azure-docs-sdk-java/docs-ref-autogen/com.azure.security.attestat...

148 строки
20 KiB
YAML

### YamlMime:JavaType
uid: "com.azure.security.attestation.models.AttestationOptions"
fullName: "com.azure.security.attestation.models.AttestationOptions"
name: "AttestationOptions"
nameWithType: "AttestationOptions"
summary: "AttestationOptions represent the parameters sent to the <xref uid=\"com.azure.security.attestation.AttestationClient.attestOpenEnclave\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.AttestationClient#attestOpenEnclave\"></xref> or <xref uid=\"com.azure.security.attestation.AttestationClient.attestSgxEnclave\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.AttestationClient#attestSgxEnclave\"></xref>API."
inheritances:
- "<xref href=\"java.lang.Object?displayProperty=fullName\" data-throw-if-not-resolved=\"False\" />"
inheritedClassMethods:
- classRef: "java.lang.<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html\">Object</a>"
methodsRef:
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#clone--\">clone</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#equals-java.lang.Object-\">equals</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#finalize--\">finalize</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#getClass--\">getClass</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#hashCode--\">hashCode</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notify--\">notify</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#notifyAll--\">notifyAll</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#toString--\">toString</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait--\">wait</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-\">wait</a>"
- "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html#wait-long-int-\">wait</a>"
syntax: "public final class **AttestationOptions**"
constructors:
- uid: "com.azure.security.attestation.models.AttestationOptions.AttestationOptions(com.azure.core.util.BinaryData)"
fullName: "com.azure.security.attestation.models.AttestationOptions.AttestationOptions(BinaryData evidence)"
name: "AttestationOptions(BinaryData evidence)"
nameWithType: "AttestationOptions.AttestationOptions(BinaryData evidence)"
summary: "Creates a new Attest<wbr>Open<wbr>Enclave<wbr>Request object with the Open<wbr>Enclave report from the enclave to be attested."
parameters:
- description: "to be used in the attest request."
name: "evidence"
type: "<xref href=\"com.azure.core.util.BinaryData?alt=com.azure.core.util.BinaryData&text=BinaryData\" data-throw-if-not-resolved=\"False\" />"
syntax: "public AttestationOptions(BinaryData evidence)"
desc: "Creates a new AttestOpenEnclaveRequest object with the OpenEnclave report from the enclave to be attested. The evidence will typically take the form of either an OpenEnclave report or an Intel SGX quote.\n\n**Create an AttestationOptions from an SGX quote:**\n\n```java\nAttestationOptions options = new AttestationOptions(sgxQuote);\n```"
methods:
- uid: "com.azure.security.attestation.models.AttestationOptions.getDraftPolicyForAttestation()"
fullName: "com.azure.security.attestation.models.AttestationOptions.getDraftPolicyForAttestation()"
name: "getDraftPolicyForAttestation()"
nameWithType: "AttestationOptions.getDraftPolicyForAttestation()"
summary: "Gets the draft<wbr>Policy<wbr>For<wbr>Attestation property which is used to attest against the draft policy."
syntax: "public String getDraftPolicyForAttestation()"
desc: "Gets the draftPolicyForAttestation property which is used to attest against the draft policy.\n\nGets the previously set draft policy for attestation.\n\n```java\nAttestationOptions getOptions = new AttestationOptions(openEnclaveReport)\n .setDraftPolicyForAttestation(\"version=1.0; authorizationrules{=> permit();}; issuancerules{};\");\n\n String draftPolicy = getOptions.getDraftPolicyForAttestation();\n```"
returns:
description: "The draft policy if set."
type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
- uid: "com.azure.security.attestation.models.AttestationOptions.getEvidence()"
fullName: "com.azure.security.attestation.models.AttestationOptions.getEvidence()"
name: "getEvidence()"
nameWithType: "AttestationOptions.getEvidence()"
summary: "Returns the \"evidence\" to be presented to the attestation service."
syntax: "public BinaryData getEvidence()"
desc: "Returns the \"evidence\" to be presented to the attestation service."
returns:
description: "The attestation evidence to be presented to the attestation service."
