azure-docs-sdk-java/docs-ref-autogen/com.azure.security.attestation.AttestationClient.yml

### YamlMime:JavaType
uid: "com.azure.security.attestation.AttestationClient"
fullName: "com.azure.security.attestation.AttestationClient"
name: "AttestationClient"
nameWithType: "AttestationClient"
summary: "The Attestation<wbr>Client implements the functionality required by the \"Attest\" family of APIs."
inheritances:
- "<xref href=\"java.lang.Object?displayProperty=fullName\" data-throw-if-not-resolved=\"False\" />"
inheritedClassMethods:
- classRef: "java.lang.<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html\">Object</a>"
  methodsRef:
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--\">clone</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-\">equals</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--\">finalize</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--\">getClass</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--\">hashCode</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--\">notify</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--\">notifyAll</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--\">toString</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--\">wait</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-\">wait</a>"
  - "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-\">wait</a>"
syntax: "public final class **AttestationClient**"
methods:
- uid: "com.azure.security.attestation.AttestationClient.attestOpenEnclave(com.azure.core.util.BinaryData)"
  fullName: "com.azure.security.attestation.AttestationClient.attestOpenEnclave(BinaryData report)"
  name: "attestOpenEnclave(BinaryData report)"
  nameWithType: "AttestationClient.attestOpenEnclave(BinaryData report)"
  summary: "Attest an Open<wbr>Enclave report."
  parameters:
  - description: "- OpenEnclave generated report."
    name: "report"
    type: "<xref href=\"com.azure.core.util.BinaryData?alt=com.azure.core.util.BinaryData&text=BinaryData\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AttestationResult attestOpenEnclave(BinaryData report)"
  desc: "Attest an OpenEnclave report.\n\nThis method is a convenience method which attests evidence from an OpenEnclave enclave with no `RuntimeData` or `InitTimeData`.\n\nThe `report` is generated via the [``oe\\_get\\_report\\}][oe_get_report].\n\nIt returns an <xref uid=\"com.azure.security.attestation.models.AttestationResult\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult\"></xref> containing the claims emitted by the attestation service.\n\n```java\nAttestationResult resultWithReport = client.attestOpenEnclave(openEnclaveReport);\n```\n\n\n[oe_get_report]: https://openenclave.github.io/openenclave/api/enclave_8h_aefcb89c91a9078d595e255bd7901ac71.html"
  returns:
    description: "the result of an attestation operation."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationResult?alt=com.azure.security.attestation.models.AttestationResult&text=AttestationResult\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.AttestationClient.attestOpenEnclave(com.azure.security.attestation.models.AttestationOptions)"
  fullName: "com.azure.security.attestation.AttestationClient.attestOpenEnclave(AttestationOptions options)"
  name: "attestOpenEnclave(AttestationOptions options)"
  nameWithType: "AttestationClient.attestOpenEnclave(AttestationOptions options)"
  summary: "Attest an Open<wbr>Enclave report, specifying Run<wbr>Time<wbr>Data and Init<wbr>Time<wbr>Data."
  parameters:
  - description: "Attestation options for an OpenEnclave enclave."
    name: "options"
    type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AttestationResult attestOpenEnclave(AttestationOptions options)"
  desc: "Attest an OpenEnclave report, specifying RunTimeData and InitTimeData. The <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> parameter allows the caller to specify the OpenEnclave `report` which contains evidence from the enclave, and runtime data which allows the enclave to specify additional data from within the enclave. When calling the <xref uid=\"com.azure.security.attestation.models.AttestationOptions.setRunTimeData(com.azure.security.attestation.models.AttestationData)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions#setRunTimeData(AttestationData)\"></xref> API, the caller can specify whether the attestation service should treat the runtime data as binary or as JSON when it is included in the response attestation token.\n\n**Attest an OpenEnclave enclave with attestation options.**\n\n```java\nAttestationResult result = client.attestOpenEnclave(new AttestationOptions(openEnclaveReport)\n     .setRunTimeData(new AttestationData(runtimeData, AttestationDataInterpretation.BINARY)));\n```"
  returns:
    description: "the result of an attestation operation."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationResult?alt=com.azure.security.attestation.models.AttestationResult&text=AttestationResult\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.AttestationClient.attestOpenEnclaveWithResponse(com.azure.security.attestation.models.AttestationOptions,com.azure.core.util.Context)"
  fullName: "com.azure.security.attestation.AttestationClient.attestOpenEnclaveWithResponse(AttestationOptions options, Context context)"
  name: "attestOpenEnclaveWithResponse(AttestationOptions options, Context context)"
  nameWithType: "AttestationClient.attestOpenEnclaveWithResponse(AttestationOptions options, Context context)"
  summary: "Attest an Open<wbr>Enclave report, specifying Run<wbr>Time<wbr>Data and Init<wbr>Time<wbr>Data."
