttestationType.OpenEnclave, newPolicy, {
+  privateKey: privateKey,
+  certificate: certificate,
+});
 ```
 
 Under the covers, the setPolicy APIs create a [JSON Web Token][json_web_token] containing on the policy document `certificate` and signed with the `privateKey` which is then sent to the attestation service.
@@ -271,15 +286,18 @@ If a client wishes to ensure that the attestation policy document was not modifi
 
 To verify the hash, clients can create an attestation policy token (a helper class which represents the token used to set the attestation policy) and verify the hash generated from that token:
 
-```js
-const expectedPolicy = createAttestationPolicyToken(`<Policy Document>`, privateKey, certificate);
+```ts snippet:CreatePolicyToken
+import { createAttestationPolicyToken } from "@azure/attestation";
+import { createHash } from "node:crypto";
 
-// Use your favorite SHA256 hash generator function to create a hash of the
-// stringized JWS.
-const expectedHash = generateSha256Hash(expectedPolicy.serialize());
+// Set the new attestation policy. Set the policy as an secured policy.
+const privateKey = "<Retrieve isolated mode private key from storage>";
+const certificate = "<Retrieve certificate associated with that private key>";
 
-// The hash returned in expectedHash should match the value in
-// `setResult.body.policyTokenHash`.
+const expectedPolicy = createAttestationPolicyToken(`<Policy Document>`, privateKey, certificate);
+
+// Use your favorite SHA256 hash generator function to create a hash of the stringified JWS.
+const expectedHash = createHash("sha256").update(expectedPolicy.serialize()).digest("hex");
 ```
 
 ### Attest SGX and Open Enclave
@@ -302,7 +320,17 @@ This example shows one common pattern of calling into the attestation service to
 
 This example assumes that you have an existing `AttestationClient` object which is configured with the Attest URI for your endpoint. It also assumes that you have an OpenEnclave report (`report`) generated from within the SGX enclave you are attesting, and "Runtime Data" (`binaryRuntimeData`) which is referenced in the SGX Quote.
 
-```ts
+```ts snippet:AttestOpenEnclave_RuntimeData
+import { DefaultAzureCredential } from "@azure/identity";
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+const credentials = new DefaultAzureCredential();
+const client = new AttestationClient(endpoint, credentials);
+
+const report = new Uint8Array(0); // Report data from the enclave.
+const binaryRuntimeData = new Uint8Array(0); // Runtime data from the enclave.
+
 const attestationResult = await client.attestOpenEnclave(report, {
   runTimeData: binaryRuntimeData,
 });
@@ -312,7 +340,17 @@ It is also possible that the `binaryRuntimeData` sent to the attestation service
 intended to be interpreted as JSON data. In that case, the client should specify `runTimeJson` in
 the attest API call:
 
-```ts
+```ts snippet:AttestOpenEnclave_RuntimeJson
+import { DefaultAzureCredential } from "@azure/identity";
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+const credentials = new DefaultAzureCredential();
+const client = new AttestationClient(endpoint, credentials);
+
+const report = new Uint8Array(0); // Report data from the enclave.
+const binaryRuntimeData = new Uint8Array(0); // Runtime JSON data from the enclave.
+
 const attestationResult = await client.attestOpenEnclave(report, {
   runTimeJson: binaryRuntimeData,
 });
@@ -320,7 +358,17 @@ const attestationResult = await client.attestOpenEnclave(report, {
 
 Similarly, if you are using the Intel SDK to generate a "quote", you can validate the quote using:
 
-```ts
+```ts snippet:AttestSgxEnclave
+import { DefaultAzureCredential } from "@azure/identity";
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+const credentials = new DefaultAzureCredential();
+const client = new AttestationClient(endpoint, credentials);
+
+const quote = new Uint8Array(0); // Quote data.
+const binaryRuntimeData = new Uint8Array(0); // Runtime JSON data from the enclave.
+
 const attestationResult = await client.attestSgxEnclave(quote, {
   runTimeData: binaryRuntimeData,
 });
@@ -335,9 +383,13 @@ validate the token returned from the attestation service. Note that this call
 creates a client with azure credentials, that is not needed if you are calling
 the `attestSgxEnclave` or `attestOpenEnclave` APIs
 
-```ts
+```ts snippet:GetSigningCertificates
+import { DefaultAzureCredential } from "@azure/identity";
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
 const credentials = new DefaultAzureCredential();
-const client = new AttestationClient(endpoint, { credentials: credentials });
+const client = new AttestationClient(endpoint, credentials);
 
 const attestationSigners = await client.getAttestationSigners();
 
@@ -348,7 +400,16 @@ console.log(`There are ${attestationSigners.length} signers`);
 
 Most Attestation service operations will raise exceptions defined in [Azure Core](https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/README.md). The attestation service APIs will throw a `RestError` on failure with helpful error codes. Many of these errors are recoverable.
 
