Adding the autogenerated attestation package (#13120)

This PR adds the autogenerated attestation package along with a test suite.

common/config/rush/pnpm-lock.yaml

@@ -5,6 +5,7 @@ dependencies:
   '@rush-temp/ai-metrics-advisor': 'file:projects/ai-metrics-advisor.tgz'
   '@rush-temp/ai-text-analytics': 'file:projects/ai-text-analytics.tgz'
   '@rush-temp/app-configuration': 'file:projects/app-configuration.tgz'
+  '@rush-temp/attestation': 'file:projects/attestation.tgz'
   '@rush-temp/communication-administration': 'file:projects/communication-administration.tgz'
   '@rush-temp/communication-chat': 'file:projects/communication-chat.tgz'
   '@rush-temp/communication-common': 'file:projects/communication-common.tgz'
@@ -932,6 +933,16 @@ packages:
     optional: true
     resolution:
       integrity: sha1-7ihweulOEdK4J7y+UnC86n8+ce4=
+  /@types/jsonwebtoken/8.5.0:
+    dependencies:
+      '@types/node': 10.17.49
+    dev: false
+    resolution:
+      integrity: sha512-9bVao7LvyorRGZCw0VmH/dr7Og+NdjYSsKAxB43OQoComFbBgsEpoR9JW6+qSq/ogwVBg8GI2MfAlk4SYI4OLg==
+  /@types/jsrsasign/8.0.9:
+    dev: false
+    resolution:
+      integrity: sha512-Od34HkZR4DAaNpl6/fGEFVMQ5gWlwfwsbEeBjVDMMh9zlQD7hDwVEs0oUQDiVSfHImb0tlJVgfVGkp1jL9zOkg==
   /@types/jws/3.2.2:
     dependencies:
       '@types/node': 8.10.66
@@ -4445,6 +4456,10 @@ packages:
       '0': node >=0.6.0
     resolution:
       integrity: sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=
+  /jsrsasign/10.1.4:
+    dev: false
+    resolution:
+      integrity: sha512-j+bG6EaQ/SBvQvnI8M2x3Wawz8jx3fBViPClAw84QpsnLSjtr5fobp5W2TAljpAhboxWvbkZmd/KDBm+hckqJQ==
   /jssha/2.4.2:
     deprecated: jsSHA versions < 3.0.0 will no longer receive feature updates
     dev: false
@@ -8314,6 +8329,53 @@ packages:
       integrity: sha512-EOU48HtJCLa8SNSj2mpIixMGvQIz14kM3dBUBRAsyimecbxT68mVkOf3kqBaOej+tLb/vS6Fd48qHhJZMG1fWQ==
       tarball: 'file:projects/app-configuration.tgz'
     version: 0.0.0
+  'file:projects/attestation.tgz':
+    dependencies:
+      '@microsoft/api-extractor': 7.7.11
+      '@opentelemetry/api': 0.10.2
+      '@types/chai': 4.2.14
+      '@types/chai-as-promised': 7.1.3
+      '@types/jsonwebtoken': 8.5.0
+      '@types/jsrsasign': 8.0.9
+      '@types/mocha': 7.0.2
+      '@types/node': 8.10.66
+      buffer: 5.7.1
+      chai: 4.2.0
+      chai-as-promised: 7.1.1_chai@4.2.0
+      dotenv: 8.2.0
+      jsonwebtoken: 8.5.1
+      jsrsasign: 10.1.4
+      karma: 5.2.3
+      karma-chrome-launcher: 3.1.0
+      karma-coverage: 2.0.3
+      karma-edge-launcher: 0.4.2_karma@5.2.3
+      karma-env-preprocessor: 0.1.1
+      karma-firefox-launcher: 1.3.0
+      karma-ie-launcher: 1.0.0_karma@5.2.3
+      karma-json-preprocessor: 0.3.3_karma@5.2.3
+      karma-json-to-file-reporter: 1.0.1
+      karma-junit-reporter: 2.0.1_karma@5.2.3
+      karma-mocha: 2.0.1
+      karma-mocha-reporter: 2.2.5_karma@5.2.3
+      karma-remap-istanbul: 0.6.0_karma@5.2.3
+      karma-source-map-support: 1.4.0
+      mocha: 7.2.0
+      prettier: 1.19.1
+      rimraf: 3.0.2
+      rollup: 1.32.1
+      rollup-plugin-node-resolve: 3.4.0
+      rollup-plugin-sourcemaps: 0.4.2_rollup@1.32.1
+      safe-buffer: 5.2.1
+      ts-node: 8.10.2_typescript@4.1.2
+      tslib: 2.0.3
+      typescript: 4.1.2
+      uglify-js: 3.12.1
+    dev: false
+    name: '@rush-temp/attestation'
+    resolution:
+      integrity: sha512-mmWgokWGlwSYNwl3krboqB1JvMMwFWZE7SkkGNtx0lRvjJW36Od8PlYxvE8+SbbwqaHamIt+wjolMIi2tIaNEQ==
+      tarball: 'file:projects/attestation.tgz'
+    version: 0.0.0
   'file:projects/communication-administration.tgz':
     dependencies:
       '@azure/core-tracing': 1.0.0-preview.9
@@ -8637,7 +8699,7 @@ packages:
     dev: false
     name: '@rush-temp/core-auth'
     resolution:
-      integrity: sha512-nbqHULaXmyV0E0HM5thpSI9sJ7NUK6UaeeU6sTbpvvT8n0FxlkP2Fex95beZcpg1Hrwr2MHQ2yI54L+ocLrhvQ==
+      integrity: sha512-LlK88pmOWEZ1ooCPUEBN2PDHxGJOPH7X9AzIrBxo++/gNzKU0qMPdpbz8KeXuIekeAyFvzUQvsnCSfOw5zAGAw==
       tarball: 'file:projects/core-auth.tgz'
     version: 0.0.0
   'file:projects/core-client.tgz':
@@ -9258,7 +9320,7 @@ packages:
     dev: false
     name: '@rush-temp/event-hubs'
     resolution:
-      integrity: sha512-5KZnVq69wtqP4Q3UOxSYjrS6G1WGcIReGvgjgR/kD7XYUv+2jOvZmX/1Z8nHWAZrfjF+8/pQWpiO9QJsQ2Ds8A==
+      integrity: sha512-3SC0qZD7sdFrMZ1YvNobSOHLdbnuyLT2J8UvNzBttUQanMY1leTdP6wemdx1Ilpl6tdX57wag1rSSoLsrv8e/g==
       tarball: 'file:projects/event-hubs.tgz'
     version: 0.0.0
   'file:projects/event-processor-host.tgz':
@@ -9365,7 +9427,7 @@ packages:
     dev: false
     name: '@rush-temp/eventgrid'
     resolution:
-      integrity: sha512-JhMUPit7XVAdzsKK2AoDCLaKKwYY35seJsvnKT7j8Z0X0Rhlx6mjUo9aVOjxKgRX2wauc0JToBahKyr3p+H9Yg==
+      integrity: sha512-WH5wOuS+811eiLiZ9ieot/Uyv/C2Gs1Tk9G7Ac77fsGPSr+07v/8n49vCtaV3pyt8EfitAMoOOWbi9/BYgPA1Q==
       tarball: 'file:projects/eventgrid.tgz'
     version: 0.0.0
   'file:projects/eventhubs-checkpointstore-blob.tgz':
@@ -9426,7 +9488,7 @@ packages:
     dev: false
     name: '@rush-temp/eventhubs-checkpointstore-blob'
     resolution:
-      integrity: sha512-sX8X7q6Kg7zrmNaqZG1YiPbY5rAWx1babUki0vRwJbcr1JnNySYjRTgTI/4l0T2tcHTxChwWseTc+BLdUIAtlg==
+      integrity: sha512-Khh03c2ZQe4nXYKGnkk4F1NweAwUUlsYV6G7hOx4xD/FBNAqFSICmdZYcVC1nCQszjkgOcUrr5jjBzcSw6Ji5Q==
       tarball: 'file:projects/eventhubs-checkpointstore-blob.tgz'
     version: 0.0.0
   'file:projects/identity.tgz':
@@ -10053,7 +10115,7 @@ packages:
     dev: false
     name: '@rush-temp/service-bus'
     resolution:
-      integrity: sha512-H1+AAiX5xT5M3M6zxkbB3btkRHd2YjJLa76b3fy/R7nsp8vQB0OBD4V6ybRI1PqOuR6LnDQjGFL9bVUnTwTCsQ==
+      integrity: sha512-NtHFQKVrAKrls6z5YzCcDoyFVyk/mDMqzQM1B0nfUJrdiuBPaDZVZKg7VbWQ4AgRIcOfGXh9zGupespT7nWQqQ==
       tarball: 'file:projects/service-bus.tgz'
     version: 0.0.0
   'file:projects/storage-blob-changefeed.tgz':
@@ -10555,12 +10617,13 @@ packages:
       mocha: 7.2.0
       prettier: 1.19.1
       rimraf: 3.0.2
+      rollup: 1.32.1
       tslib: 2.0.3
       typescript: 4.1.2
     dev: false
     name: '@rush-temp/test-utils-multi-version'
     resolution:
-      integrity: sha512-btb6eYPabccPwA2T5tmUQ/jC1FNcpPjaqq8pWeB457Rpaw49U+ybmQckfNHc7Gh/8Vnvk8ucisb0ldqfw+iKhw==
+      integrity: sha512-U0DDGv+oz4TBx12RGZuOsCVtW5RjjA34eFywEa71wxiRJrjWwcKWJutCLh6OlTAjVFWftdrlCwmtpnk4/7tAXg==
       tarball: 'file:projects/test-utils-multi-version.tgz'
     version: 0.0.0
   'file:projects/test-utils-perfstress.tgz':
@@ -10676,6 +10739,7 @@ specifiers:
   '@rush-temp/ai-metrics-advisor': 'file:./projects/ai-metrics-advisor.tgz'
   '@rush-temp/ai-text-analytics': 'file:./projects/ai-text-analytics.tgz'
   '@rush-temp/app-configuration': 'file:./projects/app-configuration.tgz'
+  '@rush-temp/attestation': 'file:./projects/attestation.tgz'
   '@rush-temp/communication-administration': 'file:./projects/communication-administration.tgz'
   '@rush-temp/communication-chat': 'file:./projects/communication-chat.tgz'
   '@rush-temp/communication-common': 'file:./projects/communication-common.tgz'

rush.json

@@ -357,6 +357,11 @@
       "projectFolder": "sdk/search/search-documents",
       "versionPolicyName": "client"
     },
+    {
+      "packageName": "@azure/attestation",
+      "projectFolder": "sdk/attestation/attestation",
+      "versionPolicyName": "client"
+    },
     {
       "packageName": "@azure/communication-administration",
       "projectFolder": "sdk/communication/communication-administration",

sdk/attestation/attestation/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Microsoft
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sdk/attestation/attestation/README.md

@@ -0,0 +1,51 @@
+# Azure Attestation client library for JavaScript
+
+This package contains an isomorphic SDK for AttestationClient.
+
+## Getting started
+
+### Currently supported environments
+
+- Node.js version 8.x.x or higher
+
+### Install the `@azure/attestation` package
+
+```bash
+npm install @azure/attestation
+```
+
+### How to use
+
+## Key concepts
+
+This SDK provides the following functionality for the Microsoft Azure Attestation Service
+
+- Microsoft Azure Attestation Enclave Attestation
+- Attestation Policy Management APIs
+- Attestation Policy Management Certificate Management APIs.
+
+## Examples
+
+## Troubleshooting
+
+### Enable logs
+
+You can set the following environment variable to get the debug logging output when using this library.
+
+- Getting debug logs from the Azure Attestation client library
+
+```bash
+export AZURE_LOG_LEVEL=verbose
+```
+
+## Next steps
+
+## Contributing
+
+If you'd like to contribute to this library, please read the [contributing guide](https://github.com/Azure/azure-sdk-for-js/blob/master/CONTRIBUTING.md) to learn more about how to build and test the code.
+
+## Related projects
+
+- [Microsoft Azure SDK for Javascript](https://github.com/Azure/azure-sdk-for-js)
+
+![Impressions](https://azure-sdk-impressions.azurewebsites.net/api/impressions/azure-sdk-for-js%2Fsdk%2Fcdn%2Farm-cdn%2FREADME.png)

sdk/attestation/attestation/api-extractor.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
+  "mainEntryPointFilePath": "types/src/index.d.ts",
+  "docModel": {
+    "enabled": true
+  },
+  "apiReport": {
+    "enabled": true,
+    "reportFolder": "./review"
+  },
+  "dtsRollup": {
+    "enabled": true,
+    "untrimmedFilePath": "",
+    "publicTrimmedFilePath": "./types/attestation.d.ts"
+  },
+  "messages": {
+    "tsdocMessageReporting": {
+      "default": {
+        "logLevel": "none"
+      }
+    },
+    "extractorMessageReporting": {
+      "ae-missing-release-tag": {
+        "logLevel": "none"
+      },
+      "ae-unresolved-link": {
+        "logLevel": "none"
+      }
+    }
+  }
+}

sdk/attestation/attestation/karma.conf.js

@@ -0,0 +1,153 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+// https://github.com/karma-runner/karma-chrome-launcher
+process.env.CHROME_BIN = require("puppeteer").executablePath();
+require("dotenv").config();
+const {
+  jsonRecordingFilterFunction,
+  isPlaybackMode,
+  isSoftRecordMode,
+  isRecordMode
+} = require("@azure/test-utils-recorder");
+
+module.exports = function(config) {
+  config.set({
+    // base path that will be used to resolve all patterns (eg. files, exclude)
+    basePath: "./",
+
+    // frameworks to use
+    // available frameworks: https://npmjs.org/browse/keyword/karma-adapter
+    frameworks: ["source-map-support", "mocha"],
+
+    plugins: [
+      "karma-mocha",
+      "karma-mocha-reporter",
+      "karma-chrome-launcher",
+      "karma-edge-launcher",
+      "karma-firefox-launcher",
+      "karma-ie-launcher",
+      "karma-env-preprocessor",
+      "karma-coverage",
+      "karma-remap-istanbul",
+      "karma-junit-reporter",
+      "karma-json-to-file-reporter",
+      "karma-source-map-support",
+      "karma-json-preprocessor"
+    ],
+
+    // list of files / patterns to load in the browser
+    files: [
+      "dist-test/index.browser.js",
+      { pattern: "dist-test/index.browser.js.map", type: "html", included: false, served: true }
+    ].concat(isPlaybackMode() || isSoftRecordMode() ? ["recordings/browsers/**/*.json"] : []),
+
+    // list of files / patterns to exclude
+    exclude: [],
+
+    // preprocess matching files before serving them to the browser
+    // available preprocessors: https://npmjs.org/browse/keyword/karma-preprocessor
+    preprocessors: {
+      "**/*.js": ["env"],
+      "recordings/browsers/**/*.json": ["json"]
+      // IMPORTANT: COMMENT following line if you want to debug in your browsers!!
+      // Preprocess source file to calculate code coverage, however this will make source file unreadable
+      // "dist-test/index.js": ["coverage"]
+    },
+
+    envPreprocessor: [
+      "TEST_MODE",
+      "AAD_ATTESTATION_URL",
+      "ISOLATED_ATTESTATION_URL",
+      "policySigningCertificate0",
+      "policySigningCertificate1",
+      "policySigningCertificate2",
+      "isolatedSigningCertificate",
+      "AZURE_CLIENT_ID",
+      "AZURE_CLIENT_SECRET",
+      "AZURE_TENANT_ID",
+    ],
+
+    // test results reporter to use
+    // possible values: 'dots', 'progress'
+    // available reporters: https://npmjs.org/browse/keyword/karma-reporter
+    reporters: ["mocha", "coverage", "karma-remap-istanbul", "junit", "json-to-file"],
+
+    coverageReporter: {
+      // specify a common output directory
+      dir: "coverage-browser/",
+      reporters: [{ type: "json", subdir: ".", file: "coverage.json" }]
+    },
+
+    remapIstanbulReporter: {
+      src: "coverage-browser/coverage.json",
+      reports: {
+        lcovonly: "coverage-browser/lcov.info",
+        html: "coverage-browser/html/report",
+        "text-summary": null,
+        cobertura: "./coverage-browser/cobertura-coverage.xml"
+      }
+    },
+
+    junitReporter: {
+      outputDir: "", // results will be saved as $outputDir/$browserName.xml
+      outputFile: "test-results.browser.xml", // if included, results will be saved as $outputDir/$browserName/$outputFile
+      suite: "", // suite will become the package name attribute in xml testsuite element
+      useBrowserName: false, // add browser name to report and classes names
+      nameFormatter: undefined, // function (browser, result) to customize the name attribute in xml testcase element
+      classNameFormatter: undefined, // function (browser, result) to customize the classname attribute in xml testcase element
+      properties: {} // key value pair of properties to add to the <properties> section of the report
+    },
+
+    jsonToFileReporter: {
+      filter: jsonRecordingFilterFunction,
+      outputPath: "."
+    },
+
+    // web server port
+    port: 9876,
+
+    // enable / disable colors in the output (reporters and logs)
+    colors: true,
+
+    // level of logging
+    // possible values: config.LOG_DISABLE || config.LOG_ERROR || config.LOG_WARN || config.LOG_INFO || config.LOG_DEBUG
+    logLevel: config.LOG_INFO,
+
+    // enable / disable watching file and executing tests whenever any file changes
+    autoWatch: false,
+
+    // --no-sandbox allows our tests to run in Linux without having to change the system.
+    // --disable-web-security allows us to authenticate from the browser without having to write tests using interactive auth, which would be far more complex.
+    browsers: ["ChromeHeadlessNoSandbox"],
+    customLaunchers: {
+      ChromeHeadlessNoSandbox: {
+        base: "ChromeHeadless",
+        flags: ["--no-sandbox", "--disable-web-security"]
+      }
+    },
+
+    // Continuous Integration mode
+    // if true, Karma captures browsers, runs the tests and exits
+    singleRun: false,
+
+    // Concurrency level
+    // how many browser should be started simultaneous
+    concurrency: 1,
+
+    browserNoActivityTimeout: 60000000,
+    browserDisconnectTimeout: 10000,
+    browserDisconnectTolerance: 3,
+    browserConsoleLogOptions: {
+      terminal: !isRecordMode()
+    },
+
+    client: {
+      mocha: {
+        // change Karma's debug.html to the mocha web reporter
+        reporter: "html",
+        timeout: 0
+      }
+    }
+  });
+};