  parameters:
  - description: "Attestation request for Intel SGX enclaves."
    name: "options"
    type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
  - description: "Context for the operation."
    name: "context"
    type: "<xref href=\"com.azure.core.util.Context?alt=com.azure.core.util.Context&text=Context\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AttestationResponse<AttestationResult> attestOpenEnclaveWithResponse(AttestationOptions options, Context context)"
  desc: "Attest an OpenEnclave report, specifying RunTimeData and InitTimeData. The <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> parameter allows the caller to specify the OpenEnclave `report` which contains evidence from the enclave, and runtime data which allows the enclave to specify additional data from within the enclave. When calling the <xref uid=\"com.azure.security.attestation.models.AttestationOptions.setRunTimeData(com.azure.security.attestation.models.AttestationData)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions#setRunTimeData(AttestationData)\"></xref> API, the caller can specify whether the attestation service should treat the runtime data as binary or as JSON when it is included in the response attestation token.\n\n**Attest an OpenEnclave enclave with attestation options.**\n\n```java\nResponse<AttestationResult> openEnclaveResponse = client.attestOpenEnclaveWithResponse(\n     new AttestationOptions(openEnclaveReport)\n         .setRunTimeData(new AttestationData(runtimeData, AttestationDataInterpretation.JSON)), Context.NONE);\n```"
  returns:
    description: "the result of an attestation operation."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" />&lt;<xref href=\"com.azure.security.attestation.models.AttestationResult?alt=com.azure.security.attestation.models.AttestationResult&text=AttestationResult\" data-throw-if-not-resolved=\"False\" />&gt;"
- uid: "com.azure.security.attestation.AttestationClient.attestSgxEnclave(com.azure.core.util.BinaryData)"
  fullName: "com.azure.security.attestation.AttestationClient.attestSgxEnclave(BinaryData quote)"
  name: "attestSgxEnclave(BinaryData quote)"
  nameWithType: "AttestationClient.attestSgxEnclave(BinaryData quote)"
  summary: "Attest an SGX Enclave Quote."
  parameters:
  - description: "SGX Quote to attest."
    name: "quote"
    type: "<xref href=\"com.azure.core.util.BinaryData?alt=com.azure.core.util.BinaryData&text=BinaryData\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AttestationResult attestSgxEnclave(BinaryData quote)"
  desc: "Attest an SGX Enclave Quote.\n\nThis method is a convenience method which attests evidence from an Intel SGX enclave with no `RuntimeData` or `InitTimeData`.\n\nIt returns an <xref uid=\"com.azure.security.attestation.models.AttestationResult\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult\"></xref> containing the claims emitted by the attestation service.\n\n```java\nAttestationResult resultWithReport = client.attestSgxEnclave(sgxEnclaveReport);\n```"
  returns:
    description: "the result of an attestation operation."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationResult?alt=com.azure.security.attestation.models.AttestationResult&text=AttestationResult\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.AttestationClient.attestSgxEnclave(com.azure.security.attestation.models.AttestationOptions)"
  fullName: "com.azure.security.attestation.AttestationClient.attestSgxEnclave(AttestationOptions options)"
  name: "attestSgxEnclave(AttestationOptions options)"
  nameWithType: "AttestationClient.attestSgxEnclave(AttestationOptions options)"
  summary: "Attest an SGX enclave quote, specifying Run<wbr>Time<wbr>Data and Init<wbr>Time<wbr>Data."
