Azure.Security.Attestation Namespace

Classes

AttestationAdministrationClient

Attestation Client for the Microsoft Azure Attestation service.

The Attestation client contains the implementation of the "Attest" family of MAA apis.

AttestationClient

Attestation Client for the Microsoft Azure Attestation service.

The Attestation client contains the implementation of the "Attest" family of MAA apis.

AttestationClientOptions

Configuration options for the attestation client.

AttestationData

AttestationData represents a BinaryData object passed as an input to the Attestation Service.

AttestationData comes in two forms: Binary and JSON. To distinguish between the two, when an AttestationData object is created, the caller provides an indication that the input binary data will be treated as either JSON or Binary.

The AttestationData is reflected in the generated AttestationResult in two possible ways. If the AttestationData is Binary, then the AttestationData is reflected in the EnclaveHeldData claim. If the AttestationData is JSON, then the AttestationData is expressed as JSON in the RuntimeClaims or InittimeClaims claim.

AttestationModelFactory

Factory class for creating Attestation Service Model types, used for Mocking.

AttestationRequest

Represents the data sent to the Attestation Service for a call to the AttestOpenEnclave(AttestationRequest, CancellationToken) or AttestSgxEnclave(AttestationRequest, CancellationToken) APIs.

An Attestation Request has three elements:

  • EvidenceThe attestation evidence generated from inside the target environment (often an Intel SGX or OpenEnclave enclave). The 'Evidence' is normally an SGX Quote, an OpenEnclave Report, or OpenEnclave Evidence.
  • InitTime DataData presented at the time that the target environment was initialized.
  • Runtime DataData presented at the time that the Evidence was created.

The "Evidence" MUST be provided in an Attest call, however both Runtime Data and InitTime data are optional.

AttestationResponse<T>

Represents a response from an Attestation Service API.

AttestationResult

A Microsoft Azure Attestation response token body - the body of a response token issued by MAA.

AttestationSigner

Represents a certificate/key ID pair, used to validate a AttestationToken.

AttestationToken

Represents an Attestation Token object.

AttestationTokenSigningKey

An AttestationSigningKey encapsulates the two pieces of information necessary to sign a token:

  • Signing Keythe key used to sign the token
  • Signing Certificatean X.509 certificate which wraps the public key part of the Signing Key.

Note that the Attestation Service only supports validation of tokens which are signed with an X.509 certificate, it does not support arbitrary signing keys.

AttestationTokenValidationEventArgs

Represents the arguments used when asking the caller to validate an attestation token.

AttestationTokenValidationFailedException

Exception thrown when a call to ValidateToken(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken) fails.

Normally, the only way that this exception will be thrown is if the customer's TokenValidated event delegate indicates a validation failure.

AttestationTokenValidationOptions

Declares the options used for validating an attestation token.

When validating a JSON Web Token, there are a number of options that can be configured. For instance if the returned token is going to be validated by a relying party, there is no need for the client to validate the token.

Similarly, because the expiration time of the token is relative to the clock on the server, it may be necessary to introduce a level of "leeway" when determining if a token is expired or not.

PolicyCertificatesModificationResult

The result of a policy certificate modification.

PolicyModificationResult

The result of a policy certificate modification.

StoredAttestationPolicy

The StoredAttestationPolicy.

TpmAttestationRequest

Attestation request for Trusted Platform Module (TPM) attestation.

TpmAttestationResponse

Attestation response for Trusted Platform Module (TPM) attestation.

Structs

AttestationType

The AttestationType.

PolicyCertificateResolution

The result of the operation.

PolicyModification

The result of the operation.

Enums

AttestationClientOptions.ServiceVersion

The Microsoft Azure Attestation service version.