sdk/attestation/attestation/package.json

@@ -0,0 +1,99 @@
+{
+  "name": "@azure/attestation",
+  "author": "Microsoft Corporation",
+  "description": "Describes the interface for the per-tenant enclave service.",
+  "version": "1.0.0-beta.1",
+  "dependencies": {
+    "@azure/core-http": "^1.2.0",
+    "@azure/identity": "^1.1.0",
+    "tslib": "^2.0.0"
+  },
+  "keywords": [
+    "node",
+    "azure",
+    "typescript",
+    "browser",
+    "isomorphic"
+  ],
+  "license": "MIT",
+  "main": "./dist/index.js",
+  "module": "./dist-esm/src/index.js",
+  "types": "./types/attestation.d.ts",
+  "engines": {
+    "node": ">=8.0.0"
+  },
+  "devDependencies": {
+    "@azure/dev-tool": "^1.0.0",
+    "@azure/test-utils-recorder": "^1.0.0",
+    "@microsoft/api-extractor": "7.7.11",
+    "@opentelemetry/api": "^0.10.2",
+    "@types/chai": "^4.1.6",
+    "@types/chai-as-promised": "^7.1.0",
+    "@types/jsrsasign": "^8.0.9",
+    "@types/mocha": "^7.0.2",
+    "@types/node": "^8.0.0",
+    "buffer": "^5.2.1",
+    "chai": "^4.2.0",
+    "chai-as-promised": "^7.1.1",
+    "dotenv": "^8.2.0",
+    "jsrsasign": "^10.1.4",
+    "karma": "^5.1.0",
+    "karma-chrome-launcher": "^3.0.0",
+    "karma-coverage": "^2.0.0",
+    "karma-edge-launcher": "^0.4.2",
+    "karma-env-preprocessor": "^0.1.1",
+    "karma-firefox-launcher": "^1.1.0",
+    "karma-ie-launcher": "^1.0.0",
+    "karma-json-preprocessor": "^0.3.3",
+    "karma-json-to-file-reporter": "^1.0.1",
+    "karma-junit-reporter": "^2.0.1",
+    "karma-mocha": "^2.0.1",
+    "karma-mocha-reporter": "^2.2.5",
+    "karma-remap-istanbul": "^0.6.0",
+    "karma-source-map-support": "~1.4.0",
+    "mocha": "^7.1.1",
+    "prettier": "^1.16.4",
+    "rimraf": "^3.0.0",
+    "rollup": "^1.16.3",
+    "rollup-plugin-node-resolve": "^3.4.0",
+    "rollup-plugin-sourcemaps": "^0.4.2",
+    "safe-buffer": "^5.2.1",
+    "ts-node": "^8.3.0",
+    "typescript": "4.1.2"
+  },
+  "homepage": "https://github.com/Azure/azure-sdk-for-js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Azure/azure-sdk-for-js.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Azure/azure-sdk-for-js/issues"
+  },
+  "files": [
+    "dist/",
+    "dist-esm/src/",
+    "types/attestation.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -p . && rollup -c 2>&1 && api-extractor run --local",
+    "build:samples": "echo skipped",
+    "build:test": "tsc -p . && rollup -c 2>&1",
+    "clean": "rimraf dist dist-esm dist-test temp types *.tgz *.log",
+    "extract-api": "api-extractor run --local",
+    "lint": "echo skipped",
+    "prepack": "npm install && npm run build",
+    "test": "npm run clean && npm run build:test && npm run unit-test",
+    "unit-test:browser": "karma start --single-run",
+    "unit-test:node": "mocha -r esm --require ts-node/register --reporter ../../../common/tools/mocha-multi-reporter.js --timeout 1200000 --full-trace \"test/{,!(browser)/**/}*.spec.ts\"",
+    "unit-test": "npm run unit-test:node && npm run unit-test:browser"
+  },
+  "sideEffects": false,
+  "autoPublish": true,
+  "browser": {
+    "./dist-esm/test/utils/base64url.js": "./dist-esm/test/utils/base64url.browser.js",
+    "./dist-esm/test/utils/Buffer.js": "./dist-esm/test/utils/Buffer.browser.js",
+    "./dist-esm/test/utils/env.js": "./dist-esm/test/utils/env.browser.js"
+  }
+}

sdk/attestation/attestation/review/attestation.api.md

@@ -0,0 +1,366 @@
+## API Report File for "@azure/attestation"
+
+> Do not edit this file. It is a report generated by [API Extractor](https://api-extractor.com/).
+
+```ts
+
+import * as coreHttp from '@azure/core-http';
+
+// @public
+export class Attestation {
+    constructor(client: AttestationClient);
+    attestOpenEnclave(request: AttestOpenEnclaveRequest, options?: coreHttp.OperationOptions): Promise<AttestationAttestOpenEnclaveResponse>;
+    attestSgxEnclave(request: AttestSgxEnclaveRequest, options?: coreHttp.OperationOptions): Promise<AttestationAttestSgxEnclaveResponse>;
+    attestTpm(request: TpmAttestationRequest, options?: coreHttp.OperationOptions): Promise<AttestationAttestTpmResponse>;
+    }
+
+// @public
+export type AttestationAttestOpenEnclaveResponse = AttestationResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: AttestationResponse;
+    };
+};
+
+// @public
+export type AttestationAttestSgxEnclaveResponse = AttestationResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: AttestationResponse;
+    };
+};
+
+// @public
+export type AttestationAttestTpmResponse = TpmAttestationResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: TpmAttestationResponse;
+    };
+};
+
+// @public
+export interface AttestationCertificateManagementBody {
+    policyCertificate?: JsonWebKey;
+}
+
+// @public (undocumented)
+export class AttestationClient extends AttestationClientContext {
+    constructor(credentials: coreHttp.TokenCredential | coreHttp.ServiceClientCredentials, instanceUrl: string, options?: AttestationClientOptionalParams);
+    // (undocumented)
+    attestation: Attestation;
+    // (undocumented)
+    metadataConfiguration: MetadataConfiguration;
+    // (undocumented)
+    policy: Policy;
+    // (undocumented)
+    policyCertificates: PolicyCertificates;
+    // (undocumented)
+    signingCertificates: SigningCertificates;
+}
+
+// @public (undocumented)
+export class AttestationClientContext extends coreHttp.ServiceClient {
+    constructor(credentials: coreHttp.TokenCredential | coreHttp.ServiceClientCredentials, instanceUrl: string, options?: AttestationClientOptionalParams);
+    // (undocumented)
+    apiVersion: string;
+    // (undocumented)
+    instanceUrl: string;
+}
+
+// @public
+export interface AttestationClientOptionalParams extends coreHttp.ServiceClientOptions {
+    apiVersion?: string;
+    endpoint?: string;
+}
+
+// @public
+export interface AttestationResponse {
+    token?: string;
+}
+
+// @public
+export interface AttestationResult {
+    cnf?: any;
+    deprecatedEnclaveHeldData?: Uint8Array;
+    deprecatedEnclaveHeldData2?: Uint8Array;
+    deprecatedIsDebuggable?: boolean;
+    deprecatedMrEnclave?: string;
+    deprecatedMrSigner?: string;
+    deprecatedPolicyHash?: Uint8Array;
+    deprecatedPolicySigner?: JsonWebKey;
+    deprecatedProductId?: number;
+    deprecatedRpData?: string;
+    deprecatedSgxCollateral?: any;
+    deprecatedSvn?: number;
+    deprecatedTee?: string;
+    deprecatedVersion?: string;
+    enclaveHeldData?: Uint8Array;
+    exp?: number;
+    iat?: number;
+    inittimeClaims?: any;
+    isDebuggable?: boolean;
+    iss?: string;
+    jti?: string;
+    mrEnclave?: string;
+    mrSigner?: string;
+    nbf?: number;
+    nonce?: string;
+    policyClaims?: any;
+    policyHash?: Uint8Array;
+    policySigner?: JsonWebKey;
+    productId?: number;
+    runtimeClaims?: any;
+    sgxCollateral?: any;
+    svn?: number;
+    verifierType?: string;
+    version?: string;
+}
+
+// @public
+export type AttestationType = string;
+
+// @public
+export interface AttestOpenEnclaveRequest {
+    draftPolicyForAttestation?: string;
+    initTimeData?: InitTimeData;
+    report?: Uint8Array;
+    runtimeData?: RuntimeData;
+}
+
+// @public
+export interface AttestSgxEnclaveRequest {
+    draftPolicyForAttestation?: string;
+    initTimeData?: InitTimeData;
+    quote?: Uint8Array;
+    runtimeData?: RuntimeData;
+}
+
+// @public
+export type CertificateModification = string;
+
+// @public
+export interface CloudError {
+    error?: CloudErrorBody;
+}
+
+// @public
+export interface CloudErrorBody {
+    code?: string;
+    message?: string;
+}
+
+// @public
+export type DataType = string;
+
+// @public
+export interface InitTimeData {
+    data?: Uint8Array;
+    dataType?: DataType;
+}
+
+// @public (undocumented)
+export interface JsonWebKey {
+    alg: string;
+    crv?: string;
+    d?: string;
+    dp?: string;
+    dq?: string;
+    e?: string;
+    k?: string;
+    kid: string;
+    kty: string;
+    n?: string;
+    p?: string;
+    q?: string;
+    qi?: string;
+    use: string;
+    x?: string;
+    x5C?: string[];
+    y?: string;
+}
+
+// @public (undocumented)
+export interface JsonWebKeySet {
+    keys?: JsonWebKey[];
+}
+
+// @public
+export const enum KnownAttestationType {
+    OpenEnclave = "OpenEnclave",
+    SgxEnclave = "SgxEnclave",
+    Tpm = "Tpm"
+}
+
+// @public
+export const enum KnownCertificateModification {
+    IsAbsent = "IsAbsent",
+    IsPresent = "IsPresent"
+}
+
+// @public
+export const enum KnownDataType {
+    Binary = "Binary",
+    Json = "JSON"
+}
+
+// @public
+export const enum KnownPolicyModification {
+    Removed = "Removed",
+    Updated = "Updated"
+}
+
+// @public
+export class MetadataConfiguration {
+    constructor(client: AttestationClient);
+    get(options?: coreHttp.OperationOptions): Promise<MetadataConfigurationGetResponse>;
+}
+
+// @public
+export type MetadataConfigurationGetResponse = {
+    body: any;
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: any;
+    };
+};
+
+// @public
+export class Policy {
+    constructor(client: AttestationClient);
+    get(attestationType: AttestationType, options?: coreHttp.OperationOptions): Promise<PolicyGetResponse>;
+    reset(attestationType: AttestationType, policyJws: string, options?: coreHttp.OperationOptions): Promise<PolicyResetResponse>;
+    set(attestationType: AttestationType, newAttestationPolicy: string, options?: coreHttp.OperationOptions): Promise<PolicySetModelResponse>;
+}
+
+// @public
+export class PolicyCertificates {
+    constructor(client: AttestationClient);
+    add(policyCertificateToAdd: string, options?: coreHttp.OperationOptions): Promise<PolicyCertificatesAddResponse>;
+    get(options?: coreHttp.OperationOptions): Promise<PolicyCertificatesGetResponse>;
+    remove(policyCertificateToRemove: string, options?: coreHttp.OperationOptions): Promise<PolicyCertificatesRemoveResponse>;
+}
+
+// @public
+export type PolicyCertificatesAddResponse = PolicyCertificatesModifyResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: PolicyCertificatesModifyResponse;
+    };
+};
+
+// @public
+export type PolicyCertificatesGetResponse = PolicyCertificatesResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: PolicyCertificatesResponse;
+    };
+};
+
+// @public
+export interface PolicyCertificatesModificationResult {
+    certificateResolution?: CertificateModification;
+    certificateThumbprint?: string;
+}
+
+// @public
+export interface PolicyCertificatesModifyResponse {
+    token?: string;
+}
+
+// @public
+export type PolicyCertificatesRemoveResponse = PolicyCertificatesModifyResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: PolicyCertificatesModifyResponse;
+    };
+};
+
+// @public
+export interface PolicyCertificatesResponse {
+    token?: string;
+}
+
+// @public
+export interface PolicyCertificatesResult {
+    policyCertificates?: JsonWebKeySet;
+}
+
+// @public
+export type PolicyGetResponse = PolicyResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: PolicyResponse;
+    };
+};
+
+// @public
+export type PolicyModification = string;
+
+// @public
+export type PolicyResetResponse = PolicyResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: PolicyResponse;
+    };
+};
+
+// @public
+export interface PolicyResponse {
+    token?: string;
+}
+
+// @public
+export interface PolicyResult {
+    policy?: string;
+    policyResolution?: PolicyModification;
+    policySigner?: JsonWebKey;
+    policyTokenHash?: Uint8Array;
+}
+
+// @public
+export type PolicySetModelResponse = PolicyResponse & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: PolicyResponse;
+    };
+};
+
+// @public
+export interface RuntimeData {
+    data?: Uint8Array;
+    dataType?: DataType;
+}
+
+// @public
+export class SigningCertificates {
+    constructor(client: AttestationClient);
+    get(options?: coreHttp.OperationOptions): Promise<SigningCertificatesGetResponse>;
+}
+
+// @public
+export type SigningCertificatesGetResponse = JsonWebKeySet & {
+    _response: coreHttp.HttpResponse & {
+        bodyAsText: string;
+        parsedBody: JsonWebKeySet;
+    };
+};
+
+// @public (undocumented)
+export interface StoredAttestationPolicy {
+    attestationPolicy?: Uint8Array;
+}
+
+// @public
+export interface TpmAttestationRequest {
+    data?: Uint8Array;
+}
+
+// @public
+export interface TpmAttestationResponse {
+    data?: Uint8Array;
+}
+
+
+// (No @packageDocumentation comment for this package)
+
+```