  parameters:
  - description: "Attestation options for Intel SGX enclaves."
    name: "options"
    type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AttestationResult attestSgxEnclave(AttestationOptions options)"
  desc: "Attest an SGX enclave quote, specifying RunTimeData and InitTimeData. The <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> parameter allows the caller to specify the SGX `quote` which contains evidence from the enclave, and runtime data which allows the enclave to specify additional data from within the enclave. When calling the <xref uid=\"com.azure.security.attestation.models.AttestationOptions.setRunTimeData(com.azure.security.attestation.models.AttestationData)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions#setRunTimeData(AttestationData)\"></xref> API, the caller can specify whether the attestation service should treat the runtime data as binary or as JSON when it is included in the response attestation token.\n\n**Attest an OpenEnclave enclave with attestation options.**\n\n```java\nAttestationResult result = client.attestSgxEnclave(new AttestationOptions(sgxQuote)\n     .setRunTimeData(new AttestationData(runtimeData, AttestationDataInterpretation.BINARY)));\n```"
  returns:
    description: "the result of an attestation operation."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationResult?alt=com.azure.security.attestation.models.AttestationResult&text=AttestationResult\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.AttestationClient.attestSgxEnclaveWithResponse(com.azure.security.attestation.models.AttestationOptions,com.azure.core.util.Context)"
  fullName: "com.azure.security.attestation.AttestationClient.attestSgxEnclaveWithResponse(AttestationOptions request, Context context)"
  name: "attestSgxEnclaveWithResponse(AttestationOptions request, Context context)"
  nameWithType: "AttestationClient.attestSgxEnclaveWithResponse(AttestationOptions request, Context context)"
  summary: "Attest an SGX enclave report, specifying Run<wbr>Time<wbr>Data and Init<wbr>Time<wbr>Data."
  parameters:
  - description: "Attestation request for Intel SGX enclaves."
    name: "request"
    type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
  - description: "Context for the operation."
    name: "context"
    type: "<xref href=\"com.azure.core.util.Context?alt=com.azure.core.util.Context&text=Context\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public AttestationResponse<AttestationResult> attestSgxEnclaveWithResponse(AttestationOptions request, Context context)"
  desc: "Attest an SGX enclave report, specifying RunTimeData and InitTimeData. The <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> parameter allows the caller to specify the OpenEnclave `report` which contains evidence from the enclave, and runtime data which allows the enclave to specify additional data from within the enclave. When calling the <xref uid=\"com.azure.security.attestation.models.AttestationOptions.setRunTimeData(com.azure.security.attestation.models.AttestationData)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions#setRunTimeData(AttestationData)\"></xref> API, the caller can specify whether the attestation service should treat the runtime data as binary or as JSON when it is included in the response attestation token.\n\n**Attest an OpenEnclave enclave with attestation options.**\n\n```java\nResponse<AttestationResult> openEnclaveResponse = client.attestSgxEnclaveWithResponse(\n     new AttestationOptions(sgxQuote)\n         .setRunTimeData(new AttestationData(runtimeData, AttestationDataInterpretation.JSON)), Context.NONE);\n```"
  returns:
    description: "the result of an attestation operation."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationResponse?alt=com.azure.security.attestation.models.AttestationResponse&text=AttestationResponse\" data-throw-if-not-resolved=\"False\" />&lt;<xref href=\"com.azure.security.attestation.models.AttestationResult?alt=com.azure.security.attestation.models.AttestationResult&text=AttestationResult\" data-throw-if-not-resolved=\"False\" />&gt;"
- uid: "com.azure.security.attestation.AttestationClient.attestTpm(java.lang.String)"
  fullName: "com.azure.security.attestation.AttestationClient.attestTpm(String request)"
  name: "attestTpm(String request)"
  nameWithType: "AttestationClient.attestTpm(String request)"
  summary: "Performs TPM attestation."
  parameters:
  - description: "Attestation request for Trusted Platform Module (TPM) attestation."
