274 строки
56 KiB
YAML
274 строки
56 KiB
YAML
### YamlMime:JavaType
|
|
uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient"
|
|
name: "AttestationAdministrationAsyncClient"
|
|
nameWithType: "AttestationAdministrationAsyncClient"
|
|
summary: "The Attestation<wbr>Administration<wbr>Async<wbr>Client provides access to the administrative policy APIs implemented by the Attestation Service."
|
|
inheritances:
|
|
- "<xref href=\"java.lang.Object?displayProperty=fullName\" data-throw-if-not-resolved=\"False\" />"
|
|
inheritedClassMethods:
|
|
- classRef: "java.lang.<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html\">Object</a>"
|
|
methodsRef:
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--\">clone</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-\">equals</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--\">finalize</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--\">getClass</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--\">hashCode</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--\">notify</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--\">notifyAll</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--\">toString</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--\">wait</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-\">wait</a>"
|
|
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-\">wait</a>"
|
|
syntax: "public final class **AttestationAdministrationAsyncClient**"
|
|
methods:
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.addPolicyManagementCertificate(com.azure.security.attestation.models.PolicyManagementCertificateOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.addPolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
name: "addPolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.addPolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
summary: "Adds a new certificate to the set of policy management certificates on this instance."
|
|
parameters:
|
|
- description: "Options for this API call, encapsulating both the X.509 certificate to add to the set of policy\n signing certificates and the signing key used to sign the request to the service."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions?alt=com.azure.security.attestation.models.PolicyManagementCertificateOptions&text=PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<PolicyCertificatesModificationResult> addPolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
desc: "Adds a new certificate to the set of policy management certificates on this instance.\n\nEach Isolated mode attestation service instance maintains a set of certificates which can be used to authorize policy modification operations (in Isolated mode, each policy modification request needs to be signed with the private key associated with one of the policy management certificates).\n\nThis API allows the caller to add a new certificate to the set of policy management certificates.\n\nThe request to add a new certificate must be signed with one of the existing policy management certificates, so the <xref uid=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"PolicyManagementCertificateOptions\"></xref> object requires both the new certificate to be added and a <xref uid=\"com.azure.security.attestation.models.AttestationSigningKey\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigningKey\"></xref> to sign the add request.\n\n**Add a new certificate to the set of policy management certificates for this instance.**\n\n```java\nMono<PolicyCertificatesModificationResult> addResultMono = client.addPolicyManagementCertificate(\n new PolicyManagementCertificateOptions(certificateToAdd, new AttestationSigningKey(certificate, privateKey)));\n addResultMono.subscribe(addResult -> System.out.printf(\"Result: %s\\n\",\n addResult.getCertificateResolution().toString()));\n```\n\n***Note:*** It is not considered an error to add the same certificate twice. If the same certificate is added twice, the service ignores the second add request."
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.PolicyCertificatesModificationResult?alt=com.azure.security.attestation.models.PolicyCertificatesModificationResult&text=PolicyCertificatesModificationResult\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.addPolicyManagementCertificateWithResponse(com.azure.security.attestation.models.PolicyManagementCertificateOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.addPolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
name: "addPolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.addPolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
summary: "Adds a new certificate to the set of policy management certificates on this instance."
|
|
parameters:
|
|
- description: "Options for this API call, encapsulating both the X.509 certificate to add to the set of policy\n signing certificates and the signing key used to sign the request to the service."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions?alt=com.azure.security.attestation.models.PolicyManagementCertificateOptions&text=PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<AttestationResponse<PolicyCertificatesModificationResult>> addPolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
desc: "Adds a new certificate to the set of policy management certificates on this instance. Each Isolated mode attestation service instance maintains a set of certificates which can be used to authorize policy modification operations (in Isolated mode, each policy modification request needs to be signed with the private key associated with one of the policy management certificates). This API allows the caller to add a new certificate to the set of policy management certificates. The request to add a new certificate must be signed with one of the existing policy management certificates, so the <xref uid=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"PolicyManagementCertificateOptions\"></xref> object requires both the new certificate to be added and a <xref uid=\"com.azure.security.attestation.models.AttestationSigningKey\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigningKey\"></xref> to sign the add request.\n\n**Add a new certificate to the set of policy management certificates for this instance.**\n\n```java\nMono<AttestationResponse<PolicyCertificatesModificationResult>> addResponseMono = client\n .addPolicyManagementCertificateWithResponse(new PolicyManagementCertificateOptions(certificateToAdd,\n new AttestationSigningKey(certificate, privateKey)));\n addResponseMono.subscribe(addResponse -> System.out.printf(\"Result: %s\\n\",\n addResponse.getValue().getCertificateResolution().toString()));\n```\n\n***Note:*** It is not considered an error to add the same certificate twice. If the same certificate is added twice, the service ignores the second add request."
