@azure/attestation 1.0.1-alpha.20250620.1 → 1.0.1-alpha.20250730.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (102) hide show
  1. package/dist/browser/attestationAdministrationClient.js +24 -22
  2. package/dist/browser/attestationAdministrationClient.js.map +1 -1
  3. package/dist/browser/attestationClient.js +23 -21
  4. package/dist/browser/attestationClient.js.map +1 -1
  5. package/dist/browser/generated/generatedClient.js +14 -3
  6. package/dist/browser/generated/generatedClient.js.map +1 -1
  7. package/dist/browser/generated/operations/attestation.js +4 -3
  8. package/dist/browser/generated/operations/attestation.js.map +1 -1
  9. package/dist/browser/generated/operations/metadataConfiguration.js +2 -1
  10. package/dist/browser/generated/operations/metadataConfiguration.js.map +1 -1
  11. package/dist/browser/generated/operations/policy.js +4 -3
  12. package/dist/browser/generated/operations/policy.js.map +1 -1
  13. package/dist/browser/generated/operations/policyCertificates.js +4 -3
  14. package/dist/browser/generated/operations/policyCertificates.js.map +1 -1
  15. package/dist/browser/generated/operations/signingCertificates.js +2 -1
  16. package/dist/browser/generated/operations/signingCertificates.js.map +1 -1
  17. package/dist/browser/models/attestationResult.js +17 -0
  18. package/dist/browser/models/attestationResult.js.map +1 -1
  19. package/dist/browser/models/attestationSigner.js +2 -3
  20. package/dist/browser/models/attestationSigner.js.map +1 -1
  21. package/dist/browser/models/attestationToken.js +12 -8
  22. package/dist/browser/models/attestationToken.js.map +1 -1
  23. package/dist/browser/models/storedAttestationPolicy.js +4 -0
  24. package/dist/browser/models/storedAttestationPolicy.js.map +1 -1
  25. package/dist/commonjs/attestationAdministrationClient.js +24 -22
  26. package/dist/commonjs/attestationAdministrationClient.js.map +1 -1
  27. package/dist/commonjs/attestationClient.js +23 -21
  28. package/dist/commonjs/attestationClient.js.map +1 -1
  29. package/dist/commonjs/generated/generatedClient.js +14 -3
  30. package/dist/commonjs/generated/generatedClient.js.map +1 -1
  31. package/dist/commonjs/generated/operations/attestation.js +4 -3
  32. package/dist/commonjs/generated/operations/attestation.js.map +1 -1
  33. package/dist/commonjs/generated/operations/metadataConfiguration.js +2 -1
  34. package/dist/commonjs/generated/operations/metadataConfiguration.js.map +1 -1
  35. package/dist/commonjs/generated/operations/policy.js +4 -3
  36. package/dist/commonjs/generated/operations/policy.js.map +1 -1
  37. package/dist/commonjs/generated/operations/policyCertificates.js +4 -3
  38. package/dist/commonjs/generated/operations/policyCertificates.js.map +1 -1
  39. package/dist/commonjs/generated/operations/signingCertificates.js +2 -1
  40. package/dist/commonjs/generated/operations/signingCertificates.js.map +1 -1
  41. package/dist/commonjs/models/attestationResult.js +17 -0
  42. package/dist/commonjs/models/attestationResult.js.map +1 -1
  43. package/dist/commonjs/models/attestationSigner.js +2 -3
  44. package/dist/commonjs/models/attestationSigner.js.map +1 -1
  45. package/dist/commonjs/models/attestationToken.js +12 -8
  46. package/dist/commonjs/models/attestationToken.js.map +1 -1
  47. package/dist/commonjs/models/storedAttestationPolicy.js +4 -0
  48. package/dist/commonjs/models/storedAttestationPolicy.js.map +1 -1
  49. package/dist/commonjs/tsdoc-metadata.json +11 -11
  50. package/dist/esm/attestationAdministrationClient.js +24 -22
  51. package/dist/esm/attestationAdministrationClient.js.map +1 -1
  52. package/dist/esm/attestationClient.js +23 -21
  53. package/dist/esm/attestationClient.js.map +1 -1
  54. package/dist/esm/generated/generatedClient.js +14 -3
  55. package/dist/esm/generated/generatedClient.js.map +1 -1
  56. package/dist/esm/generated/operations/attestation.js +4 -3
  57. package/dist/esm/generated/operations/attestation.js.map +1 -1
  58. package/dist/esm/generated/operations/metadataConfiguration.js +2 -1
  59. package/dist/esm/generated/operations/metadataConfiguration.js.map +1 -1
  60. package/dist/esm/generated/operations/policy.js +4 -3
  61. package/dist/esm/generated/operations/policy.js.map +1 -1
  62. package/dist/esm/generated/operations/policyCertificates.js +4 -3
  63. package/dist/esm/generated/operations/policyCertificates.js.map +1 -1
  64. package/dist/esm/generated/operations/signingCertificates.js +2 -1
  65. package/dist/esm/generated/operations/signingCertificates.js.map +1 -1
  66. package/dist/esm/models/attestationResult.js +17 -0
  67. package/dist/esm/models/attestationResult.js.map +1 -1
  68. package/dist/esm/models/attestationSigner.js +2 -3
  69. package/dist/esm/models/attestationSigner.js.map +1 -1
  70. package/dist/esm/models/attestationToken.js +12 -8
  71. package/dist/esm/models/attestationToken.js.map +1 -1
  72. package/dist/esm/models/storedAttestationPolicy.js +4 -0
  73. package/dist/esm/models/storedAttestationPolicy.js.map +1 -1
  74. package/dist/esm/utils/textEncoding-browser.d.mts +8 -2
  75. package/dist/esm/utils/textEncoding-browser.d.mts.map +1 -1
  76. package/dist/react-native/attestationAdministrationClient.js +24 -22
  77. package/dist/react-native/attestationAdministrationClient.js.map +1 -1
  78. package/dist/react-native/attestationClient.js +23 -21
  79. package/dist/react-native/attestationClient.js.map +1 -1
  80. package/dist/react-native/generated/generatedClient.js +14 -3
  81. package/dist/react-native/generated/generatedClient.js.map +1 -1
  82. package/dist/react-native/generated/operations/attestation.js +4 -3
  83. package/dist/react-native/generated/operations/attestation.js.map +1 -1
  84. package/dist/react-native/generated/operations/metadataConfiguration.js +2 -1
  85. package/dist/react-native/generated/operations/metadataConfiguration.js.map +1 -1
  86. package/dist/react-native/generated/operations/policy.js +4 -3
  87. package/dist/react-native/generated/operations/policy.js.map +1 -1
  88. package/dist/react-native/generated/operations/policyCertificates.js +4 -3
  89. package/dist/react-native/generated/operations/policyCertificates.js.map +1 -1
  90. package/dist/react-native/generated/operations/signingCertificates.js +2 -1
  91. package/dist/react-native/generated/operations/signingCertificates.js.map +1 -1
  92. package/dist/react-native/models/attestationResult.js +17 -0
  93. package/dist/react-native/models/attestationResult.js.map +1 -1
  94. package/dist/react-native/models/attestationSigner.js +2 -3
  95. package/dist/react-native/models/attestationSigner.js.map +1 -1
  96. package/dist/react-native/models/attestationToken.js +12 -8
  97. package/dist/react-native/models/attestationToken.js.map +1 -1
  98. package/dist/react-native/models/storedAttestationPolicy.js +4 -0
  99. package/dist/react-native/models/storedAttestationPolicy.js.map +1 -1
  100. package/dist/react-native/utils/textEncoding-browser.d.mts +8 -2
  101. package/dist/react-native/utils/textEncoding-browser.d.mts.map +1 -1
  102. package/package.json +2 -2
package/dist/browser/models/attestationToken.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"attestationToken.js","sourceRoot":"","sources":["../../../src/models/attestationToken.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AAGvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAEzE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAkN/E;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;;;OAIG;IACH,YAAY,KAAa;QACvB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAC3D,2DAA2D;QAE3D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAWD;;;;OAIG;IACI,OAAO;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACI,SAAS;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;;OAMG;IACI,gBAAgB,CACrB,eAAqC,EACrC,UAA6C;QAC3C,sBAAsB,EAAE,IAAI;QAC5B,aAAa,EAAE,IAAI;QACnB,qBAAqB,EAAE,IAAI;KAC5B;QAED,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,WAAW,GAAkC,SAAS,CAAC;QAC3D,IAAI,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE1D,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACtB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACzC,kDAAkD;gBAElD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAEjE,IAAI,OAAO,EAAE,CAAC;oBACZ,WAAW,GAAG,MAAM,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;YACjE,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YACnD,kFAAkF;YAClF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,OAA0C;QAC/D,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3C,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,IAAI,CAAC,MAAM,GAAG,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAChF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD;;;;OAIG;IACK,sBAAsB,CAAC,OAA0C;;QACvE,2EAA2E;QAC3E,cAAc;QACd,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QAExD,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;YACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,MAAA,OAAO,CAAC,mBAAmB,mCAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,MAAA,OAAO,CAAC,mBAAmB,mCAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,MAAyB;QAC9C,sCAAsC;QACtC,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IAEO,mBAAmB,CACzB,2BAAiD;QAEjD,MAAM,gBAAgB,GAAG,IAAI,KAAK,EAAqB,CAAC;QAExD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;QAEhC,IAAI,YAAY,KAAK,SAAS,IAAI,2BAA2B,KAAK,SAAS,EAAE,CAAC;YAC5E,2BAA2B,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;gBACrD,IAAI,cAAc,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;oBAC1C,gBAAgB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,uEAAuE;YACvE,sEAAsE;YACtE,qDAAqD;YACrD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;oBAC1E,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2BAA2B,aAA3B,2BAA2B,uBAA3B,2BAA2B,CAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1E,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACxC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,yDAAyD;IAEzD;;;;;;;OAOG;IACH,IAAW,SAAS;;QAClB,OAAO,MAAA,IAAI,CAAC,OAAO,0CAAE,GAAG,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;;OAMG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,IAAW,qBAAqB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,2BAA2B;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,IAAW,gBAAgB;QACzB,IAAI,GAAe,CAAC;QACpB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,CAAC,GAAG,EAChB,CAAC,OAAO,CAAC,UAAU,CAAC,EACpB,YAAY,CACC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,EACZ,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,EAClC,YAAY,CACC,CAAC;QAClB,CAAC;QACD,OAAO,+BAA+B,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,qDAAqD;IAErD;;;OAGG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;OAIG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,MAIpB;;QACC,MAAM,MAAM,GAGR,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;QAEpB,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7F,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,2BAA2B,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACjC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,MAAM,YAAY,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,IAAI,MAAM,YAAY,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACzD,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,MAAM,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC;QACtB,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAC9C,MAAM,CAAC,GAAG,EACV,MAAM,EACN,MAAA,MAAM,CAAC,IAAI,mCAAI,EAAE,EACjB,MAAM,CAAC,UAAU,CAClB,CAAC;QACF,OAAO,IAAI,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF;AAED,SAAS,QAAQ,CAAC,KAAU;IAC1B,OAAO,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,iBAAiB,CAAC;AACrE,CAAC;AAED,SAAS,aAAa,CAAC,KAAU;IAC/B,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\n\nimport type { JsonWebKey } from \"../generated/models/index.js\";\nimport { base64UrlDecodeString } from \"../utils/base64.js\";\nimport { bytesToString } from \"../utils/utf8.js\";\nimport type { AttestationSigner } from \"./attestationSigner.js\";\nimport { _attestationSignerFromGenerated } from \"./attestationSigner.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\nimport { hexToBase64, verifyAttestationSigningKey } from \"../utils/helpers.js\";\n\n/**\n * Options used to validate attestation tokens.\n *\n * @typeparam issuer - if provided, specifies the expected issuer of the attestation token.\n * @typeparam validateExpirationTime - if true, validate the expiration time in the token.\n * @typeparam validateNotBeforeTime - if true, validate the \"not before\" time in the token.\n * @typeparam validateToken - if true, validate the token.\n * @typeparam timeValidationSlack - the validation time slack in the time based validations.\n *\n * @remarks\n *\n * If validateToken, validateNotBeforeTime, or validateExpirationTime are not\n * provided, they are all assumed to be 'true'.\n *\n */\nexport interface AttestationTokenValidationOptions {\n /**\n * If true, validate the attestation token, if false, skip validation.\n */\n validateToken?: boolean;\n /**\n * If true, validate the expiration time for the token.\n */\n validateExpirationTime?: boolean;\n /**\n * If true, validate the \"not before\" time for the token.\n */\n validateNotBeforeTime?: boolean;\n /**\n * If true, validate the issuer of the token.