    name: "request"
    type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
  syntax: "public String attestTpm(String request)"
  desc: "Performs TPM attestation. Processes attestation evidence from a VBS enclave, producing an attestation result.\n\nThe TPM attestation protocol is defined [here.][]\n\nUnlike OpenEnclave reports and SGX enclave quotes, TPM attestation is implemented using JSON encoded strings.\n\nThe client formats a string serialized JSON request to the service, which responds with a JSON response. The serialized JSON object exchange continues until the service responds with a JSON string with a property named `\"report\"`, whose value will be an attestation result token.\n\n**Perform the first leg of a TPM attestation operation**\n\n```java\n// The initial payload for TPM attestation is a JSON object with a property named \"payload\",\n // containing an object with a property named \"type\" whose value is \"aikcert\".\n\n String attestInitialPayload = \"{\\\"payload\\\": { \\\"type\\\": \\\"aikcert\\\" } }\";\n String tpmResponse = client.attestTpm(attestInitialPayload);\n```\n\n\n[here.]: https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol"
  returns:
    description: "attestation response for Trusted Platform Module (TPM) attestation."
    type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
- uid: "com.azure.security.attestation.AttestationClient.attestTpmWithResponse(java.lang.String,com.azure.core.util.Context)"
  fullName: "com.azure.security.attestation.AttestationClient.attestTpmWithResponse(String request, Context context)"
  name: "attestTpmWithResponse(String request, Context context)"
  nameWithType: "AttestationClient.attestTpmWithResponse(String request, Context context)"
  summary: "Performs TPM attestation."
  parameters:
  - description: "Attestation request for Trusted Platform Module (TPM) attestation."
    name: "request"
    type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
  - description: "Context for the operation."
    name: "context"
    type: "<xref href=\"com.azure.core.util.Context?alt=com.azure.core.util.Context&text=Context\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public Response<String> attestTpmWithResponse(String request, Context context)"
  desc: "Performs TPM attestation. Processes attestation evidence from a VBS enclave, producing an attestation result.\n\nThe TPM attestation protocol is defined [here.][]\n\nUnlike OpenEnclave reports and SGX enclave quotes, TPM attestation is implemented using JSON encoded strings.\n\nThe client formats a string serialized JSON request to the service, which responds with a JSON response. The serialized JSON object exchange continues until the service responds with a JSON string with a property named `\"report\"`, whose value will be an attestation result token.\n\n**Perform the first leg of a TPM attestation operation**\n\n```java\n// The initial payload for TPM attestation is a JSON object with a property named \"payload\",\n // containing an object with a property named \"type\" whose value is \"aikcert\".\n\n String attestInitialPayload = \"{\\\"payload\\\": { \\\"type\\\": \\\"aikcert\\\" } }\";\n Response<String> tpmResponse = client.attestTpmWithResponse(attestInitialPayload, Context.NONE);\n```\n\n\n[here.]: https://docs.microsoft.com/azure/attestation/virtualization-based-security-protocol"
  returns:
    description: "attestation response for Trusted Platform Module (TPM) attestation."
    type: "<xref href=\"com.azure.core.http.rest.Response?alt=com.azure.core.http.rest.Response&text=Response\" data-throw-if-not-resolved=\"False\" />&lt;<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>&gt;"
- uid: "com.azure.security.attestation.AttestationClient.getOpenIdMetadata()"
  fullName: "com.azure.security.attestation.AttestationClient.getOpenIdMetadata()"
  name: "getOpenIdMetadata()"
  nameWithType: "AttestationClient.getOpenIdMetadata()"
  summary: "Retrieves the open-id metadata about the attestation signing keys in use by the attestation service."