type: "<xref href=\"com.azure.core.util.BinaryData?alt=com.azure.core.util.BinaryData&text=BinaryData\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.getInitTimeData()"
fullName: "com.azure.security.attestation.models.AttestationOptions.getInitTimeData()"
name: "getInitTimeData()"
nameWithType: "AttestationOptions.getInitTimeData()"
summary: "Retrieves the Init<wbr>Time<wbr>Data property to be sent to the service."
syntax: "public AttestationData getInitTimeData()"
desc: "Retrieves the InitTimeData property to be sent to the service.\n\n**Retrieve the InitTimeData value.**\n\n```java\nAttestationOptions attestationOptions = new AttestationOptions(openEnclaveReport)\n .setInitTimeData(new AttestationData(inittimeData, AttestationDataInterpretation.JSON));\n\n AttestationData existingRuntimeData = attestationOptions.getInitTimeData();\n```"
returns:
description: "The InitTimeData value set by <xref uid=\"com.azure.security.attestation.models.AttestationOptions.setInitTimeData*\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions#setInitTimeData\"></xref>"
type: "<xref href=\"com.azure.security.attestation.models.AttestationData?alt=com.azure.security.attestation.models.AttestationData&text=AttestationData\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.getRunTimeData()"
fullName: "com.azure.security.attestation.models.AttestationOptions.getRunTimeData()"
name: "getRunTimeData()"
nameWithType: "AttestationOptions.getRunTimeData()"
summary: "Retrieves the Run<wbr>Time<wbr>Data property to be sent to the service."
syntax: "public AttestationData getRunTimeData()"
desc: "Retrieves the RunTimeData property to be sent to the service.\n\n**Retrieve the RunTimeData value.**\n\n```java\nAttestationData existingRuntimeData = attestationOptions.getRunTimeData();\n```"
returns:
description: "The RunTimeData value set by <xref uid=\"com.azure.security.attestation.models.AttestationOptions.setRunTimeData*\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions#setRunTimeData\"></xref>"
type: "<xref href=\"com.azure.security.attestation.models.AttestationData?alt=com.azure.security.attestation.models.AttestationData&text=AttestationData\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.getValidationOptions()"
fullName: "com.azure.security.attestation.models.AttestationOptions.getValidationOptions()"
name: "getValidationOptions()"
nameWithType: "AttestationOptions.getValidationOptions()"
summary: "Returns the options used for token validation."
syntax: "public AttestationTokenValidationOptions getValidationOptions()"
desc: "Returns the options used for token validation."
returns:
description: "attestation token validation options."
type: "<xref href=\"com.azure.security.attestation.models.AttestationTokenValidationOptions?alt=com.azure.security.attestation.models.AttestationTokenValidationOptions&text=AttestationTokenValidationOptions\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.setDraftPolicyForAttestation(java.lang.String)"
fullName: "com.azure.security.attestation.models.AttestationOptions.setDraftPolicyForAttestation(String draftPolicyForAttestation)"
name: "setDraftPolicyForAttestation(String draftPolicyForAttestation)"
nameWithType: "AttestationOptions.setDraftPolicyForAttestation(String draftPolicyForAttestation)"
summary: "Set the draft<wbr>Policy<wbr>For<wbr>Attestation property: Attest against the provided draft policy."
parameters:
- description: "the draftPolicyForAttestation value to set."
name: "draftPolicyForAttestation"
type: "<a href=\"https://docs.oracle.com/javase/8/docs/api/java/lang/String.html\">String</a>"
syntax: "public AttestationOptions setDraftPolicyForAttestation(String draftPolicyForAttestation)"
desc: "Set the draftPolicyForAttestation property: Attest against the provided draft policy.\n\nThe setDraftPolicyForAttestation API can be used to determine how a proposed attestation policy would affect an attestation token.\n\n***Note that the resulting token cannot be validated.***\n\n***Example of setting AttestationOptions with a draft policy.***\n\n```java\nAttestationOptions request = new AttestationOptions(openEnclaveReport)\n .setDraftPolicyForAttestation(\"version=1.0; authorizationrules{=> permit();}; issuancerules{};\");\n```"
returns:
description: "this <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> object itself."