sdk/attestation/attestation/rollup.config.js

@@ -0,0 +1,3 @@
+import { makeConfig } from "@azure/dev-tool/shared-config/rollup";
+
+export default makeConfig(require("./package.json"));

sdk/attestation/attestation/sample.env

@@ -0,0 +1,9 @@
+AAD_ATTESTATION_URL="<AAD attestation URL>"
+ISOLATED_ATTESTATION_URL="<Isolated attestaion URL>"
+policySigningCertificate2=""
+isolatedSigningCertificate=""
+policySigningCertificate1=""
+policySigningCertificate0=""
+# Our tests assume that TEST_MODE is "playback" by default. You can
+# change it to "record" to generate new recordings, or "live" to bypass the recorder entirely.
+TEST_MODE=playback

sdk/attestation/attestation/src/attestationClient.ts

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import {
+  Policy,
+  PolicyCertificates,
+  Attestation,
+  SigningCertificates,
+  MetadataConfiguration
+} from "./operations";
+import { AttestationClientContext } from "./attestationClientContext";
+import { AttestationClientOptionalParams } from "./models";
+
+export class AttestationClient extends AttestationClientContext {
+  /**
+   * Initializes a new instance of the AttestationClient class.
+   * @param credentials Subscription credentials which uniquely identify client subscription.
+   * @param instanceUrl The attestation instance base URI, for example https://mytenant.attest.azure.net.
+   * @param options The parameter options
+   */
+  constructor(
+    credentials: coreHttp.TokenCredential | coreHttp.ServiceClientCredentials,
+    instanceUrl: string,
+    options?: AttestationClientOptionalParams
+  ) {
+    super(credentials, instanceUrl, options);
+    this.policy = new Policy(this);
+    this.policyCertificates = new PolicyCertificates(this);
+    this.attestation = new Attestation(this);
+    this.signingCertificates = new SigningCertificates(this);
+    this.metadataConfiguration = new MetadataConfiguration(this);
+  }
+
+  policy: Policy;
+  policyCertificates: PolicyCertificates;
+  attestation: Attestation;
+  signingCertificates: SigningCertificates;
+  metadataConfiguration: MetadataConfiguration;
+}

sdk/attestation/attestation/src/attestationClientContext.ts

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import { AttestationClientOptionalParams } from "./models";
+
+const packageName = "@azure/attestation";
+const packageVersion = "1.0.0-beta.1";
+
+export class AttestationClientContext extends coreHttp.ServiceClient {
+  instanceUrl: string;
+  apiVersion: string;
+
+  /**
+   * Initializes a new instance of the AttestationClientContext class.
+   * @param credentials Subscription credentials which uniquely identify client subscription.
+   * @param instanceUrl The attestation instance base URI, for example https://mytenant.attest.azure.net.
+   * @param options The parameter options
+   */
+  constructor(
+    credentials: coreHttp.TokenCredential | coreHttp.ServiceClientCredentials,
+    instanceUrl: string,
+    options?: AttestationClientOptionalParams
+  ) {
+    if (credentials === undefined) {
+      throw new Error("'credentials' cannot be null");
+    }
+    if (instanceUrl === undefined) {
+      throw new Error("'instanceUrl' cannot be null");
+    }
+
+    // Initializing default values for options
+    if (!options) {
+      options = {};
+    }
+
+    if (!options.userAgent) {
+      const defaultUserAgent = coreHttp.getDefaultUserAgentValue();
+      options.userAgent = `${packageName}/${packageVersion} ${defaultUserAgent}`;
+    }
+
+    if (!options.credentialScopes) {
+      options.credentialScopes = ["https://attest.azure.net/.default"];
+    }
+
+    super(credentials, options);
+
+    this.requestContentType = "application/json; charset=utf-8";
+
+    this.baseUri = options.endpoint || "{instanceUrl}";
+
+    // Parameter assignments
+    this.instanceUrl = instanceUrl;
+
+    // Assigning values to Constant parameters
+    this.apiVersion = options.apiVersion || "2020-10-01";
+  }
+}

sdk/attestation/attestation/src/index.ts

@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export * from "./models";
+export * from "./operations";
+export { AttestationClient } from "./attestationClient";
+export { AttestationClientContext } from "./attestationClientContext";

sdk/attestation/attestation/src/models/index.ts

@@ -0,0 +1,818 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+
+/**
+ * The response to an attestation policy operation
+ */
+export interface PolicyResponse {
+  /**
+   * An RFC7519 JSON Web Token structure whose body is an PolicyResult object.
+   */
+  token?: string;
+}
+
+/**
+ * An error response from Attestation.
+ */
+export interface CloudError {
+  /**
+   * An error response from Attestation.
+   */
+  error?: CloudErrorBody;
+}
+
+/**
+ * An error response from Attestation.
+ */
+export interface CloudErrorBody {
+  /**
+   * An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
+   */
+  code?: string;
+  /**
+   * A message describing the error, intended to be suitable for displaying in a user interface.
+   */
+  message?: string;
+}
+
+/**
+ * The response to an attestation policy management API
+ */
+export interface PolicyCertificatesResponse {
+  /**
+   * An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes
+   */
+  token?: string;
+}
+
+/**
+ * The response to an attestation policy management API
+ */
+export interface PolicyCertificatesModifyResponse {
+  /**
+   * An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object.
+   */
+  token?: string;
+}
+
+/**
+ * Attestation request for Intel SGX enclaves
+ */
+export interface AttestOpenEnclaveRequest {
+  /**
+   * OpenEnclave report from the enclave to be attested
+   */
+  report?: Uint8Array;
+  /**
+   * Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
+   */
+  runtimeData?: RuntimeData;
+  /**
+   * Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
+   */
+  initTimeData?: InitTimeData;
+  /**
+   * Attest against the provided draft policy. Note that the resulting token cannot be validated.
+   */
+  draftPolicyForAttestation?: string;
+}
+
+/**
+ * Defines the "run time data" provided by the attestation target for use by the MAA
+ */
+export interface RuntimeData {
+  /**
+   * UTF-8 encoded Runtime Data generated by the trusted environment
+   */
+  data?: Uint8Array;
+  /**
+   * The type of data contained within the "data" field
+   */
+  dataType?: DataType;
+}
+
+/**
+ * Defines the "initialization time data" used to provision the attestation target for use by the MAA
+ */
+export interface InitTimeData {
+  /**
+   * UTF-8 encoded Initialization Data passed into the trusted environment when it is created.
+   */
+  data?: Uint8Array;
+  /**
+   * The type of data contained within the "data" field
+   */
+  dataType?: DataType;
+}
+
+/**
+ * The result of an attestation operation
+ */
+export interface AttestationResponse {
+  /**
+   * An RFC 7519 JSON Web Token, the body of which is an AttestationResult object.
+   */
+  token?: string;
+}
+
+/**
+ * Attestation request for Intel SGX enclaves
+ */
+export interface AttestSgxEnclaveRequest {
+  /**
+   * Quote of the enclave to be attested
+   */
+  quote?: Uint8Array;
+  /**
+   * Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
+   */
+  runtimeData?: RuntimeData;
+  /**
+   * Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
+   */
+  initTimeData?: InitTimeData;
+  /**
+   * Attest against the provided draft policy. Note that the resulting token cannot be validated.
+   */
+  draftPolicyForAttestation?: string;
+}
+
+/**
+ * Attestation request for Trusted Platform Module (TPM) attestation.
+ */
+export interface TpmAttestationRequest {
+  /**
+   * Protocol data containing artifacts for attestation.
+   */
+  data?: Uint8Array;
+}
+
+/**
+ * Attestation response for Trusted Platform Module (TPM) attestation.
+ */
+export interface TpmAttestationResponse {
+  /**
+   * Protocol data containing attestation service response.
+   */
+  data?: Uint8Array;
+}
+
+export interface JsonWebKeySet {
+  /**
+   * The value of the "keys" parameter is an array of JWK values.  By
+   * default, the order of the JWK values within the array does not imply
+   * an order of preference among them, although applications of JWK Sets
+   * can choose to assign a meaning to the order for their purposes, if
+   * desired.
+   */
+  keys?: JsonWebKey[];
+}
+
+export interface JsonWebKey {
+  /**
+   * The "alg" (algorithm) parameter identifies the algorithm intended for
+   * use with the key.  The values used should either be registered in the
+   * IANA "JSON Web Signature and Encryption Algorithms" registry
+   * established by [JWA] or be a value that contains a Collision-
+   * Resistant Name.
+   */
+  alg: string;
+  /**
+   * The "crv" (curve) parameter identifies the curve type
+   */
+  crv?: string;
+  /**
+   * RSA private exponent or ECC private key
+   */
+  d?: string;
+  /**
+   * RSA Private Key Parameter
+   */
+  dp?: string;
+  /**
+   * RSA Private Key Parameter
+   */
+  dq?: string;
+  /**
+   * RSA public exponent, in Base64
+   */
+  e?: string;
+  /**
+   * Symmetric key
+   */
+  k?: string;
+  /**
+   * The "kid" (key ID) parameter is used to match a specific key.  This
+   * is used, for instance, to choose among a set of keys within a JWK Set
+   * during key rollover.  The structure of the "kid" value is
+   * unspecified.  When "kid" values are used within a JWK Set, different
+   * keys within the JWK Set SHOULD use distinct "kid" values.  (One
+   * example in which different keys might use the same "kid" value is if
+   * they have different "kty" (key type) values but are considered to be
+   * equivalent alternatives by the application using them.)  The "kid"
+   * value is a case-sensitive string.
+   */
+  kid: string;
+  /**
+   * The "kty" (key type) parameter identifies the cryptographic algorithm
+   * family used with the key, such as "RSA" or "EC". "kty" values should
+   * either be registered in the IANA "JSON Web Key Types" registry
+   * established by [JWA] or be a value that contains a Collision-
+   * Resistant Name.  The "kty" value is a case-sensitive string.
+   */
+  kty: string;
+  /**
+   * RSA modulus, in Base64
+   */
+  n?: string;
+  /**
+   * RSA secret prime
+   */
+  p?: string;
+  /**
+   * RSA secret prime, with p < q
+   */
+  q?: string;
+  /**
+   * RSA Private Key Parameter
+   */
+  qi?: string;
+  /**
+   * Use ("public key use") identifies the intended use of
+   * the public key. The "use" parameter is employed to indicate whether
+   * a public key is used for encrypting data or verifying the signature
+   * on data. Values are commonly "sig" (signature) or "enc" (encryption).
+   */
+  use: string;
+  /**
+   * X coordinate for the Elliptic Curve point
+   */
+  x?: string;
+  /**
+   * The "x5c" (X.509 certificate chain) parameter contains a chain of one
+   * or more PKIX certificates [RFC5280].  The certificate chain is
+   * represented as a JSON array of certificate value strings.  Each
+   * string in the array is a base64-encoded (Section 4 of [RFC4648] --
+   * not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
+   * The PKIX certificate containing the key value MUST be the first
+   * certificate.
+   */
+  x5C?: string[];
+  /**
+   * Y coordinate for the Elliptic Curve point
+   */
+  y?: string;
+}
+
+/**
+ * The body of the JWT used for the PolicyCertificates APIs
+ */
+export interface AttestationCertificateManagementBody {
+  /**
+   * RFC 7517 Json Web Key describing the certificate.
+   */
+  policyCertificate?: JsonWebKey;
+}
+
+/**
+ * The result of a call to retrieve policy certificates.
+ */
+export interface PolicyCertificatesResult {
+  /**
+   * SHA256 Hash of the binary representation certificate which was added or removed
+   */
+  policyCertificates?: JsonWebKeySet;
+}
+
+/**
+ * The result of a policy certificate modification
+ */
+export interface PolicyCertificatesModificationResult {
+  /**
+   * Hex encoded SHA1 Hash of the binary representation certificate which was added or removed
+   */
+  certificateThumbprint?: string;
+  /**
+   * The result of the operation
+   */
+  certificateResolution?: CertificateModification;
+}
+
+export interface StoredAttestationPolicy {
+  /**
+   * Policy text to set as a sequence of UTF-8 encoded octets.
+   */
+  attestationPolicy?: Uint8Array;
+}
+
+/**
+ * The result of a policy certificate modification
+ */
+export interface PolicyResult {
+  /**
+   * The result of the operation
+   */
+  policyResolution?: PolicyModification;
+  /**
+   * The SHA256 hash of the policy object modified
+   */
+  policyTokenHash?: Uint8Array;
+  /**
+   * The certificate used to sign the policy object, if specified
+   */
+  policySigner?: JsonWebKey;
+  /**
+   * A JSON Web Token containing a StoredAttestationPolicy object with the attestation policy
+   */
+  policy?: string;
+}
+
+/**
+ * A Microsoft Azure Attestation response token body - the body of a response token issued by MAA
+ */
+export interface AttestationResult {
+  /**
+   * Unique Identifier for the token
+   */
+  jti?: string;
+  /**
+   * The Principal who issued the token
+   */
+  iss?: string;
+  /**
+   * The time at which the token was issued, in the number of seconds since 1970-01-0T00:00:00Z UTC
+   */
+  iat?: number;
+  /**
+   * The expiration time after which the token is no longer valid, in the number of seconds since 1970-01-0T00:00:00Z UTC
+   */
+  exp?: number;
+  /**
+   * The not before time before which the token cannot be considered valid, in the number of seconds since 1970-01-0T00:00:00Z UTC
+   */
+  nbf?: number;
+  /**
+   * An RFC 7800 Proof of Possession Key
+   */
+  cnf?: any;
+  /**
+   * The Nonce input to the attestation request, if provided.
+   */
+  nonce?: string;
+  /**
+   * The Schema version of this structure. Current Value: 1.0
+   */
+  version?: string;
+  /**
+   * Runtime Claims
+   */
+  runtimeClaims?: any;
+  /**
+   * Inittime Claims
+   */
+  inittimeClaims?: any;
+  /**
+   * Policy Generated Claims
+   */
+  policyClaims?: any;
+  /**
+   * The Attestation type being attested.
+   */
+  verifierType?: string;
+  /**
+   * The certificate used to sign the policy object, if specified.
+   */
+  policySigner?: JsonWebKey;
+  /**
+   * The SHA256 hash of the BASE64URL encoded policy text used for attestation
+   */
+  policyHash?: Uint8Array;
+  /**
+   * True if the enclave is debuggable, false otherwise
+   */
+  isDebuggable?: boolean;
+  /**
+   * The SGX Product ID for the enclave.
+   */
+  productId?: number;
+  /**
+   * The HEX encoded SGX MRENCLAVE value for the enclave.
+   */
+  mrEnclave?: string;
+  /**
+   * The HEX encoded SGX MRSIGNER value for the enclave.
+   */
+  mrSigner?: string;
+  /**
+   * The SGX SVN value for the enclave.
+   */
+  svn?: number;
+  /**
+   * A copy of the RuntimeData specified as an input to the attest call.
+   */
+  enclaveHeldData?: Uint8Array;
+  /**
+   * The SGX SVN value for the enclave.
+   */
+  sgxCollateral?: any;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-ver claim.
+   */
+  deprecatedVersion?: string;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable claim.
+   */
+  deprecatedIsDebuggable?: boolean;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-collateral claim.
+   */
+  deprecatedSgxCollateral?: any;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.
+   */
+  deprecatedEnclaveHeldData?: Uint8Array;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-ehd claim.
+   */
+  deprecatedEnclaveHeldData2?: Uint8Array;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-product-id
+   */
+  deprecatedProductId?: number;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-mrenclave.
+   */
+  deprecatedMrEnclave?: string;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-mrsigner.
+   */
+  deprecatedMrSigner?: string;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-sgx-svn.
+   */
+  deprecatedSvn?: number;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-tee.
+   */
+  deprecatedTee?: string;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-policy-signer
+   */
+  deprecatedPolicySigner?: JsonWebKey;
+  /**
+   * DEPRECATED: Private Preview version of x-ms-policy-hash
+   */
+  deprecatedPolicyHash?: Uint8Array;
+  /**
+   * DEPRECATED: Private Preview version of nonce
+   */
+  deprecatedRpData?: string;
+}
+
+/**
+ * Known values of {@link AttestationType} that the service accepts.
+ */
+export const enum KnownAttestationType {
+  /**
+   * Intel Software Guard eXtensions
+   */
+  SgxEnclave = "SgxEnclave",
+  /**
+   * OpenEnclave extensions to SGX
+   */
+  OpenEnclave = "OpenEnclave",
+  /**
+   * Edge TPM Virtualization Based Security
+   */
+  Tpm = "Tpm"
+}
+
+/**
+ * Defines values for AttestationType. \
+ * {@link KnownAttestationType} can be used interchangeably with AttestationType,
+ *  this enum contains the known values that the service supports.
+ * ### Know values supported by the service
+ * **SgxEnclave**: Intel Software Guard eXtensions \
+ * **OpenEnclave**: OpenEnclave extensions to SGX \
+ * **Tpm**: Edge TPM Virtualization Based Security
+ */
+export type AttestationType = string;
+
+/**
+ * Known values of {@link DataType} that the service accepts.
+ */
+export const enum KnownDataType {
+  /**
+   * The contents of the field should be treated as binary and not interpreted by MAA.
+   */
+  Binary = "Binary",
+  /**
+   * The contents of the field should be treated as a JSON object and may be further interpreted by MAA.
+   */
+  Json = "JSON"
+}
+
+/**
+ * Defines values for DataType. \
+ * {@link KnownDataType} can be used interchangeably with DataType,
+ *  this enum contains the known values that the service supports.
+ * ### Know values supported by the service
+ * **Binary**: The contents of the field should be treated as binary and not interpreted by MAA. \
+ * **JSON**: The contents of the field should be treated as a JSON object and may be further interpreted by MAA.
+ */
+export type DataType = string;
+
+/**
+ * Known values of {@link CertificateModification} that the service accepts.
+ */
+export const enum KnownCertificateModification {
+  /**
+   * After the operation was performed, the certificate is in the set of certificates.
+   */
+  IsPresent = "IsPresent",
+  /**
+   * After the operation was performed, the certificate is no longer present in the set of certificates.
+   */
+  IsAbsent = "IsAbsent"
+}
+
+/**
+ * Defines values for CertificateModification. \
+ * {@link KnownCertificateModification} can be used interchangeably with CertificateModification,
+ *  this enum contains the known values that the service supports.
+ * ### Know values supported by the service
+ * **IsPresent**: After the operation was performed, the certificate is in the set of certificates. \
+ * **IsAbsent**: After the operation was performed, the certificate is no longer present in the set of certificates.
+ */
+export type CertificateModification = string;
+
+/**
+ * Known values of {@link PolicyModification} that the service accepts.
+ */
+export const enum KnownPolicyModification {
+  /**
+   * The specified policy object was updated.
+   */
+  Updated = "Updated",
+  /**
+   * The specified policy object was removed.
+   */
+  Removed = "Removed"
+}
+
+/**
+ * Defines values for PolicyModification. \
+ * {@link KnownPolicyModification} can be used interchangeably with PolicyModification,
+ *  this enum contains the known values that the service supports.
+ * ### Know values supported by the service
+ * **Updated**: The specified policy object was updated. \
+ * **Removed**: The specified policy object was removed.
+ */
+export type PolicyModification = string;
+
+/**
+ * Contains response data for the get operation.
+ */
+export type PolicyGetResponse = PolicyResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: PolicyResponse;
+  };
+};
+
+/**
+ * Contains response data for the set operation.
+ */
+export type PolicySetModelResponse = PolicyResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: PolicyResponse;
+  };
+};
+
+/**
+ * Contains response data for the reset operation.
+ */
+export type PolicyResetResponse = PolicyResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: PolicyResponse;
+  };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type PolicyCertificatesGetResponse = PolicyCertificatesResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: PolicyCertificatesResponse;
+  };
+};
+
+/**
+ * Contains response data for the add operation.
+ */
+export type PolicyCertificatesAddResponse = PolicyCertificatesModifyResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: PolicyCertificatesModifyResponse;
+  };
+};
+
+/**
+ * Contains response data for the remove operation.
+ */
+export type PolicyCertificatesRemoveResponse = PolicyCertificatesModifyResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: PolicyCertificatesModifyResponse;
+  };
+};
+
+/**
+ * Contains response data for the attestOpenEnclave operation.
+ */
+export type AttestationAttestOpenEnclaveResponse = AttestationResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: AttestationResponse;
+  };
+};
+
+/**
+ * Contains response data for the attestSgxEnclave operation.
+ */
+export type AttestationAttestSgxEnclaveResponse = AttestationResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: AttestationResponse;
+  };
+};
+
+/**
+ * Contains response data for the attestTpm operation.
+ */
+export type AttestationAttestTpmResponse = TpmAttestationResponse & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: TpmAttestationResponse;
+  };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type SigningCertificatesGetResponse = JsonWebKeySet & {
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: JsonWebKeySet;
+  };
+};
+
+/**
+ * Contains response data for the get operation.
+ */
+export type MetadataConfigurationGetResponse = {
+  /**
+   * The parsed response body.
+   */
+  body: any;
+
+  /**
+   * The underlying HTTP response.
+   */
+  _response: coreHttp.HttpResponse & {
+    /**
+     * The response body as text (string format)
+     */
+    bodyAsText: string;
+
+    /**
+     * The response body as parsed JSON or XML
+     */
+    parsedBody: any;
+  };
+};
+
+/**
+ * Optional parameters.
+ */
+export interface AttestationClientOptionalParams
+  extends coreHttp.ServiceClientOptions {
+  /**
+   * Api Version
+   */
+  apiVersion?: string;
+  /**
+   * Overrides client endpoint.
+   */
+  endpoint?: string;
+}