\n */\n validateIssuer?: boolean;\n /**\n * The expected issuer for the {@link AttestationToken}. Only checked if {@link validateIssuer} is set.\n */\n expectedIssuer?: string;\n\n /**\n * Tolerance time (in seconds) used to accound for clock drift between the local machine\n * and the server creating the token.\n */\n timeValidationSlack?: number;\n\n /**\n * Validation function which allows developers to provide their own validation\n * functionality for the attestation token. This can be used to perform additional\n * validations for signing certificate in AttestationSigner.\n *\n * @param token - Attestation Token to validate.\n * @param signer - Signing Certificate which validated the token.\n *\n * @remarks\n *\n * If there is a problem with token validation, the validateAttestationCallback function\n * will return an array of strings indicating the set of problems found in the token.\n *\n * @returns an array of problems in the token, or undefined if there are no problems.\n */\n validateAttestationToken?: (\n token: AttestationToken,\n signer?: AttestationSigner,\n ) => string[] | undefined;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport interface AttestationToken {\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n getBody(): unknown;\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n serialize(): string;\n\n /**\n * Validates the attestation token to verify that it is semantically correct.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n */\n getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options?: AttestationTokenValidationOptions,\n ): string[];\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n algorithm: string;\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n keyId?: string;\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n critical?: boolean;\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n contentType?: string;\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n keyUrl?: string;\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n x509Url?: string;\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n type?: string;\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n certificateThumbprint?: string;\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n certificateSha256Thumbprint?: string;\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n certificateChain?: AttestationSigner;\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuer?: string;\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n expiresOn?: Date;\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuedAt?: Date;\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n notBefore?: Date;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport class AttestationTokenImpl implements AttestationToken {\n /**\n * @internal\n *\n * @param token - Attetation token returned by the attestation service.\n */\n constructor(token: string) {\n this._token = token;\n\n const pieces = token.split(\".\");\n if (pieces.length !== 3) {\n throw Error(\"Incorrectly formatted token:\");\n }\n this._headerBytes = base64UrlDecodeString(pieces[0]);\n this._header = safeJsonParse(bytesToString(this._headerBytes));\n this._bodyBytes = base64UrlDecodeString(pieces[1]);\n this._body = safeJsonParse(bytesToString(this._bodyBytes));\n // this._signature = base64UrlDecodeString(pieces[2]);\n\n this._jwsVerifier = jsrsasign.KJUR.jws.JWS.parse(token);\n }\n\n private _token: string;\n private _headerBytes: Uint8Array;\n private _header: any;\n private _bodyBytes: Uint8Array;\n private _body: any;\n // private _signature: Uint8Array;\n\n private _jwsVerifier: any; // jsrsasign.KJUR.jws.JWS.JWSResult;\n\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n public getBody(): unknown {\n return this._jwsVerifier.payloadObj;\n }\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n public serialize(): string {\n return this._token;\n }\n\n /**\n * Returns the set of problems discovered in the attestation token.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n * @returns an array of string values. If there are no problems, returns an empty array.\n */\n public getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options: AttestationTokenValidationOptions = {\n validateExpirationTime: true,\n validateToken: true,\n validateNotBeforeTime: true,\n },\n ): string[] {\n let problems = new Array<string>();\n if (!options.validateToken) {\n return problems;\n }\n\n let foundSigner: AttestationSigner | undefined = undefined;\n if (this.algorithm !== \"none\") {\n const signers = this.getCandidateSigners(possibleSigners);\n\n signers.some((signer) => {\n const cert = this.certFromSigner(signer);\n // const pubKeyObj = cert.getPublicKey();\n\n const isValid = jsrsasign.KJUR.jws.JWS.verify(this._token, cert);\n\n if (isValid) {\n foundSigner = signer;\n }\n });\n\n if (foundSigner === undefined) {\n problems.push(\"Attestation Token is not properly signed.\");\n }\n }\n\n // If the token has a body, check the expiration time and issuer.\n if (this._body !== undefined) {\n problems = problems.concat(this.validateTimeProperties(options));\n problems = problems.concat(this.validateIssuer(options));\n }\n\n if (options.validateAttestationToken !== undefined) {\n // If there is a validation error, the getProblemsCallback will return the list of\n // problems found.\n const validationErrors = options.validateAttestationToken(this, foundSigner);\n if (validationErrors) {\n problems = problems.concat(validationErrors);\n }\n }\n return problems;\n }\n\n private validateIssuer(options: AttestationTokenValidationOptions): string[] {\n const problems = new Array<string>();\n if (this.issuer && options.validateIssuer) {\n if (this.issuer !== options.expectedIssuer) {\n problems.push(\n \"Found issuer: \" + this.issuer + \"; expected issuer: \" + options.expectedIssuer,\n );\n }\n }\n return problems;\n }\n /**\n * Validate the expiration and notbefore time claims in the JSON web token.\n *\n * @param options - Options to be used validating the time properties.\n */\n private validateTimeProperties(options: AttestationTokenValidationOptions): string[] {\n // Calculate the current time as a number of seconds since the start of the\n // Unix epoch.\n const problems = new Array<string>();\n const timeNow = Math.floor(new Date().getTime() / 1000);\n\n // Validate expiration time.\n if (this.expiresOn !== undefined && options.validateExpirationTime) {\n const expTime = this.expiresOn.getTime() / 1000;\n if (timeNow > expTime) {\n const delta = timeNow - expTime;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken has expired.\");\n }\n }\n }\n\n // Validate not before time.\n if (this.notBefore !== undefined && options.validateNotBeforeTime) {\n const nbfTime = this.notBefore.getTime() / 1000;\n if (nbfTime > timeNow) {\n const delta = nbfTime - timeNow;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken is not yet valid.\");\n }\n }\n }\n return problems;\n }\n\n private certFromSigner(signer: AttestationSigner): string {\n // return the PEM encoded certificate.\n return signer.certificates[0];\n }\n\n private getCandidateSigners(\n possibleSigningCertificates?: AttestationSigner[],\n ): AttestationSigner[] {\n const candidateSigners = new Array<AttestationSigner>();\n\n const desiredKeyId = this.keyId;\n\n if (desiredKeyId !== undefined && possibleSigningCertificates !== undefined) {\n possibleSigningCertificates.forEach((possibleSigner) => {\n if (possibleSigner.keyId === desiredKeyId) {\n candidateSigners.push(possibleSigner);\n }\n });\n\n // If we didn't find any candidate signers looking through the provided\n // signing certificates, then maybe there's a certificate chain in the\n // token itself that might be used to sign the token.\n if (candidateSigners.length === 0) {\n if (this.certificateChain !== undefined && this.certificateChain !== null) {\n candidateSigners.push(this.certificateChain);\n }\n }\n } else {\n possibleSigningCertificates?.map((value) => candidateSigners.push(value));\n if (this.certificateChain !== undefined) {\n candidateSigners.push(this.certificateChain);\n }\n }\n return candidateSigners;\n }\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n public get algorithm(): string {\n return this._header?.alg;\n }\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n public get keyId(): string | undefined {\n return this._header.kid;\n }\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n public get critical(): boolean | undefined {\n return this._header.crit;\n }\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n public get contentType(): string | undefined {\n return this._header.cty;\n }\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n public get keyUrl(): string | undefined {\n return this._header.jku;\n }\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n public get x509Url(): string | undefined {\n return this._header.x5u;\n }\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n public get type(): string | undefined {\n return this._header.typ;\n }\n\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n public get certificateThumbprint(): string | undefined {\n return this._header.x5t;\n }\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n public get certificateSha256Thumbprint(): string | undefined {\n return this._header[\"x5t#256\"];\n }\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n public get certificateChain(): AttestationSigner | undefined {\n let jwk: JsonWebKey;\n if (this._header.jwk !== undefined) {\n jwk = TypeDeserializer.deserialize(\n this._header.jwk,\n [Mappers.JsonWebKey],\n \"JsonWebKey\",\n ) as JsonWebKey;\n } else {\n jwk = TypeDeserializer.deserialize(\n this._header,\n { JsonWebKey: Mappers.JsonWebKey },\n \"JsonWebKey\",\n ) as JsonWebKey;\n }\n return _attestationSignerFromGenerated(jwk);\n }\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuer(): string | undefined {\n return this._body.iss;\n }\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n public get expiresOn(): Date | undefined {\n return this._body.exp ? new Date(this._body.exp * 1000) : undefined;\n }\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuedAt(): Date | undefined {\n return this._body.iat ? new Date(this._body.iat * 1000) : undefined;\n }\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n public get notBefore(): Date | undefined {\n return this._body.nbf ? new Date(this._body.nbf * 1000) : undefined;\n }\n\n /**\n * Creates a new attestation token from a body and signing key.\n * @param body - stringified body of the body of the token to be created.\n * @param signer - Optional signing key used to sign the newly created token.\n * @returns an {@link AttestationToken | attestation token}\n */\n public static create(params: {\n body?: string;\n privateKey?: string;\n certificate?: string;\n }): AttestationToken {\n const header: {\n alg: string;\n [k: string]: any;\n } = { alg: \"none\" };\n\n if ((!params.privateKey && params.certificate) || (params.privateKey && !params.certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (params.privateKey && params.certificate) {\n verifyAttestationSigningKey(params.privateKey, params.certificate);\n }\n\n if (params.privateKey || params.certificate) {\n const x5c = new jsrsasign.X509();\n x5c.readCertPEM(params.certificate);\n const pubKey = x5c.getPublicKey();\n if (pubKey instanceof jsrsasign.RSAKey) {\n header.alg = \"RS256\";\n } else if (pubKey instanceof jsrsasign.KJUR.crypto.ECDSA) {\n header.alg = \"ES256\";\n } else {\n throw new Error(\"Unknown public key type: \" + typeof pubKey);\n }\n header.x5c = [hexToBase64(x5c.hex)];\n } else {\n header.alg = \"none\";\n }\n\n const encodedToken = jsrsasign.KJUR.jws.JWS.sign(\n header.alg,\n header,\n params.body ?? \"\",\n params.privateKey,\n );\n return new AttestationTokenImpl(encodedToken);\n }\n}\n\nfunction isObject(thing: any): boolean {\n return Object.prototype.toString.call(thing) === \"[object Object]\";\n}\n\nfunction safeJsonParse(thing: any): any {\n if (isObject(thing)) return thing;\n try {\n return JSON.parse(thing);\n } catch (e: any) {\n return undefined;\n }\n}\n"]}
1
