### YamlMime:JavaType uid: "com.azure.security.attestation.models.AttestationOptions" fullName: "com.azure.security.attestation.models.AttestationOptions" name: "AttestationOptions" nameWithType: "AttestationOptions" summary: "AttestationOptions represent the parameters sent to the or API." inheritances: - "" inheritedClassMethods: - classRef: "java.lang.Object" methodsRef: - "clone" - "equals" - "finalize" - "getClass" - "hashCode" - "notify" - "notifyAll" - "toString" - "wait" - "wait" - "wait" syntax: "public final class **AttestationOptions**" constructors: - uid: "com.azure.security.attestation.models.AttestationOptions.AttestationOptions(com.azure.core.util.BinaryData)" fullName: "com.azure.security.attestation.models.AttestationOptions.AttestationOptions(BinaryData evidence)" name: "AttestationOptions(BinaryData evidence)" nameWithType: "AttestationOptions.AttestationOptions(BinaryData evidence)" summary: "Creates a new AttestOpenEnclaveRequest object with the OpenEnclave report from the enclave to be attested." parameters: - description: "to be used in the attest request." name: "evidence" type: "" syntax: "public AttestationOptions(BinaryData evidence)" desc: "Creates a new AttestOpenEnclaveRequest object with the OpenEnclave report from the enclave to be attested. The evidence will typically take the form of either an OpenEnclave report or an Intel SGX quote.\n\n**Create an AttestationOptions from an SGX quote:**\n\n```java\nAttestationOptions options = new AttestationOptions(sgxQuote);\n```" methods: - uid: "com.azure.security.attestation.models.AttestationOptions.getDraftPolicyForAttestation()" fullName: "com.azure.security.attestation.models.AttestationOptions.getDraftPolicyForAttestation()" name: "getDraftPolicyForAttestation()" nameWithType: "AttestationOptions.getDraftPolicyForAttestation()" summary: "Gets the draftPolicyForAttestation property which is used to attest against the draft policy." syntax: "public String getDraftPolicyForAttestation()" desc: "Gets the draftPolicyForAttestation property which is used to attest against the draft policy.\n\nGets the previously set draft policy for attestation.\n\n```java\nAttestationOptions getOptions = new AttestationOptions(openEnclaveReport)\n .setDraftPolicyForAttestation(\"version=1.0; authorizationrules{=> permit();}; issuancerules{};\");\n\n String draftPolicy = getOptions.getDraftPolicyForAttestation();\n```" returns: description: "The draft policy if set." type: "String" - uid: "com.azure.security.attestation.models.AttestationOptions.getEvidence()" fullName: "com.azure.security.attestation.models.AttestationOptions.getEvidence()" name: "getEvidence()" nameWithType: "AttestationOptions.getEvidence()" summary: "Returns the \"evidence\" to be presented to the attestation service." syntax: "public BinaryData getEvidence()" desc: "Returns the \"evidence\" to be presented to the attestation service." returns: description: "The attestation evidence to be presented to the attestation service." type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.getInitTimeData()" fullName: "com.azure.security.attestation.models.AttestationOptions.getInitTimeData()" name: "getInitTimeData()" nameWithType: "AttestationOptions.getInitTimeData()" summary: "Retrieves the InitTimeData property to be sent to the service." syntax: "public AttestationData getInitTimeData()" desc: "Retrieves the InitTimeData property to be sent to the service.\n\n**Retrieve the InitTimeData value.**\n\n```java\nAttestationOptions attestationOptions = new AttestationOptions(openEnclaveReport)\n .setInitTimeData(new AttestationData(inittimeData, AttestationDataInterpretation.JSON));\n\n AttestationData existingRuntimeData = attestationOptions.getInitTimeData();\n```" returns: description: "The InitTimeData value set by " type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.getRunTimeData()" fullName: "com.azure.security.attestation.models.AttestationOptions.getRunTimeData()" name: "getRunTimeData()" nameWithType: "AttestationOptions.getRunTimeData()" summary: "Retrieves the RunTimeData property to be sent to the service." syntax: "public AttestationData getRunTimeData()" desc: "Retrieves the RunTimeData property to be sent to the service.\n\n**Retrieve the RunTimeData value.**\n\n```java\nAttestationData existingRuntimeData = attestationOptions.getRunTimeData();\n```" returns: description: "The RunTimeData value set by " type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.getValidationOptions()" fullName: "com.azure.security.attestation.models.AttestationOptions.getValidationOptions()" name: "getValidationOptions()" nameWithType: "AttestationOptions.getValidationOptions()" summary: "Returns the options used for token validation." syntax: "public AttestationTokenValidationOptions getValidationOptions()" desc: "Returns the options used for token validation." returns: description: "attestation token validation options." type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.setDraftPolicyForAttestation(java.lang.String)" fullName: "com.azure.security.attestation.models.AttestationOptions.setDraftPolicyForAttestation(String draftPolicyForAttestation)" name: "setDraftPolicyForAttestation(String draftPolicyForAttestation)" nameWithType: "AttestationOptions.setDraftPolicyForAttestation(String draftPolicyForAttestation)" summary: "Set the draftPolicyForAttestation property: Attest against the provided draft policy." parameters: - description: "the draftPolicyForAttestation value to set." name: "draftPolicyForAttestation" type: "String" syntax: "public AttestationOptions setDraftPolicyForAttestation(String draftPolicyForAttestation)" desc: "Set the draftPolicyForAttestation property: Attest against the provided draft policy.\n\nThe setDraftPolicyForAttestation API can be used to determine how a proposed attestation policy would affect an attestation token.\n\n***Note that the resulting token cannot be validated.***\n\n***Example of setting AttestationOptions with a draft policy.