-```ts
+```ts snippet:Troubleshooting
+import { DefaultAzureCredential } from "@azure/identity";
+import { AttestationClient } from "@azure/attestation";
+
+const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+const credentials = new DefaultAzureCredential();
+const client = new AttestationClient(endpoint, credentials);
+
+const openEnclaveReport = new Uint8Array(0); // Open enclave report data
+
 try {
   await client.attestSgxEnclave(openEnclaveReport);
 } catch (error) {
@@ -360,8 +421,8 @@ try {
 
 Enabling logging may help uncover useful information about failures. In order to see a log of HTTP requests and responses, set the `AZURE_LOG_LEVEL` environment variable to `info`. Alternatively, logging can be enabled at runtime by calling `setLogLevel` in the `@azure/logger`:
 
-```javascript
-const { setLogLevel } = require("@azure/logger");
+```ts snippet:SetLogLevel
+import { setLogLevel } from "@azure/logger";
 
 setLogLevel("info");
 ```

package/dist/browser/attestationAdministrationClient.d.ts

@@ -63,13 +63,12 @@ export declare class AttestationAdministrationClient {
      * Creates an instance of AttestationAdministrationClient.
      *
      * Example usage:
-     * ```ts
+     * ```ts snippet:AttestationAdministrationClient_Constructor
      * import { AttestationAdministrationClient } from "@azure/attestation";
+     * import { DefaultAzureCredential } from "@azure/identity";
      *
-     * const client = new AttestationAdministrationClient(
-     *    "<service endpoint>",
-     *    new TokenCredential("<>")
-     * );
+     * const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+     * const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());
      * ```
      *
      * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.

package/dist/browser/attestationAdministrationClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAcxD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}
+{"version":3,"file":"attestationAdministrationClient.d.ts","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iCAAiC,EACjC,eAAe,EACf,oCAAoC,EACpC,YAAY,EACb,MAAM,mBAAmB,CAAC;AAG3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAcxD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,mBAAmB;IACjF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,+CAAgD,SAAQ,gBAAgB;IACvF;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,qDACf,SAAQ,+CAA+C;IACvD;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gEACf,SAAQ,+CAA+C;CAAG;AAE5D;;;;;;;;;;;GAWG;AACH,qBAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;OAeG;gBAGD,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,GAAE,sCAA2C;IAmBtD;;;;;;;;;OASG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IA6CvC;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CACpB,eAAe,EAAE,eAAe,EAChC,iBAAiB,EAAE,MAAM,EACzB,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAqD7C;;;;;;;;;;;;;;;;;;OAkBG;IAEU,WAAW,CACtB,eAAe,EAAE,eAAe,EAChC,OAAO,GAAE,qDAA0D,GAClE,OAAO,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;IAoD7C;;;;;;;OAOG;IACU,+BAA+B,CAC1C,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAuCpD;;;;;;;;;;;;;;;;;OAiBG;IACU,8BAA8B,CACzC,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;IAwErE,OAAO,CAAC,sBAAsB;IAmB9B;;;;;;;;;;;;;;;;OAgBG;IACU,iCAAiC,CAC5C,cAAc,EAAE,MAAM,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE,gEAAqE,GAC7E,OAAO,CAAC,mBAAmB,CAAC,oCAAoC,CAAC,CAAC;YAwEvD,WAAW;IAazB,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAC,CAAsB;IACvC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;CAChE"}

package/dist/browser/attestationAdministrationClient.js

@@ -33,13 +33,12 @@ export class AttestationAdministrationClient {
      * Creates an instance of AttestationAdministrationClient.
      *
      * Example usage:
-     * ```ts
+     * ```ts snippet:AttestationAdministrationClient_Constructor
      * import { AttestationAdministrationClient } from "@azure/attestation";
+     * import { DefaultAzureCredential } from "@azure/identity";
      *
-     * const client = new AttestationAdministrationClient(
-     *    "<service endpoint>",
-     *    new TokenCredential("<>")
-     * );
+     * const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+     * const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());
      * ```
      *
      * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.

package/dist/browser/attestationAdministrationClient.js.map

@@ -1 +1 @@
-{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;;OAgBG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   *\n   * const client = new AttestationAdministrationClient(\n   *    \"<service endpoint>\",\n   *    new TokenCredential(\"<>\")\n   * );\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}