type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.setInitTimeData(com.azure.security.attestation.models.AttestationData)"
fullName: "com.azure.security.attestation.models.AttestationOptions.setInitTimeData(AttestationData attestationData)"
name: "setInitTimeData(AttestationData attestationData)"
nameWithType: "AttestationOptions.setInitTimeData(AttestationData attestationData)"
summary: "Set the initTimeData property: The initTimeData is data presented at the time that the execution environment was instantiated."
parameters:
- description: "the InitTimeData value to set."
name: "attestationData"
type: "<xref href=\"com.azure.security.attestation.models.AttestationData?alt=com.azure.security.attestation.models.AttestationData&text=AttestationData\" data-throw-if-not-resolved=\"False\" />"
syntax: "public AttestationOptions setInitTimeData(AttestationData attestationData)"
desc: "Set the initTimeData property: The initTimeData is data presented at the time that the execution environment was instantiated. The MAA will verify that the init data was known to the execution environment. Note that InitTimeData is invalid for CoffeeLake processors.\n\nWhen the attestation service generates the attestation token, the InitTimeData will be added as <xref uid=\"com.azure.security.attestation.models.AttestationResult.getInitTimeClaims()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult#getInitTimeClaims()\"></xref> if the <xref uid=\"com.azure.security.attestation.models.AttestationDataInterpretation\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationDataInterpretation\"></xref> for the <xref uid=\"com.azure.security.attestation.models.AttestationData\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationData\"></xref> is set to \"JSON\".\n\n**Setting InitTime Data Property**\n\n```java\nAttestationOptions optionsWithInitTimeData = new AttestationOptions(openEnclaveReport)\n .setInitTimeData(new AttestationData(inittimeData, AttestationDataInterpretation.BINARY));\n```"
returns:
description: "this <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> object itself."
type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.setRunTimeData(com.azure.security.attestation.models.AttestationData)"
fullName: "com.azure.security.attestation.models.AttestationOptions.setRunTimeData(AttestationData attestationData)"
name: "setRunTimeData(AttestationData attestationData)"
nameWithType: "AttestationOptions.setRunTimeData(AttestationData attestationData)"
summary: "Set the Run<wbr>Time Data property."
parameters:
- description: "the runtimeData value to set."
name: "attestationData"
type: "<xref href=\"com.azure.security.attestation.models.AttestationData?alt=com.azure.security.attestation.models.AttestationData&text=AttestationData\" data-throw-if-not-resolved=\"False\" />"
syntax: "public AttestationOptions setRunTimeData(AttestationData attestationData)"
desc: "Set the RunTime Data property.\n\nRuntime data provided by the enclave at the time the evidence was generated. The attestation service will verify that the first 32 bytes of the `report_data` field of the quote contains the SHA256 hash of the runtime data, this ensures that the RunTime Data was known to the enclave.\n\nWhen the attestation service generates the attestation token, the RunTimeData will be added as one of two possible claims: <xref uid=\"com.azure.security.attestation.models.AttestationResult.getRuntimeClaims()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult#getRuntimeClaims()\"></xref> if the <xref uid=\"com.azure.security.attestation.models.AttestationDataInterpretation\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationDataInterpretation\"></xref> specified for the RunTime Data was set to \"JSON\", or <xref uid=\"com.azure.security.attestation.models.AttestationResult.getEnclaveHeldData()\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationResult#getEnclaveHeldData()\"></xref> if the <xref uid=\"com.azure.security.attestation.models.AttestationDataInterpretation\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationDataInterpretation\"></xref> specified for the RunTime Data was set to \"BINARY\", or\n\n**Setting RunTime Data Property**\n\n```java\nAttestationOptions optionsWithInitTimeData = new AttestationOptions(openEnclaveReport)\n .setInitTimeData(new AttestationData(inittimeData, AttestationDataInterpretation.BINARY));\n```"
returns:
description: "this <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> object itself."