sdk/attestation/attestation/src/models/mappers.ts

@@ -0,0 +1,721 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+
+export const PolicyResponse: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "PolicyResponse",
+    modelProperties: {
+      token: {
+        constraints: {
+          Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+        },
+        serializedName: "token",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const CloudError: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "CloudError",
+    modelProperties: {
+      error: {
+        serializedName: "error",
+        type: {
+          name: "Composite",
+          className: "CloudErrorBody"
+        }
+      }
+    }
+  }
+};
+
+export const CloudErrorBody: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "CloudErrorBody",
+    modelProperties: {
+      code: {
+        serializedName: "code",
+        type: {
+          name: "String"
+        }
+      },
+      message: {
+        serializedName: "message",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const PolicyCertificatesResponse: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "PolicyCertificatesResponse",
+    modelProperties: {
+      token: {
+        constraints: {
+          Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+        },
+        serializedName: "token",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const PolicyCertificatesModifyResponse: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "PolicyCertificatesModifyResponse",
+    modelProperties: {
+      token: {
+        constraints: {
+          Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+        },
+        serializedName: "token",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const AttestOpenEnclaveRequest: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "AttestOpenEnclaveRequest",
+    modelProperties: {
+      report: {
+        serializedName: "report",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      runtimeData: {
+        serializedName: "runtimeData",
+        type: {
+          name: "Composite",
+          className: "RuntimeData"
+        }
+      },
+      initTimeData: {
+        serializedName: "initTimeData",
+        type: {
+          name: "Composite",
+          className: "InitTimeData"
+        }
+      },
+      draftPolicyForAttestation: {
+        serializedName: "draftPolicyForAttestation",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const RuntimeData: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "RuntimeData",
+    modelProperties: {
+      data: {
+        serializedName: "data",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      dataType: {
+        serializedName: "dataType",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const InitTimeData: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "InitTimeData",
+    modelProperties: {
+      data: {
+        serializedName: "data",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      dataType: {
+        serializedName: "dataType",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const AttestationResponse: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "AttestationResponse",
+    modelProperties: {
+      token: {
+        constraints: {
+          Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+        },
+        serializedName: "token",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const AttestSgxEnclaveRequest: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "AttestSgxEnclaveRequest",
+    modelProperties: {
+      quote: {
+        serializedName: "quote",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      runtimeData: {
+        serializedName: "runtimeData",
+        type: {
+          name: "Composite",
+          className: "RuntimeData"
+        }
+      },
+      initTimeData: {
+        serializedName: "initTimeData",
+        type: {
+          name: "Composite",
+          className: "InitTimeData"
+        }
+      },
+      draftPolicyForAttestation: {
+        serializedName: "draftPolicyForAttestation",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const TpmAttestationRequest: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TpmAttestationRequest",
+    modelProperties: {
+      data: {
+        serializedName: "data",
+        type: {
+          name: "Base64Url"
+        }
+      }
+    }
+  }
+};
+
+export const TpmAttestationResponse: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "TpmAttestationResponse",
+    modelProperties: {
+      data: {
+        serializedName: "data",
+        type: {
+          name: "Base64Url"
+        }
+      }
+    }
+  }
+};
+
+export const JsonWebKeySet: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "JsonWebKeySet",
+    modelProperties: {
+      keys: {
+        serializedName: "keys",
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "Composite",
+              className: "JsonWebKey"
+            }
+          }
+        }
+      }
+    }
+  }
+};
+
+export const JsonWebKey: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "JsonWebKey",
+    modelProperties: {
+      alg: {
+        serializedName: "alg",
+        required: true,
+        type: {
+          name: "String"
+        }
+      },
+      crv: {
+        serializedName: "crv",
+        type: {
+          name: "String"
+        }
+      },
+      d: {
+        serializedName: "d",
+        type: {
+          name: "String"
+        }
+      },
+      dp: {
+        serializedName: "dp",
+        type: {
+          name: "String"
+        }
+      },
+      dq: {
+        serializedName: "dq",
+        type: {
+          name: "String"
+        }
+      },
+      e: {
+        serializedName: "e",
+        type: {
+          name: "String"
+        }
+      },
+      k: {
+        serializedName: "k",
+        type: {
+          name: "String"
+        }
+      },
+      kid: {
+        serializedName: "kid",
+        required: true,
+        type: {
+          name: "String"
+        }
+      },
+      kty: {
+        serializedName: "kty",
+        required: true,
+        type: {
+          name: "String"
+        }
+      },
+      n: {
+        serializedName: "n",
+        type: {
+          name: "String"
+        }
+      },
+      p: {
+        serializedName: "p",
+        type: {
+          name: "String"
+        }
+      },
+      q: {
+        serializedName: "q",
+        type: {
+          name: "String"
+        }
+      },
+      qi: {
+        serializedName: "qi",
+        type: {
+          name: "String"
+        }
+      },
+      use: {
+        serializedName: "use",
+        required: true,
+        type: {
+          name: "String"
+        }
+      },
+      x: {
+        serializedName: "x",
+        type: {
+          name: "String"
+        }
+      },
+      x5C: {
+        serializedName: "x5c",
+        type: {
+          name: "Sequence",
+          element: {
+            type: {
+              name: "String"
+            }
+          }
+        }
+      },
+      y: {
+        serializedName: "y",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const AttestationCertificateManagementBody: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "AttestationCertificateManagementBody",
+    modelProperties: {
+      policyCertificate: {
+        serializedName: "policyCertificate",
+        type: {
+          name: "Composite",
+          className: "JsonWebKey"
+        }
+      }
+    }
+  }
+};
+
+export const PolicyCertificatesResult: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "PolicyCertificatesResult",
+    modelProperties: {
+      policyCertificates: {
+        serializedName: "x-ms-policy-certificates",
+        type: {
+          name: "Composite",
+          className: "JsonWebKeySet"
+        }
+      }
+    }
+  }
+};
+
+export const PolicyCertificatesModificationResult: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "PolicyCertificatesModificationResult",
+    modelProperties: {
+      certificateThumbprint: {
+        serializedName: "x-ms-certificate-thumbprint",
+        type: {
+          name: "String"
+        }
+      },
+      certificateResolution: {
+        serializedName: "x-ms-policycertificates-result",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const StoredAttestationPolicy: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "StoredAttestationPolicy",
+    modelProperties: {
+      attestationPolicy: {
+        serializedName: "AttestationPolicy",
+        type: {
+          name: "Base64Url"
+        }
+      }
+    }
+  }
+};
+
+export const PolicyResult: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "PolicyResult",
+    modelProperties: {
+      policyResolution: {
+        serializedName: "x-ms-policy-result",
+        type: {
+          name: "String"
+        }
+      },
+      policyTokenHash: {
+        serializedName: "x-ms-policy-token-hash",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      policySigner: {
+        serializedName: "x-ms-policy-signer",
+        type: {
+          name: "Composite",
+          className: "JsonWebKey"
+        }
+      },
+      policy: {
+        constraints: {
+          Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+        },
+        serializedName: "x-ms-policy",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};
+
+export const AttestationResult: coreHttp.CompositeMapper = {
+  type: {
+    name: "Composite",
+    className: "AttestationResult",
+    modelProperties: {
+      jti: {
+        serializedName: "jti",
+        type: {
+          name: "String"
+        }
+      },
+      iss: {
+        serializedName: "iss",
+        type: {
+          name: "String"
+        }
+      },
+      iat: {
+        serializedName: "iat",
+        type: {
+          name: "Number"
+        }
+      },
+      exp: {
+        serializedName: "exp",
+        type: {
+          name: "Number"
+        }
+      },
+      nbf: {
+        serializedName: "nbf",
+        type: {
+          name: "Number"
+        }
+      },
+      cnf: {
+        serializedName: "cnf",
+        type: {
+          name: "any"
+        }
+      },
+      nonce: {
+        serializedName: "nonce",
+        type: {
+          name: "String"
+        }
+      },
+      version: {
+        serializedName: "x-ms-ver",
+        type: {
+          name: "String"
+        }
+      },
+      runtimeClaims: {
+        serializedName: "x-ms-runtime",
+        type: {
+          name: "any"
+        }
+      },
+      inittimeClaims: {
+        serializedName: "x-ms-inittime",
+        type: {
+          name: "any"
+        }
+      },
+      policyClaims: {
+        serializedName: "x-ms-policy",
+        type: {
+          name: "any"
+        }
+      },
+      verifierType: {
+        serializedName: "x-ms-attestation-type",
+        type: {
+          name: "String"
+        }
+      },
+      policySigner: {
+        serializedName: "x-ms-policy-signer",
+        type: {
+          name: "Composite",
+          className: "JsonWebKey"
+        }
+      },
+      policyHash: {
+        serializedName: "x-ms-policy-hash",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      isDebuggable: {
+        serializedName: "x-ms-sgx-is-debuggable",
+        type: {
+          name: "Boolean"
+        }
+      },
+      productId: {
+        serializedName: "x-ms-sgx-product-id",
+        type: {
+          name: "Number"
+        }
+      },
+      mrEnclave: {
+        serializedName: "x-ms-sgx-mrenclave",
+        type: {
+          name: "String"
+        }
+      },
+      mrSigner: {
+        serializedName: "x-ms-sgx-mrsigner",
+        type: {
+          name: "String"
+        }
+      },
+      svn: {
+        serializedName: "x-ms-sgx-svn",
+        type: {
+          name: "Number"
+        }
+      },
+      enclaveHeldData: {
+        serializedName: "x-ms-sgx-ehd",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      sgxCollateral: {
+        serializedName: "x-ms-sgx-collateral",
+        type: {
+          name: "any"
+        }
+      },
+      deprecatedVersion: {
+        serializedName: "ver",
+        type: {
+          name: "String"
+        }
+      },
+      deprecatedIsDebuggable: {
+        serializedName: "is-debuggable",
+        type: {
+          name: "Boolean"
+        }
+      },
+      deprecatedSgxCollateral: {
+        serializedName: "maa-attestationcollateral",
+        type: {
+          name: "any"
+        }
+      },
+      deprecatedEnclaveHeldData: {
+        serializedName: "aas-ehd",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      deprecatedEnclaveHeldData2: {
+        serializedName: "maa-ehd",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      deprecatedProductId: {
+        serializedName: "product-id",
+        type: {
+          name: "Number"
+        }
+      },
+      deprecatedMrEnclave: {
+        serializedName: "sgx-mrenclave",
+        type: {
+          name: "String"
+        }
+      },
+      deprecatedMrSigner: {
+        serializedName: "sgx-mrsigner",
+        type: {
+          name: "String"
+        }
+      },
+      deprecatedSvn: {
+        serializedName: "svn",
+        type: {
+          name: "Number"
+        }
+      },
+      deprecatedTee: {
+        serializedName: "tee",
+        type: {
+          name: "String"
+        }
+      },
+      deprecatedPolicySigner: {
+        serializedName: "policy_signer",
+        type: {
+          name: "Composite",
+          className: "JsonWebKey"
+        }
+      },
+      deprecatedPolicyHash: {
+        serializedName: "policy_hash",
+        type: {
+          name: "Base64Url"
+        }
+      },
+      deprecatedRpData: {
+        serializedName: "rp_data",
+        type: {
+          name: "String"
+        }
+      }
+    }
+  }
+};