+{"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,uDAAuD;AACvD,OAAO,EAAE,eAAe,EAAE,MAAM,gCAAgC,CAAC;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AASrC,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAUhD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qCAAqC,CAAC;AAI9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,OAAO,MAAM,+BAA+B,CAAC;AAEzD,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,+BAA+B;IAC1C;;;;;;;;;;;;;;;OAeG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,MAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,uBAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,yBAAyB,CAC9B,KAAK,EACL,aAAa,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,oBAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,aAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,2BAA2B,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,0BAA0B,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,yBAAyB,CAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,gBAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,+BAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,yBAAyB,CAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,aAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,2BAA2B,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,oBAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,gBAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,oBAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,yBAAyB,CAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,+BAA+B,CAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n  AttestationCertificateManagementBody,\n  GeneratedClientOptionalParams,\n  JsonWebKey,\n  PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n  AttestationResponse,\n  AttestationSigner,\n  AttestationTokenValidationOptions,\n  AttestationType,\n  PolicyCertificatesModificationResult,\n  PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n  /**\n   * Options to be used globally to validate attestation tokens received from\n   * the attestation service.\n   */\n  validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n  extends AttestationAdministrationClientOperationOptions {\n  /**\n   * Optional Private key used to sign the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   */\n  privateKey?: string;\n\n  /**\n   * Optional certificate which can validate the token sent to the attestation service.\n   *\n   * Required for Isolated Mode attestation instances.\n   *\n   * If the service instance is in Isolated mode, the certificate *must* be one\n   * of the configured policy management certificates.\n   */\n  certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n  extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n  /**\n   * Creates an instance of AttestationAdministrationClient.\n   *\n   * Example usage:\n   * ```ts snippet:AttestationAdministrationClient_Constructor\n   * import { AttestationAdministrationClient } from \"@azure/attestation\";\n   * import { DefaultAzureCredential } from \"@azure/identity\";\n   *\n   * const endpoint = \"https://<attestation-instance>.<region>.attest.azure.net\";\n   * const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());\n   * ```\n   *\n   * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n   * @param credential - Used to authenticate requests to the service.\n   * @param options - Used to configure the Form Recognizer client.\n   */\n\n  constructor(\n    endpoint: string,\n    credentials: TokenCredential,\n    options: AttestationAdministrationClientOptions = {},\n  ) {\n    this._validationOptions = options.validationOptions;\n\n    const internalPipelineOptions: GeneratedClientOptionalParams = {\n      ...options,\n      ...{\n        credential: credentials,\n        credentialScopes: [\"https://attest.azure.net/.default\"],\n        loggingOptions: {\n          logger: logger.info,\n          allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n        },\n      },\n    };\n\n    this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n  }\n\n  /**\n   * Retrieves the attestation policy document from the server, and returns it\n   * to the caller.\n   *\n   * @param attestationType - AttestationType for which to retrieve policy.\n   * @param options - Pipeline and client options for the `getPolicy` call.\n   * @returns `AttestationResponse<string>` - the `value` property is the\n   *      attestation policy,  the `token` property will be the actual token\n   *      returned by the attestation service.\n   */\n  public async getPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<string>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicy\",\n      options,\n      async (updatedOptions) => {\n        const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getPolicyResult.token);\n\n        // Validate the token returned from the service.\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        if (!policyResult.policy) {\n          throw Error(\"Server returned an invalid getPolicy response!\");\n        }\n\n        const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n        const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n        // Finally, retrieve the stored attestationPolicy value and return that\n        // as the AttestationResponse to the caller.\n        return createAttestationResponse<string>(\n          token,\n          bytesToString(storedPolicy.attestationPolicy),\n        );\n      },\n    );\n  }\n\n  /**\n   * Sets the attestation policy for the specified {@link attestationType}.