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" /><<xref href=\"com.azure.security.attestation.models.PolicyCertificatesModificationResult?alt=com.azure.security.attestation.models.PolicyCertificatesModificationResult&text=PolicyCertificatesModificationResult\" data-throw-if-not-resolved=\"False\" />>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.calculatePolicyTokenHash(java.lang.String,com.azure.security.attestation.models.AttestationSigningKey)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.calculatePolicyTokenHash(String policy, AttestationSigningKey signer)"
|
|
name: "calculatePolicyTokenHash(String policy, AttestationSigningKey signer)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.calculatePolicyTokenHash(String policy, AttestationSigningKey signer)"
|
|
summary: "Calculates the Policy<wbr>Token<wbr>Hash for a given policy string."
|
|
parameters:
|
|
- description: "AttestationPolicy document use in the underlying JWT."
|
|
name: "policy"
|
|
type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
|
|
- description: "Optional signing key used to sign the underlying JWT."
|
|
name: "signer"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationSigningKey?alt=com.azure.security.attestation.models.AttestationSigningKey&text=AttestationSigningKey\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public BinaryData calculatePolicyTokenHash(String policy, AttestationSigningKey signer)"
|
|
desc: "Calculates the PolicyTokenHash for a given policy string. The policyTokenHash claim in the <xref uid=\"com.azure.security.attestation.models.PolicyResult\" data-throw-if-not-resolved=\"false\" data-raw-source=\"PolicyResult\"></xref> class is the SHA-256 hash of the underlying policy set JSON Web Token sent to the attestation service. This helper API allows the caller to independently calculate SHA-256 hash of an attestation token corresponding to the value which would be sent to the attestation service. The value returned by this API must always match the value in the <xref uid=\"com.azure.security.attestation.models.PolicyResult\" data-throw-if-not-resolved=\"false\" data-raw-source=\"PolicyResult\"></xref> object, if it does not, it means that the attestation policy received by the service is NOT the one which the customer specified. For an example of how to check the policy token hash:\n\n```java\nBinaryData expectedHash = client.calculatePolicyTokenHash(policyToSet, null);\n BinaryData actualHash = result.getPolicyTokenHash();\n String expectedString = Hex.toHexString(expectedHash.toBytes());\n String actualString = Hex.toHexString(actualHash.toBytes());\n if (!expectedString.equals(actualString)) {\n throw new RuntimeException(\"Policy was set but not received!!!\");\n }\n```"
|
|
returns:
|
|
description: "A <xref uid=\"com.azure.core.util.BinaryData\" data-throw-if-not-resolved=\"false\" data-raw-source=\"BinaryData\"></xref> containing the SHA-256 hash of the attestation policy token corresponding\n to the policy and signer."
|
|
type: "<xref href=\"com.azure.core.util.BinaryData?alt=com.azure.core.util.BinaryData&text=BinaryData\" data-throw-if-not-resolved=\"False\" />"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.deletePolicyManagementCertificate(com.azure.security.attestation.models.PolicyManagementCertificateOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.deletePolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
name: "deletePolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.deletePolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
summary: "Removes a policy management certificate from the set of policy management certificates."