  syntax: "public AttestationOpenIdMetadata getOpenIdMetadata()"
  desc: "Retrieves the open-id metadata about the attestation signing keys in use by the attestation service.\n\nThe attestation service exposes a standard [OpenID metadata Discovery Document][] which can be used to discover attributes of the attestation service.\n\nThe `getOpenIdMetadata` API allows the client to retrieve the information contained in the metadata discovery document.\n\nThis is required if an application is manually validating the tokens returned from the attestation service.\n\n**Retrieve the OpenID metadata for this client.**\n\n```java\nAttestationOpenIdMetadata openIdMetadata = client.getOpenIdMetadata();\n```\n\n\n[OpenID metadata Discovery Document]: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata"
  returns:
    description: "An <xref uid=\"com.azure.security.attestation.models.AttestationOpenIdMetadata\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOpenIdMetadata\"></xref> object containing the MAA provided OpenID connect information."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationOpenIdMetadata?alt=com.azure.security.attestation.models.AttestationOpenIdMetadata&text=AttestationOpenIdMetadata\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.AttestationClient.getOpenIdMetadataWithResponse(com.azure.core.util.Context)"
  fullName: "com.azure.security.attestation.AttestationClient.getOpenIdMetadataWithResponse(Context context)"
  name: "getOpenIdMetadataWithResponse(Context context)"
  nameWithType: "AttestationClient.getOpenIdMetadataWithResponse(Context context)"
  summary: "Retrieves the open-id metadata about the attestation signing keys in use by the attestation service."
  parameters:
  - description: "Context for the operation."
    name: "context"
    type: "<xref href=\"com.azure.core.util.Context?alt=com.azure.core.util.Context&text=Context\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public Response<AttestationOpenIdMetadata> getOpenIdMetadataWithResponse(Context context)"
  desc: "Retrieves the open-id metadata about the attestation signing keys in use by the attestation service.\n\nThe attestation service exposes a standard [OpenID metadata Discovery Document][] which can be used to discover attributes of the attestation service.\n\nThe `getOpenIdMetadata` API allows the client to retrieve the information contained in the metadata discovery document.\n\nThis is required if an application is manually validating the tokens returned from the attestation service.\n\n**Retrieve the OpenID metadata for this attestation instance.**\n\n```java\nResponse<AttestationOpenIdMetadata> response = client.getOpenIdMetadataWithResponse(Context.NONE);\n```\n\n\n[OpenID metadata Discovery Document]: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata"
  returns:
    description: "An <xref uid=\"com.azure.security.attestation.models.AttestationOpenIdMetadata\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOpenIdMetadata\"></xref> object containing the MAA provided OpenID connect information."
    type: "<xref href=\"com.azure.core.http.rest.Response?alt=com.azure.core.http.rest.Response&text=Response\" data-throw-if-not-resolved=\"False\" />&lt;<xref href=\"com.azure.security.attestation.models.AttestationOpenIdMetadata?alt=com.azure.security.attestation.models.AttestationOpenIdMetadata&text=AttestationOpenIdMetadata\" data-throw-if-not-resolved=\"False\" />&gt;"
- uid: "com.azure.security.attestation.AttestationClient.listAttestationSigners()"
  fullName: "com.azure.security.attestation.AttestationClient.listAttestationSigners()"
  name: "listAttestationSigners()"
  nameWithType: "AttestationClient.listAttestationSigners()"
  summary: "Retrieves the list of <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> objects associated with this attestation instance."
  syntax: "public AttestationSignerCollection listAttestationSigners()"
  desc: "Retrieves the list of <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> objects associated with this attestation instance.\n\nAn <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> represents an X.509 certificate chain and KeyId which can be used to validate an attestation token returned by the service.\n\n**Retrieve Attestation Signers for this async client.**\n\n```java\nAttestationSignerCollection signers = client.listAttestationSigners();\n signers.getAttestationSigners().forEach(cert -> {\n     System.out.println(\"Found certificate.\");\n     if (cert.getKeyId() != null) {\n         System.out.println(\"    Certificate Key ID: \" + cert.getKeyId());\n     } else {\n         System.out.println(\"    Signer does not have a Key ID\");\n     }\n     cert.getCertificates().forEach(chainElement -> {\n         System.out.println(\"        Cert Subject: \" + chainElement.getSubjectDN().getName());\n         System.out.println(\"        Cert Issuer: \" + chainElement.getIssuerDN().getName());\n     });\n });\n```"
  returns:
    description: "Returns a collection of <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> objects which will be used to sign tokens returned from the attestation service."
