Class AttestationTokenValidationOptions
java.lang.Object
com.azure.security.attestation.models.AttestationTokenValidationOptions
Set the options used to validate an attestation token.
For each AttestationToken
object, there are several elements which can be validated:
- The token signature (if it is signed)
- The token expiration time (if it has an expiration time)
- The token 'not before' time (if it has a not before time)
- The issuer of the token
- Any customer provided validations.
The AttestationTokenValidationOptions API allows customers to control various elements of the token validation. It also provides a mechanism for customers to provide their own validations to the validations performed by the client.
-
Constructor Summary
ConstructorDescriptionCreates a new instance of the AttestationTokenValidationOptions with default settings. -
Method Summary
Modifier and TypeMethodDescriptionReturns the expected issuer of the attestation token.Returns the token validation callback.Returns the allowable slack for token time validationsboolean
Returns whether expiration time should be validated.boolean
Returns whether expiration time should be validated.boolean
Returns if the returned attestation token should be validated at all.setExpectedIssuer
(String expectedIssuer) Sets the expected issuer of the token.setValidateExpiresOn
(boolean validateExpiresOn) Enable or Disable expiration time validation.setValidateNotBefore
(boolean validateNotBefore) Enable or Disable NotBefore validation.setValidateToken
(boolean validateToken) Sets whether the token is to be validated at all.Sets a validation callback to allow the developer to provide additional validations beyond the basic validations performed by the attestation client.setValidationSlack
(Duration slack) Sets the validation slack allowed when measuring times.
-
Constructor Details
-
AttestationTokenValidationOptions
public AttestationTokenValidationOptions()Creates a new instance of the AttestationTokenValidationOptions with default settings.
-
-
Method Details
-
setValidateToken
Sets whether the token is to be validated at all. If the validateToken parameter is set to false, then no validations will be performed (default: true)- Parameters:
validateToken
- - indicates if the token should be validated.- Returns:
- this AttestationTokenValidationOptions object.
-
isValidateToken
public boolean isValidateToken()Returns if the returned attestation token should be validated at all.- Returns:
- a boolean indicating if the attestation token should be validated.
-
setExpectedIssuer
Sets the expected issuer of the token. When the token is validated, if this is set, the attestation API verifies that the issuer of the token matches the expected issuer (default: null)- Parameters:
expectedIssuer
- - indicates the expected issuer of the attestation token.- Returns:
- this AttestationTokenValidationOptions object.
-
getExpectedIssuer
Returns the expected issuer of the attestation token.- Returns:
- the expected issuer of the attestation token.
-
setValidationCallback
public AttestationTokenValidationOptions setValidationCallback(BiConsumer<AttestationToken, AttestationSigner> callback) Sets a validation callback to allow the developer to provide additional validations beyond the basic validations performed by the attestation client.If the developer validation fails, the callback is expected to throw an exception which indicates the reason for the failure.
- Parameters:
callback
- - Customer provided callback which can perform additional validations beyond the default validations.- Returns:
- this AttestationTokenValidationOptions object.
-
getValidationCallback
Returns the token validation callback.- Returns:
- the token validation callback if set.
-
setValidateExpiresOn
Enable or Disable expiration time validation.- Parameters:
validateExpiresOn
- - sets whether the expiration time should be validated.- Returns:
- this AttestationTokenValidationOptions object.
-
isValidateExpiresOn
public boolean isValidateExpiresOn()Returns whether expiration time should be validated.- Returns:
- the current state of the ExpiresOn validation.
-
setValidateNotBefore
Enable or Disable NotBefore validation.- Parameters:
validateNotBefore
- - sets whether the NotBefore time should be validated.- Returns:
- this AttestationTokenValidationOptions object.
-
isValidateNotBefore
public boolean isValidateNotBefore()Returns whether expiration time should be validated.- Returns:
- the current state of the ExpiresOn validation.
-
setValidationSlack
Sets the validation slack allowed when measuring times.- Parameters:
slack
- - sets the allowable amount of slack.- Returns:
- this AttestationTokenValidationOptions object.
-
getValidationSlack
Returns the allowable slack for token time validations- Returns:
- the allowable slack for token time validations.
-