@azure/attestation 1.0.1-alpha.20250619.1 → 1.0.1-alpha.20250723.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/dist/browser/attestationAdministrationClient.js +24 -22
  2. package/dist/browser/attestationAdministrationClient.js.map +1 -1
  3. package/dist/browser/attestationClient.js +23 -21
  4. package/dist/browser/attestationClient.js.map +1 -1
  5. package/dist/browser/generated/generatedClient.js +14 -3
  6. package/dist/browser/generated/generatedClient.js.map +1 -1
  7. package/dist/browser/generated/operations/attestation.js +4 -3
  8. package/dist/browser/generated/operations/attestation.js.map +1 -1
  9. package/dist/browser/generated/operations/metadataConfiguration.js +2 -1
  10. package/dist/browser/generated/operations/metadataConfiguration.js.map +1 -1
  11. package/dist/browser/generated/operations/policy.js +4 -3
  12. package/dist/browser/generated/operations/policy.js.map +1 -1
  13. package/dist/browser/generated/operations/policyCertificates.js +4 -3
  14. package/dist/browser/generated/operations/policyCertificates.js.map +1 -1
  15. package/dist/browser/generated/operations/signingCertificates.js +2 -1
  16. package/dist/browser/generated/operations/signingCertificates.js.map +1 -1
  17. package/dist/browser/models/attestationResult.js +17 -0
  18. package/dist/browser/models/attestationResult.js.map +1 -1
  19. package/dist/browser/models/attestationSigner.js +2 -3
  20. package/dist/browser/models/attestationSigner.js.map +1 -1
  21. package/dist/browser/models/attestationToken.js +12 -8
  22. package/dist/browser/models/attestationToken.js.map +1 -1
  23. package/dist/browser/models/storedAttestationPolicy.js +4 -0
  24. package/dist/browser/models/storedAttestationPolicy.js.map +1 -1
  25. package/dist/commonjs/attestationAdministrationClient.js +24 -22
  26. package/dist/commonjs/attestationAdministrationClient.js.map +1 -1
  27. package/dist/commonjs/attestationClient.js +23 -21
  28. package/dist/commonjs/attestationClient.js.map +1 -1
  29. package/dist/commonjs/generated/generatedClient.js +14 -3
  30. package/dist/commonjs/generated/generatedClient.js.map +1 -1
  31. package/dist/commonjs/generated/operations/attestation.js +4 -3
  32. package/dist/commonjs/generated/operations/attestation.js.map +1 -1
  33. package/dist/commonjs/generated/operations/metadataConfiguration.js +2 -1
  34. package/dist/commonjs/generated/operations/metadataConfiguration.js.map +1 -1
  35. package/dist/commonjs/generated/operations/policy.js +4 -3
  36. package/dist/commonjs/generated/operations/policy.js.map +1 -1
  37. package/dist/commonjs/generated/operations/policyCertificates.js +4 -3
  38. package/dist/commonjs/generated/operations/policyCertificates.js.map +1 -1
  39. package/dist/commonjs/generated/operations/signingCertificates.js +2 -1
  40. package/dist/commonjs/generated/operations/signingCertificates.js.map +1 -1
  41. package/dist/commonjs/models/attestationResult.js +17 -0
  42. package/dist/commonjs/models/attestationResult.js.map +1 -1
  43. package/dist/commonjs/models/attestationSigner.js +2 -3
  44. package/dist/commonjs/models/attestationSigner.js.map +1 -1
  45. package/dist/commonjs/models/attestationToken.js +12 -8
  46. package/dist/commonjs/models/attestationToken.js.map +1 -1
  47. package/dist/commonjs/models/storedAttestationPolicy.js +4 -0
  48. package/dist/commonjs/models/storedAttestationPolicy.js.map +1 -1
  49. package/dist/commonjs/tsdoc-metadata.json +11 -11
  50. package/dist/esm/attestationAdministrationClient.js +24 -22
  51. package/dist/esm/attestationAdministrationClient.js.map +1 -1
  52. package/dist/esm/attestationClient.js +23 -21
  53. package/dist/esm/attestationClient.js.map +1 -1
  54. package/dist/esm/generated/generatedClient.js +14 -3
  55. package/dist/esm/generated/generatedClient.js.map +1 -1
  56. package/dist/esm/generated/operations/attestation.js +4 -3
  57. package/dist/esm/generated/operations/attestation.js.map +1 -1
  58. package/dist/esm/generated/operations/metadataConfiguration.js +2 -1
  59. package/dist/esm/generated/operations/metadataConfiguration.js.map +1 -1
  60. package/dist/esm/generated/operations/policy.js +4 -3
  61. package/dist/esm/generated/operations/policy.js.map +1 -1
  62. package/dist/esm/generated/operations/policyCertificates.js +4 -3
  63. package/dist/esm/generated/operations/policyCertificates.js.map +1 -1
  64. package/dist/esm/generated/operations/signingCertificates.js +2 -1
  65. package/dist/esm/generated/operations/signingCertificates.js.map +1 -1
  66. package/dist/esm/models/attestationResult.js +17 -0
  67. package/dist/esm/models/attestationResult.js.map +1 -1
  68. package/dist/esm/models/attestationSigner.js +2 -3
  69. package/dist/esm/models/attestationSigner.js.map +1 -1
  70. package/dist/esm/models/attestationToken.js +12 -8
  71. package/dist/esm/models/attestationToken.js.map +1 -1
  72. package/dist/esm/models/storedAttestationPolicy.js +4 -0
  73. package/dist/esm/models/storedAttestationPolicy.js.map +1 -1
  74. package/dist/esm/utils/textEncoding-browser.d.mts +8 -2
  75. package/dist/esm/utils/textEncoding-browser.d.mts.map +1 -1
  76. package/dist/react-native/attestationAdministrationClient.js +24 -22
  77. package/dist/react-native/attestationAdministrationClient.js.map +1 -1
  78. package/dist/react-native/attestationClient.js +23 -21
  79. package/dist/react-native/attestationClient.js.map +1 -1
  80. package/dist/react-native/generated/generatedClient.js +14 -3
  81. package/dist/react-native/generated/generatedClient.js.map +1 -1
  82. package/dist/react-native/generated/operations/attestation.js +4 -3
  83. package/dist/react-native/generated/operations/attestation.js.map +1 -1
  84. package/dist/react-native/generated/operations/metadataConfiguration.js +2 -1
  85. package/dist/react-native/generated/operations/metadataConfiguration.js.map +1 -1
  86. package/dist/react-native/generated/operations/policy.js +4 -3
  87. package/dist/react-native/generated/operations/policy.js.map +1 -1
  88. package/dist/react-native/generated/operations/policyCertificates.js +4 -3
  89. package/dist/react-native/generated/operations/policyCertificates.js.map +1 -1
  90. package/dist/react-native/generated/operations/signingCertificates.js +2 -1