|
|
parameters:
|
|
- description: "Options for this API call, encapsulating both the X.509 certificate to remove from the set of policy\n signing certificates and the signing key used to sign the request to the service."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions?alt=com.azure.security.attestation.models.PolicyManagementCertificateOptions&text=PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<PolicyCertificatesModificationResult> deletePolicyManagementCertificate(PolicyManagementCertificateOptions options)"
|
|
desc: "Removes a policy management certificate from the set of policy management certificates.\n\nEach Isolated mode attestation service instance maintains a set of certificates which can be used to authorize policy modification operations (in Isolated mode, each policy modification request needs to be signed with the private key associated with one of the policy management certificates).\n\nThis API allows the caller to remove an existing certificate from the set of policy management certificates.\n\nThe request to add a new certificate must be signed with one of the existing policy management certificates, so the <xref uid=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"PolicyManagementCertificateOptions\"></xref> object requires both the new certificate to be added and a <xref uid=\"com.azure.security.attestation.models.AttestationSigningKey\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigningKey\"></xref> to sign the add request.\n\n**Add a new certificate to the set of policy management certificates for this instance.**\n\n```java\nMono<PolicyCertificatesModificationResult> removeResultMono = client.deletePolicyManagementCertificate(\n new PolicyManagementCertificateOptions(certificateToAdd, new AttestationSigningKey(certificate, privateKey)));\n removeResultMono.subscribe(removeResult -> System.out.printf(\"Result: %s\\n\",\n removeResult.getCertificateResolution().toString()));\n```\n\n***Note:*** It is not considered an error to remove the same certificate twice. If the same certificate is removed twice, the service ignores the second remove request. This also means that it is not an error to remove a certificate which was not actually in the set of policy certificates."
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.PolicyCertificatesModificationResult?alt=com.azure.security.attestation.models.PolicyCertificatesModificationResult&text=PolicyCertificatesModificationResult\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.deletePolicyManagementCertificateWithResponse(com.azure.security.attestation.models.PolicyManagementCertificateOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.deletePolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
name: "deletePolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.deletePolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
summary: "Removes a policy management certificate from the set of policy management certificates."
|
|
parameters:
|
|
- description: "Options for this API call, encapsulating both the X.509 certificate to remove from the set of policy\n signing certificates and the signing key used to sign the request to the service."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions?alt=com.azure.security.attestation.models.PolicyManagementCertificateOptions&text=PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<AttestationResponse<PolicyCertificatesModificationResult>> deletePolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options)"
|
|
desc: "Removes a policy management certificate from the set of policy management certificates.\n\nEach Isolated mode attestation service instance maintains a set of certificates which can be used to authorize policy modification operations (in Isolated mode, each policy modification request needs to be signed with the private key associated with one of the policy management certificates).\n\nThis API allows the caller to remove an existing certificate from the set of policy management certificates.\n\nThe request to add a new certificate must be signed with one of the existing policy management certificates, so the <xref uid=\"com.azure.security.attestation.models.PolicyManagementCertificateOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"PolicyManagementCertificateOptions\"></xref> object requires both the new certificate to be added and a <xref uid=\"com.azure.security.attestation.models.AttestationSigningKey\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigningKey\"></xref> to sign the add request.\n\n**Add a new certificate to the set of policy management certificates for this instance.**\n\n```java\nMono<AttestationResponse<PolicyCertificatesModificationResult>> removeResponseMono = client\n .addPolicyManagementCertificateWithResponse(new PolicyManagementCertificateOptions(certificateToAdd,\n new AttestationSigningKey(certificate, privateKey)));\n removeResponseMono.subscribe(removeResponse -> System.out.printf(\"Result: %s\\n\",\n removeResponse.getValue().getCertificateResolution().toString()));\n```\n\n***Note:*** It is not considered an error to remove the same certificate twice. If the same certificate is removed twice, the service ignores the second remove request. This also means that it is not an error to remove a certificate which was not actually in the set of policy certificates."
