Package com.azure.security.attestation

Class AttestationAdministrationClientBuilder

java.lang.Object

com.azure.security.attestation.AttestationAdministrationClientBuilder

All Implemented Interfaces:

ConfigurationTrait<AttestationAdministrationClientBuilder>, EndpointTrait<AttestationAdministrationClientBuilder>, HttpTrait<AttestationAdministrationClientBuilder>, TokenCredentialTrait<AttestationAdministrationClientBuilder>

public final class AttestationAdministrationClientBuilder
extends Object
implements ConfigurationTrait<AttestationAdministrationClientBuilder>, EndpointTrait<AttestationAdministrationClientBuilder>, HttpTrait<AttestationAdministrationClientBuilder>, TokenCredentialTrait<AttestationAdministrationClientBuilder>

This class provides a fluent builder API to help add in the configuration and instantiation of the administrative APIs implemented by the Attestation Service: AttestationAdministrationClient and AttestationAdministrationAsyncClient classes calling the AttestationClientBuilder.buildClient() or AttestationClientBuilder.buildAsyncClient().

More information on attestation policies can be found here

There are two main families of APIs available from the Administration client.

• Attestation Policy Management
• Policy Management Certificate Management

The Policy Management APIs provide the ability to retrieve, modify and reset attestation policies. The policy management APIs are:

• AttestationAdministrationClient.getAttestationPolicy(AttestationType)
• AttestationAdministrationAsyncClient.getAttestationPolicy(AttestationType)
• AttestationAdministrationClient.setAttestationPolicy(AttestationType, AttestationPolicySetOptions)
• AttestationAdministrationAsyncClient.setAttestationPolicy(AttestationType, AttestationPolicySetOptions)
• AttestationAdministrationClient.resetAttestationPolicy(AttestationType, AttestationPolicySetOptions)
• AttestationAdministrationAsyncClient.resetAttestationPolicy(AttestationType, AttestationPolicySetOptions)

The Policy Management Certificate APIs provide the ability to manage the certificates which are used to establish authorization for Isolated mode attestation service instances. They include apis to enumerate, add and remove policy management certificates.

The minimal configuration options required by AttestationClientBuilder are:

• A String endpoint.
• A TokenCredential object.

Instantiate a synchronous Attestation Client

 AttestationAdministrationClient client = new AttestationAdministrationClientBuilder()
     .endpoint(endpoint)
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildClient();
 

 AttestationAdministrationAsyncClient asyncClient = new AttestationAdministrationClientBuilder()
     .endpoint(endpoint)
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildAsyncClient();
 

Constructor Summary

Constructors

Constructor	Description
AttestationAdministrationClientBuilder()	Creates a new instance of the AttestationClientBuilder class.

Method Summary

Modifier and Type	Method	Description
AttestationAdministrationClientBuilder	addPolicy(HttpPipelinePolicy policy)	Adds a pipeline policy to apply on each request sent.
AttestationAdministrationAsyncClient	buildAsyncClient()	Builds an instance of AttestationAsyncClient async client.
AttestationAdministrationClient	buildClient()	Builds an instance of AttestationClient sync client.
AttestationAdministrationClientBuilder	clientOptions(ClientOptions clientOptions)	Allows for setting common properties such as application ID, headers, proxy configuration, etc.
AttestationAdministrationClientBuilder	configuration(Configuration configuration)	Sets the client-specific configuration used to retrieve client or global configuration properties when building a client.
AttestationAdministrationClientBuilder	credential(TokenCredential credential)	Sets the TokenCredential used to authorize requests sent to the service.
AttestationAdministrationClientBuilder	endpoint(String endpoint)	Sets The attestation endpoint URI, for example https://mytenant.attest.azure.net.
AttestationAdministrationClientBuilder	httpClient(HttpClient httpClient)	Sets the HttpClient to use for sending and receiving requests to and from the service.
AttestationAdministrationClientBuilder	httpLogOptions(HttpLogOptions httpLogOptions)	Sets the logging configuration to use when sending and receiving requests to and from the service.
AttestationAdministrationClientBuilder	pipeline(HttpPipeline pipeline)	Sets the HttpPipeline to use for the service client.
AttestationAdministrationClientBuilder	retryOptions(RetryOptions retryOptions)	Sets the RetryOptions for all the requests made through the client.
AttestationAdministrationClientBuilder	retryPolicy(RetryPolicy retryPolicy)	Sets The retry policy that will attempt to retry failed requests, if applicable.
AttestationAdministrationClientBuilder	serviceVersion(AttestationServiceVersion serviceVersion)	Sets the desired API version for this attestation client.
AttestationAdministrationClientBuilder	tokenValidationOptions(AttestationTokenValidationOptions tokenValidationOptions)	Sets AttestationToken validation options for clients created from this builder.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AttestationAdministrationClientBuilder