+ {"version":3,"file":"attestationToken.js","sourceRoot":"","sources":["../../../src/models/attestationToken.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAElC,qEAAqE;AACrE,yCAAyC;AACzC,OAAO,KAAK,SAAS,MAAM,WAAW,CAAC;AAGvC,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,OAAO,EAAE,+BAA+B,EAAE,MAAM,wBAAwB,CAAC;AAEzE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAkN/E;;;;;;;GAOG;AACH,MAAM,OAAO,oBAAoB;IAC/B;;;;OAIG;IACH,YAAY,KAAa;QACvB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/D,IAAI,CAAC,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK,GAAG,aAAa,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAC3D,2DAA2D;QAE3D,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAEO,MAAM,CAAS;IACf,YAAY,CAAa;IACzB,OAAO,CAAM;IACb,UAAU,CAAa;IACvB,KAAK,CAAM;IACnB,qCAAqC;IAE7B,YAAY,CAAM,CAAC,oCAAoC;IAE/D;;;;OAIG;IACI,OAAO;QACZ,OAAO,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACI,SAAS;QACd,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED;;;;;;OAMG;IACI,gBAAgB,CACrB,eAAqC,EACrC,UAA6C;QAC3C,sBAAsB,EAAE,IAAI;QAC5B,aAAa,EAAE,IAAI;QACnB,qBAAqB,EAAE,IAAI;KAC5B;QAED,IAAI,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC3B,OAAO,QAAQ,CAAC;QAClB,CAAC;QAED,IAAI,WAAW,GAAkC,SAAS,CAAC;QAC3D,IAAI,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,CAAC,CAAC;YAE1D,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;gBACtB,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;gBACzC,kDAAkD;gBAElD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAEjE,IAAI,OAAO,EAAE,CAAC;oBACZ,WAAW,GAAG,MAAM,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC,CAAC;YACjE,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAC;QAC3D,CAAC;QAED,IAAI,OAAO,CAAC,wBAAwB,KAAK,SAAS,EAAE,CAAC;YACnD,kFAAkF;YAClF,kBAAkB;YAClB,MAAM,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,OAA0C;QAC/D,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,IAAI,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3C,QAAQ,CAAC,IAAI,CACX,gBAAgB,GAAG,IAAI,CAAC,MAAM,GAAG,qBAAqB,GAAG,OAAO,CAAC,cAAc,CAChF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD;;;;OAIG;IACK,sBAAsB,CAAC,OAA0C;QACvE,2EAA2E;QAC3E,cAAc;QACd,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAU,CAAC;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QAExD,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,sBAAsB,EAAE,CAAC;YACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,CAAC,qBAAqB,EAAE,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;YAChD,IAAI,OAAO,GAAG,OAAO,EAAE,CAAC;gBACtB,MAAM,KAAK,GAAG,OAAO,GAAG,OAAO,CAAC;gBAChC,IAAI,KAAK,GAAG,CAAC,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC,EAAE,CAAC;oBAC/C,QAAQ,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,cAAc,CAAC,MAAyB;QAC9C,sCAAsC;QACtC,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IAEO,mBAAmB,CACzB,2BAAiD;QAEjD,MAAM,gBAAgB,GAAG,IAAI,KAAK,EAAqB,CAAC;QAExD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;QAEhC,IAAI,YAAY,KAAK,SAAS,IAAI,2BAA2B,KAAK,SAAS,EAAE,CAAC;YAC5E,2BAA2B,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;gBACrD,IAAI,cAAc,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;oBAC1C,gBAAgB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACxC,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,uEAAuE;YACvE,sEAAsE;YACtE,qDAAqD;YACrD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;oBAC1E,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,2BAA2B,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1E,IAAI,IAAI,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;gBACxC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,yDAAyD;IAEzD;;;;;;;OAOG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,KAAK;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;;OAMG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAW,WAAW;QACpB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,OAAO;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,IAAI;QACb,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;OAGG;IACH,IAAW,qBAAqB;QAC9B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,IAAW,2BAA2B;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,IAAW,gBAAgB;QACzB,IAAI,GAAe,CAAC;QACpB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,CAAC,GAAG,EAChB,CAAC,OAAO,CAAC,UAAU,CAAC,EACpB,YAAY,CACC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,GAAG,GAAG,gBAAgB,CAAC,WAAW,CAChC,IAAI,CAAC,OAAO,EACZ,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,EAClC,YAAY,CACC,CAAC;QAClB,CAAC;QACD,OAAO,+BAA+B,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED,qDAAqD;IAErD;;;OAGG;IACH,IAAW,MAAM;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;OAIG;IACH,IAAW,QAAQ;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACH,IAAW,SAAS;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtE,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,MAIpB;QACC,MAAM,MAAM,GAGR,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;QAEpB,IAAI,CAAC,CAAC,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7F,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,2BAA2B,CAAC,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YACjC,GAAG,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,MAAM,YAAY,SAAS,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,IAAI,MAAM,YAAY,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBACzD,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC;YACvB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,MAAM,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,GAAG,MAAM,CAAC;QACtB,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAC9C,MAAM,CAAC,GAAG,EACV,MAAM,EACN,MAAM,CAAC,IAAI,IAAI,EAAE,EACjB,MAAM,CAAC,UAAU,CAClB,CAAC;QACF,OAAO,IAAI,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF;AAED,SAAS,QAAQ,CAAC,KAAU;IAC1B,OAAO,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,iBAAiB,CAAC;AACrE,CAAC;AAED,SAAS,aAAa,CAAC,KAAU;IAC/B,IAAI,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,CAAM,EAAE,CAAC;QAChB,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n// eslint-disable-next-line @typescript-eslint/triple-slash-reference\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\n\nimport type { JsonWebKey } from \"../generated/models/index.js\";\nimport { base64UrlDecodeString } from \"../utils/base64.js\";\nimport { bytesToString } from \"../utils/utf8.js\";\nimport type { AttestationSigner } from \"./attestationSigner.js\";\nimport { _attestationSignerFromGenerated } from \"./attestationSigner.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\nimport { hexToBase64, verifyAttestationSigningKey } from \"../utils/helpers.js\";\n\n/**\n * Options used to validate attestation tokens.\n *\n * @typeparam issuer - if provided, specifies the expected issuer of the attestation token.\n * @typeparam validateExpirationTime - if true, validate the expiration time in the token.\n * @typeparam validateNotBeforeTime - if true, validate the \"not before\" time in the token.\n * @typeparam validateToken - if true, validate the token.\n * @typeparam timeValidationSlack - the validation time slack in the time based validations.\n *\n * @remarks\n *\n * If validateToken, validateNotBeforeTime, or validateExpirationTime are not\n * provided, they are all assumed to be 'true'.\n *\n */\nexport interface AttestationTokenValidationOptions {\n /**\n * If true, validate the attestation token, if false, skip validation.\n */\n validateToken?: boolean;\n /**\n * If true, validate the expiration time for the token.\n */\n validateExpirationTime?: boolean;\n /**\n * If true, validate the \"not before\" time for the token.\n */\n validateNotBeforeTime?: boolean;\n /**\n * If true, validate the issuer of the token.\n */\n validateIssuer?: boolean;\n /**\n * The expected issuer for the {@link AttestationToken}. Only checked if {@link validateIssuer} is set.\n */\n expectedIssuer?: string;\n\n /**\n * Tolerance time (in seconds) used to accound for clock drift between the local machine\n * and the server creating the token.\n */\n timeValidationSlack?: number;\n\n /**\n * Validation function which allows developers to provide their own validation\n * functionality for the attestation token. This can be used to perform additional\n * validations for signing certificate in AttestationSigner.\n *\n * @param token - Attestation Token to validate.\n * @param signer - Signing Certificate which validated the token.\n *\n * @remarks\n *\n * If there is a problem with token validation, the validateAttestationCallback function\n * will return an array of strings indicating the set of problems found in the token.\n *\n * @returns an array of problems in the token, or undefined if there are no problems.\n */\n validateAttestationToken?: (\n token: AttestationToken,\n signer?: AttestationSigner,\n ) => string[] | undefined;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport interface AttestationToken {\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n getBody(): unknown;\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n serialize(): string;\n\n /**\n * Validates the attestation token to verify that it is semantically correct.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n */\n getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options?: AttestationTokenValidationOptions,\n ): string[];\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n algorithm: string;\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n keyId?: string;\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n critical?: boolean;\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n contentType?: string;\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n keyUrl?: string;\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n x509Url?: string;\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n type?: string;\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n certificateThumbprint?: string;\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n certificateSha256Thumbprint?: string;\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n certificateChain?: AttestationSigner;\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuer?: string;\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n expiresOn?: Date;\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n issuedAt?: Date;\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n notBefore?: Date;\n}\n\n/**\n *\n * An AttestationToken represents an RFC 7515 JSON Web Signature object.\n *\n * It can represent either the token returned by the attestation service,\n * or it can be used to create a token locally which can be used to verify\n * attestation policy changes.\n */\nexport class AttestationTokenImpl implements AttestationToken {\n /**\n * @internal\n *\n * @param token - Attetation token returned by the attestation service.\n */\n constructor(token: string) {\n this._token = token;\n\n const pieces = token.split(\".\");\n if (pieces.length !== 3) {\n throw Error(\"Incorrectly formatted token:\");\n }\n this._headerBytes = base64UrlDecodeString(pieces[0]);\n this._header = safeJsonParse(bytesToString(this._headerBytes));\n this._bodyBytes = base64UrlDecodeString(pieces[1]);\n this._body = safeJsonParse(bytesToString(this._bodyBytes));\n // this._signature = base64UrlDecodeString(pieces[2]);\n\n this._jwsVerifier = jsrsasign.KJUR.jws.JWS.parse(token);\n }\n\n private _token: string;\n private _headerBytes: Uint8Array;\n private _header: any;\n private _bodyBytes: Uint8Array;\n private _body: any;\n // private _signature: Uint8Array;\n\n private _jwsVerifier: any; // jsrsasign.KJUR.jws.JWS.JWSResult;\n\n /**\n * Returns the deserialized body of the AttestationToken object.\n *\n * @returns The body of the attestation token as an object.\n */\n public getBody(): unknown {\n return this._jwsVerifier.payloadObj;\n }\n\n /**\n * the token to a string.\n *\n * @remarks\n * Serializes the token to a string.\n *\n * @returns The token serialized to a RFC 7515 JSON Web Signature.\n */\n public serialize(): string {\n return this._token;\n }\n\n /**\n * Returns the set of problems discovered in the attestation token.\n *\n * @param possibleSigners - the set of possible signers for this attestation token.\n * @param options - validation options\n * @returns an array of string values. If there are no problems, returns an empty array.\n */\n public getTokenProblems(\n possibleSigners?: AttestationSigner[],\n options: AttestationTokenValidationOptions = {\n validateExpirationTime: true,\n validateToken: true,\n validateNotBeforeTime: true,\n },\n ): string[] {\n let problems = new Array<string>();\n if (!options.validateToken) {\n return problems;\n }\n\n let foundSigner: AttestationSigner | undefined = undefined;\n if (this.algorithm !== \"none\") {\n const signers = this.getCandidateSigners(possibleSigners);\n\n signers.some((signer) => {\n const cert = this.certFromSigner(signer);\n // const pubKeyObj = cert.getPublicKey();\n\n const isValid = jsrsasign.KJUR.jws.JWS.verify(this._token, cert);\n\n if (isValid) {\n foundSigner = signer;\n }\n });\n\n if (foundSigner === undefined) {\n problems.push(\"Attestation Token is not properly signed.\");\n }\n }\n\n // If the token has a body, check the expiration time and issuer.\n if (this._body !== undefined) {\n problems = problems.concat(this.validateTimeProperties(options));\n problems = problems.concat(this.validateIssuer(options));\n }\n\n if (options.validateAttestationToken !== undefined) {\n // If there is a validation error, the getProblemsCallback will return the list of\n // problems found.\n const validationErrors = options.validateAttestationToken(this, foundSigner);\n if (validationErrors) {\n problems = problems.concat(validationErrors);\n }\n }\n return problems;\n }\n\n private validateIssuer(options: AttestationTokenValidationOptions): string[] {\n const problems = new Array<string>();\n if (this.issuer && options.validateIssuer) {\n if (this.issuer !== options.expectedIssuer) {\n problems.push(\n \"Found issuer: \" + this.issuer + \"; expected issuer: \" + options.expectedIssuer,\n );\n }\n }\n return problems;\n }\n /**\n * Validate the expiration and notbefore time claims in the JSON web token.\n *\n * @param options - Options to be used validating the time properties.\n */\n private validateTimeProperties(options: AttestationTokenValidationOptions): string[] {\n // Calculate the current time as a number of seconds since the start of the\n // Unix epoch.\n const problems = new Array<string>();\n const timeNow = Math.floor(new Date().getTime() / 1000);\n\n // Validate expiration time.