  91. package/dist/react-native/generated/operations/signingCertificates.js.map +1 -1
  92. package/dist/react-native/models/attestationResult.js +17 -0
  93. package/dist/react-native/models/attestationResult.js.map +1 -1
  94. package/dist/react-native/models/attestationSigner.js +2 -3
  95. package/dist/react-native/models/attestationSigner.js.map +1 -1
  96. package/dist/react-native/models/attestationToken.js +12 -8
  97. package/dist/react-native/models/attestationToken.js.map +1 -1
  98. package/dist/react-native/models/storedAttestationPolicy.js +4 -0
  99. package/dist/react-native/models/storedAttestationPolicy.js.map +1 -1
  100. package/dist/react-native/utils/textEncoding-browser.d.mts +8 -2
  101. package/dist/react-native/utils/textEncoding-browser.d.mts.map +1 -1
  102. package/package.json +2 -2
package/dist/react-native/models/attestationToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"attestationToken.js","sourceRoot":"","sources":["../../../src/models/attestationToken.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AAGvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAEzE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAkN/E;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;;;OAIG;IACH,YAAY,KAAa;QACvB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAC3D,2DAA2D;QAE3D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAWD;;;;OAIG;IACI,OAAO;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACI,SAAS;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;;OAMG;IACI,gBAAgB,CACrB,eAAqC,EACrC,UAA6C;QAC3C,sBAAsB,EAAE,IAAI;QAC5B,aAAa,EAAE,IAAI;QACnB,qBAAqB,EAAE,IAAI;KAC5B;QAED,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,WAAW,GAAkC,SAAS,CAAC;QAC3D,IAAI,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE1D,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACtB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACzC,kDAAkD;gBAElD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAEjE,IAAI,OAAO,EAAE,CAAC;oBACZ,WAAW,GAAG,MAAM,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;YACjE,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YACnD,kFAAkF;YAClF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,OAA0C;QAC/D,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3C,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,IAAI,CAAC,MAAM,GAAG,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAChF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD;;;;OAIG;IACK,sBAAsB,CAAC,OAA0C;;QACvE,2EAA2E;QAC3E,cAAc;QACd,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QAExD,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;YACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,MAAA,OAAO,CAAC,mBAAmB,mCAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,MAAA,OAAO,CAAC,mBAAmB,mCAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,MAAyB;QAC9C,sCAAsC;QACtC,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IAEO,mBAAmB,CACzB,2BAAiD;QAEjD,MAAM,gBAAgB,GAAG,IAAI,KAAK,EAAqB,CAAC;QAExD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;QAEhC,IAAI,YAAY,KAAK,SAAS,IAAI,2BAA2B,KAAK,SAAS,EAAE,CAAC;YAC5E,2BAA2B,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;gBACrD,IAAI,cAAc,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;oBAC1C,gBAAgB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,uEAAuE;YACvE,sEAAsE;YACtE,qDAAqD;YACrD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;oBAC1E,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2BAA2B,aAA3B,2BAA2B,uBAA3B,2BAA2B,CAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1E,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACxC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,yDAAyD;IAEzD;;;;;;;OAOG;IACH,IAAW,SAAS;;QAClB,OAAO,MAAA,IAAI,CAAC,OAAO,0CAAE,GAAG,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;;OAMG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,IAAW,qBAAqB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,2BAA2B;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,IAAW,gBAAgB;QACzB,IAAI,GAAe,CAAC;QACpB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,CAAC,GAAG,EAChB,CAAC,OAAO,CAAC,UAAU,CAAC,EACpB,YAAY,CACC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,EACZ,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,EAClC,YAAY,CACC,CAAC;QAClB,CAAC;QACD,OAAO,+BAA+B,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,qDAAqD;IAErD;;;OAGG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;OAIG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,MAIpB;;QACC,MAAM,MAAM,GAGR,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;QAEpB,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7F,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,2BAA2B,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACjC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,MAAM,YAAY,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,IAAI,MAAM,YAAY,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACzD,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,MAAM,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC;QACtB,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAC9C,MAAM,CAAC,GAAG,EACV,MAAM,EACN,MAAA,MAAM,CAAC,IAAI,mCAAI,EAAE,EACjB,MAAM,CAAC,UAAU,CAClB,CAAC;QACF,OAAO,IAAI,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF;AAED,SAAS,QAAQ,CAAC,KAAU;IAC1B,OAAO,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,iBAAiB,CAAC;AACrE,CAAC;AAED,SAAS,aAAa,CAAC,KAAU;IAC/B,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\n\nimport type { JsonWebKey } from \"../generated/models/index.js\";\nimport { base64UrlDecodeString } from \"../utils/base64.js\";\nimport { bytesToString } from \"../utils/utf8.js\";\nimport type { AttestationSigner } from \"./attestationSigner.js\";\nimport { _attestationSignerFromGenerated } from \"./attestationSigner.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\nimport { hexToBase64, verifyAttestationSigningKey } from \"../utils/helpers.js\";\n\n/**\n * Options used to validate attestation tokens.\n *\n * @typeparam issuer - if provided, specifies the expected issuer of the attestation token.\n * @typeparam validateExpirationTime - if true, validate the expiration time in the token.\n * @typeparam validateNotBeforeTime - if true, validate the \"not before\" time in the token.