sdk/attestation/attestation/src/models/parameters.ts

@@ -0,0 +1,178 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import {
+  OperationParameter,
+  OperationURLParameter,
+  OperationQueryParameter
+} from "@azure/core-http";
+import {
+  AttestOpenEnclaveRequest as AttestOpenEnclaveRequestMapper,
+  AttestSgxEnclaveRequest as AttestSgxEnclaveRequestMapper,
+  TpmAttestationRequest as TpmAttestationRequestMapper
+} from "../models/mappers";
+
+export const accept: OperationParameter = {
+  parameterPath: "accept",
+  mapper: {
+    defaultValue: "application/json",
+    isConstant: true,
+    serializedName: "Accept",
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const instanceUrl: OperationURLParameter = {
+  parameterPath: "instanceUrl",
+  mapper: {
+    serializedName: "instanceUrl",
+    required: true,
+    type: {
+      name: "String"
+    }
+  },
+  skipEncoding: true
+};
+
+export const apiVersion: OperationQueryParameter = {
+  parameterPath: "apiVersion",
+  mapper: {
+    defaultValue: "2020-10-01",
+    isConstant: true,
+    serializedName: "api-version",
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const attestationType: OperationURLParameter = {
+  parameterPath: "attestationType",
+  mapper: {
+    serializedName: "attestationType",
+    required: true,
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const contentType: OperationParameter = {
+  parameterPath: ["options", "contentType"],
+  mapper: {
+    defaultValue: "text/plain",
+    isConstant: true,
+    serializedName: "Content-Type",
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const newAttestationPolicy: OperationParameter = {
+  parameterPath: "newAttestationPolicy",
+  mapper: {
+    serializedName: "newAttestationPolicy",
+    required: true,
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const accept1: OperationParameter = {
+  parameterPath: "accept",
+  mapper: {
+    defaultValue: "application/json",
+    isConstant: true,
+    serializedName: "Accept",
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const policyJws: OperationParameter = {
+  parameterPath: "policyJws",
+  mapper: {
+    serializedName: "policyJws",
+    required: true,
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const contentType1: OperationParameter = {
+  parameterPath: ["options", "contentType"],
+  mapper: {
+    defaultValue: "application/json",
+    isConstant: true,
+    serializedName: "Content-Type",
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const policyCertificateToAdd: OperationParameter = {
+  parameterPath: "policyCertificateToAdd",
+  mapper: {
+    constraints: {
+      Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+    },
+    serializedName: "policyCertificateToAdd",
+    required: true,
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const policyCertificateToRemove: OperationParameter = {
+  parameterPath: "policyCertificateToRemove",
+  mapper: {
+    constraints: {
+      Pattern: new RegExp("[A-Za-z0-9_-]+.[A-Za-z0-9_-]*.[A-Za-z0-9_-]*")
+    },
+    serializedName: "policyCertificateToRemove",
+    required: true,
+    type: {
+      name: "String"
+    }
+  }
+};
+
+export const request: OperationParameter = {
+  parameterPath: "request",
+  mapper: AttestOpenEnclaveRequestMapper
+};
+
+export const request1: OperationParameter = {
+  parameterPath: "request",
+  mapper: AttestSgxEnclaveRequestMapper
+};
+
+export const request2: OperationParameter = {
+  parameterPath: "request",
+  mapper: TpmAttestationRequestMapper
+};
+
+export const accept2: OperationParameter = {
+  parameterPath: "accept",
+  mapper: {
+    defaultValue: "application/jwk+json, application/json",
+    isConstant: true,
+    serializedName: "Accept",
+    type: {
+      name: "String"
+    }
+  }
+};

sdk/attestation/attestation/src/operations/attestation.ts

@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { AttestationClient } from "../attestationClient";
+import {
+  AttestOpenEnclaveRequest,
+  AttestationAttestOpenEnclaveResponse,
+  AttestSgxEnclaveRequest,
+  AttestationAttestSgxEnclaveResponse,
+  TpmAttestationRequest,
+  AttestationAttestTpmResponse
+} from "../models";
+
+/**
+ * Class representing a Attestation.
+ */
+export class Attestation {
+  private readonly client: AttestationClient;
+
+  /**
+   * Initialize a new instance of the class Attestation class.
+   * @param client Reference to the service client
+   */
+  constructor(client: AttestationClient) {
+    this.client = client;
+  }
+
+  /**
+   * Processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent
+   * upon attestation policy.
+   * @param request Request object containing the quote
+   * @param options The options parameters.
+   */
+  attestOpenEnclave(
+    request: AttestOpenEnclaveRequest,
+    options?: coreHttp.OperationOptions
+  ): Promise<AttestationAttestOpenEnclaveResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      request,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      attestOpenEnclaveOperationSpec
+    ) as Promise<AttestationAttestOpenEnclaveResponse>;
+  }
+
+  /**
+   * Processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent
+   * upon attestation policy.
+   * @param request Request object containing the quote
+   * @param options The options parameters.
+   */
+  attestSgxEnclave(
+    request: AttestSgxEnclaveRequest,
+    options?: coreHttp.OperationOptions
+  ): Promise<AttestationAttestSgxEnclaveResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      request,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      attestSgxEnclaveOperationSpec
+    ) as Promise<AttestationAttestSgxEnclaveResponse>;
+  }
+
+  /**
+   * Processes attestation evidence from a VBS enclave, producing an attestation result. The attestation
+   * result produced is dependent upon the attestation policy.
+   * @param request Request object
+   * @param options The options parameters.
+   */
+  attestTpm(
+    request: TpmAttestationRequest,
+    options?: coreHttp.OperationOptions
+  ): Promise<AttestationAttestTpmResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      request,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      attestTpmOperationSpec
+    ) as Promise<AttestationAttestTpmResponse>;
+  }
+}
+// Operation Specifications
+
+const serializer = new coreHttp.Serializer(Mappers, /* isXml */ false);
+
+const attestOpenEnclaveOperationSpec: coreHttp.OperationSpec = {
+  path: "/attest/OpenEnclave",
+  httpMethod: "POST",
+  responses: {
+    200: {
+      bodyMapper: Mappers.AttestationResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.request,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept, Parameters.contentType1],
+  mediaType: "json",
+  serializer
+};
+const attestSgxEnclaveOperationSpec: coreHttp.OperationSpec = {
+  path: "/attest/SgxEnclave",
+  httpMethod: "POST",
+  responses: {
+    200: {
+      bodyMapper: Mappers.AttestationResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.request1,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept, Parameters.contentType1],
+  mediaType: "json",
+  serializer
+};
+const attestTpmOperationSpec: coreHttp.OperationSpec = {
+  path: "/attest/Tpm",
+  httpMethod: "POST",
+  responses: {
+    200: {
+      bodyMapper: Mappers.TpmAttestationResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.request2,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept, Parameters.contentType1],
+  mediaType: "json",
+  serializer
+};

sdk/attestation/attestation/src/operations/index.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+export * from "./policy";
+export * from "./policyCertificates";
+export * from "./attestation";
+export * from "./signingCertificates";
+export * from "./metadataConfiguration";

sdk/attestation/attestation/src/operations/metadataConfiguration.ts

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { AttestationClient } from "../attestationClient";
+import { MetadataConfigurationGetResponse } from "../models";
+
+/**
+ * Class representing a MetadataConfiguration.
+ */
+export class MetadataConfiguration {
+  private readonly client: AttestationClient;
+
+  /**
+   * Initialize a new instance of the class MetadataConfiguration class.
+   * @param client Reference to the service client
+   */
+  constructor(client: AttestationClient) {
+    this.client = client;
+  }
+
+  /**
+   * Retrieves metadata about the attestation signing keys in use by the attestation service
+   * @param options The options parameters.
+   */
+  get(
+    options?: coreHttp.OperationOptions
+  ): Promise<MetadataConfigurationGetResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      getOperationSpec
+    ) as Promise<MetadataConfigurationGetResponse>;
+  }
+}
+// Operation Specifications
+
+const serializer = new coreHttp.Serializer(Mappers, /* isXml */ false);
+
+const getOperationSpec: coreHttp.OperationSpec = {
+  path: "/.well-known/openid-configuration",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: { type: { name: "any" } }
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept],
+  serializer
+};

sdk/attestation/attestation/src/operations/policy.ts

@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { AttestationClient } from "../attestationClient";
+import {
+  AttestationType,
+  PolicyGetResponse,
+  PolicySetModelResponse,
+  PolicyResetResponse
+} from "../models";
+
+/**
+ * Class representing a Policy.
+ */
+export class Policy {
+  private readonly client: AttestationClient;
+
+  /**
+   * Initialize a new instance of the class Policy class.
+   * @param client Reference to the service client
+   */
+  constructor(client: AttestationClient) {
+    this.client = client;
+  }
+
+  /**
+   * Retrieves the current policy for an attestation type.
+   * @param attestationType Specifies the trusted execution environment to be used to validate the
+   *                        evidence
+   * @param options The options parameters.
+   */
+  get(
+    attestationType: AttestationType,
+    options?: coreHttp.OperationOptions
+  ): Promise<PolicyGetResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      attestationType,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      getOperationSpec
+    ) as Promise<PolicyGetResponse>;
+  }
+
+  /**
+   * Sets the policy for a given attestation type.
+   * @param attestationType Specifies the trusted execution environment to be used to validate the
+   *                        evidence
+   * @param newAttestationPolicy JWT Expressing the new policy whose body is a StoredAttestationPolicy
+   *                             object.
+   * @param options The options parameters.
+   */
+  set(
+    attestationType: AttestationType,
+    newAttestationPolicy: string,
+    options?: coreHttp.OperationOptions
+  ): Promise<PolicySetModelResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      attestationType,
+      newAttestationPolicy,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      setOperationSpec
+    ) as Promise<PolicySetModelResponse>;
+  }
+
+  /**
+   * Resets the attestation policy for the specified tenant and reverts to the default policy.
+   * @param attestationType Specifies the trusted execution environment to be used to validate the
+   *                        evidence
+   * @param policyJws JSON Web Signature with an empty policy document
+   * @param options The options parameters.
+   */
+  reset(
+    attestationType: AttestationType,
+    policyJws: string,
+    options?: coreHttp.OperationOptions
+  ): Promise<PolicyResetResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      attestationType,
+      policyJws,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      resetOperationSpec
+    ) as Promise<PolicyResetResponse>;
+  }
+}
+// Operation Specifications
+
+const serializer = new coreHttp.Serializer(Mappers, /* isXml */ false);
+
+const getOperationSpec: coreHttp.OperationSpec = {
+  path: "/policies/{attestationType}",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.PolicyResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl, Parameters.attestationType],
+  headerParameters: [Parameters.accept],
+  serializer
+};
+const setOperationSpec: coreHttp.OperationSpec = {
+  path: "/policies/{attestationType}",
+  httpMethod: "PUT",
+  responses: {
+    200: {
+      bodyMapper: Mappers.PolicyResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.newAttestationPolicy,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl, Parameters.attestationType],
+  headerParameters: [Parameters.contentType, Parameters.accept1],
+  mediaType: "text",
+  serializer
+};
+const resetOperationSpec: coreHttp.OperationSpec = {
+  path: "/policies/{attestationType}:reset",
+  httpMethod: "POST",
+  responses: {
+    200: {
+      bodyMapper: Mappers.PolicyResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.policyJws,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl, Parameters.attestationType],
+  headerParameters: [Parameters.contentType, Parameters.accept1],
+  mediaType: "text",
+  serializer
+};

sdk/attestation/attestation/src/operations/policyCertificates.ts

@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { AttestationClient } from "../attestationClient";
+import {
+  PolicyCertificatesGetResponse,
+  PolicyCertificatesAddResponse,
+  PolicyCertificatesRemoveResponse
+} from "../models";
+
+/**
+ * Class representing a PolicyCertificates.
+ */
+export class PolicyCertificates {
+  private readonly client: AttestationClient;
+
+  /**
+   * Initialize a new instance of the class PolicyCertificates class.
+   * @param client Reference to the service client
+   */
+  constructor(client: AttestationClient) {
+    this.client = client;
+  }
+
+  /**
+   * Retrieves the set of certificates used to express policy for the current tenant.
+   * @param options The options parameters.
+   */
+  get(
+    options?: coreHttp.OperationOptions
+  ): Promise<PolicyCertificatesGetResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      getOperationSpec
+    ) as Promise<PolicyCertificatesGetResponse>;
+  }
+
+  /**
+   * Adds a new attestation policy certificate to the set of policy management certificates.
+   * @param policyCertificateToAdd An RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key
+   *                               object. The RFC7519 JWT must be signed with one of the existing signing certificates
+   * @param options The options parameters.
+   */
+  add(
+    policyCertificateToAdd: string,
+    options?: coreHttp.OperationOptions
+  ): Promise<PolicyCertificatesAddResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      policyCertificateToAdd,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      addOperationSpec
+    ) as Promise<PolicyCertificatesAddResponse>;
+  }
+
+  /**
+   * Removes the specified policy management certificate. Note that the final policy management
+   * certificate cannot be removed.
+   * @param policyCertificateToRemove An RFC7519 JSON Web Token whose body is an
+   *                                  AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing
+   *                                  signing certificates
+   * @param options The options parameters.
+   */
+  remove(
+    policyCertificateToRemove: string,
+    options?: coreHttp.OperationOptions
+  ): Promise<PolicyCertificatesRemoveResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      policyCertificateToRemove,
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      removeOperationSpec
+    ) as Promise<PolicyCertificatesRemoveResponse>;
+  }
+}
+// Operation Specifications
+
+const serializer = new coreHttp.Serializer(Mappers, /* isXml */ false);
+
+const getOperationSpec: coreHttp.OperationSpec = {
+  path: "/certificates",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.PolicyCertificatesResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept],
+  serializer
+};
+const addOperationSpec: coreHttp.OperationSpec = {
+  path: "/certificates:add",
+  httpMethod: "POST",
+  responses: {
+    200: {
+      bodyMapper: Mappers.PolicyCertificatesModifyResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.policyCertificateToAdd,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept, Parameters.contentType1],
+  mediaType: "json",
+  serializer
+};
+const removeOperationSpec: coreHttp.OperationSpec = {
+  path: "/certificates:remove",
+  httpMethod: "POST",
+  responses: {
+    200: {
+      bodyMapper: Mappers.PolicyCertificatesModifyResponse
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  requestBody: Parameters.policyCertificateToRemove,
+  queryParameters: [Parameters.apiVersion],
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept, Parameters.contentType1],
+  mediaType: "json",
+  serializer
+};