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param newPolicyDocument - Policy document to be set.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  set by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async setPolicy(\n    attestationType: AttestationType,\n    newPolicyDocument: string,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n        const setPolicyToken = AttestationTokenImpl.create({\n          body: storedAttestationPolicy,\n          ...options,\n        });\n\n        const setPolicyResult = await this._client.policy.set(\n          attestationType,\n          setPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(setPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /**\n   * Resets the attestation policy for the specified {@link attestationType} to\n   * the default value.\n   *\n   * @param attestationType - Attestation Type for which to set policy.\n   * @param options - call options.\n   * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n   *  Clients can use the PolicyResult to validate that the policy was actually\n   *  reset by the attestation service.\n   *\n   * @remarks\n   *\n   * Please note that if the attestation service instance is running in \"Isolated\"\n   * mode, the {@link signingKey} must be one of the signing keys configured for the\n   * service instance.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n\n  public async resetPolicy(\n    attestationType: AttestationType,\n    options: AttestationAdministrationClientPolicyOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-setPolicy\",\n      options,\n      async (updatedOptions) => {\n        if (\n          (!options.privateKey && options.certificate) ||\n          (options.privateKey && !options.certificate)\n        ) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (options.privateKey && options.certificate) {\n          verifyAttestationSigningKey(options.privateKey, options.certificate);\n        }\n\n        const resetPolicyToken = AttestationTokenImpl.create({\n          privateKey: options.privateKey,\n          certificate: options.certificate,\n        });\n\n        const resetPolicyResult = await this._client.policy.reset(\n          attestationType,\n          resetPolicyToken.serialize(),\n          updatedOptions,\n        );\n\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(resetPolicyResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const policyResult = _policyResultFromGenerated(token.getBody());\n\n        // The policyResult.policy value will be a JSON Web Signature representing\n        // the actual policy object being retrieved. Serialize the token to an\n        // AttestationToken object so we can access the body properties on the token.\n        return createAttestationResponse<PolicyResult>(token, policyResult);\n      },\n    );\n  }\n\n  /** Returns the set of policy management certificates for this attestation instance.\n   *\n   * @remarks If the attestation instance is not in `Isolated` mode, this list will\n   *    always be empty.\n   *\n   * @param options - Options for the call to the attestation service.\n   * @returns AttestationResponse wrapping a list of Attestation Signers.\n   */\n  public async getPolicyManagementCertificates(\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<AttestationSigner[]>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n      options,\n      async (updatedOptions) => {\n        const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(getCertificatesResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyResult object to retrieve the underlying policy\n        //  token\n        const jwks = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesResult\",\n        ) as PolicyCertificatesResult;\n\n        const policyCertificates = new Array<AttestationSigner>();\n        jwks.policyCertificates.keys.forEach((jwk) => {\n          policyCertificates.push(_attestationSignerFromGenerated(jwk));\n        });\n\n        return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n      },\n    );\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   *\n   */\n  public async addPolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const addCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const addCertificateResult = await this._client.policyCertificates.add(\n          addCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(addCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private keyTypeFromCertificate(cert: any): string {\n    let kty: string;\n    switch (cert.getSignatureAlgorithmName()) {\n      case \"SHA256withRSA\":\n      case \"SHA384withRSA\":\n      case \"SHA512withRSA\":\n        kty = \"RSA\";\n        break;\n      case \"SHA256withECDSA\":\n      case \"SHA384withECDSA\":\n        kty = \"EC\";\n        break;\n      default:\n        kty = \"RSA\";\n        break;\n    }\n    return kty;\n  }\n\n  /** Add a new certificate chain to the set of policy management certificates.