\n * @typeparam validateToken - if true, validate the token.\n * @typeparam timeValidationSlack - the validation time slack in the time based validations.\n *\n * @remarks\n *\n * If validateToken, validateNotBeforeTime, or validateExpirationTime are not\n * provided, they are all assumed to be 'true'.\n *\n */\nexport interface AttestationTokenValidationOptions {\n /**\n * If true, validate the attestation token, if false, skip validation.\n */\n validateToken?: boolean;\n /**\n * If true, validate the expiration time for the token.\n */\n validateExpirationTime?: boolean;\n /**\n * If true, validate the \"not before\" time for the token.\n */\n validateNotBeforeTime?: boolean;\n /**\n * If true, validate the issuer of the token.\n */\n validateIssuer?: boolean;\n /**\n * The expected issuer for the {@link AttestationToken}. Only checked if {@link validateIssuer} is set.\n */\n expectedIssuer?: string;\n\n /**\n * Tolerance time (in seconds) used to accound for clock drift between the local machine\n * and the server creating the token.\n */\n timeValidationSlack?: number;\n\n /**\n * Validation function which allows developers to provide their own validation\n * functionality for the attestation token. This can be used to perform additional\n * validations for signing certificate in AttestationSigner.\n *\n * @param token - Attestation Token to validate.\n * @param signer - Signing Certificate which validated the token.\n *\n * @remarks\n *\n * If there is a problem with token validation, the validateAttestationCallback function\n * will return an array of strings indicating the set of problems found in the token.\n *\n * @returns an array of problems in the token, or undefined if there are no problems.\n */\n validateAttestationToken?: (\n token: AttestationToken,\n signer?: AttestationSigner,\n ) => string[] | undefined;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport interface AttestationToken {\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n getBody(): unknown;\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n serialize(): string;\n\n /**\n * Validates the attestation token to verify that it is semantically correct.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n */\n getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options?: AttestationTokenValidationOptions,\n ): string[];\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n algorithm: string;\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n keyId?: string;\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n critical?: boolean;\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n contentType?: string;\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n keyUrl?: string;\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n x509Url?: string;\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n type?: string;\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n certificateThumbprint?: string;\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n certificateSha256Thumbprint?: string;\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n certificateChain?: AttestationSigner;\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuer?: string;\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n expiresOn?: Date;\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuedAt?: Date;\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n notBefore?: Date;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport class AttestationTokenImpl implements AttestationToken {\n /**\n * @internal\n *\n * @param token - Attetation token returned by the attestation service.\n */\n constructor(token: string) {\n this._token = token;\n\n const pieces = token.split(\".\");\n if (pieces.length !== 3) {\n throw Error(\"Incorrectly formatted token:\");\n }\n this._headerBytes = base64UrlDecodeString(pieces[0]);\n this._header = safeJsonParse(bytesToString(this._headerBytes));\n this._bodyBytes = base64UrlDecodeString(pieces[1]);\n this._body = safeJsonParse(bytesToString(this._bodyBytes));\n // this._signature = base64UrlDecodeString(pieces[2]);\n\n this._jwsVerifier = jsrsasign.KJUR.jws.JWS.parse(token);\n }\n\n private _token: string;\n private _headerBytes: Uint8Array;\n private _header: any;\n private _bodyBytes: Uint8Array;\n private _body: any;\n // private _signature: Uint8Array;\n\n private _jwsVerifier: any; // jsrsasign.KJUR.jws.JWS.JWSResult;\n\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n public getBody(): unknown {\n return this._jwsVerifier.payloadObj;\n }\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n public serialize(): string {\n return this._token;\n }\n\n /**\n * Returns the set of problems discovered in the attestation token.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n * @returns an array of string values. If there are no problems, returns an empty array.\n */\n public getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options: AttestationTokenValidationOptions = {\n validateExpirationTime: true,\n validateToken: true,\n validateNotBeforeTime: true,\n },\n ): string[] {\n let problems = new Array<string>();\n if (!options.validateToken) {\n return problems;\n }\n\n let foundSigner: AttestationSigner | undefined = undefined;\n if (this.algorithm !== \"none\") {\n const signers = this.getCandidateSigners(possibleSigners);\n\n signers.some((signer) => {\n const cert = this.certFromSigner(signer);\n // const pubKeyObj = cert.getPublicKey();\n\n const isValid = jsrsasign.KJUR.jws.JWS.verify(this._token, cert);\n\n if (isValid) {\n foundSigner = signer;\n }\n });\n\n if (foundSigner === undefined) {\n problems.push(\"Attestation Token is not properly signed.\");\n }\n }\n\n // If the token has a body, check the expiration time and issuer.\n if (this._body !== undefined) {\n problems = problems.concat(this.validateTimeProperties(options));\n problems = problems.concat(this.validateIssuer(options));\n }\n\n if (options.validateAttestationToken !== undefined) {\n // If there is a validation error, the getProblemsCallback will return the list of\n // problems found.\n const validationErrors = options.validateAttestationToken(this, foundSigner);\n if (validationErrors) {\n problems = problems.concat(validationErrors);\n }\n }\n return problems;\n }\n\n private validateIssuer(options: AttestationTokenValidationOptions): string[] {\n const problems = new Array<string>();\n if (this.issuer && options.validateIssuer) {\n if (this.issuer !