sdk/attestation/attestation/src/operations/signingCertificates.ts

@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) Microsoft Corporation.
+ * Licensed under the MIT License.
+ *
+ * Code generated by Microsoft (R) AutoRest Code Generator.
+ * Changes may cause incorrect behavior and will be lost if the code is regenerated.
+ */
+
+import * as coreHttp from "@azure/core-http";
+import * as Mappers from "../models/mappers";
+import * as Parameters from "../models/parameters";
+import { AttestationClient } from "../attestationClient";
+import { SigningCertificatesGetResponse } from "../models";
+
+/**
+ * Class representing a SigningCertificates.
+ */
+export class SigningCertificates {
+  private readonly client: AttestationClient;
+
+  /**
+   * Initialize a new instance of the class SigningCertificates class.
+   * @param client Reference to the service client
+   */
+  constructor(client: AttestationClient) {
+    this.client = client;
+  }
+
+  /**
+   * Retrieves metadata signing certificates in use by the attestation service
+   * @param options The options parameters.
+   */
+  get(
+    options?: coreHttp.OperationOptions
+  ): Promise<SigningCertificatesGetResponse> {
+    const operationArguments: coreHttp.OperationArguments = {
+      options: coreHttp.operationOptionsToRequestOptionsBase(options || {})
+    };
+    return this.client.sendOperationRequest(
+      operationArguments,
+      getOperationSpec
+    ) as Promise<SigningCertificatesGetResponse>;
+  }
+}
+// Operation Specifications
+
+const serializer = new coreHttp.Serializer(Mappers, /* isXml */ false);
+
+const getOperationSpec: coreHttp.OperationSpec = {
+  path: "/certs",
+  httpMethod: "GET",
+  responses: {
+    200: {
+      bodyMapper: Mappers.JsonWebKeySet
+    },
+    default: {
+      bodyMapper: Mappers.CloudError
+    }
+  },
+  urlParameters: [Parameters.instanceUrl],
+  headerParameters: [Parameters.accept2],
+  serializer
+};

sdk/attestation/attestation/swagger/readme.md

@@ -0,0 +1,21 @@
+# Azure Cognitive Search TypeScript Protocol Layer
+
+> see https://aka.ms/autorest
+
+## Configuration
+
+```yaml
+package-name: "@azure/attestation"
+package-version: 1.0.0-beta.1
+generate-metadata: false
+license-header: MICROSOFT_MIT_NO_VERSION
+output-folder: ../
+source-code-folder-path: ./src/
+input-file: https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/attestation/data-plane/Microsoft.Attestation/stable/2020-10-01/attestation.json
+add-credentials: true
+credential-scopes: https://attest.azure.net/.default
+title: AttestationClient
+v3: true
+use-extension:
+  "@autorest/typescript": "6.0.0-dev.20201204.2"
+```

sdk/attestation/attestation/test/public/attestationTests.spec.ts

@@ -0,0 +1,181 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { assert, use as chaiUse } from "chai";
+import chaiPromises from "chai-as-promised";
+chaiUse(chaiPromises);
+
+import { isPlaybackMode, Recorder } from "@azure/test-utils-recorder";
+
+import { createRecordedClient, createRecorder } from "../utils/recordedClient";
+import { AttestationClient } from "../../src";
+import * as base64url from "../utils/base64url";
+import { verifyAttestationToken } from "../utils/helpers";
+
+describe("[AAD] Attestation Client", function() {
+  let recorder: Recorder;
+
+  beforeEach(function() {
+    // eslint-disable-next-line no-invalid-this
+    recorder = createRecorder(this);
+  });
+
+  afterEach(async function() {
+    await recorder.stop();
+  });
+
+  // runtimeData is a Base64Url encoded blob. The sgxQuote contains the SHA256 hash of this blob
+  // inside the binary quote data, that can be used to verify that the enclave creating the quote
+  // has knowledge of the contents of the runtimeData object.
+  const _runtimeData =
+    "wFdC6gBMrrej2JTuNlTjWOe-ebL7Rz34WjmEUnbfFEc_5BITs2t4V8uuEI8JX73t0g_nUTu6g07xyC6rx9wl8IUQFYyP" +
+    "KhsMk3FLESkryhb5dz9cDxoxwMNnGbu-B7AsOBCe3lckQmoRAEf4_5qUm-PS26DD3SkbNRT-XjMQMQ19Q33dpKFvXPrQ" +
+    "yvCK0ly0pL-JXXdnT4hsJUn8tJKW152W2gZWeXIKO8Ge2er_8xXUvQ6gCLZwwcD1--Whg90h9n5tVRNQdqCnWwsFL0LE" +
+    "KVNiCj7Cbii8_XpjYjTTSQKSOiC_i_VbZZF9cY4W_1ZpUj7WWkSSkPhNSuqBHOvmuFrVTlfQvgdsKYQ5zYbSnPtqJ1_4" +
+    "QUoPJsYQIxyFFncIDbuGWuTPd_FDKLBLQADyO4kYWjnVMXdM1p_xjtqo2_UWTznEfrQpoZttQE99GZVEVSXPBn0GXzph" +
+    "4JDKyWq3rDIvzFMhumG5ay1eyQ622hxwBN4WVxVjJ-BtaWMnU15o4OZZVReCpTodGZabT0RgAmJqKNZnH_Vx_ECLKxss" +
+    "xEHoNWZBUCWAS9Qy4OpdQZ1-vINHJaTIZsehSZrkk1a5ttJdghTSUJGbEPWt3Azstjidyq8x1l5q-PIClhJE_Q_vHOvT" +
+    "zxCebqZOhFJl08rx8I2OYxzekLA1miJ4aZs8h3eB6tOHZF06gJC8wcIORvy8d8ysEZvja40AWSg";
+
+  // An SGX quote is a binary blob which is cryptographically verified to come from an Intel
+  // SGX enclave. The Microsoft Azure Attestation service takes this SGX quote and
+  // verifies that the quote is valid and returns a JSON Web Token which can be used by
+  // a relying party to verify the runtimeData associated with the request.
+  const _sgxQuote =
+    "AwACAAAAAAAFAAoAk5pyM_ecTKmUCg2zlX8GBxikFG2RGHbLfXx_vS5gtP8AAAAADg4CBf-ABwAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAHAAAAAAAAANlxlh9yS3HfxfFV" +
+    "OsTvtorRYOhJYCzdhRy4QEI-WSpzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACFaCMSMCcBDt" +
+    "DOH31RW2vh11BeWCj7oZeFZ2Aw2P_8KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8SAQ" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj" +
+    "KYv2t_KVJfL8eJMumYwKEA--jtZ1UOGFrKEaj6Tm6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
+    "AAMBAAANfCXfxRtqOqDZV2NJAxIFTxDg0BuV-LLuq_D2YGtwp3x331XC_I13E1BqX7zR8dL4GiEACndxFk" +
+    "LGaAv7NTLL6pLrutcGj8wPA8MTOlV4BI9ZLcEwlNobvHIWKrrjtzDs_Wekb9nq08xb-P_yg0R0RvYNMkgI" +
+    "z61v6jPXeuq_n-Dg4CBf-ABwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFQAA" +
+    "AAAAAAAHAAAAAAAAAD-wrOCGnS4w8o6G1wx2ZAOlT7vNZY7s4OG5SKkVWRdAAAAAAAAAAAAAAAAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAACMT1d115ZQPpYTf3fGioKaAFasje1wFAsIGwlEkMV7_wAAAAAAAAAAAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAEABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAACJ_xj1I2YFmziAVUcpkwhFu4bxfwGQ71nD4Xoz4lKoNwAAAAAAAA" +
+    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKsDZgMr9cfiWsAr8sI9X5cwgnD3ob0ETj44vViBmw41w5Q7Z" +
+    "pSaH6cAfnRI3-QimRJnpzr_9V5LzIEBCVmloPyAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh" +
+    "8FAMgNAAAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRWdEQ0NCQ2FnQXdJQkFnSVVmakNyOUhX" +
+    "bmVSZzdLUUEra3krRmRybXdmMXd3Q2dZSUtvWkl6ajBFQXdJd2NURWpNQ0VHQTFVRQpBd3dhU1c1MFpXd2" +
+    "dVMGRZSUZCRFN5QlFjbTlqWlhOemIzSWdRMEV4R2pBWUJnTlZCQW9NRVVsdWRHVnNJRU52Y25CdmNtRjBh" +
+    "Vzl1Ck1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeEN6QUpCZ05WQk" +
+    "FZVEFsVlRNQjRYRFRFNU1EY3gKT0RJeU16STFObG9YRFRJMk1EY3hPREl5TXpJMU5sb3djREVpTUNBR0Ex" +
+    "VUVBd3daU1c1MFpXd2dVMGRZSUZCRFN5QkRaWEowYVdacApZMkYwWlRFYU1CZ0dBMVVFQ2d3UlNXNTBaV3" +
+    "dnUTI5eWNHOXlZWFJwYjI0eEZEQVNCZ05WQkFjTUMxTmhiblJoSUVOc1lYSmhNUXN3CkNRWURWUVFJREFK" +
+    "RFFURUxNQWtHQTFVRUJoTUNWVk13V1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVNpdG1MQT" +
+    "NJYjYKY3R1SGZ0ZnR3R1Qray90UGxwN2VvTVpnSlFDZSsxZFlXKzFvNTUwRXpXREM3dFRreWQ2NTJKdlBD" +
+    "VXBBZVMyUitDYUFRaGlPSThtNQpvNElDbXpDQ0FwY3dId1lEVlIwakJCZ3dGb0FVME9pcTJuWFgrUzVKRj" +
+    "VnOGV4UmwwTlh5V1Uwd1h3WURWUjBmQkZnd1ZqQlVvRktnClVJWk9hSFIwY0hNNkx5OWhjR2t1ZEhKMWMz" +
+    "UmxaSE5sY25acFkyVnpMbWx1ZEdWc0xtTnZiUzl6WjNndlkyVnlkR2xtYVdOaGRHbHYKYmk5Mk1TOXdZMn" +
+    "RqY213L1kyRTljSEp2WTJWemMyOXlNQjBHQTFVZERnUVdCQlN6czNGTVF1UlBLcGtSNWxTbXRkckl5V3Bt" +
+    "N2pBTwpCZ05WSFE4QkFmOEVCQU1DQnNBd0RBWURWUjBUQVFIL0JBSXdBRENDQWRRR0NTcUdTSWI0VFFFTk" +
+    "FRU0NBY1V3Z2dIQk1CNEdDaXFHClNJYjRUUUVOQVFFRUVNTDZ5K01oZG4vNkJiSWV6WEdkUHlNd2dnRmtC" +
+    "Z29xaGtpRytFMEJEUUVDTUlJQlZEQVFCZ3NxaGtpRytFMEIKRFFFQ0FRSUJCakFRQmdzcWhraUcrRTBCRF" +
+    "FFQ0FnSUJCakFRQmdzcWhraUcrRTBCRFFFQ0F3SUJBakFRQmdzcWhraUcrRTBCRFFFQwpCQUlCQkRBUUJn" +
+    "c3Foa2lHK0UwQkRRRUNCUUlCQVRBUkJnc3Foa2lHK0UwQkRRRUNCZ0lDQUlBd0VBWUxLb1pJaHZoTkFRME" +
+    "JBZ2NDCkFRRXdFQVlMS29aSWh2aE5BUTBCQWdnQ0FRQXdFQVlMS29aSWh2aE5BUTBCQWdrQ0FRQXdFQVlM" +
+    "S29aSWh2aE5BUTBCQWdvQ0FRQXcKRUFZTEtvWklodmhOQVEwQkFnc0NBUUF3RUFZTEtvWklodmhOQVEwQk" +
+    "Fnd0NBUUF3RUFZTEtvWklodmhOQVEwQkFnMENBUUF3RUFZTApLb1pJaHZoTkFRMEJBZzRDQVFBd0VBWUxL" +
+    "b1pJaHZoTkFRMEJBZzhDQVFBd0VBWUxLb1pJaHZoTkFRMEJBaEFDQVFBd0VBWUxLb1pJCmh2aE5BUTBCQW" +
+    "hFQ0FRY3dId1lMS29aSWh2aE5BUTBCQWhJRUVBWUdBZ1FCZ0FFQUFBQUFBQUFBQUFBd0VBWUtLb1pJaHZo" +
+    "TkFRMEIKQXdRQ0FBQXdGQVlLS29aSWh2aE5BUTBCQkFRR0FKQnVvUUFBTUE4R0NpcUdTSWI0VFFFTkFRVU" +
+    "tBUUF3Q2dZSUtvWkl6ajBFQXdJRApTQUF3UlFJaEFMN25wNTZieGtESFVRRStTaUQ1K1M4eTFEOWFOK0Zy" +
+    "MHY1VENUQlUyazNkQWlCbVdQZUVIOW1ySkJ3SWU5eHV1aHo0Clp4cTlzTnlPaDRCc3NzdEQwV0Jkd3c9PQ" +
+    "otLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDbHpD" +
+    "Q0FqNmdBd0lCQWdJVkFORG9xdHAxMS9rdVNSZVlQSHNVWmREVjhsbE5NQW9HQ0NxR1NNNDlCQU1DCk1HZ3" +
+    "hHakFZQmdOVkJBTU1FVWx1ZEdWc0lGTkhXQ0JTYjI5MElFTkJNUm93R0FZRFZRUUtEQkZKYm5SbGJDQkQK" +
+    "YjNKd2IzSmhkR2x2YmpFVU1CSUdBMVVFQnd3TFUyRnVkR0VnUTJ4aGNtRXhDekFKQmdOVkJBZ01Ba05CTV" +
+    "FzdwpDUVlEVlFRR0V3SlZVekFlRncweE9EQTFNakV4TURRMU1EaGFGdzB6TXpBMU1qRXhNRFExTURoYU1I" +
+    "RXhJekFoCkJnTlZCQU1NR2tsdWRHVnNJRk5IV0NCUVEwc2dVSEp2WTJWemMyOXlJRU5CTVJvd0dBWURWUV" +
+    "FLREJGSmJuUmwKYkNCRGIzSndiM0poZEdsdmJqRVVNQklHQTFVRUJ3d0xVMkZ1ZEdFZ1EyeGhjbUV4Q3pB" +
+    "SkJnTlZCQWdNQWtOQgpNUXN3Q1FZRFZRUUdFd0pWVXpCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RU" +
+    "hBMElBQkw5cStOTXAySU9nCnRkbDFiay91V1o1K1RHUW04YUNpOHo3OGZzK2ZLQ1EzZCt1RHpYblZUQVQy" +
+    "WmhEQ2lmeUl1Snd2TjN3TkJwOWkKSEJTU01KTUpyQk9qZ2Jzd2diZ3dId1lEVlIwakJCZ3dGb0FVSW1VTT" +
+    "FscWROSW56ZzdTVlVyOVFHemtuQnF3dwpVZ1lEVlIwZkJFc3dTVEJIb0VXZ1E0WkJhSFIwY0hNNkx5OWpa" +
+    "WEowYVdacFkyRjBaWE11ZEhKMWMzUmxaSE5sCmNuWnBZMlZ6TG1sdWRHVnNMbU52YlM5SmJuUmxiRk5IV0" +
+    "ZKdmIzUkRRUzVqY213d0hRWURWUjBPQkJZRUZORG8KcXRwMTEva3VTUmVZUEhzVVpkRFY4bGxOTUE0R0Ex" +
+    "VWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBRwpBUUgvQWdFQU1Bb0dDQ3FHU000OUJBTUNBMG" +
+    "NBTUVRQ0lDLzlqKzg0VCtIenRWTy9zT1FCV0piU2QrLzJ1ZXhLCjQrYUEwamNGQkxjcEFpQTNkaE1yRjVj" +
+    "RDUydDZGcU12QUlwajhYZEdteTJiZWVsakxKSytwenBjUkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS" +
+    "0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDampDQ0FqU2dBd0lCQWdJVUltVU0xbHFkTklu" +
+    "emc3U1ZVcjlRR3prbkJxd3dDZ1lJS29aSXpqMEVBd0l3CmFERWFNQmdHQTFVRUF3d1JTVzUwWld3Z1UwZF" +
+    "lJRkp2YjNRZ1EwRXhHakFZQmdOVkJBb01FVWx1ZEdWc0lFTnYKY25CdmNtRjBhVzl1TVJRd0VnWURWUVFI" +
+    "REF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRUNBd0NRMEV4Q3pBSgpCZ05WQkFZVEFsVlRNQjRYRFRFNE" +
+    "1EVXlNVEV3TkRFeE1Wb1hEVE16TURVeU1URXdOREV4TUZvd2FERWFNQmdHCkExVUVBd3dSU1c1MFpXd2dV" +
+    "MGRZSUZKdmIzUWdRMEV4R2pBWUJnTlZCQW9NRVVsdWRHVnNJRU52Y25CdmNtRjAKYVc5dU1SUXdFZ1lEVl" +
+    "FRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeEN6QUpCZ05WQkFZVApBbFZUTUZrd0V3" +
+    "WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFQzZuRXdNRElZWk9qL2lQV3NDemFFS2k3CjFPaU9TTF" +
+    "JGaFdHamJuQlZKZlZua1k0dTNJamtEWVlMME14TzRtcXN5WWpsQmFsVFZZeEZQMnNKQks1emxLT0IKdXpD" +
+    "QnVEQWZCZ05WSFNNRUdEQVdnQlFpWlF6V1dwMDBpZk9EdEpWU3YxQWJPU2NHckRCU0JnTlZIUjhFU3pCSg" +
+    "pNRWVnUmFCRGhrRm9kSFJ3Y3pvdkwyTmxjblJwWm1sallYUmxjeTUwY25WemRHVmtjMlZ5ZG1salpYTXVh" +
+    "VzUwClpXd3VZMjl0TDBsdWRHVnNVMGRZVW05dmRFTkJMbU55YkRBZEJnTlZIUTRFRmdRVUltVU0xbHFkTk" +
+    "luemc3U1YKVXI5UUd6a25CcXd3RGdZRFZSMFBBUUgvQkFRREFnRUdNQklHQTFVZEV3RUIvd1FJTUFZQkFm" +
+    "OENBUUV3Q2dZSQpLb1pJemowRUF3SURTQUF3UlFJZ1FRcy8wOHJ5Y2RQYXVDRms4VVBRWENNQWxzbG9CZT" +
+    "dOd2FRR1RjZHBhMEVDCklRQ1V0OFNHdnhLbWpwY00vejBXUDlEdm84aDJrNWR1MWlXRGRCa0FuKzBpaUE9" +
+    "PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgA";
+
+  it("#AttestSgxShared", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Shared");
+    const binaryRuntimeData = base64url.decodeString(_runtimeData);
+    const attestationResult = await client.attestation.attestSgxEnclave({
+      quote: base64url.decodeString(_sgxQuote),
+      runtimeData: {
+        data: binaryRuntimeData,
+        dataType: "Binary"
+      }
+    });
+
+    const result = attestationResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      await verifyAttestationToken(result, client);
+    }
+  });
+  it("#AttestSgxAad", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("AAD");
+    const binaryRuntimeData = base64url.decodeString(_runtimeData);
+    const attestationResult = await client.attestation.attestSgxEnclave({
+      quote: base64url.decodeString(_sgxQuote),
+      runtimeData: {
+        data: binaryRuntimeData,
+        dataType: "Binary"
+      }
+    });
+
+    const result = attestationResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      await verifyAttestationToken(result, client);
+    }
+  });
+
+  it("#AttestSgxIsolated", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("AAD");
+    const binaryRuntimeData = base64url.decodeString(_runtimeData);
+    const attestationResult = await client.attestation.attestSgxEnclave({
+      quote: base64url.decodeString(_sgxQuote),
+      runtimeData: {
+        data: binaryRuntimeData,
+        dataType: "Binary"
+      }
+    });
+
+    /**
+     * Skipping verification in playback mode because the resource url is part
+     * of the JWT and it has to be verified against the real resource url instead
+     * of the fake one in playback.
+     */
+    const result = attestationResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      await verifyAttestationToken(result, client);
+    }
+  });
+});