\n if (this.expiresOn !== undefined && options.validateExpirationTime) {\n const expTime = this.expiresOn.getTime() / 1000;\n if (timeNow > expTime) {\n const delta = timeNow - expTime;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken has expired.\");\n }\n }\n }\n\n // Validate not before time.\n if (this.notBefore !== undefined && options.validateNotBeforeTime) {\n const nbfTime = this.notBefore.getTime() / 1000;\n if (nbfTime > timeNow) {\n const delta = nbfTime - timeNow;\n if (delta > (options.timeValidationSlack ?? 0)) {\n problems.push(\"AttestationToken is not yet valid.\");\n }\n }\n }\n return problems;\n }\n\n private certFromSigner(signer: AttestationSigner): string {\n // return the PEM encoded certificate.\n return signer.certificates[0];\n }\n\n private getCandidateSigners(\n possibleSigningCertificates?: AttestationSigner[],\n ): AttestationSigner[] {\n const candidateSigners = new Array<AttestationSigner>();\n\n const desiredKeyId = this.keyId;\n\n if (desiredKeyId !== undefined && possibleSigningCertificates !== undefined) {\n possibleSigningCertificates.forEach((possibleSigner) => {\n if (possibleSigner.keyId === desiredKeyId) {\n candidateSigners.push(possibleSigner);\n }\n });\n\n // If we didn't find any candidate signers looking through the provided\n // signing certificates, then maybe there's a certificate chain in the\n // token itself that might be used to sign the token.\n if (candidateSigners.length === 0) {\n if (this.certificateChain !== undefined && this.certificateChain !== null) {\n candidateSigners.push(this.certificateChain);\n }\n }\n } else {\n possibleSigningCertificates?.map((value) => candidateSigners.push(value));\n if (this.certificateChain !== undefined) {\n candidateSigners.push(this.certificateChain);\n }\n }\n return candidateSigners;\n }\n\n /** ********* JSON WEB SIGNATURE (RFC 7515) PROPERTIES */\n\n /**\n * Returns the algorithm from the header of the JSON Web Signature.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 | RFC 7515 Section 4.1.1})\n * for details.\n *\n * If the value of algorithm is \"none\" it indicates that the token is unsecured.\n */\n public get algorithm(): string {\n return this._header?.alg;\n }\n\n /**\n * Json Web Signature Header \"kid\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 | RFC 7515 Section 4.1.4})\n * for details.\n */\n public get keyId(): string | undefined {\n return this._header.kid;\n }\n\n /**\n * Json Web Signature Header \"crit\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.11 | RFC 7515 Section 4.1.11})\n * for details.\n *\n */\n public get critical(): boolean | undefined {\n return this._header.crit;\n }\n\n /**\n * Json Web Token Header \"content type\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 | RFC 7515 Section 4.1.10})\n *\n */\n public get contentType(): string | undefined {\n return this._header.cty;\n }\n\n /**\n * Json Web Token Header \"key URL\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 | RFC 7515 Section 4.1.2})\n *\n */\n public get keyUrl(): string | undefined {\n return this._header.jku;\n }\n\n /**\n * Json Web Token Header \"X509 Url\".\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 | RFC 7515 Section 4.1.5})\n *\n */\n public get x509Url(): string | undefined {\n return this._header.x5u;\n }\n\n /** Json Web Token Header \"Typ\".\n *\n * @see {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 | RFC 7515 Section 4.1.9})\n *\n */\n public get type(): string | undefined {\n return this._header.typ;\n }\n\n /**\n * Json Web Token Header \"x509 thumprint\".\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.7 | RFC 7515 Section 4.1.7})\n */\n public get certificateThumbprint(): string | undefined {\n return this._header.x5t;\n }\n\n /** Json Web Token Header \"x509 SHA256 thumprint\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.8 | RFC 7515 Section 4.1.8})\n *\n */\n public get certificateSha256Thumbprint(): string | undefined {\n return this._header[\"x5t#256\"];\n }\n\n /** Json Web Token Header \"x509 certificate chain\".\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.6 | RFC 7515 Section 4.1.6})\n *\n */\n public get certificateChain(): AttestationSigner | undefined {\n let jwk: JsonWebKey;\n if (this._header.jwk !== undefined) {\n jwk = TypeDeserializer.deserialize(\n this._header.jwk,\n [Mappers.JsonWebKey],\n \"JsonWebKey\",\n ) as JsonWebKey;\n } else {\n jwk = TypeDeserializer.deserialize(\n this._header,\n { JsonWebKey: Mappers.JsonWebKey },\n \"JsonWebKey\",\n ) as JsonWebKey;\n }\n return _attestationSignerFromGenerated(jwk);\n }\n\n /** ********* JSON WEB TOKEN (RFC 7519) PROPERTIES */\n\n /** Issuer of the attestation token.\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuer(): string | undefined {\n return this._body.iss;\n }\n\n /** Expiration time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.4 | RFC 7519 Section 4.1.4})\n * for details.\n */\n public get expiresOn(): Date | undefined {\n return this._body.exp ? new Date(this._body.exp * 1000) : undefined;\n }\n\n /** Issuance time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6 | RFC 7519 Section 4.1.6})\n * for details.\n */\n public get issuedAt(): Date | undefined {\n return this._body.iat ? new Date(this._body.iat * 1000) : undefined;\n }\n\n /**\n * Not Before time for the token, from JWT body.\n *\n * See {@link https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.5 | RFC 7519 Section 4.1.5})\n * for details.\n */\n public get notBefore(): Date | undefined {\n return this._body.nbf ? new Date(this._body.nbf * 1000) : undefined;\n }\n\n /**\n * Creates a new attestation token from a body and signing key.\n * @param body - stringified body of the body of the token to be created.\n * @param signer - Optional signing key used to sign the newly created token.\n * @returns an {@link AttestationToken | attestation token}\n */\n public static create(params: {\n body?: string;\n privateKey?: string;\n certificate?: string;\n }): AttestationToken {\n const header: {\n alg: string;\n [k: string]: any;\n } = { alg: \"none\" };\n\n if ((!params.privateKey && params.certificate) || (params.privateKey && !params.certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (params.privateKey && params.certificate) {\n verifyAttestationSigningKey(params.privateKey, params.certificate);\n }\n\n if (params.privateKey || params.certificate) {\n const x5c = new jsrsasign.X509();\n x5c.readCertPEM(params.certificate);\n const pubKey = x5c.getPublicKey();\n if (pubKey instanceof jsrsasign.RSAKey) {\n header.alg = \"RS256\";\n } else if (pubKey instanceof jsrsasign.KJUR.crypto.ECDSA) {\n header.alg = \"ES256\";\n } else {\n throw new Error(\"Unknown public key type: \" + typeof pubKey);\n }\n header.x5c = [hexToBase64(x5c.hex)];\n } else {\n header.alg = \"none\";\n }\n\n const encodedToken = jsrsasign.KJUR.jws.JWS.sign(\n header.alg,\n header,\n params.body ?? \"\",\n params.privateKey,\n );\n return new AttestationTokenImpl(encodedToken);\n }\n}\n\nfunction isObject(thing: any): boolean {\n return Object.prototype.toString.call(thing) === \"[object Object]\";\n}\n\nfunction safeJsonParse(thing: any): any {\n if (isObject(thing)) return thing;\n try {\n return JSON.parse(thing);\n } catch (e: any) {\n return undefined;\n }\n}\n"]}
package/dist/browser/models/storedAttestationPolicy.js CHANGED
@@ -27,5 +27,9 @@ export class StoredAttestationPolicy {
27
27
  static deserialize(value) {
28
28
  return TypeDeserializer.deserialize(value, { StoredAttestationPolicy: Mappers.StoredAttestationPolicy }, "StoredAttestationPolicy");
29
29
  }
30
+ /**
31
+ * Stored attestation policy, utf8 encoded.
32
+ */
33
+ attestationPolicy;
30
34
  }
31
35
  //# sourceMappingURL=storedAttestationPolicy.js.map
package/dist/browser/models/storedAttestationPolicy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"storedAttestationPolicy.js","sourceRoot":"","sources":["../../../src/models/storedAttestationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAE1D;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAY,KAAa;QACvB,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,SAAS;QACP,OAAO,gBAAgB,CAAC,SAAS,CAC/B,IAAI,EACJ,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,OAAO,CAAC,uBAAuB,CAChC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,KAAc;QAC/B,OAAO,gBAAgB,CAAC,WAAW,CACjC,KAAK,EACL,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,yBAAyB,CACC,CAAC;IAC/B,CAAC;CAMF","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport { stringToBytes } from \"../utils/utf8.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\n\n/**\n * Represents a stored attestation policy sent to the attestation service.\n */\nexport class StoredAttestationPolicy {\n constructor(value: string) {\n this.attestationPolicy = stringToBytes(value);\n }\n\n /**\n * Serializes a StoredAttestationPolicy object to a JSON encoded string.\n *\n * @returns The serialized JSON policy.\n */\n serialize(): string {\n return TypeDeserializer.serialize(\n this,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n Mappers.StoredAttestationPolicy,\n );\n }\n\n /**\n * Deserializes a stored attestation policy object returned from the attestation service.\n *\n * @param value - Raw JSON object from service to serialize as an attestation policy.\n * @returns Stored attestation policy.\n */\n static deserialize(value: unknown): StoredAttestationPolicy {\n return TypeDeserializer.deserialize(\n value,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n \"StoredAttestationPolicy\",\n ) as StoredAttestationPolicy;\n }\n\n /**\n * Stored attestation policy, utf8 encoded.\n */\n attestationPolicy: Uint8Array;\n}\n"]}
1
+ {"version":3,"file":"storedAttestationPolicy.js","sourceRoot":"","sources":["../../../src/models/storedAttestationPolicy.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,kCAAkC;AAClC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAEhE,OAAO,KAAK,OAAO,MAAM,gCAAgC,CAAC;AAE1D;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAClC,YAAY,KAAa;QACvB,IAAI,CAAC,iBAAiB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,SAAS;QACP,OAAO,gBAAgB,CAAC,SAAS,CAC/B,IAAI,EACJ,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,OAAO,CAAC,uBAAuB,CAChC,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,KAAc;QAC/B,OAAO,gBAAgB,CAAC,WAAW,CACjC,KAAK,EACL,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE,EAC5D,yBAAyB,CACC,CAAC;IAC/B,CAAC;IAED;;OAEG;IACH,iBAAiB,CAAa;CAC/B","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\nimport { stringToBytes } from \"../utils/utf8.js\";\nimport { TypeDeserializer } from \"../utils/typeDeserializer.js\";\n\nimport * as Mappers from \"../generated/models/mappers.js\";\n\n/**\n * Represents a stored attestation policy sent to the attestation service.\n */\nexport class StoredAttestationPolicy {\n constructor(value: string) {\n this.attestationPolicy = stringToBytes(value);\n }\n\n /**\n * Serializes a StoredAttestationPolicy object to a JSON encoded string.\n *\n * @returns The serialized JSON policy.\n */\n serialize(): string {\n return TypeDeserializer.serialize(\n this,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n Mappers.StoredAttestationPolicy,\n );\n }\n\n /**\n * Deserializes a stored attestation policy object returned from the attestation service.\n *\n * @param value - Raw JSON object from service to serialize as an attestation policy.\n * @returns Stored attestation policy.\n */\n static deserialize(value: unknown): StoredAttestationPolicy {\n return TypeDeserializer.deserialize(\n value,\n { StoredAttestationPolicy: Mappers.StoredAttestationPolicy },\n \"StoredAttestationPolicy\",\n ) as StoredAttestationPolicy;\n }\n\n /**\n * Stored attestation policy, utf8 encoded.\n */\n attestationPolicy: Uint8Array;\n}\n"]}
package/dist/commonjs/attestationAdministrationClient.js CHANGED
@@ -51,14 +51,17 @@ class AttestationAdministrationClient {
51
51
  */
52
52
  constructor(endpoint, credentials, options = {}) {
53
53
  this._validationOptions = options.validationOptions;
54
- const internalPipelineOptions = Object.assign(Object.assign({}, options), {
55
- credential: credentials,
56
- credentialScopes: ["https://attest.azure.net/.default"],
57
- loggingOptions: {
58
- logger: logger_js_1.logger.info,
59
- allowedHeaderNames: ["x-ms-request-id", "x-ms-maa-service-version"],
54
+ const internalPipelineOptions = {
55
+ ...options,
56
+ ...{
57
+ credential: credentials,
58
+ credentialScopes: ["https://attest.azure.net/.default"],
59
+ loggingOptions: {
60
+ logger: logger_js_1.logger.info,
61
+ allowedHeaderNames: ["x-ms-request-id", "x-ms-maa-service-version"],
62
+ },
60
63
  },
61
- });
64
+ };
62
65
  this._client = new generatedClient_js_1.GeneratedClient(endpoint, internalPipelineOptions);
63
66
  }
64
67
  /**
@@ -73,13 +76,12 @@ class AttestationAdministrationClient {
73
76
  */
74
77
  async getPolicy(attestationType, options = {}) {
75
78
  return tracing_js_1.tracingClient.withSpan("AttestationAdministrationClient-getPolicy", options, async (updatedOptions) => {
76
- var _a;
77
79
  const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);
78
80
  // The attestation token returned from the service has a PolicyResult
79
81
  // object as the body.
