Package com.azure.security.attestation.models

Interface AttestationResult

public interface AttestationResult
An AttestationResult contains the defined claims included in a Microsoft Azure Attestation Token. An AttestationResult is an IETF RFC 7519 JSON Web Token, and implements many of the claims in IETF Draft-ietf-rats-eat.

  • Method Details

    • getUniqueIdentifier

      String getUniqueIdentifier()
      Get the Unique Identifier property: The Unique Identifier corresponds to the "jti" claim in a Json Web Token.
      Returns:
      the jti value. See RFC 7519 section 4.1.7 for more information.

    • getIssuer

      String getIssuer()
      Retrieve the issuer of the attestation token. The issuer corresponds to the "iss" claim in a Json Web Token. See RFC 7519 section 4.1.1 for more information. The issuer will always be the same as the attestation service instance endpoint URL.
      Returns:
      the iss value.

    • getIssuedAt

      OffsetDateTime getIssuedAt()
      Get the Issued At property: The time at which the token was issued. The IssuedAt property corresponds to the "iat" claim in a Json Web Token. See RFC 7519 section 4.1.6 for more information.
      Returns:
      the IssuedAt value.

    • getExpiresOn

      OffsetDateTime getExpiresOn()
      Get the ExpiresOn property: The expiration time after which the token is no longer valid. The ExpiresOn property corresponds to the "exp" claim in a Json Web Token. See RFC 7519 section 4.1.4
      Returns:
      the expiration time for the token.

    • getNotBefore

      OffsetDateTime getNotBefore()
      Get the NotBefore property: The time before which a token cannot be considered valid. The ExpiresOn property corresponds to the "exp" claim in a Json Web Token. See RFC 7519 section 4.1.4
      Returns:
      the time before which the token is invalid.

    • getNonce

      String getNonce()
      Returns the Nonce input to the attestation request, if provided. The Nonce claim corresponds to the "nonce" claim defined in draft-ietf-rats-eat-10, section 3.3
      Returns:
      the nonce value.

    • getVersion

      String getVersion()
      Get the version property: The Schema version of this structure. Current Value: 1.0.
      Returns:
      the version value.

    • getRuntimeClaims

      Object getRuntimeClaims()
      Get the runtimeClaims property: Runtime Claims. If AttestationDataInterpretation.JSON was specified in the AttestationData for the RunTime data this will contain the input RunTimeData as JSON elements.
      Returns:
      the RunTimeClaims value.

    • getInitTimeClaims

      Object getInitTimeClaims()
      Get the initTimeClaims property: InitTime Claims.
      If AttestationDataInterpretation.JSON was specified in the AttestationData for the InitTime data this will contain the input InitTimeData as JSON elements.
      Returns:
      the initTimeClaims value.

    • getPolicyClaims

      Object getPolicyClaims()
      Get the policyClaims property: Policy Generated Claims. This element contains all claims in the token which were generated by customer specified attestation policies.
      Returns:
      the policyClaims value.

    • getVerifierType

      String getVerifierType()
      Get the verifierType property: The Attestation Type being attested. Normally this will be one of "sgx", or "tpm"
      Returns:
      the verifierType value.

    • getPolicySigner

      AttestationSigner getPolicySigner()
      Get the policySigner property: If the attestation policy was signed, this will contain the certificate used to sign the policy object.
      Returns:
      the policySigner value.

    • getPolicyHash

      BinaryData getPolicyHash()
      Get the policyHash property: The SHA256 hash of the BASE64URL encoded policy text used for attestation.
      Returns:
      the policyHash value.

    • isDebuggable

      Boolean isDebuggable()
      Get the isDebuggable property: True if the enclave can be debugged, false otherwise. If the attestation evidence came from OpenEnclave, this corresponds to the OE_REPORT_ATTRIBUTES_DEBUG flag in the generated OpenEnclave report (oe_identity::attributes If the attestation evidence came from the Intel SGX SDK, this corresponds to the SGX_FLAGS_DEBUG flag.
      Returns:
      the isDebuggable value.

    • getProductId

      int getProductId()
      Get the productId property: The SGX Product ID for the enclave. The Product ID represents the ISVPRODID value from the enclave. See oe_identity::product_id for more information.
      Returns:
      the productId value.

    • getMrEnclave

      String getMrEnclave()
      Get the mrEnclave property: The HEX encoded SGX MRENCLAVE value for the enclave. Represents the HEX encoded MRENCLAVE Measure Register. This is the hash of the binary loaded into the enclave.
      Returns:
      the mrEnclave value.

    • getMrSigner

      String getMrSigner()
      Get the mrSigner property: The HEX encoded SGX MRSIGNER value for the enclave. Represents the HEX encoded MRSIGNER Measure Register. This is the hash of the signer of the code loaded into the enclave.
      Returns:
      the mrSigner value.

    • getSvn

      int getSvn()
      Get the svn property: The SGX SVN value for the enclave. The SVN for the enclave should be incremented on every security update.
      Returns:
      the svn value.

    • getEnclaveHeldData

      BinaryData getEnclaveHeldData()
      Get the enclaveHeldData property: A copy of the RuntimeData specified as an input to the call to attest if the AttestationDataInterpretation.BINARY data interpretation was set on the AttestationData passed to the AttestationOptions.setRunTimeData(AttestationData) API.
      Returns:
      the enclaveHeldData value.

    • getSgxCollateral

      Object getSgxCollateral()
      Get the sgxCollateral property: The SGX SVN value for the enclave. The SGX Collateral contains the HEX encoded SHA256 hash of each of the inputs to the attestation token.
      Returns:
      the sgxCollateral value.