type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
- uid: "com.azure.security.attestation.models.AttestationOptions.setValidationOptions(com.azure.security.attestation.models.AttestationTokenValidationOptions)"
fullName: "com.azure.security.attestation.models.AttestationOptions.setValidationOptions(AttestationTokenValidationOptions validationOptions)"
name: "setValidationOptions(AttestationTokenValidationOptions validationOptions)"
nameWithType: "AttestationOptions.setValidationOptions(AttestationTokenValidationOptions validationOptions)"
summary: "Sets the options used to validate attestation tokens returned from the service."
parameters:
- description: "Token Validation options to be used to enhance the validations\n already performed by the SDK."
name: "validationOptions"
type: "<xref href=\"com.azure.security.attestation.models.AttestationTokenValidationOptions?alt=com.azure.security.attestation.models.AttestationTokenValidationOptions&text=AttestationTokenValidationOptions\" data-throw-if-not-resolved=\"False\" />"
syntax: "public AttestationOptions setValidationOptions(AttestationTokenValidationOptions validationOptions)"
desc: "Sets the options used to validate attestation tokens returned from the service."
returns:
description: "this <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> object."
type: "<xref href=\"com.azure.security.attestation.models.AttestationOptions?alt=com.azure.security.attestation.models.AttestationOptions&text=AttestationOptions\" data-throw-if-not-resolved=\"False\" />"
type: "class"
desc: "AttestationOptions represent the parameters sent to the <xref uid=\"com.azure.security.attestation.AttestationClient.attestOpenEnclave\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.AttestationClient#attestOpenEnclave\"></xref> or <xref uid=\"com.azure.security.attestation.AttestationClient.attestSgxEnclave\" data-throw-if-not-resolved=\"false\" data-raw-source=\"com.azure.security.attestation.AttestationClient#attestSgxEnclave\"></xref>API.\n\nEach <xref uid=\"com.azure.security.attestation.models.AttestationOptions\" data-throw-if-not-resolved=\"false\" data-raw-source=\"AttestationOptions\"></xref> object expresses the options to attest an SGX enclave.\n\nAn enclave (or Trusted Execution Environment) is a chunk of code that is isolated from its host. When code is running inside an enclave, there is a real challenge - if the customer wants to communicate with code in the enclave, there is no way of establishing a secure communication channel that can verify communication to the enclave.\n\nTo support the \"Secure Key Release\" protocol which enables that communication, there are three key pieces of information required:\n\n * Attestation Evidence (typically an SGX quote or OpenEnclave report\n * InitTime Data - this is data specified when the TEE is created. (OPTIONAL)\n * RunTime Data - this can be a public key or other information. (OPTIONAL)\n\nTo perform an attestation operation, you need at minimum a set of attestation evidence.\n\nFor the Secure Key Release scenario, the InitTime Data and RunTime Data are expressed in the token returned by the Attestation Service, a relying party can use the InitTime Data to make decisions about whether the TEE can be trusted, and can use the RunTime Data as data which is known to have come from inside the enclave (if, for instance the RunTime Data is an asymmetric cryptographic key, it can be used to encrypt data that can only be decrypted by code inside the TEE).\n\nFor both InitTime and RunTime data, the data can be expressed in the token as either BINARY or JSON data. This can simplify the evaluation process in the relying party.\n\nIn addition to the evidence, InitTime and RunTime data, an Attest request can also take a \"draft\" attestation policy. This can be used to determine how an attestation policy effects the claims generated by the attestation service.\n\nNote that when a client specifies a draft attestation policy the returned attestation token will not be signed by the attestation service. That is to ensure that the token cannot be used by a relying party.\n\nThe reason that both binary and JSON are represented as binary is that JSON encodings are ambiguous \\\\u2013 there are many possible semantically identical JSON encodings of the same data. Since we\\\\u2019re going to take the SHA256 hash of the data, we accept a sequence of octets (byte\\[\\]) instead of a String (depending on your encoding, the same string can be encoded as different sequences of octets)."
metadata: {}
package: "com.azure.security.attestation.models"
artifact: com.azure:azure-security-attestation:1.1.27