80
82
  const token = new attestationToken_js_1.AttestationTokenImpl(getPolicyResult.token);
81
83
  // Validate the token returned from the service.
82
- const problems = token.getTokenProblems(await this.signingKeys(), (_a = options.validationOptions) !== null && _a !== void 0 ? _a : this._validationOptions);
84
+ const problems = token.getTokenProblems(await this.signingKeys(), options.validationOptions ?? this._validationOptions);
83
85
  if (problems.length) {
84
86
  throw new Error(problems.join(";"));
85
87
  }
@@ -120,7 +122,6 @@ class AttestationAdministrationClient {
120
122
  */
121
123
  async setPolicy(attestationType, newPolicyDocument, options = {}) {
122
124
  return tracing_js_1.tracingClient.withSpan("AttestationAdministrationClient-setPolicy", options, async (updatedOptions) => {
123
- var _a;
124
125
  if ((!options.privateKey && options.certificate) ||
125
126
  (options.privateKey && !options.certificate)) {
126
127
  throw new Error("If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.");
@@ -129,12 +130,15 @@ class AttestationAdministrationClient {
129
130
  (0, helpers_js_2.verifyAttestationSigningKey)(options.privateKey, options.certificate);
130
131
  }
131
132
  const storedAttestationPolicy = new storedAttestationPolicy_js_1.StoredAttestationPolicy(newPolicyDocument).serialize();
132
- const setPolicyToken = attestationToken_js_1.AttestationTokenImpl.create(Object.assign({ body: storedAttestationPolicy }, options));
133
+ const setPolicyToken = attestationToken_js_1.AttestationTokenImpl.create({
134
+ body: storedAttestationPolicy,
135
+ ...options,
136
+ });
133
137
  const setPolicyResult = await this._client.policy.set(attestationType, setPolicyToken.serialize(), updatedOptions);
134
138
  // The attestation token returned from the service has a PolicyResult
135
139
  // object as the body.
136
140
  const token = new attestationToken_js_1.AttestationTokenImpl(setPolicyResult.token);
137
- const problems = token.getTokenProblems(await this.signingKeys(), (_a = options.validationOptions) !== null && _a !== void 0 ? _a : this._validationOptions);
141
+ const problems = token.getTokenProblems(await this.signingKeys(), options.validationOptions ?? this._validationOptions);
138
142
  if (problems.length) {
139
143
  throw new Error(problems.join(";"));
140
144
  }
@@ -168,7 +172,6 @@ class AttestationAdministrationClient {
168
172
  */
169
173
  async resetPolicy(attestationType, options = {}) {
170
174
  return tracing_js_1.tracingClient.withSpan("AttestationAdministrationClient-setPolicy", options, async (updatedOptions) => {
171
- var _a;
172
175
  if ((!options.privateKey && options.certificate) ||
173
176
  (options.privateKey && !options.certificate)) {
174
177
  throw new Error("If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.");
@@ -184,7 +187,7 @@ class AttestationAdministrationClient {
184
187
  // The attestation token returned from the service has a PolicyResult
185
188
  // object as the body.
186
189
  const token = new attestationToken_js_1.AttestationTokenImpl(resetPolicyResult.token);
187
- const problems = token.getTokenProblems(await this.signingKeys(), (_a = options.validationOptions) !== null && _a !== void 0 ? _a : this._validationOptions);
190
+ const problems = token.getTokenProblems(await this.signingKeys(), options.validationOptions ?? this._validationOptions);
188
191
  if (problems.length) {
189
192
  throw new Error(problems.join(";"));
190
193
  }
@@ -207,12 +210,11 @@ class AttestationAdministrationClient {
207
210
  */
208
211
  async getPolicyManagementCertificates(options = {}) {
209
212
  return tracing_js_1.tracingClient.withSpan("AttestationAdministrationClient-getPolicyManagementCertificates", options, async (updatedOptions) => {
210
- var _a;
211
213
  const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);
212
214
  // The attestation token returned from the service has a PolicyResult
213
215
  // object as the body.
214
216
  const token = new attestationToken_js_1.AttestationTokenImpl(getCertificatesResult.token);
215
- const problems = token.getTokenProblems(await this.signingKeys(), (_a = options.validationOptions) !== null && _a !== void 0 ? _a : this._validationOptions);
217
+ const problems = token.getTokenProblems(await this.signingKeys(), options.validationOptions ?? this._validationOptions);
216
218
  if (problems.length) {
217
219
  throw new Error(problems.join(";"));
218
220
  }
@@ -250,7 +252,6 @@ class AttestationAdministrationClient {
250
252
  */
251
253
  async addPolicyManagementCertificate(pemCertificate, privateKey, certificate, options = {}) {
252
254
  return tracing_js_1.tracingClient.withSpan("AttestationAdministrationClient-addPolicyManagementCertificate", options, async (updatedOptions) => {
253
- var _a;
254
255
  if ((!privateKey && certificate) || (privateKey && !certificate)) {
255
256
  throw new Error("If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.");
256
257
  }
@@ -279,7 +280,7 @@ class AttestationAdministrationClient {
279
280
  // The attestation token returned from the service has a PolicyResult
280
281
  // object as the body.
281
282
  const token = new attestationToken_js_1.AttestationTokenImpl(addCertificateResult.token);
282
- const problems = token.getTokenProblems(await this.signingKeys(), (_a = options.validationOptions) !== null && _a !== void 0 ? _a : this._validationOptions);
283
+ const problems = token.getTokenProblems(await this.signingKeys(), options.validationOptions ?? this._validationOptions);
283
284
  if (problems.length) {
284
285
  throw new Error(problems.join(";"));
285
286
  }
@@ -329,7 +330,6 @@ class AttestationAdministrationClient {
329
330
  */
330
331
  async removePolicyManagementCertificate(pemCertificate, privateKey, certificate, options = {}) {
331
332
  return tracing_js_1.tracingClient.withSpan("AttestationAdministrationClient-removePolicyManagementCertificate", options, async (updatedOptions) => {
332
- var _a;
333
333
  if ((!privateKey && certificate) || (privateKey && !certificate)) {
334
334
  throw new Error("If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.");
335
335
  }
@@ -358,7 +358,7 @@ class AttestationAdministrationClient {
358
358
  // The attestation token returned from the service has a PolicyResult
359
359
  // object as the body.
360
360
  const token = new attestationToken_js_1.AttestationTokenImpl(removeCertificateResult.token);
361
- const problems = token.getTokenProblems(await this.signingKeys(), (_a = options.validationOptions) !== null && _a !== void 0 ? _a : this._validationOptions);
361
+ const problems = token.getTokenProblems(await this.signingKeys(), options.validationOptions ?? this._validationOptions);
362
362
  if (problems.length) {
363
363
  throw new Error(problems.join(";"));
364
364
  }
@@ -372,18 +372,20 @@ class AttestationAdministrationClient {
372
372
  });
373
373
  }
374
374
  async signingKeys() {
375
- var _a;
376
375
  if (this._signers !== undefined) {
377
376
  return this._signers;
378
377
  }
379
378
  const jwks = await this._client.signingCertificates.get();
380
379
  const signers = new Array();
381
- (_a = jwks.keys) === null || _a === void 0 ? void 0 : _a.forEach((element) => {
380
+ jwks.keys?.forEach((element) => {
382
381
  signers.push((0, attestationSigner_js_1._attestationSignerFromGenerated)(element));
383
382
  });
384
383
  this._signers = signers;
385
384
  return this._signers;
386
385
  }
386
+ _client;
387
+ _signers;
388
+ _validationOptions;
387
389
  }
388
390
  exports.AttestationAdministrationClient = AttestationAdministrationClient;
389
391
  //# sourceMappingURL=attestationAdministrationClient.js.map
package/dist/commonjs/attestationAdministrationClient.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,uDAAuD;AACvD,uEAAiE;AACjE,2CAAqC;AASrC,6CAAgD;AAUhD,oFAA8E;AAI9E,qEAA+D;AAC/D,+EAAyD;AAEzD,yCAAyC;AACzC,6DAAuC;AACvC,mDAAiD;AACjD,8DAAsE;AACtE,wEAAgF;AAChF,mDAAiE;AACjE,4EAA4E;AAC5E,sEAAoE;AACpE,uDAAuD;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;OAeG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,mCACxB,OAAO,GACP;YACD,UAAU,EAAE,WAAW;YACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;YACvD,cAAc,EAAE;gBACd,MAAM,EAAE,kBAAM,CAAC,IAAI;gBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;aACpE;SACF,CACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,oCAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,0CAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,oDAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,IAAA,kDAAyB,EAC9B,KAAK,EACL,IAAA,uBAAa,EAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,oDAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,0CAAoB,CAAC,MAAM,iBAChD,IAAI,EAAE,uBAAuB,IAC1B,OAAO,EACV,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,sCAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,IAAA,kDAAyB,EAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,MAAA,OAAO,CAAC,iBAAiB,mCAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,MAAA,IAAI,CAAC,IAAI,0CAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;CAKF;AA1gBD,0EA0gBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n AttestationCertificateManagementBody,\n GeneratedClientOptionalParams,\n JsonWebKey,\n PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n AttestationResponse,\n AttestationSigner,\n AttestationTokenValidationOptions,\n AttestationType,\n PolicyCertificatesModificationResult,\n PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n /**\n * Options to be used globally to validate attestation tokens received from\n * the attestation service.\n */\n validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n /**\n * Options to be used globally to validate attestation tokens received from\n * the attestation service.\n */\n validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n extends AttestationAdministrationClientOperationOptions {\n /**\n * Optional Private key used to sign the token sent to the attestation service.\n *\n * Required for Isolated Mode attestation instances.\n */\n privateKey?: string;\n\n /**\n * Optional certificate which can validate the token sent to the attestation service.\n *\n * Required for Isolated Mode attestation instances.\n *\n * If the service instance is in Isolated mode, the certificate *must* be one\n * of the configured policy management certificates.\n */\n certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n /**\n * Creates an instance of AttestationAdministrationClient.\n *\n * Example usage:\n * ```ts snippet:AttestationAdministrationClient_Constructor\n * import { AttestationAdministrationClient } from \"@azure/attestation\";\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * const endpoint = \"https://<attestation-instance>.<region>.attest.azure.net\";\n * const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());\n * ```\n *\n * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n * @param credential - Used to authenticate requests to the service.\n * @param options - Used to configure the Form Recognizer client.\n */\n\n constructor(\n endpoint: string,\n credentials: TokenCredential,\n options: AttestationAdministrationClientOptions = {},\n ) {\n this._validationOptions = options.validationOptions;\n\n const internalPipelineOptions: GeneratedClientOptionalParams = {\n ...options,\n ...{\n credential: credentials,\n credentialScopes: [\"https://attest.azure.net/.default\"],\n loggingOptions: {\n logger: logger.info,\n allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n },\n },\n };\n\n this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n }\n\n /**\n * Retrieves the attestation policy document from the server, and returns it\n * to the caller.\n *\n * @param attestationType - AttestationType for which to retrieve policy.\n * @param options - Pipeline and client options for the `getPolicy` call.\n * @returns `AttestationResponse<string>` - the `value` property is the\n * attestation policy, the `token` property will be the actual token\n * returned by the attestation service.\n */\n public async getPolicy(\n attestationType: AttestationType,\n options: AttestationAdministrationClientPolicyOperationOptions = {},\n ): Promise<AttestationResponse<string>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-getPolicy\",\n options,\n async (updatedOptions) => {\n const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(getPolicyResult.token);\n\n // Validate the token returned from the service.