== options.expectedIssuer) {\n problems.push(\n \"Found issuer: \" + this.issuer + \"; expected issuer: \" + options.expectedIssuer,\n );\n }\n }\n return problems;\n }\n /**\n * Validate the expiration and notbefore time claims in the JSON web token.\n *\n * @param options - Options to be used validating the time properties.\n */\n private validateTimeProperties(options: AttestationTokenValidationOptions): string[] {\n // Calculate the current time as a number of seconds since the start of the\n // Unix epoch.\n const problems = new Array<string>();\n const timeNow = Math.floor(new Date().getTime() / 1000);\n\n // Validate expiration time.\n if (this.expiresOn !== undefined && options.validateExpirationTime) {\n const expTime = this.expiresOn.getTime() / 1000;\n if (timeNow > expTime) {\n const delta = timeNow - expTime;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken has expired.\");\n }\n }\n }\n\n // Validate not before time.\n if (this.notBefore !== undefined && options.validateNotBeforeTime) {\n const nbfTime = this.notBefore.getTime() / 1000;\n if (nbfTime > timeNow) {\n const delta = nbfTime - timeNow;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken is not yet valid.\");\n }\n }\n }\n return problems;\n }\n\n private certFromSigner(signer: AttestationSigner): string {\n // return the PEM encoded certificate.\n return signer.certificates[0];\n }\n\n private getCandidateSigners(\n possibleSigningCertificates?: AttestationSigner[],\n ): AttestationSigner[] {\n const candidateSigners = new Array<AttestationSigner>();\n\n const desiredKeyId = this.keyId;\n\n if (desiredKeyId !== undefined && possibleSigningCertificates !== undefined) {\n possibleSigningCertificates.forEach((possibleSigner) => {\n if (possibleSigner.keyId === desiredKeyId) {\n candidateSigners.push(possibleSigner);\n }\n });\n\n // If we didn't find any candidate signers looking through the provided\n // signing certificates, then maybe there's a certificate chain in the\n // token itself that might be used to sign the token.\n if (candidateSigners.length === 0) {\n if (this.certificateChain !== undefined && this.certificateChain !== null) {\n candidateSigners.push(this.certificateChain);\n }\n }\n } else {\n possibleSigningCertificates?.map((value) => candidateSigners.push(value));\n if (this.certificateChain !== undefined) {\n candidateSigners.push(this.certificateChain);\n }\n }\n return candidateSigners;\n }\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n public get algorithm(): string {\n return this._header?.alg;\n }\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n public get keyId(): string | undefined {\n return this._header.kid;\n }\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n public get critical(): boolean | undefined {\n return this._header.crit;\n }\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n public get contentType(): string | undefined {\n return this._header.cty;\n }\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n public get keyUrl(): string | undefined {\n return this._header.jku;\n }\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n public get x509Url(): string | undefined {\n return this._header.x5u;\n }\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n public get type(): string | undefined {\n return this._header.typ;\n }\n\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n public get certificateThumbprint(): string | undefined {\n return this._header.x5t;\n }\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n public get certificateSha256Thumbprint(): string | undefined {\n return this._header[\"x5t#256\"];\n }\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n public get certificateChain(): AttestationSigner | undefined {\n let jwk: JsonWebKey;\n if (this._header.jwk !== undefined) {\n jwk = TypeDeserializer.deserialize(\n this._header.jwk,\n [Mappers.JsonWebKey],\n \"JsonWebKey\",\n ) as JsonWebKey;\n } else {\n jwk = TypeDeserializer.deserialize(\n this._header,\n { JsonWebKey: Mappers.JsonWebKey },\n \"JsonWebKey\",\n ) as JsonWebKey;\n }\n return _attestationSignerFromGenerated(jwk);\n }\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuer(): string | undefined {\n return this._body.iss;\n }\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n public get expiresOn(): Date | undefined {\n return this._body.exp ? new Date(this._body.exp * 1000) : undefined;\n }\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuedAt(): Date | undefined {\n return this._body.iat ? new Date(this._body.iat * 1000) : undefined;\n }\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n public get notBefore(): Date | undefined {\n return this._body.nbf ? new Date(this._body.nbf * 1000) : undefined;\n }\n\n /**\n * Creates a new attestation token from a body and signing key.\n * @param body - stringified body of the body of the token to be created.\n * @param signer - Optional signing key used to sign the newly created token.\n * @returns an {@link AttestationToken | attestation token}\n */\n public static create(params: {\n body?: string;\n privateKey?: string;\n certificate?: string;\n }): AttestationToken {\n const header: {\n alg: string;\n [k: string]: any;\n } = { alg: \"none\" };\n\n if ((!params.privateKey && params.certificate) || (params.privateKey && !params.certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (params.privateKey && params.certificate) {\n verifyAttestationSigningKey(params.privateKey, params.certificate);\n }\n\n if (params.privateKey || params.certificate) {\n const x5c = new jsrsasign.X509();\n x5c.readCertPEM(params.certificate);\n const pubKey = x5c.getPublicKey();\n if (pubKey instanceof jsrsasign.RSAKey) {\n header.alg = \"RS256\";\n } else if (pubKey instanceof jsrsasign.KJUR.crypto.ECDSA) {\n header.alg = \"ES256\";\n } else {\n throw new Error(\"Unknown public key type: \" + typeof pubKey);\n }\n header.x5c = [hexToBase64(x5c.hex)];\n } else {\n header.alg = \"none\";\n }\n\n const encodedToken = jsrsasign.KJUR.jws.JWS.sign(\n header.alg,\n header,\n params.body ?? \"\",\n params.privateKey,\n );\n return new AttestationTokenImpl(encodedToken);\n }\n}\n\nfunction isObject(thing: any): boolean {\n return Object.prototype.toString.call(thing) === \"[object Object]\";\n}\n\nfunction safeJsonParse(thing: any): any {\n if (isObject(thing)) return thing;\n try {\n return JSON.parse(thing);\n } catch (e: any) {\n return undefined;\n }\n}\n"]}