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" /><<xref href=\"com.azure.security.attestation.models.PolicyCertificatesModificationResult?alt=com.azure.security.attestation.models.PolicyCertificatesModificationResult&text=PolicyCertificatesModificationResult\" data-throw-if-not-resolved=\"False\" />>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicy(com.azure.security.attestation.models.AttestationType)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicy(AttestationType attestationType)"
|
|
name: "getAttestationPolicy(AttestationType attestationType)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.getAttestationPolicy(AttestationType attestationType)"
|
|
summary: "Retrieves the current policy for an attestation type."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<String> getAttestationPolicy(AttestationType attestationType)"
|
|
desc: "Retrieves the current policy for an attestation type.\n\n**NOTE:** The `getAttestationPolicy` API returns the underlying attestation policy specified by the user. This is NOT the full attestation policy maintained by the attestation service. Specifically it does not include the signing certificates used to verify the attestation policy.\n\nTo retrieve the signing certificates used to sign the policy, use the <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicyWithResponse(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationTokenValidationOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#getAttestationPolicyWithResponse(AttestationType, AttestationTokenValidationOptions)\"></xref> API. The <xref uid=\"com.azure.core.http.rest.Response\" data-throw-if-not-resolved=\"false\" data-raw-source=\"Response\"></xref> object is an instance of an <xref uid=\"com.azure.security.attestation.models.AttestationResponse\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.models.AttestationResponse\"></xref> object and the caller can retrieve the full information maintained by the service by calling the <xref uid=\"com.azure.security.attestation.models.AttestationResponse.getToken()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResponse#getToken()\"></xref> method. The returned <xref uid=\"com.azure.security.attestation.models.AttestationToken\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.models.AttestationToken\"></xref> object will be the value stored by the attestation service.\n\n**Retrieve the current attestation policy for SGX enclaves.**\n\n```java\nMono<String> policyMono = client.getAttestationPolicy(AttestationType.SGX_ENCLAVE);\n policyMono.subscribe(policy -> System.out.printf(\"Current SGX policy: %s\\n\", policy));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationTokenValidationOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicy(AttestationType attestationType, AttestationTokenValidationOptions options)"
|
|
name: "getAttestationPolicy(AttestationType attestationType, AttestationTokenValidationOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.getAttestationPolicy(AttestationType attestationType, AttestationTokenValidationOptions options)"
|
|
summary: "Retrieves the current policy for an attestation type."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Token validation options to validate returned attestation token."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationTokenValidationOptions?alt=com.azure.security.attestation.models.AttestationTokenValidationOptions&text=AttestationTokenValidationOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<String> getAttestationPolicy(AttestationType attestationType, AttestationTokenValidationOptions options)"
|
|
desc: "Retrieves the current policy for an attestation type.\n\n**NOTE:** The `getAttestationPolicy` API returns the underlying attestation policy specified by the user. This is NOT the full attestation policy maintained by the attestation service. Specifically it does not include the signing certificates used to verify the attestation policy.\n\nTo retrieve the signing certificates used to sign the policy, use the <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicyWithResponse(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationTokenValidationOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#getAttestationPolicyWithResponse(AttestationType, AttestationTokenValidationOptions)\"></xref> API. The <xref uid=\"com.azure.core.http.rest.Response\" data-throw-if-not-resolved=\"false\" data-raw-source=\"Response\"></xref> object is an instance of an <xref uid=\"com.azure.security.attestation.models.AttestationResponse\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.models.AttestationResponse\"></xref> object and the caller can retrieve the full information maintained by the service by calling the <xref uid=\"com.azure.security.attestation.models.AttestationResponse.getToken()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResponse#getToken()\"></xref> method. The returned <xref uid=\"com.azure.security.attestation.models.AttestationToken\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.models.AttestationToken\"></xref> object will be the value stored by the attestation service.\n\n**Retrieve the current attestation policy for SGX enclaves.**\n\n```java\nMono<String> policyMono2 = client.getAttestationPolicy(AttestationType.SGX_ENCLAVE,\n new AttestationTokenValidationOptions()\n .setValidationSlack(Duration.ofSeconds(10)));\n policyMono2.subscribe(policy -> System.out.printf(\"Current SGX policy: %s\\n\", policy));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicyWithResponse(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationTokenValidationOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicyWithResponse(AttestationType attestationType, AttestationTokenValidationOptions validationOptions)"
|
|
name: "getAttestationPolicyWithResponse(AttestationType attestationType, AttestationTokenValidationOptions validationOptions)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.getAttestationPolicyWithResponse(AttestationType attestationType, AttestationTokenValidationOptions validationOptions)"
|
|
summary: "Retrieves the current policy for an attestation type."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment whose policy should be retrieved."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Options used to validate the response returned by the attestation service."