***\n\n```java\nAttestationOptions request = new AttestationOptions(openEnclaveReport)\n .setDraftPolicyForAttestation(\"version=1.0; authorizationrules{=> permit();}; issuancerules{};\");\n```" returns: description: "this object itself." type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.setInitTimeData(com.azure.security.attestation.models.AttestationData)" fullName: "com.azure.security.attestation.models.AttestationOptions.setInitTimeData(AttestationData attestationData)" name: "setInitTimeData(AttestationData attestationData)" nameWithType: "AttestationOptions.setInitTimeData(AttestationData attestationData)" summary: "Set the initTimeData property: The initTimeData is data presented at the time that the execution environment was instantiated." parameters: - description: "the InitTimeData value to set." name: "attestationData" type: "" syntax: "public AttestationOptions setInitTimeData(AttestationData attestationData)" desc: "Set the initTimeData property: The initTimeData is data presented at the time that the execution environment was instantiated. The MAA will verify that the init data was known to the execution environment. Note that InitTimeData is invalid for CoffeeLake processors.\n\nWhen the attestation service generates the attestation token, the InitTimeData will be added as if the for the is set to \"JSON\".\n\n**Setting InitTime Data Property**\n\n```java\nAttestationOptions optionsWithInitTimeData = new AttestationOptions(openEnclaveReport)\n .setInitTimeData(new AttestationData(inittimeData, AttestationDataInterpretation.BINARY));\n```" returns: description: "this object itself." type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.setRunTimeData(com.azure.security.attestation.models.AttestationData)" fullName: "com.azure.security.attestation.models.AttestationOptions.setRunTimeData(AttestationData attestationData)" name: "setRunTimeData(AttestationData attestationData)" nameWithType: "AttestationOptions.setRunTimeData(AttestationData attestationData)" summary: "Set the RunTime Data property." parameters: - description: "the runtimeData value to set." name: "attestationData" type: "" syntax: "public AttestationOptions setRunTimeData(AttestationData attestationData)" desc: "Set the RunTime Data property.\n\nRuntime data provided by the enclave at the time the evidence was generated. The attestation service will verify that the first 32 bytes of the `report_data` field of the quote contains the SHA256 hash of the runtime data, this ensures that the RunTime Data was known to the enclave.\n\nWhen the attestation service generates the attestation token, the RunTimeData will be added as one of two possible claims: if the specified for the RunTime Data was set to \"JSON\", or if the specified for the RunTime Data was set to \"BINARY\", or\n\n**Setting RunTime Data Property**\n\n```java\nAttestationOptions optionsWithInitTimeData = new AttestationOptions(openEnclaveReport)\n .setInitTimeData(new AttestationData(inittimeData, AttestationDataInterpretation.BINARY));\n```" returns: description: "this object itself." type: "" - uid: "com.azure.security.attestation.models.AttestationOptions.setValidationOptions(com.azure.security.attestation.models.AttestationTokenValidationOptions)" fullName: "com.azure.security.attestation.models.AttestationOptions.setValidationOptions(AttestationTokenValidationOptions validationOptions)" name: "setValidationOptions(AttestationTokenValidationOptions validationOptions)" nameWithType: "AttestationOptions.setValidationOptions(AttestationTokenValidationOptions validationOptions)" summary: "Sets the options used to validate attestation tokens returned from the service." parameters: - description: "Token Validation options to be used to enhance the validations\n already performed by the SDK." name: "validationOptions" type: "" syntax: "public AttestationOptions setValidationOptions(AttestationTokenValidationOptions validationOptions)" desc: "Sets the options used to validate attestation tokens returned from the service." returns: description: "this object." type: "" type: "class" desc: "AttestationOptions represent the parameters sent to the or API.\n\nEach object expresses the options to attest an SGX enclave.\n\nAn enclave (or Trusted Execution Environment) is a chunk of code that is isolated from its host. When code is running inside an enclave, there is a real challenge - if the customer wants to communicate with code in the enclave, there is no way of establishing a secure communication channel that can verify communication to the enclave.\n\nTo support the \"Secure Key Release\" protocol which enables that communication, there are three key pieces of information required:\n\n * Attestation Evidence (typically an SGX quote or OpenEnclave report\n * InitTime Data - this is data specified when the TEE is created. (OPTIONAL)\n * RunTime Data - this can be a public key or other information. (OPTIONAL)\n\nTo perform an attestation operation, you need at minimum a set of attestation evidence.\n\nFor the Secure Key Release scenario, the InitTime Data and RunTime Data are expressed in the token returned by the Attestation Service, a relying party can use the InitTime Data to make decisions about whether the TEE can be trusted, and can use the RunTime Data as data which is known to have come from inside the enclave (if, for instance the RunTime Data is an asymmetric cryptographic key, it can be used to encrypt data that can only be decrypted by code inside the TEE).\n\nFor both InitTime and RunTime data, the data can be expressed in the token as either BINARY or JSON data. This can simplify the evaluation process in the relying party.\n\nIn addition to the evidence, InitTime and RunTime data, an Attest request can also take a \"draft\" attestation policy. This can be used to determine how an attestation policy effects the claims generated by the attestation service.\n\nNote that when a client specifies a draft attestation policy the returned attestation token will not be signed by the attestation service. That is to ensure that the token cannot be used by a relying party.\n\nThe reason that both binary and JSON are represented as binary is that JSON encodings are ambiguous \\\\u2013 there are many possible semantically identical JSON encodings of the same data. Since we\\\\u2019re going to take the SHA256 hash of the data, we accept a sequence of octets (byte\\[\\]) instead of a String (depending on your encoding, the same string can be encoded as different sequences of octets)." metadata: {} package: "com.azure.security.attestation.models" artifact: com.azure:azure-security-attestation:1.1.27