    type: "<xref href=\"com.azure.security.attestation.models.AttestationSignerCollection?alt=com.azure.security.attestation.models.AttestationSignerCollection&text=AttestationSignerCollection\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.AttestationClient.listAttestationSignersWithResponse(com.azure.core.util.Context)"
  fullName: "com.azure.security.attestation.AttestationClient.listAttestationSignersWithResponse(Context context)"
  name: "listAttestationSignersWithResponse(Context context)"
  nameWithType: "AttestationClient.listAttestationSignersWithResponse(Context context)"
  summary: "Retrieves the list of <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> objects associated with this attestation instance."
  parameters:
  - description: "Context for operation."
    name: "context"
    type: "<xref href=\"com.azure.core.util.Context?alt=com.azure.core.util.Context&text=Context\" data-throw-if-not-resolved=\"False\" />"
  syntax: "public Response<AttestationSignerCollection> listAttestationSignersWithResponse(Context context)"
  desc: "Retrieves the list of <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> objects associated with this attestation instance. An <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> represents an X.509 certificate chain and KeyId which can be used to validate an attestation token returned by the service.\n\n```java\nResponse<AttestationSignerCollection> responseOfSigners = client.listAttestationSignersWithResponse(Context.NONE);\n```"
  returns:
    description: "Returns an array of <xref uid=\"com.azure.security.attestation.models.AttestationSigner\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationSigner\"></xref> objects."
    type: "<xref href=\"com.azure.core.http.rest.Response?alt=com.azure.core.http.rest.Response&text=Response\" data-throw-if-not-resolved=\"False\" />&lt;<xref href=\"com.azure.security.attestation.models.AttestationSignerCollection?alt=com.azure.security.attestation.models.AttestationSignerCollection&text=AttestationSignerCollection\" data-throw-if-not-resolved=\"False\" />&gt;"
type: "class"
desc: "The AttestationClient implements the functionality required by the \"Attest\" family of APIs.\n\nAn enclave (or Trusted Execution Environment) is a chunk of code that is isolated from the host (think: \"encrypted VM\" or \"encrypted container\"). But there's one key attribute of the enclave: It is encrypted.That means that if data is sent from the enclave, there is no way of knowing that the data came from the enclave.\n\nAnd even worse, there is no way of securely communicating with the enclave (since the enclave is fully isolated from the host, all information passed into the enclave has to go through its host first).\n\nTo solve the communication problem, the Attest API can be used to facilitate what is known as the \"Secure Key Release\" (SKR) protocol.\n\nThere are 4 parties involved in an attestation operation:\n\n *  The host (which hosts the enclave)\n *  The enclave (which is the enclave :) \x1a encrypted, nobody can see what goes on inside it),\n *  The \"verifier\" which verifies the evidence from the enclave (this is the attestation service) and generates a token which can be received by a relying party, and\n *  The \"relying party\" which will interpret the token from the service. For the Secure Key Release Protocol, this is the entity which wishes to communicate with the enclave.\n\nIt's possible that all these parties are on the same computer, it's possible they\x1are on multiple computers.\nIt's possible that the host is also the relying party. It's possible that the relying party is a component like Azure Managed HSM.\n\nThere are three primary pieces of data received by the service for the Attest family of APIs. All of them are arrays of bytes, and all of them originate from code running in the enclave (thus they need to be treated as opaque arrays of bytes by the SDK):\n\n1.  Evidence. For Intel SGX enclaves, this has two forms, either an SGX 'Quote' or an OpenEnclave 'Report'. It is required for attestation operations.\n2.  InitTimeData \x1a This is data which is specified at Initialization Time. It is optional (and not currently supported on all enclave types in Azure)\n3.  RunTimeData \x1a this is data which is specified at the time the quote is generated (at \x1aruntime\x1a). It is optional, but required for the Secure Key Release protocol.\n\nThe Evidence is cryptographically signed by a known authority (for Intel SGX Quotes or OpenEnclave reports, this is a key owned by Intel which represents that the SGX enclave is valid and can be trusted).\nThe core idea for all attestation operations is to take advantage of a region within the Evidence which is controlled by enclave. For SGX Enclaves, this is the 64 bytes of \"user data\" contained within SGX quote.