public AttestationAdministrationClientBuilder()

Creates a new instance of the AttestationClientBuilder class.

Method Details

buildClient

public AttestationAdministrationClient buildClient()

Builds an instance of AttestationClient sync client. Instantiating a synchronous Attestation client:

 AttestationAdministrationClient client = new AttestationAdministrationClientBuilder()
     .endpoint(endpoint)
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildClient();
 

Returns:

an instance of AttestationClient.

Throws:

IllegalStateException - If both retryOptions(RetryOptions) and retryPolicy(RetryPolicy) have been set.

buildAsyncClient

public AttestationAdministrationAsyncClient buildAsyncClient()

Builds an instance of AttestationAsyncClient async client. Instantiating a synchronous Attestation client:

 AttestationAdministrationAsyncClient asyncClient = new AttestationAdministrationClientBuilder()
     .endpoint(endpoint)
     .credential(new DefaultAzureCredentialBuilder().build())
     .buildAsyncClient();
 

Returns:

an instance of AttestationClient.

Throws:

IllegalStateException - If both retryOptions(RetryOptions) and retryPolicy(RetryPolicy) have been set.

endpoint

public AttestationAdministrationClientBuilder endpoint(String endpoint)

Sets The attestation endpoint URI, for example https://mytenant.attest.azure.net.

Specified by:

endpoint in interface EndpointTrait<AttestationAdministrationClientBuilder>

Parameters:

endpoint - The endpoint to connect to.

Returns:

the AttestationClientBuilder.

serviceVersion

public AttestationAdministrationClientBuilder serviceVersion(AttestationServiceVersion serviceVersion)

Sets the desired API version for this attestation client.

Parameters:

serviceVersion - Specifies the API version to use in the outgoing API calls.

Returns:

the AttestationClientBuilder.

credential

public AttestationAdministrationClientBuilder credential(TokenCredential credential)

Sets the TokenCredential used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of the TokenCredential type.

Specified by:

credential in interface TokenCredentialTrait<AttestationAdministrationClientBuilder>

Parameters:

credential - TokenCredential used to authorize requests sent to the service.

Returns:

the AttestationClientBuilder.

pipeline

public AttestationAdministrationClientBuilder pipeline(HttpPipeline pipeline)

Sets the HttpPipeline to use for the service client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Specified by:

pipeline in interface HttpTrait<AttestationAdministrationClientBuilder>

Parameters:

pipeline - HttpPipeline to use for sending service requests and receiving responses.

Returns:

the AttestationClientBuilder.

httpClient

public AttestationAdministrationClientBuilder httpClient(HttpClient httpClient)

Sets the HttpClient to use for sending and receiving requests to and from the service.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Specified by:

httpClient in interface HttpTrait<AttestationAdministrationClientBuilder>

Parameters:

httpClient - The HttpClient to use for requests.

Returns:

the AttestationClientBuilder.

configuration

public AttestationAdministrationClientBuilder configuration(Configuration configuration)

Sets the client-specific configuration used to retrieve client or global configuration properties when building a client.