sdk/attestation/attestation/test/public/policyGetSetTests.spec.ts

@@ -0,0 +1,58 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { assert, use as chaiUse } from "chai";
+import chaiPromises from "chai-as-promised";
+chaiUse(chaiPromises);
+
+import { isPlaybackMode, Recorder } from "@azure/test-utils-recorder";
+
+import { createRecordedClient, createRecorder } from "../utils/recordedClient";
+import { AttestationClient, KnownAttestationType } from "../../src";
+import { verifyAttestationToken } from "../utils/helpers";
+
+describe("PolicyGetSetTests ", function() {
+  let recorder: Recorder;
+
+  beforeEach(function() {
+    // eslint-disable-next-line no-invalid-this
+    recorder = createRecorder(this);
+  });
+
+  afterEach(async function() {
+    await recorder.stop();
+  });
+
+  it("#GetPolicyAad", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("AAD");
+    const policyResult = await client.policy.get(KnownAttestationType.SgxEnclave);
+    const result = policyResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      await verifyAttestationToken(result, client);
+    }
+  });
+
+  it("#GetPolicyIsolated", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Isolated");
+    const policyResult = await client.policy.get(KnownAttestationType.SgxEnclave);
+    const result = policyResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      await verifyAttestationToken(result, client);
+    }
+  });
+
+  it("#GetPolicyShared", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Shared");
+    const policyResult = await client.policy.get(KnownAttestationType.SgxEnclave);
+    const result = policyResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      await verifyAttestationToken(result, client);
+    }
+  });
+});

sdk/attestation/attestation/test/public/policyManagementGetSetTests.spec.ts

@@ -0,0 +1,77 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { assert, use as chaiUse } from "chai";
+import chaiPromises from "chai-as-promised";
+chaiUse(chaiPromises);
+
+import { isPlaybackMode, Recorder } from "@azure/test-utils-recorder";
+
+import { createRecordedClient, createRecorder } from "../utils/recordedClient";
+import { AttestationClient } from "../../src";
+import { verifyAttestationToken } from "../utils/helpers";
+
+describe("PolicyManagementTests ", function() {
+  let recorder: Recorder;
+
+  beforeEach(function() {
+    // eslint-disable-next-line no-invalid-this
+    recorder = createRecorder(this);
+  });
+
+  afterEach(async function() {
+    await recorder.stop();
+  });
+
+  it("#GetPolicyManagementCertificatesAad", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("AAD");
+
+    const policyResult = await client.policyCertificates.get();
+    const result = policyResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      const tokenResult = await verifyAttestationToken(result, client);
+      assert.isDefined(tokenResult);
+      if (tokenResult) {
+        const tokenKeys = tokenResult["x-ms-policy-certificates"];
+        assert.equal(tokenKeys.keys.length, 0);
+      }
+    }
+  });
+
+  it("#GetPolicyShared", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Shared");
+    const policyResult = await client.policyCertificates.get();
+
+    const result = policyResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      const tokenResult = await verifyAttestationToken(result, client);
+      assert.isDefined(tokenResult);
+      if (tokenResult) {
+        const tokenKeys = tokenResult["x-ms-policy-certificates"];
+        assert.equal(tokenKeys.keys.length, 0);
+      }
+    }
+  });
+
+  it("#GetPolicyIsolated", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Isolated");
+    const policyResult = await client.policyCertificates.get();
+
+    const result = policyResult.token;
+    assert(result, "Expected a token from the service but did not receive one");
+    if (result && !isPlaybackMode()) {
+      const tokenResult = await verifyAttestationToken(result, client);
+      assert.isDefined(tokenResult);
+      if (tokenResult) {
+        const tokenKeys = tokenResult["x-ms-policy-certificates"];
+        // The isolated client has a single management client, unlike the others.
+        assert.equal(tokenKeys.keys.length, 1);
+      }
+    }
+  });
+});

sdk/attestation/attestation/test/public/tokenCertTests.spec.ts

@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { assert, use as chaiUse } from "chai";
+import chaiPromises from "chai-as-promised";
+chaiUse(chaiPromises);
+
+import { Recorder } from "@azure/test-utils-recorder";
+
+import { createRecordedClient, createRecorder } from "../utils/recordedClient";
+import { AttestationClient } from "../../src";
+import { Buffer } from "../utils/Buffer";
+
+describe("TokenCertTests", function() {
+  let recorder: Recorder;
+
+  beforeEach(function() {
+    // eslint-disable-next-line no-invalid-this
+    recorder = createRecorder(this);
+  });
+
+  afterEach(async function() {
+    await recorder.stop();
+  });
+
+  it("#GetCertificatesAAD", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("AAD");
+    const signingCertificates = await client.signingCertificates.get();
+    const certs = signingCertificates.keys!;
+    assert(certs.length > 0);
+    for (const key of certs) {
+      assert.isDefined(key.x5C);
+      for (const cert of key.x5C!) {
+        const berCert = Buffer.from(cert, "base64");
+        assert(berCert);
+      }
+    }
+  });
+  it("#GetCertificatesIsolated", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Isolated");
+    const signingCertificates = await client.signingCertificates.get();
+    const certs = signingCertificates.keys!;
+    assert(certs.length > 0);
+    for (const key of certs) {
+      assert.isDefined(key.x5C);
+      for (const cert of key.x5C!) {
+        const berCert = Buffer.from(cert, "base64");
+        assert(berCert);
+      }
+    }
+  });
+
+  it("#GetCertificatesShared", async () => {
+    let client: AttestationClient;
+    client = createRecordedClient("Shared");
+    const signingCertificates = await client.signingCertificates.get();
+    const certs = signingCertificates.keys!;
+    assert(certs.length > 0);
+    for (const key of certs) {
+      assert.isDefined(key.x5C);
+      for (const cert of key.x5C!) {
+        const berCert = Buffer.from(cert, "base64");
+        assert(berCert);
+      }
+    }
+  });
+});

sdk/attestation/attestation/test/utils/Buffer.browser.ts

@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { Buffer as buffer } from "buffer/";
+
+export { buffer as Buffer };

sdk/attestation/attestation/test/utils/Buffer.ts

@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { Buffer as buffer } from "safe-buffer";
+
+export { buffer as Buffer };

sdk/attestation/attestation/test/utils/base64url.browser.ts

@@ -0,0 +1,57 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+/// <reference lib="dom" />
+
+/**
+ * Encodes a string in base64 format.
+ * @param value the string to encode
+ */
+export function encodeString(value: string): string {
+  return btoa(value);
+}
+
+/**
+ * Encodes a byte array in base64 format.
+ * @param value the Uint8Array to encode
+ */
+export function encodeByteArray(value: Uint8Array): string {
+  let str = "";
+  for (let i = 0; i < value.length; i++) {
+    str += String.fromCharCode(value[i]);
+  }
+  return btoa(str);
+}
+
+/**
+ * Decodes a base64 string into a byte array.
+ * @param value the base64 string to decode
+ */
+function decodeStringFromBase64(value: string): Uint8Array {
+  const byteString = atob(value);
+  const arr = new Uint8Array(byteString.length);
+  for (let i = 0; i < byteString.length; i++) {
+    arr[i] = byteString.charCodeAt(i);
+  }
+  return arr;
+}
+
+/**
+ * Adds missing padding to a Base64 encoded string
+ * @param unpadded The unpadded input string
+ * @return The padded string
+ */
+function fixPadding(unpadded: string): string {
+  const count = 3 - ((unpadded.length + 3) % 4);
+  return unpadded + "=".repeat(count);
+}
+
+/**
+ * Decodes a base64url string into a byte array.
+ * @param value the base64url string to decode
+ */
+export function decodeString(value: string): Uint8Array {
+  const encoded = value.replace(/-/g, "+").replace(/_/g, "/");
+  const paddedEncoded = fixPadding(encoded);
+  return decodeStringFromBase64(paddedEncoded);
+}

sdk/attestation/attestation/test/utils/base64url.ts

@@ -0,0 +1,49 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+/**
+ * Encodes a string in base64 format.
+ * @param value the string to encode
+ */
+export function encodeString(value: string): string {
+  return Buffer.from(value).toString("base64");
+}
+
+/**
+ * Encodes a byte array in base64 format.
+ * @param value the Uint8Array to encode
+ */
+export function encodeByteArray(value: Uint8Array): string {
+  // Buffer.from accepts <ArrayBuffer> | <SharedArrayBuffer>-- the TypeScript definition is off here
+  // https://nodejs.org/api/buffer.html#buffer_class_method_buffer_from_arraybuffer_byteoffset_length
+  const bufferValue = value instanceof Buffer ? value : Buffer.from(value.buffer as ArrayBuffer);
+  return bufferValue.toString("base64");
+}
+
+/**
+ * Decodes a base64 string into a byte array.
+ * @param value the base64 string to decode
+ */
+function decodeStringFromBase64(value: string): Uint8Array {
+  return Buffer.from(value, "base64");
+}
+
+/**
+ * Adds missing padding to a Base64 encoded string
+ * @param unpadded The unpadded input string
+ * @return The padded string
+ */
+function fixPadding(unpadded: string): string {
+  const count = 3 - ((unpadded.length + 3) % 4);
+  return unpadded + "=".repeat(count);
+}
+
+/**
+ * Decodes a base64url string into a byte array.
+ * @param value the base64url string to decode
+ */
+export function decodeString(value: string): Uint8Array {
+  const encoded = value.replace(/-/g, "+").replace(/_/g, "/");
+  const paddedEncoded = fixPadding(encoded);
+  return decodeStringFromBase64(paddedEncoded);
+}

sdk/attestation/attestation/test/utils/decodeJWT.ts

@@ -0,0 +1,77 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+// typed implementation of jwsDecode, copied from here: https://github.com/auth0/node-jws/blob/master/lib/verify-stream.js
+
+import { Buffer } from "./Buffer";
+
+export function decode(
+  jwsSig: string,
+  opts: {
+    complete?: boolean;
+    json?: boolean;
+    encoding?: (this: any, key: string, value: any) => any;
+  }
+): {
+  header: { alg: string; typ: string; jku: string };
+  payload: string;
+  signature: string;
+} | null {
+  opts = opts || {};
+  jwsSig = toString(jwsSig);
+
+  if (!isValidJws(jwsSig)) return null;
+
+  var header = headerFromJWS(jwsSig);
+
+  if (!header) return null;
+
+  var payload = payloadFromJWS(jwsSig);
+  if (header.typ === "JWT" || opts.json) payload = JSON.parse(payload, opts.encoding);
+
+  return {
+    header: header,
+    payload: payload,
+    signature: signatureFromJWS(jwsSig)
+  };
+}
+
+function signatureFromJWS(jwsSig: string): string {
+  return jwsSig.split(".")[2];
+}
+
+function payloadFromJWS(jwsSig: string, encoding?: string) {
+  encoding = encoding || "utf8";
+  var payload = jwsSig.split(".")[1];
+  return Buffer.from(payload, "base64").toString(encoding);
+}
+
+function isValidJws(string: string) {
+  return JWS_REGEX.test(string) && !!headerFromJWS(string);
+}
+
+function isObject(thing: any) {
+  return Object.prototype.toString.call(thing) === "[object Object]";
+}
+
+function safeJsonParse(thing: any) {
+  if (isObject(thing)) return thing;
+  try {
+    return JSON.parse(thing);
+  } catch (e) {
+    return undefined;
+  }
+}
+
+function headerFromJWS(jwsSig: string) {
+  var encodedHeader = jwsSig.split(".", 1)[0];
+  return safeJsonParse(Buffer.from(encodedHeader, "base64").toString("binary"));
+}
+
+var JWS_REGEX = /^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/;
+
+function toString(obj: any) {
+  if (typeof obj === "string") return obj;
+  if (typeof obj === "number" || Buffer.isBuffer(obj)) return obj.toString();
+  return JSON.stringify(obj);
+}

sdk/attestation/attestation/test/utils/env.browser.ts

@@ -0,0 +1,2 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.