\n\nFor the Secure Key Release protocol, code inside the enclave generates an asymmetric key and serializes the public key into a byte buffer. It then calculates the SHA256 hash of the serialized key and creates a quote containing that SHA256 hash. We now have a cryptographically validated indication that the contents of the byte buffer was known inside the enclave.\n\nThe enclave then hands the byte buffer and the quote to its host. The host sends the quote and byte buffer as the \"RunTime Data\" to the via the <xref uid=\"com.azure.security.attestation.AttestationClient.attestSgxEnclave(com.azure.core.util.BinaryData)\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationClient#attestSgxEnclave(BinaryData)\"></xref> or <xref uid=\"com.azure.security.attestation.AttestationClient.attestOpenEnclave*\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationClient#attestOpenEnclave\"></xref> API. Assuming the byte buffer and quote are valid, and the quote contains the hash of the byte buffer, the attestation service responds with an <xref uid=\"com.azure.security.attestation.models.AttestationToken\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationToken\"></xref> signed by the attestation service, whose body is an <xref uid=\"com.azure.security.attestation.models.AttestationResult\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult\"></xref>.\n\nThe token generated also includes the contents of the InitTimeData and/or RunTimeData if it was provided in the Attest API call.\n\nThe host then sends the token to the relying party. The relying party verifies the token and verifies the claims within the token indicate that the enclave is the correct enclave. It then takes the key from the token and uses it to encrypt the data to be sent to the enclave and sends that back to the host, which passes it into the enclave.\n\nThat completes the secure key release protocol.\n\n\nWhen the Attestation Token is generated by the attestation service, as mentioned, it contains the InitTime and RunTime data.\n\nThere are two possible representations for RunTime Data in the attestation token, depending on the requirements of the relying party:\nThe first is as JSON formatted data. That can be convenient if the relying party expects to receive its public key as a JSON Web Key\nThe second is as a binary blob of data. That is needed if either the data sent by the enclave isn't a JSON object - for instance, if the RunTime data contained an asymmetric key which is formatted as a PEM encoded key, it should be interpreted as a binary blob\n\nIf you ask for the RunTime data to be included in the token as binary, then it will be base64url encoded in the \"x-ms-maa-enclavehelddata\" claim in the output token (the <xref uid=\"com.azure.security.attestation.models.AttestationResult.getEnclaveHeldData()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult#getEnclaveHeldData()\"></xref> property).\nIf you ask for the RunTime data to be included in the token as JSON, then it will be included in the \"x-ms-maa-runtimeClaims\" claim in the output token (the <xref uid=\"com.azure.security.attestation.models.AttestationResult.getRuntimeClaims()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult#getRuntimeClaims()\"></xref> property).\n\nIn addition to the Attest APIs, the <xref uid=\"com.azure.security.attestation.AttestationClient\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationClient\"></xref> object also contains helper APIs which can be used to retrieve the OpenId Metadata document and signing keys from the service.\n\nThe OpenId Metadata document contains properties which describe the attestation service.\n\nThe Attestation Signing Keys describe the keys which will be used to sign tokens generated by the attestation service. All tokens emitted by the attestation service will be signed by one of the certificates listed in the attestation signing keys.\n\n**Note:** The <xref uid=\"com.azure.core.http.rest.Response\" data-throw-if-not-resolved=\"false\" data-raw-source=\"Response\"></xref> returned by the `WithResponse` APIs is actually an <xref uid=\"com.azure.security.attestation.models.AttestationToken\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationToken\"></xref> object, which contains a method <xref uid=\"com.azure.security.attestation.models.AttestationToken.serialize()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationToken#serialize()\"></xref> which returns the actual JSON Web Token returned by the attestation service. If a client is going to be transmitting the attestation token from the MAA service to an external relying party, they should send the actual token from the service to the relying party."
metadata: {}
package: "com.azure.security.attestation"
artifact: com.azure:azure-security-attestation:1.1.27