\n   *\n   * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n   * @param privateKey - Existing attestation private key used to sign the incoming request.\n   * @param certificate - Existing attestation certificate used to verify the incoming request.\n   * @param options - Options used in the call to the service.\n   * @returns An attestation response including a PolicyCertificatesModificationResult\n   *\n   * @remarks This API is only supported on `isolated` attestation instances.\n   *\n   * The signing key MUST be one of the existing attestation signing certificates. The\n   * new pemCertificate is signed using the signingKey and the service will validate the\n   * signature before allowing the addition.\n   *\n   * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n   * @throws {@link Error} when the key in the certificate provided does not match the private key.\n   */\n  public async removePolicyManagementCertificate(\n    pemCertificate: string,\n    privateKey: string,\n    certificate: string,\n    options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n  ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n    return tracingClient.withSpan(\n      \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n      options,\n      async (updatedOptions) => {\n        if ((!privateKey && certificate) || (privateKey && !certificate)) {\n          throw new Error(\n            \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n          );\n        }\n\n        if (privateKey && certificate) {\n          verifyAttestationSigningKey(privateKey, certificate);\n        }\n\n        const cert = new jsrsasign.X509();\n        cert.readCertPEM(pemCertificate);\n        const kty = this.keyTypeFromCertificate(cert);\n\n        const jwk: JsonWebKey = {\n          x5C: [hexToBase64(cert.hex)],\n          kty: kty,\n        };\n\n        const addBody: AttestationCertificateManagementBody = {\n          policyCertificate: jwk,\n        };\n\n        const removeCertToken = AttestationTokenImpl.create({\n          body: TypeDeserializer.serialize(\n            addBody,\n            {\n              AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n              JsonWebKey: Mappers.JsonWebKey,\n            },\n            Mappers.AttestationCertificateManagementBody,\n          ),\n          privateKey: privateKey,\n          certificate: certificate,\n        });\n\n        const removeCertificateResult = await this._client.policyCertificates.remove(\n          removeCertToken.serialize(),\n          updatedOptions,\n        );\n        // The attestation token returned from the service has a PolicyResult\n        // object as the body.\n        const token = new AttestationTokenImpl(removeCertificateResult.token);\n        const problems = token.getTokenProblems(\n          await this.signingKeys(),\n          options.validationOptions ?? this._validationOptions,\n        );\n        if (problems.length) {\n          throw new Error(problems.join(\";\"));\n        }\n\n        // Deserialize the PolicyCertificatesModificationResult object.\n        const result = TypeDeserializer.deserialize(\n          token.getBody(),\n          {\n            PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n            JsonWebKeySet: Mappers.JsonWebKeySet,\n            JsonWebKey: Mappers.JsonWebKey,\n          },\n          \"PolicyCertificatesModificationResult\",\n        ) as PolicyCertificatesModificationResult;\n\n        return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n      },\n    );\n  }\n\n  private async signingKeys(): Promise<AttestationSigner[]> {\n    if (this._signers !== undefined) {\n      return this._signers;\n    }\n    const jwks = await this._client.signingCertificates.get();\n    const signers: AttestationSigner[] = new Array();\n    jwks.keys?.forEach((element) => {\n      signers.push(_attestationSignerFromGenerated(element));\n    });\n    this._signers = signers;\n    return this._signers;\n  }\n\n  private _client: GeneratedClient;\n  private _signers?: AttestationSigner[];\n  private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}

package/dist/browser/attestationClient.d.ts

@@ -103,12 +103,11 @@ export declare class AttestationClient {
      * Creates an instance of AttestationClient.
      *
      * Example usage:
-     * ```ts
+     * ```ts snippet:Attestation_Constructor_NoCreds
      * import { AttestationClient } from "@azure/attestation";
      *
-     * const client = new AttestationClient(
-     *    "<service endpoint>"
-     * );
+     * const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+     * const client = new AttestationClient(endpoint);
      * ```
      *
      * @param endpoint - The attestation instance base URI, for example https://mytenant.attest.azure.net.
@@ -120,14 +119,13 @@ export declare class AttestationClient {
      * Creates an instance of AttestationClient with options and credentials.
      *
      * Example usage:
-     * ```ts
+     * ```ts snippet:Attestation_Constructor_Creds
+     * import { DefaultAzureCredential } from "@azure/identity";