|
|
name: "validationOptions"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationTokenValidationOptions?alt=com.azure.security.attestation.models.AttestationTokenValidationOptions&text=AttestationTokenValidationOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<AttestationResponse<String>> getAttestationPolicyWithResponse(AttestationType attestationType, AttestationTokenValidationOptions validationOptions)"
|
|
desc: "Retrieves the current policy for an attestation type.\n\n**NOTE:** The <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.getAttestationPolicyWithResponse*\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#getAttestationPolicyWithResponse(AttestationType, AttestationTokenValidationOptions, Context)\"></xref> API returns the underlying attestation policy specified by the user. This is NOT the full attestation policy maintained by the attestation service. Specifically it does not include the signing certificates used to verify the attestation policy.\n\nTo retrieve the signing certificates used to sign the policy, <xref uid=\"com.azure.core.http.rest.Response\" data-throw-if-not-resolved=\"false\" data-raw-source=\"Response\"></xref> object returned from this API is an instance of an <xref uid=\"com.azure.security.attestation.models.AttestationResponse\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.models.AttestationResponse\"></xref> object and the caller can retrieve the full policy object maintained by the service by calling the <xref uid=\"com.azure.security.attestation.models.AttestationResponse.getToken()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResponse#getToken()\"></xref> method. The returned <xref uid=\"com.azure.security.attestation.models.AttestationToken\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.models.AttestationToken\"></xref> object will be the value stored by the attestation service.\n\n**Retrieve the current attestation policy for SGX enclaves.**\n\n```java\nMono<AttestationResponse<String>> responseMono =\n client.getAttestationPolicyWithResponse(AttestationType.SGX_ENCLAVE, null);\n responseMono.subscribe(response -> System.out.printf(\"Current SGX policy: %s\\n\", response.getValue()));\n```"
|
|
returns:
|
|
description: "the attestation policy expressed as a string."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" /><<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.listPolicyManagementCertificates()"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.listPolicyManagementCertificates()"
|
|
name: "listPolicyManagementCertificates()"
|
|
nameWithType: "AttestationAdministrationAsyncClient.listPolicyManagementCertificates()"
|
|
summary: "Retrieves the current set of attestation policy signing certificates for this instance."
|
|
syntax: "public Mono<AttestationSignerCollection> listPolicyManagementCertificates()"
|
|
desc: "Retrieves the current set of attestation policy signing certificates for this instance.\n\nOn an Isolated attestation instance, each <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#setAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> or <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#resetAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> API call must be signed with the private key corresponding to one of the certificates in the list returned by this API.\n\nThis establishes that the sender is in possession of the private key associated with the configured attestation policy management certificates, and thus the sender is authorized to perform the API operation.\n\n**Retrieve the set of policy management certificates for this instance.**\n\n```java\nMono<AttestationSignerCollection> signersMono = client.listPolicyManagementCertificates();\n signersMono.subscribe(signers -> System.out.printf(\"There are %d signers on the instance\\n\",\n signers.getAttestationSigners().size()));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationSignerCollection?alt=com.azure.security.attestation.models.AttestationSignerCollection&text=AttestationSignerCollection\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.listPolicyManagementCertificatesWithResponse(com.azure.security.attestation.models.AttestationTokenValidationOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.listPolicyManagementCertificatesWithResponse(AttestationTokenValidationOptions options)"
|
|
name: "listPolicyManagementCertificatesWithResponse(AttestationTokenValidationOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.listPolicyManagementCertificatesWithResponse(AttestationTokenValidationOptions options)"
|
|
summary: "Retrieves the current set of attestation policy signing certificates for this instance."