1
+ {"version":3,"file":"attestationToken.js","sourceRoot":"","sources":["../../../src/models/attestationToken.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AAGvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAEzE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAkN/E;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;;;OAIG;IACH,YAAY,KAAa;QACvB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAC3D,2DAA2D;QAE3D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAEO,MAAM,CAAS;IACf,YAAY,CAAa;IACzB,OAAO,CAAM;IACb,UAAU,CAAa;IACvB,KAAK,CAAM;IACnB,qCAAqC;IAE7B,YAAY,CAAM,CAAC,oCAAoC;IAE/D;;;;OAIG;IACI,OAAO;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACI,SAAS;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;;OAMG;IACI,gBAAgB,CACrB,eAAqC,EACrC,UAA6C;QAC3C,sBAAsB,EAAE,IAAI;QAC5B,aAAa,EAAE,IAAI;QACnB,qBAAqB,EAAE,IAAI;KAC5B;QAED,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,WAAW,GAAkC,SAAS,CAAC;QAC3D,IAAI,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE1D,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACtB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACzC,kDAAkD;gBAElD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAEjE,IAAI,OAAO,EAAE,CAAC;oBACZ,WAAW,GAAG,MAAM,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;YACjE,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YACnD,kFAAkF;YAClF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,OAA0C;QAC/D,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3C,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,IAAI,CAAC,MAAM,GAAG,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAChF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD;;;;OAIG;IACK,sBAAsB,CAAC,OAA0C;QACvE,2EAA2E;QAC3E,cAAc;QACd,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QAExD,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;YACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,MAAyB;QAC9C,sCAAsC;QACtC,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IAEO,mBAAmB,CACzB,2BAAiD;QAEjD,MAAM,gBAAgB,GAAG,IAAI,KAAK,EAAqB,CAAC;QAExD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;QAEhC,IAAI,YAAY,KAAK,SAAS,IAAI,2BAA2B,KAAK,SAAS,EAAE,CAAC;YAC5E,2BAA2B,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;gBACrD,IAAI,cAAc,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;oBAC1C,gBAAgB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,uEAAuE;YACvE,sEAAsE;YACtE,qDAAqD;YACrD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;oBAC1E,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2BAA2B,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1E,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACxC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,yDAAyD;IAEzD;;;;;;;OAOG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;;OAMG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,IAAW,qBAAqB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,2BAA2B;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,IAAW,gBAAgB;QACzB,IAAI,GAAe,CAAC;QACpB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,CAAC,GAAG,EAChB,CAAC,OAAO,CAAC,UAAU,CAAC,EACpB,YAAY,CACC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,EACZ,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,EAClC,YAAY,CACC,CAAC;QAClB,CAAC;QACD,OAAO,+BAA+B,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,qDAAqD;IAErD;;;OAGG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;OAIG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,MAIpB;QACC,MAAM,MAAM,GAGR,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;QAEpB,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7F,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,2BAA2B,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACjC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,MAAM,YAAY,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,IAAI,MAAM,YAAY,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACzD,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,MAAM,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC;QACtB,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAC9C,MAAM,CAAC,GAAG,EACV,MAAM,EACN,MAAM,CAAC,IAAI,IAAI,EAAE,EACjB,MAAM,CAAC,UAAU,CAClB,CAAC;QACF,OAAO,IAAI,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF;AAED,SAAS,QAAQ,CAAC,KAAU;IAC1B,OAAO,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,iBAAiB,CAAC;AACrE,CAAC;AAED,SAAS,aAAa,CAAC,KAAU;IAC/B,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\n\nimport type { JsonWebKey } from \"../generated/models/index.js\";\nimport { base64UrlDecodeString } from \"../utils/base64.js\";\nimport { bytesToString } from \"../utils/utf8.js\";\nimport type { AttestationSigner } from \"./attestationSigner.js\";\nimport { _attestationSignerFromGenerated } from \"./attestationSigner.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\nimport { hexToBase64, verifyAttestationSigningKey } from \"../utils/helpers.js\";\n\n/**\n * Options used to validate attestation tokens.\n *\n * @typeparam issuer - if provided, specifies the expected issuer of the attestation token.\n * @typeparam validateExpirationTime - if true, validate the expiration time in the token.\n * @typeparam validateNotBeforeTime - if true, validate the \"not before\" time in the token.\n * @typeparam validateToken - if true, validate the token.\n * @typeparam timeValidationSlack - the validation time slack in the time based validations.\n *\n * @remarks\n *\n * If validateToken, validateNotBeforeTime, or validateExpirationTime are not\n * provided, they are all assumed to be 'true'.\n *\n */\nexport interface AttestationTokenValidationOptions {\n /**\n * If true, validate the attestation token, if false, skip validation.\n */\n validateToken?: boolean;\n /**\n * If true, validate the expiration time for the token.\n */\n validateExpirationTime?: boolean;\n /**\n * If true, validate the \"not before\" time for the token.\n */\n validateNotBeforeTime?: boolean;\n /**\n * If true, validate the issuer of the token.