sdk/attestation/attestation/test/utils/env.ts

@@ -0,0 +1,6 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import * as dotenv from "dotenv";
+
+dotenv.config();

sdk/attestation/attestation/test/utils/helpers.ts

@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { assert } from "chai";
+
+import { AttestationClient } from "../../src/";
+
+import * as jsrsasign from "jsrsasign"; // works in the browser
+
+import { decode } from "./decodeJWT";
+
+export function decodeJWT(
+  attestationToken: string,
+  client: AttestationClient
+): {
+  [key: string]: any;
+} {
+  const decoded = decode(attestationToken, { complete: true, json: true });
+  if (decoded?.header) {
+    assert.notEqual(decoded.header.alg, "none");
+    assert.equal(decoded.header.typ, "JWT");
+    assert.equal(decoded.header.jku, client.instanceUrl + "/certs");
+    return decoded;
+  }
+  throw new Error(`decoded token did not have header: ${decoded}`);
+}
+
+export async function verifyAttestationToken(
+  attestationToken: string,
+  client: AttestationClient
+): Promise<{
+  [key: string]: any;
+}> {
+  const decoded = decodeJWT(attestationToken, client);
+  const keyId = decoded?.header.kid;
+
+  const signingCerts = await client.signingCertificates.get();
+  let signingCertx5C;
+  if (signingCerts?.keys) {
+    assert(signingCerts.keys?.length > 0);
+    for (const key of signingCerts.keys) {
+      if (key.kid === keyId) {
+        signingCertx5C = key.x5C;
+      }
+    }
+    if (signingCertx5C !== null && signingCertx5C !== undefined) {
+      // Convert the inbound certificate to PEM format so the verify function is happy.dir dist
+      let pemCert: string;
+      pemCert = "-----BEGIN CERTIFICATE-----\r\n";
+      pemCert += signingCertx5C[0];
+      pemCert += "\r\n-----END CERTIFICATE-----\r\n";
+
+      const pubKeyObj = jsrsasign.KEYUTIL.getKey(pemCert);
+      const isValid = jsrsasign.KJUR.jws.JWS.verifyJWT(
+        attestationToken,
+        pubKeyObj as jsrsasign.RSAKey,
+        {
+          iss: [client.instanceUrl],
+          alg: ["RS256"]
+        }
+      );
+      if (!isValid) {
+        throw new Error(`Verification failed! token: ${JSON.stringify(decoded)}`);
+      }
+    }
+  }
+  return decoded.payload;
+}

sdk/attestation/attestation/test/utils/recordedClient.ts

@@ -0,0 +1,72 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT license.
+
+import { Context } from "mocha";
+
+import { ClientSecretCredential } from "@azure/identity";
+import { env, Recorder, record, RecorderEnvironmentSetup } from "@azure/test-utils-recorder";
+
+import { AttestationClient, AttestationClientOptionalParams } from "../../src/";
+import "./env";
+
+const replaceableVariables: { [k: string]: string } = {
+  AZURE_CLIENT_ID: "azure_client_id",
+  AZURE_CLIENT_SECRET: "azure_client_secret",
+  AZURE_TENANT_ID: "azure_tenant_id",
+  ISOLATED_ATTESTATION_URL: "https://isolated_attestation_url",
+  AAD_ATTESTATION_URL: "https://aad_attestation_url",
+  policySigningCertificate0: "policy_signing_certificate0",
+  policySigningCertificate1: "policy_signing_certificate1",
+  policySigningCertificate2: "policy_signing_certificate2",
+  isolatedSigningCertificate: "isolated_signing_certificate"
+};
+
+export const environmentSetup: RecorderEnvironmentSetup = {
+  replaceableVariables,
+  customizationsOnRecordings: [
+    (recording: string): string =>
+      recording.replace(/"access_token"\s?:\s?"[^"]*"/g, `"access_token":"access_token"`),
+    // If we put ENDPOINT in replaceableVariables above, it will not capture
+    // the endpoint string used with nock, which will be expanded to
+    // https://<endpoint>:443/ and therefore will not match, so we have to do
+    // this instead.
+    (recording: string): string => {
+      const replaced = recording
+        .replace("aad_attestation_url:443", "aad_attestation_url")
+        .replace("isolated_attestation_url:443", "isolated_attestation_url");
+      return replaced;
+    }
+  ],
+  queryParametersToSkip: []
+};
+
+export function createRecorder(context: Context): Recorder {
+  return record(context, environmentSetup);
+}
+
+type EndpointType = "AAD" | "Isolated" | "Shared";
+
+export function createRecordedClient(
+  endpointType: EndpointType,
+  options?: AttestationClientOptionalParams
+): AttestationClient {
+  const credential = new ClientSecretCredential(
+    env.AZURE_TENANT_ID,
+    env.AZURE_CLIENT_ID,
+    env.AZURE_CLIENT_SECRET
+  );
+  switch (endpointType) {
+    case "AAD": {
+      return new AttestationClient(credential, env.AAD_ATTESTATION_URL, options);
+    }
+    case "Isolated": {
+      return new AttestationClient(credential, env.ISOLATED_ATTESTATION_URL, options);
+    }
+    case "Shared": {
+      return new AttestationClient(credential, "https://shareduks.uks.attest.azure.net", options);
+    }
+    default: {
+      throw new Error(`Unsupported endpoint type: ${endpointType}`);
+    }
+  }
+}

sdk/attestation/attestation/tests.yml

@@ -0,0 +1,15 @@
+trigger: none
+
+extends:
+  template: ../../../eng/pipelines/templates/jobs/archetype-sdk-integration.yml
+  parameters:
+    PackageName: "@azure/attestation"
+    ResourceServiceDirectory: attestation
+    TimeoutInMinutes: 90
+    ResourceGroupLocation: westus
+    SubscriptionConfiguration: $(sub-config-azure-cloud-test-resources-preview)
+    ArmTemplateParameters: "@{ enableVersioning = $true }"
+    EnvVars:
+      AZURE_CLIENT_ID: $(aad-azure-sdk-test-client-id)
+      AZURE_TENANT_ID: $(aad-azure-sdk-test-tenant-id)
+      AZURE_CLIENT_SECRET: $(aad-azure-sdk-test-client-secret)

sdk/attestation/attestation/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../../tsconfig.package",
+  "compilerOptions": {
+    "outDir": "./dist-esm",
+    "declarationDir": "./types"
+  },
+  "exclude": ["node_modules", "types", "temp", "browser", "dist", "dist-esm", "./samples/**/*.ts"]
+}

sdk/attestation/ci.yml

@@ -0,0 +1,30 @@
+# NOTE: Please refer to https://aka.ms/azsdk/engsys/ci-yaml before editing this file.
+
+trigger:
+  branches:
+    include:
+      - master
+      - release/*
+      - hotfix/*
+  paths:
+    include:
+      - sdk/attestation/
+
+pr:
+  branches:
+    include:
+      - master
+      - feature/*
+      - release/*
+      - hotfix/*
+  paths:
+    include:
+      - sdk/attestation/
+
+extends:
+  template: ../../eng/pipelines/templates/stages/archetype-sdk-client.yml
+  parameters:
+    ServiceDirectory: attestation
+    Artifacts:
+      - name: azure-attestation
+        safeName: azureattestation

sdk/attestation/test-resources-pre.ps1

@@ -0,0 +1,170 @@
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the MIT License.
+
+# IMPORTANT: Do not invoke this file directly. Please instead run eng/New-TestResources.ps1 from the repository root.
+
+#Requires -Version 6.0
+#Requires -PSEdition Core
+
+using namespace System.Security.Cryptography
+using namespace System.Security.Cryptography.X509Certificates
+
+# Use same parameter names as declared in eng/New-TestResources.ps1 (assume validation therein).
+[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Medium')]
+param (
+    # Captures any arguments from eng/New-TestResources.ps1 not declared here (no parameter errors).
+    [Parameter(ValueFromRemainingArguments = $true)]
+    $RemainingArguments
+)
+
+$ServiceRegionMap = @{
+    "east asia" = "EastAsia";
+    "southeast asia" = "SoutheastAsia";
+    "east us" = "EastUS";
+    "east us 2" = "EastUS2";
+    "west us" = "WestUS";
+    "west us 2" = "WestUS2";
+    "central us" = "CentralUS";
+    "north central us" = "NorthCentralUS";
+    "south central us" = "SouthCentralUS";
+    "north europe" = "NorthEurope";
+    "west europe" = "WestEurope";
+    "japan east" = "JapanEast";
+    "japan west" = "JapanWest";
+    "brazil south" = "BrazilSouth";
+    "australia east" = "AustraliaEast";
+    "australia southeast" = "AustraliaSoutheast";
+    "central india" = "CentralIndia";
+    "south india" = "SouthIndia";
+    "west india" = "WestIndia";
+    "china east" = "ChinaEast";
+    "china north" = "ChinaNorth";
+    "us gov iowa" = "USGovIowa";
+    "usgov virginia" = "USGovVirginia";
+    "germany central" = "GermanyCentral";
+    "germany northeast" = "GermanyNortheast";
+    "uk south" = "UKSouth";
+    "canada east" = "CanadaEast";
+    "canada central" = "CanadaCentral";
+    "canada west" = "CanadaWest";
+    "central us euap" = "CentralUSEUAP";
+}
+$AbbreviatedRegionMap = @{
+    "eastasia" = "easia";
+    "southeastasia" = "sasia";
+    "eastus" = "eus";
+    "eastus2" = "eus2";
+    "westus" = "wus";
+    "westus2" = "wus2";
+    "centralus" = "cus";
+    "northcentralus" = "ncus";
+    "southcentralus" = "scus";
+    "northeurope" = "neu";
+    "westeurope" = "weu";
+    "japaneast" = "ejp";
+    "japanwest" = "wjp";
+    "brazilsouth" = "sbr";
+    "australiaeast" = "eau";
+    "australiasoutheast" = "sau";
+    "centralindia" = "cin";
+    "southindia" = "sin";
+    "westindia" = "win";
+    "chinaeast" = "ecn";
+    "chinanorth" = "ncn";
+    "usgoviowa" = "iusg";
+    "usgovvirginia" = "vusg";
+    "germanycentral" = "cde";
+    "germanynortheast" = "nde";
+    "uksouth" = "uks";
+    "canadaeast" = "cae";
+    "canadacentral" = "cac";
+    "canadawest" = "caw";
+    "centraluseuap" = "cuse";
+}
+
+# By default stop for any error.
+if (!$PSBoundParameters.ContainsKey('ErrorAction')) {
+    $ErrorActionPreference = 'Stop'
+}
+
+function Log($Message) {
+    Write-Host ('{0} - {1}' -f [DateTime]::Now.ToLongTimeString(), $Message)
+}
+
+function New-X509Certificate2([RSA] $rsa, [string] $SubjectName) {
+
+    try {
+        $req = [CertificateRequest]::new(
+            [string] $SubjectName,
+            $rsa,
+            [HashAlgorithmName]::SHA256,
+            [RSASignaturePadding]::Pkcs1
+        )
+
+        # TODO: Add any KUs necessary to $req.CertificateExtensions
+
+        $req.CertificateExtensions.Add([X509BasicConstraintsExtension]::new($true, $false, 0, $false))
+
+        $NotBefore = [DateTimeOffset]::Now.AddDays(-1)
+        $NotAfter = $NotBefore.AddDays(365)
+
+        $req.CreateSelfSigned($NotBefore, $NotAfter)
+    }
+    finally {
+    }
+}
+
+function Export-X509Certificate2([string] $Path, [X509Certificate2] $Certificate) {
+
+    $Certificate.Export([X509ContentType]::Pfx) | Set-Content $Path -AsByteStream
+}
+
+function Export-X509Certificate2PEM([string] $Path, [X509Certificate2] $Certificate) {
+
+@"
+-----BEGIN CERTIFICATE-----
+$([Convert]::ToBase64String($Certificate.RawData, 'InsertLineBreaks'))
+-----END CERTIFICATE-----
+"@ > $Path
+
+}
+
+Log "Running PreConfig script".
+
+$shortLocation = $AbbreviatedRegionMap.Get_Item($Location.ToLower())
+Log "Mapped long location name ${Location} to short name: ${shortLocation}"
+
+try {
+   $isolatedKey = [RSA]::Create(2048)
+   $isolatedCertificate = New-X509Certificate2 $isolatedKey "CN=AttestationIsolatedManagementCertificate"
+
+   $EnvironmentVariables["ATTESTATION_ISOLATED_SIGNING_CERTIFICATE"] = $([Convert]::ToBase64String($isolatedCertificate.RawData, 'None'))
+   $templateFileParameters.isolatedSigningCertificate = $([Convert]::ToBase64String($isolatedCertificate.RawData, 'None'))
+
+   $EnvironmentVariables["ATTESTATION_ISOLATED_SIGNING_KEY"] = $([Convert]::ToBase64String($isolatedKey.ExportPkcs8PrivateKey()))
+   $EnvironmentVariables["ATTESTATION_SERIALIZED_ISOLATED_SIGNING_KEY"] = $isolatedKey.ToXmlString($True)
+}
+finally {
+   $isolatedKey.Dispose()
+}
+
+$EnvironmentVariables["ATTESTATION_LOCATION_SHORT_NAME"] = $shortLocation
+$templateFileParameters.locationShortName = $shortLocation
+
+Log 'Creating 3 X509 certificates which can be used to sign policies.'
+$wrappingFiles = foreach ($i in 0..2) {
+    try {
+        $certificateKey = [RSA]::Create(2048)
+        $certificate = New-X509Certificate2 $certificateKey "CN=AttestationCertificate$i"
+
+        $EnvironmentVariables["ATTESTATION_POLICY_SIGNING_CERTIFICATE$i"] = $([Convert]::ToBase64String($certificate.RawData))
+        $EnvironmentVariables["ATTESTATION_POLICY_SIGNING_KEY$i"] = $([Convert]::ToBase64String($certificateKey.ExportPkcs8PrivateKey()))
+        $EnvironmentVariables["ATTESTATION_SERIALIZED_POLICY_SIGNING_KEY$i"] = $certificateKey.ToXmlString($True)
+
+        $baseName = "$PSScriptRoot\attestation-certificate$i"
+        Export-X509Certificate2 "$baseName.pfx" $certificate
+    }
+    finally {
+        $certificateKey.Dispose()
+    }
+}

sdk/attestation/test-resources.json

@@ -0,0 +1,70 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "baseName": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().name]",
+      "metadata": {
+        "description": "The base resource name."
+      }
+    },
+    "location": {
+      "type": "string",
+      "defaultValue": "[resourceGroup().location]",
+      "metadata": {
+        "description": "The location of the resource. By default, this is the same as the resource group."
+      }
+    },
+    "isolatedSigningCertificate": {
+      "type": "string",
+      "defaultValue": ""
+    },
+    "locationShortName": {
+      "type": "string",
+      "defaultValue": ""
+    }
+  },
+  "variables": {
+    "isolatedTenantName": "[concat('js', concat(parameters('baseName'), 'iso'))]",
+    "aadTenantName": "[concat('js', concat(parameters('baseName'), 'aad'))]",
+    "isolatedUri": "[format('https://{0}.{1}.attest.azure.net', variables('isolatedTenantName'), parameters('locationShortName'))]",
+    "aadUri": "[format('https://{0}.{1}.attest.azure.net', variables('aadTenantName'), parameters('locationShortName'))]",
+    "PolicySigningCertificates": {
+      "PolicySigningCertificates": {
+        "keys": [
+          {
+            "kty": "RSA",
+            "use": "sig",
+            "x5c": ["[parameters('isolatedSigningCertificate')]"]
+          }
+        ]
+      }
+    }
+  },
+  "resources": [
+    {
+      "type": "Microsoft.Attestation/attestationProviders",
+      "apiVersion": "2020-10-01",
+      "name": "[variables('aadTenantName')]",
+      "location": "[parameters('location')]"
+    },
+    {
+      "type": "Microsoft.Attestation/attestationProviders",
+      "apiVersion": "2020-10-01",
+      "name": "[variables('isolatedTenantName')]",
+      "location": "[parameters('location')]",
+      "properties": "[variables('PolicySigningCertificates')]"
+    }
+  ],
+  "outputs": {
+    "ISOLATED_ATTESTATION_URL": {
+      "type": "string",
+      "value": "[variables('isolatedUri')]"
+    },
+    "AAD_ATTESTATION_URL": {
+      "type": "string",
+      "value": "[variables('aadUri')]"
+    }
+  }
+}