|
|
parameters:
|
|
- description: "Options used to validate the response from the attestation service."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationTokenValidationOptions?alt=com.azure.security.attestation.models.AttestationTokenValidationOptions&text=AttestationTokenValidationOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<AttestationResponse<AttestationSignerCollection>> listPolicyManagementCertificatesWithResponse(AttestationTokenValidationOptions options)"
|
|
desc: "Retrieves the current set of attestation policy signing certificates for this instance.\n\nOn an Isolated attestation instance, each <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#setAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> or <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#resetAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> API call must be signed with the private key corresponding to one of the certificates in the list returned by this API.\n\nThis establishes that the sender is in possession of the private key associated with the configured attestation policy management certificates, and thus the sender is authorized to perform the API operation.\n\n**Retrieve the set of policy management certificates for this instance.**\n\n```java\nMono<AttestationResponse<AttestationSignerCollection>> signersResponseMono =\n client.listPolicyManagementCertificatesWithResponse(\n new AttestationTokenValidationOptions().setValidationSlack(Duration.ofSeconds(10)));\n signersResponseMono.subscribe(response -> System.out.printf(\"There are %d signers on the instance\\n\",\n response.getValue().getAttestationSigners().size()));\n```"
|
|
returns:
|
|
description: "the attestation policy expressed as a string."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" /><<xref href=\"com.azure.security.attestation.models.AttestationSignerCollection?alt=com.azure.security.attestation.models.AttestationSignerCollection&text=AttestationSignerCollection\" data-throw-if-not-resolved=\"False\" />>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicy(com.azure.security.attestation.models.AttestationType)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicy(AttestationType attestationType)"
|
|
name: "resetAttestationPolicy(AttestationType attestationType)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.resetAttestationPolicy(AttestationType attestationType)"
|
|
summary: "Resets the current policy for an attestation type to the default policy."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<PolicyResult> resetAttestationPolicy(AttestationType attestationType)"
|
|
desc: "Resets the current policy for an attestation type to the default policy. Note: This is a convenience method that will only work on attestation service instances in AAD mode. Each AttestationType has a \"default\" attestation policy, the resetAttestationPolicy API resets the value of the attestation policy to the \"default\" policy. This API allows an attestation instance owner to undo the result of a <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#setAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> API call.\n\n**Reset an attestation policy to its defaults on an AAD instance**\n\n```java\nMono<PolicyResult> resultMono = client.resetAttestationPolicy(AttestationType.OPEN_ENCLAVE);\n resultMono.subscribe(result -> System.out.printf(\"Reset result: %s\\n\", result.getPolicyResolution()));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.PolicyResult?alt=com.azure.security.attestation.models.PolicyResult&text=PolicyResult\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
name: "resetAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.resetAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
summary: "Resets the current policy for an attestation type to the default policy."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Options for the setPolicy operation, including the new policy to be set."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationPolicySetOptions?alt=com.azure.security.attestation.models.AttestationPolicySetOptions&text=AttestationPolicySetOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<PolicyResult> resetAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
desc: "Resets the current policy for an attestation type to the default policy. Each AttestationType has a \"default\" attestation policy, the resetAttestationPolicy API resets the value of the attestation policy to the \"default\" policy. This API allows an attestation instance owner to undo the result of a <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#setAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> API call.\n\n**Reset an attestation policy to its defaults**\n\n```java\nMono<PolicyResult> resultMono = client.resetAttestationPolicy(AttestationType.OPEN_ENCLAVE,\n new AttestationPolicySetOptions()\n .setAttestationSigner(new AttestationSigningKey(certificate, privateKey)));\n resultMono.subscribe(result -> System.out.printf(\"Reset result: %s\\n\", result.getPolicyResolution().toString()));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.PolicyResult?alt=com.azure.security.attestation.models.PolicyResult&text=PolicyResult\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicyWithResponse(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.resetAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
name: "resetAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.resetAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