\n */\n validateIssuer?: boolean;\n /**\n * The expected issuer for the {@link AttestationToken}. Only checked if {@link validateIssuer} is set.\n */\n expectedIssuer?: string;\n\n /**\n * Tolerance time (in seconds) used to accound for clock drift between the local machine\n * and the server creating the token.\n */\n timeValidationSlack?: number;\n\n /**\n * Validation function which allows developers to provide their own validation\n * functionality for the attestation token. This can be used to perform additional\n * validations for signing certificate in AttestationSigner.\n *\n * @param token - Attestation Token to validate.\n * @param signer - Signing Certificate which validated the token.\n *\n * @remarks\n *\n * If there is a problem with token validation, the validateAttestationCallback function\n * will return an array of strings indicating the set of problems found in the token.\n *\n * @returns an array of problems in the token, or undefined if there are no problems.\n */\n validateAttestationToken?: (\n token: AttestationToken,\n signer?: AttestationSigner,\n ) => string[] | undefined;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport interface AttestationToken {\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n getBody(): unknown;\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n serialize(): string;\n\n /**\n * Validates the attestation token to verify that it is semantically correct.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n */\n getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options?: AttestationTokenValidationOptions,\n ): string[];\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n algorithm: string;\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n keyId?: string;\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n critical?: boolean;\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n contentType?: string;\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n keyUrl?: string;\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n x509Url?: string;\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n type?: string;\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n certificateThumbprint?: string;\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n certificateSha256Thumbprint?: string;\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n certificateChain?: AttestationSigner;\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuer?: string;\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n expiresOn?: Date;\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuedAt?: Date;\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n notBefore?: Date;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport class AttestationTokenImpl implements AttestationToken {\n /**\n * @internal\n *\n * @param token - Attetation token returned by the attestation service.\n */\n constructor(token: string) {\n this._token = token;\n\n const pieces = token.split(\".\");\n if (pieces.length !== 3) {\n throw Error(\"Incorrectly formatted token:\");\n }\n this._headerBytes = base64UrlDecodeString(pieces[0]);\n this._header = safeJsonParse(bytesToString(this._headerBytes));\n this._bodyBytes = base64UrlDecodeString(pieces[1]);\n this._body = safeJsonParse(bytesToString(this._bodyBytes));\n // this._signature = base64UrlDecodeString(pieces[2]);\n\n this._jwsVerifier = jsrsasign.KJUR.jws.JWS.parse(token);\n }\n\n private _token: string;\n private _headerBytes: Uint8Array;\n private _header: any;\n private _bodyBytes: Uint8Array;\n private _body: any;\n // private _signature: Uint8Array;\n\n private _jwsVerifier: any; // jsrsasign.KJUR.jws.JWS.JWSResult;\n\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n public getBody(): unknown {\n return this._jwsVerifier.payloadObj;\n }\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n public serialize(): string {\n return this._token;\n }\n\n /**\n * Returns the set of problems discovered in the attestation token.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n * @returns an array of string values. If there are no problems, returns an empty array.\n */\n public getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options: AttestationTokenValidationOptions = {\n validateExpirationTime: true,\n validateToken: true,\n validateNotBeforeTime: true,\n },\n ): string[] {\n let problems = new Array<string>();\n if (!options.validateToken) {\n return problems;\n }\n\n let foundSigner: AttestationSigner | undefined = undefined;\n if (this.algorithm !== \"none\") {\n const signers = this.getCandidateSigners(possibleSigners);\n\n signers.some((signer) => {\n const cert = this.certFromSigner(signer);\n // const pubKeyObj = cert.getPublicKey();\n\n const isValid = jsrsasign.KJUR.jws.JWS.verify(this._token, cert);\n\n if (isValid) {\n foundSigner = signer;\n }\n });\n\n if (foundSigner === undefined) {\n problems.push(\"Attestation Token is not properly signed.\");\n }\n }\n\n // If the token has a body, check the expiration time and issuer.\n if (this._body !== undefined) {\n problems = problems.concat(this.validateTimeProperties(options));\n problems = problems.concat(this.validateIssuer(options));\n }\n\n if (options.validateAttestationToken !== undefined) {\n // If there is a validation error, the getProblemsCallback will return the list of\n // problems found.\n const validationErrors = options.validateAttestationToken(this, foundSigner);\n if (validationErrors) {\n problems = problems.concat(validationErrors);\n }\n }\n return problems;\n }\n\n private validateIssuer(options: AttestationTokenValidationOptions): string[] {\n const problems = new Array<string>();\n if (this.issuer && options.validateIssuer) {\n if (this.issuer !== options.expectedIssuer) {\n problems.push(\n \"Found issuer: \" + this.issuer + \"; expected issuer: \" + options.expectedIssuer,\n );\n }\n }\n return problems;\n }\n /**\n * Validate the expiration and notbefore time claims in the JSON web token.\n *\n * @param options - Options to be used validating the time properties.\n */\n private validateTimeProperties(options: AttestationTokenValidationOptions): string[] {\n // Calculate the current time as a number of seconds since the start of the\n // Unix epoch.