      * import { AttestationClient } from "@azure/attestation";
      *
-     * const client = new AttestationClient(
-     *    "<service endpoint>",
-     *    new TokenCredential("<>"),
-     *    { tokenValidationOptions: { validateToken: false } }
-     * );
+     * const endpoint = "https://<attestation-instance>.<region>.attest.azure.net";
+     * const credentials = new DefaultAzureCredential();
+     * const client = new AttestationClient(endpoint, credentials);
      * ```
      *
      * Note that credentials are required to call the `attestTpm` API.
@@ -175,7 +173,7 @@ export declare class AttestationClient {
      * @example
      * For example, the initial call for a TPM attestation operation is:
      *
-     * ```js
+     * ```snippet:AttestationClient_AttestTpm
      * const encodedPayload = JSON.stringify({ payload: { type: "aikcert" } });
      * const result = await client.attestTpm(encodedPayload);
      * ```

package/dist/browser/attestationClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attestationClient.d.ts","sourceRoot":"","sources":["../../src/attestationClient.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,iBAAiB,EACjB,iBAAiB,EACjB,iCAAiC,EAClC,MAAM,mBAAmB,CAAC;AAa3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAI3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAQhF;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,mBAAmB;IACnE;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,iCAAkC,SAAQ,gBAAgB;IACzE;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,wBAAyB,SAAQ,iCAAiC;IACjF;;;OAGG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAwB,SAAQ,iCAAiC;IAChF;;;OAGG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,iCAAiC;CAAG;AAE9E;;;;;;;;;;GAUG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;;;;;;;OAeG;gBACgB,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,wBAAwB;IAEvE;;;;;;;;;;;;;;;;;;;OAmBG;gBAED,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,wBAAwB;IAmCpC;;;;;;;;;;;OAWG;IACU,iBAAiB,CAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,EAClC,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;IAqElD;;;;;;;;OAQG;IACU,gBAAgB,CAC3B,KAAK,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,EACjC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;IAoElD;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACU,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,gBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBxF;;;;;;OAMG;IACU,qBAAqB,CAEhC,OAAO,GAAE,iCAAsC,GAC9C,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAe/B;;;;OAIG;IACU,iBAAiB,CAE5B,OAAO,GAAE,iCAAsC,GAC9C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;IAC/D,OAAO,CAAC,QAAQ,CAAC,CAAsB;YAEzB,YAAY;CAY3B"}
+{"version":3,"file":"attestationClient.d.ts","sourceRoot":"","sources":["../../src/attestationClient.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,iBAAiB,EACjB,iBAAiB,EACjB,iCAAiC,EAClC,MAAM,mBAAmB,CAAC;AAa3B,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAI3E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAQhF;;GAEG;AACH,MAAM,WAAW,wBAAyB,SAAQ,mBAAmB;IACnE;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,iCAAkC,SAAQ,gBAAgB;IACzE;;;OAGG;IACH,iBAAiB,CAAC,EAAE,iCAAiC,CAAC;CACvD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,wBAAyB,SAAQ,iCAAiC;IACjF;;;OAGG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAwB,SAAQ,iCAAiC;IAChF;;;OAGG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,WAAW,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,yBAAyB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAiB,SAAQ,iCAAiC;CAAG;AAE9E;;;;;;;;;;GAUG;AACH,qBAAa,iBAAiB;IAC5B;;;;;;;;;;;;;;OAcG;gBACgB,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,wBAAwB;IAEvE;;;;;;;;;;;;;;;;;;OAkBG;gBAED,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,eAAe,EAC5B,OAAO,CAAC,EAAE,wBAAwB;IAmCpC;;;;;;;;;;;OAWG;IACU,iBAAiB,CAC5B,MAAM,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,EAClC,OAAO,GAAE,wBAA6B,GACrC,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;IAqElD;;;;;;;;OAQG;IACU,gBAAgB,CAC3B,KAAK,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,EACjC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;IAoElD;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACU,SAAS,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,gBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBxF;;;;;;OAMG;IACU,qBAAqB,CAEhC,OAAO,GAAE,iCAAsC,GAC9C,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAe/B;;;;OAIG;IACU,iBAAiB,CAE5B,OAAO,GAAE,iCAAsC,GAC9C,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAWnC,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,kBAAkB,CAAC,CAAoC;IAC/D,OAAO,CAAC,QAAQ,CAAC,CAAsB;YAEzB,YAAY;CAY3B"}

package/dist/browser/attestationClient.js

@@ -166,7 +166,7 @@ export class AttestationClient {
      * @example
      * For example, the initial call for a TPM attestation operation is:
      *
-     * ```js
+     * ```snippet:AttestationClient_AttestTpm
      * const encodedPayload = JSON.stringify({ payload: { type: "aikcert" } });
      * const result = await client.attestTpm(encodedPayload);
      * ```