summary: "Resets the current policy for an attestation type to the default policy."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Options containing the signing key for the reset operation."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationPolicySetOptions?alt=com.azure.security.attestation.models.AttestationPolicySetOptions&text=AttestationPolicySetOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<AttestationResponse<PolicyResult>> resetAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
desc: "Resets the current policy for an attestation type to the default policy. Each AttestationType has a \"default\" attestation policy, the resetAttestationPolicy API resets the value of the attestation policy to the \"default\" policy. This API allows an attestation instance owner to undo the result of a <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#setAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref> API call.\n\n**Reset an attestation policy to its defaults**\n\n```java\nMono<AttestationResponse<PolicyResult>> resultWithResponseMono = client.resetAttestationPolicyWithResponse(\n AttestationType.OPEN_ENCLAVE, new AttestationPolicySetOptions()\n .setAttestationSigner(new AttestationSigningKey(certificate, privateKey)));\n resultWithResponseMono.subscribe(resultWithResponse -> System.out.printf(\"Reset result: %s\\n\",\n resultWithResponse.getValue().getPolicyResolution().toString()));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" /><<xref href=\"com.azure.security.attestation.models.PolicyResult?alt=com.azure.security.attestation.models.PolicyResult&text=PolicyResult\" data-throw-if-not-resolved=\"False\" />>>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
name: "setAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.setAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
summary: "Sets the current policy for an attestation type."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Options for the setPolicy operation, including the new policy to be set."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationPolicySetOptions?alt=com.azure.security.attestation.models.AttestationPolicySetOptions&text=AttestationPolicySetOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<PolicyResult> setAttestationPolicy(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
desc: "Sets the current policy for an attestation type. Setting the attestation requires that the caller provide an <xref uid=\"com.azure.security.attestation.models.AttestationPolicySetOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationPolicySetOptions\"></xref> object which provides the options for setting the policy. There are two major components to a setPolicy request:\n\n * The policy to set\n * A signing key used to sign the policy sent to the service (OPTIONAL)\n\nOn Isolated mode attestation instances, the signing key MUST be one of the configured policy signing certificates.\n\n```java\nString policyToSet = \"version=1.0; authorizationrules{=> permit();}; issuancerules{};\";\n Mono<PolicyResult> resultMono = client.setAttestationPolicy(AttestationType.OPEN_ENCLAVE,\n new AttestationPolicySetOptions()\n .setAttestationPolicy(policyToSet)\n .setAttestationSigner(new AttestationSigningKey(certificate, privateKey)));\n resultMono.subscribe(result -> System.out.printf(\"Set Policy Result: %s\\n\", result.getPolicyResolution()));\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.PolicyResult?alt=com.azure.security.attestation.models.PolicyResult&text=PolicyResult\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,java.lang.String)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(AttestationType attestationType, String newAttestationPolicy)"
|
|
name: "setAttestationPolicy(AttestationType attestationType, String newAttestationPolicy)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.setAttestationPolicy(AttestationType attestationType, String newAttestationPolicy)"
|
|
summary: "Sets the current policy for an attestation type with an unsecured attestation policy."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Specifies the policy to be set on the instance."
|
|
name: "newAttestationPolicy"
|
|
type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
|
|
syntax: "public Mono<PolicyResult> setAttestationPolicy(AttestationType attestationType, String newAttestationPolicy)"
|
|
desc: "Sets the current policy for an attestation type with an unsecured attestation policy.\n\nNote that this API will only work on AAD mode attestation instances, because it sets the policy using an unsecured attestation token.\n\n```java\nString policyToSet = \"version=1.0; authorizationrules{=> permit();}; issuancerules{};\";\n Mono<PolicyResult> resultMono = client.setAttestationPolicy(AttestationType.OPEN_ENCLAVE, policyToSet);\n resultMono.subscribe(result -> {\n System.out.printf(\"Set Policy result: %s\\n\", result.getPolicyResolution());\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.PolicyResult?alt=com.azure.security.attestation.models.PolicyResult&text=PolicyResult\" data-throw-if-not-resolved=\"False\" />>"
|
|
- uid: "com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicyWithResponse(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)"
|
|
fullName: "com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
name: "setAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
nameWithType: "AttestationAdministrationAsyncClient.setAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
summary: "Sets the current policy for an attestation type."
|
|
parameters:
|
|
- description: "Specifies the trusted execution environment to be used to validate the evidence."