\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const policyResult = _policyResultFromGenerated(token.getBody());\n\n // The policyResult.policy value will be a JSON Web Signature representing\n // the actual policy object being retrieved. Serialize the token to an\n // AttestationToken object so we can access the body properties on the token.\n if (!policyResult.policy) {\n throw Error(\"Server returned an invalid getPolicy response!\");\n }\n\n const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n // Finally, retrieve the stored attestationPolicy value and return that\n // as the AttestationResponse to the caller.\n return createAttestationResponse<string>(\n token,\n bytesToString(storedPolicy.attestationPolicy),\n );\n },\n );\n }\n\n /**\n * Sets the attestation policy for the specified {@link attestationType}.\n *\n * @param attestationType - Attestation Type for which to set policy.\n * @param newPolicyDocument - Policy document to be set.\n * @param options - call options.\n * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n * Clients can use the PolicyResult to validate that the policy was actually\n * set by the attestation service.\n *\n * @remarks\n *\n * Please note that if the attestation service instance is running in \"Isolated\"\n * mode, the {@link signingKey} must be one of the signing keys configured for the\n * service instance.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n */\n public async setPolicy(\n attestationType: AttestationType,\n newPolicyDocument: string,\n options: AttestationAdministrationClientPolicyOperationOptions = {},\n ): Promise<AttestationResponse<PolicyResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-setPolicy\",\n options,\n async (updatedOptions) => {\n if (\n (!options.privateKey && options.certificate) ||\n (options.privateKey && !options.certificate)\n ) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (options.privateKey && options.certificate) {\n verifyAttestationSigningKey(options.privateKey, options.certificate);\n }\n\n const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n const setPolicyToken = AttestationTokenImpl.create({\n body: storedAttestationPolicy,\n ...options,\n });\n\n const setPolicyResult = await this._client.policy.set(\n attestationType,\n setPolicyToken.serialize(),\n updatedOptions,\n );\n\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(setPolicyResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const policyResult = _policyResultFromGenerated(token.getBody());\n\n // The policyResult.policy value will be a JSON Web Signature representing\n // the actual policy object being retrieved. Serialize the token to an\n // AttestationToken object so we can access the body properties on the token.\n return createAttestationResponse<PolicyResult>(token, policyResult);\n },\n );\n }\n\n /**\n * Resets the attestation policy for the specified {@link attestationType} to\n * the default value.\n *\n * @param attestationType - Attestation Type for which to set policy.\n * @param options - call options.\n * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n * Clients can use the PolicyResult to validate that the policy was actually\n * reset by the attestation service.\n *\n * @remarks\n *\n * Please note that if the attestation service instance is running in \"Isolated\"\n * mode, the {@link signingKey} must be one of the signing keys configured for the\n * service instance.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n */\n\n public async resetPolicy(\n attestationType: AttestationType,\n options: AttestationAdministrationClientPolicyOperationOptions = {},\n ): Promise<AttestationResponse<PolicyResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-setPolicy\",\n options,\n async (updatedOptions) => {\n if (\n (!options.privateKey && options.certificate) ||\n (options.privateKey && !options.certificate)\n ) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (options.privateKey && options.certificate) {\n verifyAttestationSigningKey(options.privateKey, options.certificate);\n }\n\n const resetPolicyToken = AttestationTokenImpl.create({\n privateKey: options.privateKey,\n certificate: options.certificate,\n });\n\n const resetPolicyResult = await this._client.policy.reset(\n attestationType,\n resetPolicyToken.serialize(),\n updatedOptions,\n );\n\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(resetPolicyResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const policyResult = _policyResultFromGenerated(token.getBody());\n\n // The policyResult.policy value will be a JSON Web Signature representing\n // the actual policy object being retrieved. Serialize the token to an\n // AttestationToken object so we can access the body properties on the token.\n return createAttestationResponse<PolicyResult>(token, policyResult);\n },\n );\n }\n\n /** Returns the set of policy management certificates for this attestation instance.\n *\n * @remarks If the attestation instance is not in `Isolated` mode, this list will\n * always be empty.\n *\n * @param options - Options for the call to the attestation service.\n * @returns AttestationResponse wrapping a list of Attestation Signers.\n */\n public async getPolicyManagementCertificates(\n options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n ): Promise<AttestationResponse<AttestationSigner[]>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n options,\n async (updatedOptions) => {\n const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(getCertificatesResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const jwks = TypeDeserializer.deserialize(\n token.getBody(),\n {\n PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n JsonWebKeySet: Mappers.JsonWebKeySet,\n JsonWebKey: Mappers.JsonWebKey,\n },\n \"PolicyCertificatesResult\",\n ) as PolicyCertificatesResult;\n\n const policyCertificates = new Array<AttestationSigner>();\n jwks.policyCertificates.keys.forEach((jwk) => {\n policyCertificates.push(_attestationSignerFromGenerated(jwk));\n });\n\n return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n },\n );\n }\n\n /** Add a new certificate chain to the set of policy management certificates.\n *\n * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n * @param privateKey - Existing attestation private key used to sign the incoming request.\n * @param certificate - Existing attestation certificate used to verify the incoming request.\n * @param options - Options used in the call to the service.\n * @returns An attestation response including a PolicyCertificatesModificationResult\n *\n * @remarks This API is only supported on `isolated` attestation instances.\n *\n * The signing key MUST be one of the existing attestation signing certificates. The\n * new pemCertificate is signed using the signingKey and the service will validate the\n * signature before allowing the addition.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n *\n */\n public async addPolicyManagementCertificate(\n pemCertificate: string,\n privateKey: string,\n certificate: string,\n options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n options,\n async (updatedOptions) => {\n if ((!privateKey && certificate) || (privateKey && !certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (privateKey && certificate) {\n verifyAttestationSigningKey(privateKey, certificate);\n }\n\n const cert = new jsrsasign.X509();\n cert.readCertPEM(pemCertificate);\n const kty = this.keyTypeFromCertificate(cert);\n\n const jwk: JsonWebKey = {\n x5C: [hexToBase64(cert.hex)],\n kty: kty,\n };\n\n const addBody: AttestationCertificateManagementBody = {\n policyCertificate: jwk,\n };\n\n const addCertToken = AttestationTokenImpl.create({\n body: TypeDeserializer.serialize(\n addBody,\n {\n AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n JsonWebKey: Mappers.JsonWebKey,\n },\n Mappers.AttestationCertificateManagementBody,\n ),\n privateKey: privateKey,\n certificate: certificate,\n });\n\n const addCertificateResult = await this._client.policyCertificates.add(\n addCertToken.serialize(),\n updatedOptions,\n );\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(addCertificateResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyCertificatesModificationResult object.\n const result = TypeDeserializer.deserialize(\n token.getBody(),\n {\n PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n JsonWebKeySet: Mappers.JsonWebKeySet,\n JsonWebKey: Mappers.JsonWebKey,\n },\n \"PolicyCertificatesModificationResult\",\n ) as PolicyCertificatesModificationResult;\n\n return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n },\n );\n }\n\n private keyTypeFromCertificate(cert: any): string {\n let kty: string;\n switch (cert.getSignatureAlgorithmName()) {\n case \"SHA256withRSA\":\n case \"SHA384withRSA\":\n case \"SHA512withRSA\":\n kty = \"RSA\";\n break;\n case \"SHA256withECDSA\":\n case \"SHA384withECDSA\":\n kty = \"EC\";\n break;\n default:\n kty = \"RSA\";\n break;\n }\n return kty;\n }\n\n /** Add a new certificate chain to the set of policy management certificates.\n *\n * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n * @param privateKey - Existing attestation private key used to sign the incoming request.\n * @param certificate - Existing attestation certificate used to verify the incoming request.\n * @param options - Options used in the call to the service.\n * @returns An attestation response including a PolicyCertificatesModificationResult\n *\n * @remarks This API is only supported on `isolated` attestation instances.\n *\n * The signing key MUST be one of the existing attestation signing certificates. The\n * new pemCertificate is signed using the signingKey and the service will validate the\n * signature before allowing the addition.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n */\n public async removePolicyManagementCertificate(\n pemCertificate: string,\n privateKey: string,\n certificate: string,\n options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n options,\n async (updatedOptions) => {\n if ((!privateKey && certificate) || (privateKey && !certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (privateKey && certificate) {\n verifyAttestationSigningKey(privateKey, certificate);\n }\n\n const cert = new jsrsasign.X509();\n cert.readCertPEM(pemCertificate);\n const kty = this.keyTypeFromCertificate(cert);\n\n const jwk: JsonWebKey = {\n x5C: [hexToBase64(cert.hex)],\n kty: kty,\n };\n\n const addBody: AttestationCertificateManagementBody = {\n policyCertificate: jwk,\n };\n\n const removeCertToken = AttestationTokenImpl.create({\n body: TypeDeserializer.serialize(\n addBody,\n {\n AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n JsonWebKey: Mappers.JsonWebKey,\n },\n Mappers.AttestationCertificateManagementBody,\n ),\n privateKey: privateKey,\n certificate: certificate,\n });\n\n const removeCertificateResult = await this._client.policyCertificates.remove(\n removeCertToken.serialize(),\n updatedOptions,\n );\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(removeCertificateResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyCertificatesModificationResult object.\n const result = TypeDeserializer.deserialize(\n token.getBody(),\n {\n PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n JsonWebKeySet: Mappers.JsonWebKeySet,\n JsonWebKey: Mappers.JsonWebKey,\n },\n \"PolicyCertificatesModificationResult\",\n ) as PolicyCertificatesModificationResult;\n\n return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n },\n );\n }\n\n private async signingKeys(): Promise<AttestationSigner[]> {\n if (this._signers !== undefined) {\n return this._signers;\n }\n const jwks = await this._client.signingCertificates.get();\n const signers: AttestationSigner[] = new Array();\n jwks.keys?.forEach((element) => {\n signers.push(_attestationSignerFromGenerated(element));\n });\n this._signers = signers;\n return this._signers;\n }\n\n private _client: GeneratedClient;\n private _signers?: AttestationSigner[];\n private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}
1