\n const problems = new Array<string>();\n const timeNow = Math.floor(new Date().getTime() / 1000);\n\n // Validate expiration time.\n if (this.expiresOn !== undefined && options.validateExpirationTime) {\n const expTime = this.expiresOn.getTime() / 1000;\n if (timeNow > expTime) {\n const delta = timeNow - expTime;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken has expired.\");\n }\n }\n }\n\n // Validate not before time.\n if (this.notBefore !== undefined && options.validateNotBeforeTime) {\n const nbfTime = this.notBefore.getTime() / 1000;\n if (nbfTime > timeNow) {\n const delta = nbfTime - timeNow;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken is not yet valid.\");\n }\n }\n }\n return problems;\n }\n\n private certFromSigner(signer: AttestationSigner): string {\n // return the PEM encoded certificate.\n return signer.certificates[0];\n }\n\n private getCandidateSigners(\n possibleSigningCertificates?: AttestationSigner[],\n ): AttestationSigner[] {\n const candidateSigners = new Array<AttestationSigner>();\n\n const desiredKeyId = this.keyId;\n\n if (desiredKeyId !== undefined && possibleSigningCertificates !== undefined) {\n possibleSigningCertificates.forEach((possibleSigner) => {\n if (possibleSigner.keyId === desiredKeyId) {\n candidateSigners.push(possibleSigner);\n }\n });\n\n // If we didn't find any candidate signers looking through the provided\n // signing certificates, then maybe there's a certificate chain in the\n // token itself that might be used to sign the token.\n if (candidateSigners.length === 0) {\n if (this.certificateChain !== undefined && this.certificateChain !== null) {\n candidateSigners.push(this.certificateChain);\n }\n }\n } else {\n possibleSigningCertificates?.map((value) => candidateSigners.push(value));\n if (this.certificateChain !== undefined) {\n candidateSigners.push(this.certificateChain);\n }\n }\n return candidateSigners;\n }\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n public get algorithm(): string {\n return this._header?.alg;\n }\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n public get keyId(): string | undefined {\n return this._header.kid;\n }\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n public get critical(): boolean | undefined {\n return this._header.crit;\n }\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n public get contentType(): string | undefined {\n return this._header.cty;\n }\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n public get keyUrl(): string | undefined {\n return this._header.jku;\n }\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n public get x509Url(): string | undefined {\n return this._header.x5u;\n }\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n public get type(): string | undefined {\n return this._header.typ;\n }\n\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n public get certificateThumbprint(): string | undefined {\n return this._header.x5t;\n }\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n public get certificateSha256Thumbprint(): string | undefined {\n return this._header[\"x5t#256\"];\n }\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n public get certificateChain(): AttestationSigner | undefined {\n let jwk: JsonWebKey;\n if (this._header.jwk !== undefined) {\n jwk = TypeDeserializer.deserialize(\n this._header.jwk,\n [Mappers.JsonWebKey],\n \"JsonWebKey\",\n ) as JsonWebKey;\n } else {\n jwk = TypeDeserializer.deserialize(\n this._header,\n { JsonWebKey: Mappers.JsonWebKey },\n \"JsonWebKey\",\n ) as JsonWebKey;\n }\n return _attestationSignerFromGenerated(jwk);\n }\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuer(): string | undefined {\n return this._body.iss;\n }\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n public get expiresOn(): Date | undefined {\n return this._body.exp ? new Date(this._body.exp * 1000) : undefined;\n }\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuedAt(): Date | undefined {\n return this._body.iat ? new Date(this._body.iat * 1000) : undefined;\n }\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n public get notBefore(): Date | undefined {\n return this._body.nbf ? new Date(this._body.nbf * 1000) : undefined;\n }\n\n /**\n * Creates a new attestation token from a body and signing key.\n * @param body - stringified body of the body of the token to be created.\n * @param signer - Optional signing key used to sign the newly created token.\n * @returns an {@link AttestationToken | attestation token}\n */\n public static create(params: {\n body?: string;\n privateKey?: string;\n certificate?: string;\n }): AttestationToken {\n const header: {\n alg: string;\n [k: string]: any;\n } = { alg: \"none\" };\n\n if ((!params.privateKey && params.certificate) || (params.privateKey && !params.certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (params.privateKey && params.certificate) {\n verifyAttestationSigningKey(params.privateKey, params.certificate);\n }\n\n if (params.privateKey || params.certificate) {\n const x5c = new jsrsasign.X509();\n x5c.readCertPEM(params.certificate);\n const pubKey = x5c.getPublicKey();\n if (pubKey instanceof jsrsasign.RSAKey) {\n header.alg = \"RS256\";\n } else if (pubKey instanceof jsrsasign.KJUR.crypto.ECDSA) {\n header.alg = \"ES256\";\n } else {\n throw new Error(\"Unknown public key type: \" + typeof pubKey);\n }\n header.x5c = [hexToBase64(x5c.hex)];\n } else {\n header.alg = \"none\";\n }\n\n const encodedToken = jsrsasign.KJUR.jws.JWS.sign(\n header.alg,\n header,\n params.body ?? \"\",\n params.privateKey,\n );\n return new AttestationTokenImpl(encodedToken);\n }\n}\n\nfunction isObject(thing: any): boolean {\n return Object.prototype.toString.call(thing) === \"[object Object]\";\n}\n\nfunction safeJsonParse(thing: any): any {\n if (isObject(thing)) return thing;\n try {\n return JSON.parse(thing);\n } catch (e: any) {\n return undefined;\n }\n}\n"]}
package/dist/react-native/models/storedAttestationPolicy.js CHANGED
@@ -27,5 +27,9 @@ export class StoredAttestationPolicy {
27
27
  static deserialize(value) {
28
28
  return TypeDeserializer.deserialize(value, { StoredAttestationPolicy: Mappers.StoredAttestationPolicy }, "StoredAttestationPolicy");
29
29
  }
30
+ /**
31
+ * Stored attestation policy, utf8 encoded.