|
|
name: "attestationType"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationType?alt=com.azure.security.attestation.models.AttestationType&text=AttestationType\" data-throw-if-not-resolved=\"False\" />"
|
|
- description: "Options for the setPolicy operation."
|
|
name: "options"
|
|
type: "<xref href=\"com.azure.security.attestation.models.AttestationPolicySetOptions?alt=com.azure.security.attestation.models.AttestationPolicySetOptions&text=AttestationPolicySetOptions\" data-throw-if-not-resolved=\"False\" />"
|
|
syntax: "public Mono<AttestationResponse<PolicyResult>> setAttestationPolicyWithResponse(AttestationType attestationType, AttestationPolicySetOptions options)"
|
|
desc: "Sets the current policy for an attestation type. Setting the attestation requires that the caller provide an <xref uid=\"com.azure.security.attestation.models.AttestationPolicySetOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationPolicySetOptions\"></xref> object which provides the options for setting the policy. There are two major components to a setPolicy request:\n\n * The policy to set\n * A signing key used to sign the policy sent to the service (OPTIONAL)\n\nOn Isolated mode attestation instances, the signing key MUST include one of the configured policy signing certificates.\n\n```java\nMono<AttestationResponse<PolicyResult>> resultWithResponseMono = client.setAttestationPolicyWithResponse(\n AttestationType.OPEN_ENCLAVE, new AttestationPolicySetOptions()\n .setAttestationPolicy(policyToSet)\n .setAttestationSigner(new AttestationSigningKey(certificate, privateKey)));\n resultWithResponseMono.subscribe(response -> {\n // Retrieve the token returned by the service from the response object and dump the issuer of\n // that token.\n System.out.printf(\"Response token issuer: %s\\n\", response.getToken().getIssuer());\n });\n```"
|
|
returns:
|
|
description: "the response to an attestation policy operation."
|
|
type: "<a href=\"https://projectreactor.io/docs/core/release/api/reactor/core/publisher/Mono.html\">Mono</a><<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" /><<xref href=\"com.azure.security.attestation.models.PolicyResult?alt=com.azure.security.attestation.models.PolicyResult&text=PolicyResult\" data-throw-if-not-resolved=\"False\" />>>"
|
|
type: "class"
|
|
desc: "The AttestationAdministrationAsyncClient provides access to the administrative policy APIs implemented by the Attestation Service.\n\nMore information on attestation policies can be found [here][]\n\nThere are two main families of APIs available from the Administration client.\n\n * Attestation Policy Management\n * Policy Management Certificate Management\n\nAttestation service instances operate in three different modes:\n\n * Shared - a shared instance is a regional instance which is available to all customers. It does NOT support customer specified policy documents - there is only a default policy available for each attestation type\n * AAD - An attestation instance where the customer trusts Azure Active Directory (and Azure Role Based Access Control) to manage the security of their enclave.\n * Isolated - an attestation instance where the customer does \\*not\\* trust Azure Active Directory (and RBAC) to manage the security of their enclave\n\nWhen an attestation instance is in Isolated mode, additional proof needs to be provided by the customer to verify that they are authorized to perform the operation specified.\n\nWhen an Isolated mode attestation instance is created, the creator provides an X.509 certificate which forms the set of policy management certificates. Under the covers, each <xref uid=\"com.azure.security.attestation.AttestationAdministrationAsyncClient.setAttestationPolicy(com.azure.security.attestation.models.AttestationType,com.azure.security.attestation.models.AttestationPolicySetOptions)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationAdministrationAsyncClient#setAttestationPolicy(AttestationType, AttestationPolicySetOptions)\"></xref>. API call must be signed with the private key which is associated with one of the policy management certificates. This signing operation allows the attestation service to verify that the caller is in possession of a private key which has been authorized to add or reset policies, or to modify the set of attestation policy certificates.\n\n\n[here]: https://docs.microsoft.com/azure/attestation/basic-concepts#attestation-policy"
|
|
metadata: {}
|
|
package: "com.azure.security.attestation"
|
|
artifact: com.azure:azure-security-attestation:1.1.29
|