Specified by:

configuration in interface ConfigurationTrait<AttestationAdministrationClientBuilder>

Parameters:

configuration - Configuration store used to retrieve client configurations.

Returns:

the AttestationClientBuilder.

httpLogOptions

public AttestationAdministrationClientBuilder httpLogOptions(HttpLogOptions httpLogOptions)

Sets the logging configuration to use when sending and receiving requests to and from the service. If a logLevel is not provided, default value of HttpLogDetailLevel.NONE is set.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Specified by:

httpLogOptions in interface HttpTrait<AttestationAdministrationClientBuilder>

Parameters:

httpLogOptions - The logging configuration to use when sending and receiving requests to and from the service.

Returns:

the AttestationClientBuilder.

retryPolicy

public AttestationAdministrationClientBuilder retryPolicy(RetryPolicy retryPolicy)

Sets The retry policy that will attempt to retry failed requests, if applicable.

Setting this is mutually exclusive with using retryOptions(RetryOptions).

Parameters:

retryPolicy - the retryPolicy value.

Returns:

the AttestationClientBuilder.

retryOptions

public AttestationAdministrationClientBuilder retryOptions(RetryOptions retryOptions)

Sets the RetryOptions for all the requests made through the client.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Setting this is mutually exclusive with using retryPolicy(RetryPolicy).

Specified by:

retryOptions in interface HttpTrait<AttestationAdministrationClientBuilder>

Parameters:

retryOptions - The RetryOptions to use for all the requests made through the client.

Returns:

the AttestationAdministrationClientBuilder.

clientOptions

public AttestationAdministrationClientBuilder clientOptions(ClientOptions clientOptions)

Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of the HttpClientOptions class (a subclass of the ClientOptions base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Specified by:

clientOptions in interface HttpTrait<AttestationAdministrationClientBuilder>

Parameters:

clientOptions - A configured instance of HttpClientOptions.

Returns:

the updated AttestationAdministrationClientBuilder object

See Also:

• HttpClientOptions

addPolicy

public AttestationAdministrationClientBuilder addPolicy(HttpPipelinePolicy policy)

Adds a pipeline policy to apply on each request sent.

Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a HttpPipeline is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If no HttpPipeline is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if an HttpPipeline is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.

Specified by:

addPolicy in interface HttpTrait<AttestationAdministrationClientBuilder>

Parameters:

policy - A pipeline policy.

Returns:

this AttestationAdministrationClientBuilder.

Throws:

NullPointerException - If pipelinePolicy is null.

tokenValidationOptions

public AttestationAdministrationClientBuilder tokenValidationOptions(AttestationTokenValidationOptions tokenValidationOptions)

Sets AttestationToken validation options for clients created from this builder.

Because attestation service clients need to have the ability to validate that the data returned by the attestation service actually originated from within the service, most Attestation Service APIs embed their response in a RFC 7519 JSON Web Token.

The AttestationTokenValidationOptions provides a mechanism for a client to customize the validation of responses sent by the attestation service.

The tokenValidationOptions property sets the default validation options used by the AttestationClient or AttestationAsyncClient returned from this builder.

Note: most APIs allow this value to be overridden on a per-api basis if that flexibility is needed.

 AttestationAdministrationClient validatedClient = new AttestationAdministrationClientBuilder()
     .endpoint(endpoint)
     .tokenValidationOptions(new AttestationTokenValidationOptions()
         // Allow 10 seconds of clock drift between attestation service and client.
         .setValidationSlack(Duration.ofSeconds(10))
         .setValidationCallback((token, signer) -> { // Perform custom validation steps.
             System.out.printf("Validate token signed by signer %s\n",
                 signer.getCertificates().get(0).getSubjectDN().toString());
         }))
     .buildClient();
 

Parameters:

tokenValidationOptions - - Validation options used when validating JSON Web Tokens returned by the attestation service.

Returns:

this AttestationAdministrationClientBuilder