32
+ */
33
+ attestationPolicy;
30
34
  }
31
35
  //# sourceMappingURL=storedAttestationPolicy.js.map
package/dist/react-native/models/storedAttestationPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"storedAttestationPolicy.js","sourceRoot":"","sources":["../../../src/models/storedAttestationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAE1D;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAY,KAAa;QACvB,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,SAAS;QACP,OAAO,gBAAgB,CAAC,SAAS,CAC/B,IAAI,EACJ,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,OAAO,CAAC,uBAAuB,CAChC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,KAAc;QAC/B,OAAO,gBAAgB,CAAC,WAAW,CACjC,KAAK,EACL,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,yBAAyB,CACC,CAAC;IAC/B,CAAC;CAMF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport { stringToBytes } from \"../utils/utf8.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\n\n/**\n * Represents a stored attestation policy sent to the attestation service.\n */\nexport class StoredAttestationPolicy {\n constructor(value: string) {\n this.attestationPolicy = stringToBytes(value);\n }\n\n /**\n * Serializes a StoredAttestationPolicy object to a JSON encoded string.\n *\n * @returns The serialized JSON policy.\n */\n serialize(): string {\n return TypeDeserializer.serialize(\n this,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n Mappers.StoredAttestationPolicy,\n );\n }\n\n /**\n * Deserializes a stored attestation policy object returned from the attestation service.\n *\n * @param value - Raw JSON object from service to serialize as an attestation policy.\n * @returns Stored attestation policy.\n */\n static deserialize(value: unknown): StoredAttestationPolicy {\n return TypeDeserializer.deserialize(\n value,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n \"StoredAttestationPolicy\",\n ) as StoredAttestationPolicy;\n }\n\n /**\n * Stored attestation policy, utf8 encoded.\n */\n attestationPolicy: Uint8Array;\n}\n"]}
1
+ {"version":3,"file":"storedAttestationPolicy.js","sourceRoot":"","sources":["../../../src/models/storedAttestationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAE1D;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAY,KAAa;QACvB,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,SAAS;QACP,OAAO,gBAAgB,CAAC,SAAS,CAC/B,IAAI,EACJ,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,OAAO,CAAC,uBAAuB,CAChC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,KAAc;QAC/B,OAAO,gBAAgB,CAAC,WAAW,CACjC,KAAK,EACL,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,yBAAyB,CACC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAa;CAC/B","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport { stringToBytes } from \"../utils/utf8.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\n\n/**\n * Represents a stored attestation policy sent to the attestation service.\n */\nexport class StoredAttestationPolicy {\n constructor(value: string) {\n this.attestationPolicy = stringToBytes(value);\n }\n\n /**\n * Serializes a StoredAttestationPolicy object to a JSON encoded string.\n *\n * @returns The serialized JSON policy.\n */\n serialize(): string {\n return TypeDeserializer.serialize(\n this,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n Mappers.StoredAttestationPolicy,\n );\n }\n\n /**\n * Deserializes a stored attestation policy object returned from the attestation service.\n *\n * @param value - Raw JSON object from service to serialize as an attestation policy.\n * @returns Stored attestation policy.\n */\n static deserialize(value: unknown): StoredAttestationPolicy {\n return TypeDeserializer.deserialize(\n value,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n \"StoredAttestationPolicy\",\n ) as StoredAttestationPolicy;\n }\n\n /**\n * Stored attestation policy, utf8 encoded.\n */\n attestationPolicy: Uint8Array;\n}\n"]}
package/dist/react-native/utils/textEncoding-browser.d.mts CHANGED
@@ -1,4 +1,10 @@
1
- declare const textDecoder: typeof import("util").TextDecoder;
2
- declare const textEncoder: typeof import("util").TextEncoder;
1
+ declare const textDecoder: {
2
+ new (label?: string, options?: TextDecoderOptions): TextDecoder;
3
+ prototype: TextDecoder;
4
+ };
5
+ declare const textEncoder: {
6
+ new (): TextEncoder;
7
+ prototype: TextEncoder;
8
+ };
3
9
  export { textDecoder as TextDecoder, textEncoder as TextEncoder };
4
10
  //# sourceMappingURL=textEncoding-browser.d.mts.map
package/dist/react-native/utils/textEncoding-browser.d.mts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"textEncoding-browser.d.mts","sourceRoot":"","sources":["../../../src/utils/textEncoding-browser.mts"],"names":[],"mappings":"AAGA,QAAA,MAAM,WAAW,mCAAc,CAAC;AAChC,QAAA,MAAM,WAAW,mCAAc,CAAC;AAEhC,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,WAAW,IAAI,WAAW,EAAE,CAAC"}
1
+ {"version":3,"file":"textEncoding-browser.d.mts","sourceRoot":"","sources":["../../../src/utils/textEncoding-browser.mts"],"names":[],"mappings":"AAGA,QAAA,MAAM,WAAW;;;CAAc,CAAC;AAChC,QAAA,MAAM,WAAW;;;CAAc,CAAC;AAEhC,OAAO,EAAE,WAAW,IAAI,WAAW,EAAE,WAAW,IAAI,WAAW,EAAE,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@azure/attestation",
3
- "version": "1.0.1-alpha.20250619.1",
3
+ "version": "1.0.1-alpha.20250723.1",
4
4
  "description": "Javascript/Typescript client implementation for the Microsoft Azure Attestation service.",
5
5
  "sdk-type": "client",
6
6
  "main": "./dist/commonjs/index.js",
@@ -113,7 +113,7 @@
113
113
  "react-native"
114
114
  ],
115
115
  "selfLink": false,
116
- "project": "./tsconfig.src.json"
116
+ "project": "../../../tsconfig.src.build.json"
117
117
  },
118
118
  "exports": {
119
119
  "./package.json": "./package.json",