+ {"version":3,"file":"attestationAdministrationClient.js","sourceRoot":"","sources":["../../src/attestationAdministrationClient.ts"],"names":[],"mappings":";AAAA,uCAAuC;AACvC,kCAAkC;;;;AAElC,uDAAuD;AACvD,uEAAiE;AACjE,2CAAqC;AASrC,6CAAgD;AAUhD,oFAA8E;AAI9E,qEAA+D;AAC/D,+EAAyD;AAEzD,yCAAyC;AACzC,6DAAuC;AACvC,mDAAiD;AACjD,8DAAsE;AACtE,wEAAgF;AAChF,mDAAiE;AACjE,4EAA4E;AAC5E,sEAAoE;AACpE,uDAAuD;AAqDvD;;;;;;;;;;;GAWG;AACH,MAAa,+BAA+B;IAC1C;;;;;;;;;;;;;;;OAeG;IAEH,YACE,QAAgB,EAChB,WAA4B,EAC5B,UAAkD,EAAE;QAEpD,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAEpD,MAAM,uBAAuB,GAAkC;YAC7D,GAAG,OAAO;YACV,GAAG;gBACD,UAAU,EAAE,WAAW;gBACvB,gBAAgB,EAAE,CAAC,mCAAmC,CAAC;gBACvD,cAAc,EAAE;oBACd,MAAM,EAAE,kBAAM,CAAC,IAAI;oBACnB,kBAAkB,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,CAAC;iBACpE;aACF;SACF,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,IAAI,oCAAe,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;IACxE,CAAC;IAED;;;;;;;;;OASG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;YAEvF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAE9D,gDAAgD;YAChD,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,MAAM,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,0CAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAElE,MAAM,YAAY,GAAG,oDAAuB,CAAC,WAAW,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAEhF,uEAAuE;YACvE,4CAA4C;YAC5C,OAAO,IAAA,kDAAyB,EAC9B,KAAK,EACL,IAAA,uBAAa,EAAC,YAAY,CAAC,iBAAiB,CAAC,CAC9C,CAAC;QACJ,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IACI,KAAK,CAAC,SAAS,CACpB,eAAgC,EAChC,iBAAyB,EACzB,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,uBAAuB,GAAG,IAAI,oDAAuB,CAAC,iBAAiB,CAAC,CAAC,SAAS,EAAE,CAAC;YAC3F,MAAM,cAAc,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBACjD,IAAI,EAAE,uBAAuB;gBAC7B,GAAG,OAAO;aACX,CAAC,CAAC;YAEH,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CACnD,eAAe,EACf,cAAc,CAAC,SAAS,EAAE,EAC1B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;;OAkBG;IAEI,KAAK,CAAC,WAAW,CACtB,eAAgC,EAChC,UAAiE,EAAE;QAEnE,OAAO,0BAAa,CAAC,QAAQ,CAC3B,2CAA2C,EAC3C,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IACE,CAAC,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,CAAC;gBAC5C,CAAC,OAAO,CAAC,UAAU,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAC5C,CAAC;gBACD,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC9C,IAAA,wCAA2B,EAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,gBAAgB,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBACnD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CACvD,eAAe,EACf,gBAAgB,CAAC,SAAS,EAAE,EAC5B,cAAc,CACf,CAAC;YAEF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YAChE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,YAAY,GAAG,IAAA,4CAA0B,EAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAEjE,0EAA0E;YAC1E,sEAAsE;YACtE,6EAA6E;YAC7E,OAAO,IAAA,kDAAyB,EAAe,KAAK,EAAE,YAAY,CAAC,CAAC;QACtE,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,+BAA+B,CAC1C,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,iEAAiE,EACjE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,MAAM,qBAAqB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACxF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YACpE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,wEAAwE;YACxE,SAAS;YACT,MAAM,IAAI,GAAG,sCAAgB,CAAC,WAAW,CACvC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,wBAAwB,EAAE,OAAO,CAAC,wBAAwB;gBAC1D,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,0BAA0B,CACC,CAAC;YAE9B,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAqB,CAAC;YAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;gBAC3C,kBAAkB,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,GAAG,CAAC,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;YAEH,OAAO,IAAA,kDAAyB,EAAsB,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACnF,CAAC,CACF,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACI,KAAK,CAAC,8BAA8B,CACzC,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,gEAAgE,EAChE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,YAAY,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAC/C,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,GAAG,CACpE,YAAY,CAAC,SAAS,EAAE,EACxB,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,sBAAsB,CAAC,IAAS;QACtC,IAAI,GAAW,CAAC;QAChB,QAAQ,IAAI,CAAC,yBAAyB,EAAE,EAAE,CAAC;YACzC,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe,CAAC;YACrB,KAAK,eAAe;gBAClB,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,iBAAiB;gBACpB,GAAG,GAAG,IAAI,CAAC;gBACX,MAAM;YACR;gBACE,GAAG,GAAG,KAAK,CAAC;gBACZ,MAAM;QACV,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACI,KAAK,CAAC,iCAAiC,CAC5C,cAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,UAA4E,EAAE;QAE9E,OAAO,0BAAa,CAAC,QAAQ,CAC3B,mEAAmE,EACnE,OAAO,EACP,KAAK,EAAE,cAAc,EAAE,EAAE;YACvB,IAAI,CAAC,CAAC,UAAU,IAAI,WAAW,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;YACJ,CAAC;YAED,IAAI,UAAU,IAAI,WAAW,EAAE,CAAC;gBAC9B,IAAA,wCAA2B,EAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;YACjC,MAAM,GAAG,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAE9C,MAAM,GAAG,GAAe;gBACtB,GAAG,EAAE,CAAC,IAAA,wBAAW,EAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC5B,GAAG,EAAE,GAAG;aACT,CAAC;YAEF,MAAM,OAAO,GAAyC;gBACpD,iBAAiB,EAAE,GAAG;aACvB,CAAC;YAEF,MAAM,eAAe,GAAG,0CAAoB,CAAC,MAAM,CAAC;gBAClD,IAAI,EAAE,sCAAgB,CAAC,SAAS,CAC9B,OAAO,EACP;oBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;oBAClF,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,EACD,OAAO,CAAC,oCAAoC,CAC7C;gBACD,UAAU,EAAE,UAAU;gBACtB,WAAW,EAAE,WAAW;aACzB,CAAC,CAAC;YAEH,MAAM,uBAAuB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAC1E,eAAe,CAAC,SAAS,EAAE,EAC3B,cAAc,CACf,CAAC;YACF,qEAAqE;YACrE,sBAAsB;YACtB,MAAM,KAAK,GAAG,IAAI,0CAAoB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,gBAAgB,CACrC,MAAM,IAAI,CAAC,WAAW,EAAE,EACxB,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,kBAAkB,CACrD,CAAC;YACF,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC;YAED,+DAA+D;YAC/D,MAAM,MAAM,GAAG,sCAAgB,CAAC,WAAW,CACzC,KAAK,CAAC,OAAO,EAAE,EACf;gBACE,oCAAoC,EAAE,OAAO,CAAC,oCAAoC;gBAClF,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,EACD,sCAAsC,CACC,CAAC;YAE1C,OAAO,IAAA,kDAAyB,EAAuC,KAAK,EAAE,MAAM,CAAC,CAAC;QACxF,CAAC,CACF,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC,QAAQ,CAAC;QACvB,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,GAAG,EAAE,CAAC;QAC1D,MAAM,OAAO,GAAwB,IAAI,KAAK,EAAE,CAAC;QACjD,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,OAAO,CAAC,IAAI,CAAC,IAAA,sDAA+B,EAAC,OAAO,CAAC,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAEO,OAAO,CAAkB;IACzB,QAAQ,CAAuB;IAC/B,kBAAkB,CAAqC;CAChE;AA1gBD,0EA0gBC","sourcesContent":["// Copyright (c) Microsoft Corporation.\n// Licensed under the MIT License.\n\n/* eslint-disable @azure/azure-sdk/ts-naming-options */\nimport { GeneratedClient } from \"./generated/generatedClient.js\";\nimport { logger } from \"./logger.js\";\n\nimport type {\n AttestationCertificateManagementBody,\n GeneratedClientOptionalParams,\n JsonWebKey,\n PolicyCertificatesResult,\n} from \"./generated/models/index.js\";\n\nimport { bytesToString } from \"./utils/utf8.js\";\n\nimport type {\n AttestationResponse,\n AttestationSigner,\n AttestationTokenValidationOptions,\n AttestationType,\n PolicyCertificatesModificationResult,\n PolicyResult,\n} from \"./models/index.js\";\nimport { StoredAttestationPolicy } from \"./models/storedAttestationPolicy.js\";\n\nimport type { CommonClientOptions, OperationOptions } from \"@azure/core-client\";\nimport type { TokenCredential } from \"@azure/core-auth\";\nimport { TypeDeserializer } from \"./utils/typeDeserializer.js\";\nimport * as Mappers from \"./generated/models/mappers.js\";\n\n/// <reference path=\"../jsrsasign.d.ts\"/>\nimport * as jsrsasign from \"jsrsasign\";\nimport { hexToBase64 } from \"./utils/helpers.js\";\nimport { _policyResultFromGenerated } from \"./models/policyResult.js\";\nimport { _attestationSignerFromGenerated } from \"./models/attestationSigner.js\";\nimport { verifyAttestationSigningKey } from \"./utils/helpers.js\";\nimport { createAttestationResponse } from \"./models/attestationResponse.js\";\nimport { AttestationTokenImpl } from \"./models/attestationToken.js\";\nimport { tracingClient } from \"./generated/tracing.js\";\n\n/**\n * Attestation Client Construction Options.\n */\nexport interface AttestationAdministrationClientOptions extends CommonClientOptions {\n /**\n * Options to be used globally to validate attestation tokens received from\n * the attestation service.\n */\n validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the Attestation Administration Client operations.\n */\nexport interface AttestationAdministrationClientOperationOptions extends OperationOptions {\n /**\n * Options to be used globally to validate attestation tokens received from\n * the attestation service.\n */\n validationOptions?: AttestationTokenValidationOptions;\n}\n\n/**\n * Operation options for the administration Policy operations.\n */\nexport interface AttestationAdministrationClientPolicyOperationOptions\n extends AttestationAdministrationClientOperationOptions {\n /**\n * Optional Private key used to sign the token sent to the attestation service.\n *\n * Required for Isolated Mode attestation instances.\n */\n privateKey?: string;\n\n /**\n * Optional certificate which can validate the token sent to the attestation service.\n *\n * Required for Isolated Mode attestation instances.\n *\n * If the service instance is in Isolated mode, the certificate *must* be one\n * of the configured policy management certificates.\n */\n certificate?: string;\n}\n\n/**\n * Operation options for the Policy Certificates operations.\n */\nexport interface AttestationAdministrationClientPolicyCertificateOperationOptions\n extends AttestationAdministrationClientOperationOptions {}\n\n/**\n * Attestation Client class.\n *\n * The AttestationClient class enables access to the Attestation related APIs:\n *\n * - getPolicy\n * - setPolicy\n * - resetPolicy\n * - getPolicyManagementCertificates\n * - addPolicyManagementCertificate\n * - removePolicyManagementCertificate\n */\nexport class AttestationAdministrationClient {\n /**\n * Creates an instance of AttestationAdministrationClient.\n *\n * Example usage:\n * ```ts snippet:AttestationAdministrationClient_Constructor\n * import { AttestationAdministrationClient } from \"@azure/attestation\";\n * import { DefaultAzureCredential } from \"@azure/identity\";\n *\n * const endpoint = \"https://<attestation-instance>.<region>.attest.azure.net\";\n * const client = new AttestationAdministrationClient(endpoint, new DefaultAzureCredential());\n * ```\n *\n * @param endpoint - The attestation instance endpoint, for example https://mytenant.attest.azure.net.\n * @param credential - Used to authenticate requests to the service.\n * @param options - Used to configure the Form Recognizer client.\n */\n\n constructor(\n endpoint: string,\n credentials: TokenCredential,\n options: AttestationAdministrationClientOptions = {},\n ) {\n this._validationOptions = options.validationOptions;\n\n const internalPipelineOptions: GeneratedClientOptionalParams = {\n ...options,\n ...{\n credential: credentials,\n credentialScopes: [\"https://attest.azure.net/.default\"],\n loggingOptions: {\n logger: logger.info,\n allowedHeaderNames: [\"x-ms-request-id\", \"x-ms-maa-service-version\"],\n },\n },\n };\n\n this._client = new GeneratedClient(endpoint, internalPipelineOptions);\n }\n\n /**\n * Retrieves the attestation policy document from the server, and returns it\n * to the caller.\n *\n * @param attestationType - AttestationType for which to retrieve policy.\n * @param options - Pipeline and client options for the `getPolicy` call.\n * @returns `AttestationResponse<string>` - the `value` property is the\n * attestation policy, the `token` property will be the actual token\n * returned by the attestation service.\n */\n public async getPolicy(\n attestationType: AttestationType,\n options: AttestationAdministrationClientPolicyOperationOptions = {},\n ): Promise<AttestationResponse<string>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-getPolicy\",\n options,\n async (updatedOptions) => {\n const getPolicyResult = await this._client.policy.get(attestationType, updatedOptions);\n\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(getPolicyResult.token);\n\n // Validate the token returned from the service.\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const policyResult = _policyResultFromGenerated(token.getBody());\n\n // The policyResult.policy value will be a JSON Web Signature representing\n // the actual policy object being retrieved. Serialize the token to an\n // AttestationToken object so we can access the body properties on the token.\n if (!policyResult.policy) {\n throw Error(\"Server returned an invalid getPolicy response!\");\n }\n\n const policyToken = new AttestationTokenImpl(policyResult.policy);\n\n const storedPolicy = StoredAttestationPolicy.deserialize(policyToken.getBody());\n\n // Finally, retrieve the stored attestationPolicy value and return that\n // as the AttestationResponse to the caller.