Interface AttestationResult
public interface AttestationResult
An AttestationResult contains the defined claims included in a Microsoft Azure Attestation Token.
An AttestationResult is an IETF RFC 7519 JSON Web Token, and implements many of the claims in
IETF Draft-ietf-rats-eat.
-
Method Summary
Modifier and TypeMethodDescriptionGet the enclaveHeldData property: A copy of the RuntimeData specified as an input to the call to attest if theAttestationDataInterpretation.BINARY
data interpretation was set on theAttestationData
passed to theAttestationOptions.setRunTimeData(AttestationData)
API.Get the ExpiresOn property: The expiration time after which the token is no longer valid.Get the initTimeClaims property: InitTime Claims.Get the Issued At property: The time at which the token was issued.Retrieve the issuer of the attestation token.Get the mrEnclave property: The HEX encoded SGX MRENCLAVE value for the enclave.Get the mrSigner property: The HEX encoded SGX MRSIGNER value for the enclave.getNonce()
Returns the Nonce input to the attestation request, if provided.Get the NotBefore property: The time before which a token cannot be considered valid.Get the policyClaims property: Policy Generated Claims.Get the policyHash property: The SHA256 hash of the BASE64URL encoded policy text used for attestation.Get the policySigner property: If the attestation policy was signed, this will contain the certificate used to sign the policy object.int
Get the productId property: The SGX Product ID for the enclave.Get the runtimeClaims property: Runtime Claims.Get the sgxCollateral property: The SGX SVN value for the enclave.int
getSvn()
Get the svn property: The SGX SVN value for the enclave.Get the Unique Identifier property: The Unique Identifier corresponds to the "jti" claim in a Json Web Token.Get the verifierType property: The Attestation Type being attested.Get the version property: The Schema version of this structure.Get the isDebuggable property: True if the enclave can be debugged, false otherwise.
-
Method Details
-
getUniqueIdentifier
String getUniqueIdentifier()Get the Unique Identifier property: The Unique Identifier corresponds to the "jti" claim in a Json Web Token.- Returns:
- the jti value. See RFC 7519 section 4.1.7 for more information.
-
getIssuer
String getIssuer()Retrieve the issuer of the attestation token. The issuer corresponds to the "iss" claim in a Json Web Token. See RFC 7519 section 4.1.1 for more information. The issuer will always be the same as the attestation service instance endpoint URL.- Returns:
- the iss value.
-
getIssuedAt
OffsetDateTime getIssuedAt()Get the Issued At property: The time at which the token was issued. The IssuedAt property corresponds to the "iat" claim in a Json Web Token. See RFC 7519 section 4.1.6 for more information.- Returns:
- the IssuedAt value.
-
getExpiresOn
OffsetDateTime getExpiresOn()Get the ExpiresOn property: The expiration time after which the token is no longer valid. The ExpiresOn property corresponds to the "exp" claim in a Json Web Token. See RFC 7519 section 4.1.4- Returns:
- the expiration time for the token.
-
getNotBefore
OffsetDateTime getNotBefore()Get the NotBefore property: The time before which a token cannot be considered valid. The ExpiresOn property corresponds to the "exp" claim in a Json Web Token. See RFC 7519 section 4.1.4- Returns:
- the time before which the token is invalid.
-
getNonce
String getNonce()Returns the Nonce input to the attestation request, if provided. The Nonce claim corresponds to the "nonce" claim defined in draft-ietf-rats-eat-10, section 3.3- Returns:
- the nonce value.
-
getVersion
String getVersion()Get the version property: The Schema version of this structure. Current Value: 1.0.- Returns:
- the version value.
-
getRuntimeClaims
Object getRuntimeClaims()Get the runtimeClaims property: Runtime Claims. IfAttestationDataInterpretation.JSON
was specified in theAttestationData
for the RunTime data this will contain the input RunTimeData as JSON elements.- Returns:
- the RunTimeClaims value.
-
getInitTimeClaims
Object getInitTimeClaims()Get the initTimeClaims property: InitTime Claims.
IfAttestationDataInterpretation.JSON
was specified in theAttestationData
for the InitTime data this will contain the input InitTimeData as JSON elements.- Returns:
- the initTimeClaims value.
-
getPolicyClaims
Object getPolicyClaims()Get the policyClaims property: Policy Generated Claims. This element contains all claims in the token which were generated by customer specified attestation policies.- Returns:
- the policyClaims value.
-
getVerifierType
String getVerifierType()Get the verifierType property: The Attestation Type being attested. Normally this will be one of "sgx", or "tpm"- Returns:
- the verifierType value.
-
getPolicySigner
AttestationSigner getPolicySigner()Get the policySigner property: If the attestation policy was signed, this will contain the certificate used to sign the policy object.- Returns:
- the policySigner value.
-
getPolicyHash
BinaryData getPolicyHash()Get the policyHash property: The SHA256 hash of the BASE64URL encoded policy text used for attestation.- Returns:
- the policyHash value.
-
isDebuggable
Boolean isDebuggable()Get the isDebuggable property: True if the enclave can be debugged, false otherwise. If the attestation evidence came from OpenEnclave, this corresponds to the OE_REPORT_ATTRIBUTES_DEBUG flag in the generated OpenEnclave report (oe_identity::attributes If the attestation evidence came from the Intel SGX SDK, this corresponds to the SGX_FLAGS_DEBUG flag.- Returns:
- the isDebuggable value.
-
getProductId
int getProductId()Get the productId property: The SGX Product ID for the enclave. The Product ID represents the ISVPRODID value from the enclave. See oe_identity::product_id for more information.- Returns:
- the productId value.
-
getMrEnclave
String getMrEnclave()Get the mrEnclave property: The HEX encoded SGX MRENCLAVE value for the enclave. Represents the HEX encoded MRENCLAVE Measure Register. This is the hash of the binary loaded into the enclave.- Returns:
- the mrEnclave value.
-
getMrSigner
String getMrSigner()Get the mrSigner property: The HEX encoded SGX MRSIGNER value for the enclave. Represents the HEX encoded MRSIGNER Measure Register. This is the hash of the signer of the code loaded into the enclave.- Returns:
- the mrSigner value.
-
getSvn
int getSvn()Get the svn property: The SGX SVN value for the enclave. The SVN for the enclave should be incremented on every security update.- Returns:
- the svn value.
-
getEnclaveHeldData
BinaryData getEnclaveHeldData()Get the enclaveHeldData property: A copy of the RuntimeData specified as an input to the call to attest if theAttestationDataInterpretation.BINARY
data interpretation was set on theAttestationData
passed to theAttestationOptions.setRunTimeData(AttestationData)
API.- Returns:
- the enclaveHeldData value.
-
getSgxCollateral
Object getSgxCollateral()Get the sgxCollateral property: The SGX SVN value for the enclave. The SGX Collateral contains the HEX encoded SHA256 hash of each of the inputs to the attestation token.- Returns:
- the sgxCollateral value.
-