Package com.azure.security.attestation.models

Class AttestationTokenValidationOptions

java.lang.Object
com.azure.security.attestation.models.AttestationTokenValidationOptions
public final class AttestationTokenValidationOptions extends Object
Set the options used to validate an attestation token.

For each AttestationToken object, there are several elements which can be validated:

  • The token signature (if it is signed)
  • The token expiration time (if it has an expiration time)
  • The token 'not before' time (if it has a not before time)
  • The issuer of the token
  • Any customer provided validations.

The AttestationTokenValidationOptions API allows customers to control various elements of the token validation. It also provides a mechanism for customers to provide their own validations to the validations performed by the client.

  • Constructor Details

    • AttestationTokenValidationOptions

      public AttestationTokenValidationOptions()
      Creates a new instance of the AttestationTokenValidationOptions with default settings.

  • Method Details

    • setValidateToken

      public AttestationTokenValidationOptions setValidateToken(boolean validateToken)
      Sets whether the token is to be validated at all. If the validateToken parameter is set to false, then no validations will be performed (default: true)
      Parameters:
      validateToken - - indicates if the token should be validated.
      Returns:
      this AttestationTokenValidationOptions object.

    • isValidateToken

      public boolean isValidateToken()
      Returns if the returned attestation token should be validated at all.
      Returns:
      a boolean indicating if the attestation token should be validated.

    • setExpectedIssuer

      public AttestationTokenValidationOptions setExpectedIssuer(String expectedIssuer)
      Sets the expected issuer of the token. When the token is validated, if this is set, the attestation API verifies that the issuer of the token matches the expected issuer (default: null)
      Parameters:
      expectedIssuer - - indicates the expected issuer of the attestation token.
      Returns:
      this AttestationTokenValidationOptions object.

    • getExpectedIssuer

      public String getExpectedIssuer()
      Returns the expected issuer of the attestation token.
      Returns:
      the expected issuer of the attestation token.

    • setValidationCallback

      public AttestationTokenValidationOptions setValidationCallback(BiConsumer<AttestationToken,AttestationSigner> callback)
      Sets a validation callback to allow the developer to provide additional validations beyond the basic validations performed by the attestation client.

      If the developer validation fails, the callback is expected to throw an exception which indicates the reason for the failure.

      Parameters:
      callback - - Customer provided callback which can perform additional validations beyond the default validations.
      Returns:
      this AttestationTokenValidationOptions object.

    • getValidationCallback

      public BiConsumer<AttestationToken,AttestationSigner> getValidationCallback()
      Returns the token validation callback.
      Returns:
      the token validation callback if set.

    • setValidateExpiresOn

      public AttestationTokenValidationOptions setValidateExpiresOn(boolean validateExpiresOn)
      Enable or Disable expiration time validation.
      Parameters:
      validateExpiresOn - - sets whether the expiration time should be validated.
      Returns:
      this AttestationTokenValidationOptions object.

    • isValidateExpiresOn

      public boolean isValidateExpiresOn()
      Returns whether expiration time should be validated.
      Returns:
      the current state of the ExpiresOn validation.

    • setValidateNotBefore

      public AttestationTokenValidationOptions setValidateNotBefore(boolean validateNotBefore)
      Enable or Disable NotBefore validation.
      Parameters:
      validateNotBefore - - sets whether the NotBefore time should be validated.
      Returns:
      this AttestationTokenValidationOptions object.

    • isValidateNotBefore

      public boolean isValidateNotBefore()
      Returns whether expiration time should be validated.
      Returns:
      the current state of the ExpiresOn validation.

    • setValidationSlack

      public AttestationTokenValidationOptions setValidationSlack(Duration slack)
      Sets the validation slack allowed when measuring times.
      Parameters:
      slack - - sets the allowable amount of slack.
      Returns:
      this AttestationTokenValidationOptions object.

    • getValidationSlack

      public Duration getValidationSlack()
      Returns the allowable slack for token time validations
      Returns:
      the allowable slack for token time validations.