\n return createAttestationResponse<string>(\n token,\n bytesToString(storedPolicy.attestationPolicy),\n );\n },\n );\n }\n\n /**\n * Sets the attestation policy for the specified {@link attestationType}.\n *\n * @param attestationType - Attestation Type for which to set policy.\n * @param newPolicyDocument - Policy document to be set.\n * @param options - call options.\n * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n * Clients can use the PolicyResult to validate that the policy was actually\n * set by the attestation service.\n *\n * @remarks\n *\n * Please note that if the attestation service instance is running in \"Isolated\"\n * mode, the {@link signingKey} must be one of the signing keys configured for the\n * service instance.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n */\n public async setPolicy(\n attestationType: AttestationType,\n newPolicyDocument: string,\n options: AttestationAdministrationClientPolicyOperationOptions = {},\n ): Promise<AttestationResponse<PolicyResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-setPolicy\",\n options,\n async (updatedOptions) => {\n if (\n (!options.privateKey && options.certificate) ||\n (options.privateKey && !options.certificate)\n ) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (options.privateKey && options.certificate) {\n verifyAttestationSigningKey(options.privateKey, options.certificate);\n }\n\n const storedAttestationPolicy = new StoredAttestationPolicy(newPolicyDocument).serialize();\n const setPolicyToken = AttestationTokenImpl.create({\n body: storedAttestationPolicy,\n ...options,\n });\n\n const setPolicyResult = await this._client.policy.set(\n attestationType,\n setPolicyToken.serialize(),\n updatedOptions,\n );\n\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(setPolicyResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const policyResult = _policyResultFromGenerated(token.getBody());\n\n // The policyResult.policy value will be a JSON Web Signature representing\n // the actual policy object being retrieved. Serialize the token to an\n // AttestationToken object so we can access the body properties on the token.\n return createAttestationResponse<PolicyResult>(token, policyResult);\n },\n );\n }\n\n /**\n * Resets the attestation policy for the specified {@link attestationType} to\n * the default value.\n *\n * @param attestationType - Attestation Type for which to set policy.\n * @param options - call options.\n * @returns An {@link AttestationResponse} wrapping a {@link PolicyResult}.\n * Clients can use the PolicyResult to validate that the policy was actually\n * reset by the attestation service.\n *\n * @remarks\n *\n * Please note that if the attestation service instance is running in \"Isolated\"\n * mode, the {@link signingKey} must be one of the signing keys configured for the\n * service instance.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n */\n\n public async resetPolicy(\n attestationType: AttestationType,\n options: AttestationAdministrationClientPolicyOperationOptions = {},\n ): Promise<AttestationResponse<PolicyResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-setPolicy\",\n options,\n async (updatedOptions) => {\n if (\n (!options.privateKey && options.certificate) ||\n (options.privateKey && !options.certificate)\n ) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (options.privateKey && options.certificate) {\n verifyAttestationSigningKey(options.privateKey, options.certificate);\n }\n\n const resetPolicyToken = AttestationTokenImpl.create({\n privateKey: options.privateKey,\n certificate: options.certificate,\n });\n\n const resetPolicyResult = await this._client.policy.reset(\n attestationType,\n resetPolicyToken.serialize(),\n updatedOptions,\n );\n\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(resetPolicyResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const policyResult = _policyResultFromGenerated(token.getBody());\n\n // The policyResult.policy value will be a JSON Web Signature representing\n // the actual policy object being retrieved. Serialize the token to an\n // AttestationToken object so we can access the body properties on the token.\n return createAttestationResponse<PolicyResult>(token, policyResult);\n },\n );\n }\n\n /** Returns the set of policy management certificates for this attestation instance.\n *\n * @remarks If the attestation instance is not in `Isolated` mode, this list will\n * always be empty.\n *\n * @param options - Options for the call to the attestation service.\n * @returns AttestationResponse wrapping a list of Attestation Signers.\n */\n public async getPolicyManagementCertificates(\n options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n ): Promise<AttestationResponse<AttestationSigner[]>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-getPolicyManagementCertificates\",\n options,\n async (updatedOptions) => {\n const getCertificatesResult = await this._client.policyCertificates.get(updatedOptions);\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(getCertificatesResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyResult object to retrieve the underlying policy\n // token\n const jwks = TypeDeserializer.deserialize(\n token.getBody(),\n {\n PolicyCertificatesResult: Mappers.PolicyCertificatesResult,\n JsonWebKeySet: Mappers.JsonWebKeySet,\n JsonWebKey: Mappers.JsonWebKey,\n },\n \"PolicyCertificatesResult\",\n ) as PolicyCertificatesResult;\n\n const policyCertificates = new Array<AttestationSigner>();\n jwks.policyCertificates.keys.forEach((jwk) => {\n policyCertificates.push(_attestationSignerFromGenerated(jwk));\n });\n\n return createAttestationResponse<AttestationSigner[]>(token, policyCertificates);\n },\n );\n }\n\n /** Add a new certificate chain to the set of policy management certificates.\n *\n * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n * @param privateKey - Existing attestation private key used to sign the incoming request.\n * @param certificate - Existing attestation certificate used to verify the incoming request.\n * @param options - Options used in the call to the service.\n * @returns An attestation response including a PolicyCertificatesModificationResult\n *\n * @remarks This API is only supported on `isolated` attestation instances.\n *\n * The signing key MUST be one of the existing attestation signing certificates. The\n * new pemCertificate is signed using the signingKey and the service will validate the\n * signature before allowing the addition.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n *\n */\n public async addPolicyManagementCertificate(\n pemCertificate: string,\n privateKey: string,\n certificate: string,\n options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-addPolicyManagementCertificate\",\n options,\n async (updatedOptions) => {\n if ((!privateKey && certificate) || (privateKey && !certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (privateKey && certificate) {\n verifyAttestationSigningKey(privateKey, certificate);\n }\n\n const cert = new jsrsasign.X509();\n cert.readCertPEM(pemCertificate);\n const kty = this.keyTypeFromCertificate(cert);\n\n const jwk: JsonWebKey = {\n x5C: [hexToBase64(cert.hex)],\n kty: kty,\n };\n\n const addBody: AttestationCertificateManagementBody = {\n policyCertificate: jwk,\n };\n\n const addCertToken = AttestationTokenImpl.create({\n body: TypeDeserializer.serialize(\n addBody,\n {\n AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n JsonWebKey: Mappers.JsonWebKey,\n },\n Mappers.AttestationCertificateManagementBody,\n ),\n privateKey: privateKey,\n certificate: certificate,\n });\n\n const addCertificateResult = await this._client.policyCertificates.add(\n addCertToken.serialize(),\n updatedOptions,\n );\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(addCertificateResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyCertificatesModificationResult object.\n const result = TypeDeserializer.deserialize(\n token.getBody(),\n {\n PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n JsonWebKeySet: Mappers.JsonWebKeySet,\n JsonWebKey: Mappers.JsonWebKey,\n },\n \"PolicyCertificatesModificationResult\",\n ) as PolicyCertificatesModificationResult;\n\n return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n },\n );\n }\n\n private keyTypeFromCertificate(cert: any): string {\n let kty: string;\n switch (cert.getSignatureAlgorithmName()) {\n case \"SHA256withRSA\":\n case \"SHA384withRSA\":\n case \"SHA512withRSA\":\n kty = \"RSA\";\n break;\n case \"SHA256withECDSA\":\n case \"SHA384withECDSA\":\n kty = \"EC\";\n break;\n default:\n kty = \"RSA\";\n break;\n }\n return kty;\n }\n\n /** Add a new certificate chain to the set of policy management certificates.\n *\n * @param pemCertificate - PEM encoded certificate to add to the set of policy management certificates.\n * @param privateKey - Existing attestation private key used to sign the incoming request.\n * @param certificate - Existing attestation certificate used to verify the incoming request.\n * @param options - Options used in the call to the service.\n * @returns An attestation response including a PolicyCertificatesModificationResult\n *\n * @remarks This API is only supported on `isolated` attestation instances.\n *\n * The signing key MUST be one of the existing attestation signing certificates. The\n * new pemCertificate is signed using the signingKey and the service will validate the\n * signature before allowing the addition.\n *\n * @throws {@link Error} when a private key is specified without a certificate and vice versa.\n * @throws {@link Error} when the key in the certificate provided does not match the private key.\n */\n public async removePolicyManagementCertificate(\n pemCertificate: string,\n privateKey: string,\n certificate: string,\n options: AttestationAdministrationClientPolicyCertificateOperationOptions = {},\n ): Promise<AttestationResponse<PolicyCertificatesModificationResult>> {\n return tracingClient.withSpan(\n \"AttestationAdministrationClient-removePolicyManagementCertificate\",\n options,\n async (updatedOptions) => {\n if ((!privateKey && certificate) || (privateKey && !certificate)) {\n throw new Error(\n \"If privateKey is specified, certificate must also be provided. If certificate is provided, privateKey must also be provided.\",\n );\n }\n\n if (privateKey && certificate) {\n verifyAttestationSigningKey(privateKey, certificate);\n }\n\n const cert = new jsrsasign.X509();\n cert.readCertPEM(pemCertificate);\n const kty = this.keyTypeFromCertificate(cert);\n\n const jwk: JsonWebKey = {\n x5C: [hexToBase64(cert.hex)],\n kty: kty,\n };\n\n const addBody: AttestationCertificateManagementBody = {\n policyCertificate: jwk,\n };\n\n const removeCertToken = AttestationTokenImpl.create({\n body: TypeDeserializer.serialize(\n addBody,\n {\n AttestationCertificateManagementBody: Mappers.AttestationCertificateManagementBody,\n JsonWebKey: Mappers.JsonWebKey,\n },\n Mappers.AttestationCertificateManagementBody,\n ),\n privateKey: privateKey,\n certificate: certificate,\n });\n\n const removeCertificateResult = await this._client.policyCertificates.remove(\n removeCertToken.serialize(),\n updatedOptions,\n );\n // The attestation token returned from the service has a PolicyResult\n // object as the body.\n const token = new AttestationTokenImpl(removeCertificateResult.token);\n const problems = token.getTokenProblems(\n await this.signingKeys(),\n options.validationOptions ?? this._validationOptions,\n );\n if (problems.length) {\n throw new Error(problems.join(\";\"));\n }\n\n // Deserialize the PolicyCertificatesModificationResult object.\n const result = TypeDeserializer.deserialize(\n token.getBody(),\n {\n PolicyCertificatesModificationResult: Mappers.PolicyCertificatesModificationResult,\n JsonWebKeySet: Mappers.JsonWebKeySet,\n JsonWebKey: Mappers.JsonWebKey,\n },\n \"PolicyCertificatesModificationResult\",\n ) as PolicyCertificatesModificationResult;\n\n return createAttestationResponse<PolicyCertificatesModificationResult>(token, result);\n },\n );\n }\n\n private async signingKeys(): Promise<AttestationSigner[]> {\n if (this._signers !== undefined) {\n return this._signers;\n }\n const jwks = await this._client.signingCertificates.get();\n const signers: AttestationSigner[] = new Array();\n jwks.keys?.forEach((element) => {\n signers.push(_attestationSignerFromGenerated(element));\n });\n this._signers = signers;\n return this._signers;\n }\n\n private _client: GeneratedClient;\n private _signers?: AttestationSigner[];\n private _validationOptions?: AttestationTokenValidationOptions;\n}\n"]}