attestation

package
v52.3.5+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 24, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package attestation implements the Azure ARM Attestation service API version 2020-10-01.

Describes the interface for the per-tenant enclave service.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func UserAgent

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AttestOpenEnclaveRequest

type AttestOpenEnclaveRequest struct {
	// Report - OpenEnclave report from the enclave to be attested (a URL-encoded base64 string)
	Report *string `json:"report,omitempty"`
	// RuntimeData - Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
	RuntimeData *RuntimeData `json:"runtimeData,omitempty"`
	// InitTimeData - Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
	InitTimeData *InitTimeData `json:"initTimeData,omitempty"`
	// DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated.
	DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"`
}

AttestOpenEnclaveRequest attestation request for Intel SGX enclaves

type AttestSgxEnclaveRequest

type AttestSgxEnclaveRequest struct {
	// Quote - Quote of the enclave to be attested (a URL-encoded base64 string)
	Quote *string `json:"quote,omitempty"`
	// RuntimeData - Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
	RuntimeData *RuntimeData `json:"runtimeData,omitempty"`
	// InitTimeData - Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
	InitTimeData *InitTimeData `json:"initTimeData,omitempty"`
	// DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated.
	DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"`
}

AttestSgxEnclaveRequest attestation request for Intel SGX enclaves

type BaseClient

type BaseClient struct {
	autorest.Client
}

BaseClient is the base client for Attestation.

func New

func New() BaseClient

New creates an instance of the BaseClient client.

func NewWithoutDefaults

func NewWithoutDefaults() BaseClient

NewWithoutDefaults creates an instance of the BaseClient client.

type CertificateManagementBody

type CertificateManagementBody struct {
	// PolicyCertificate - RFC 7517 Json Web Key describing the certificate.
	PolicyCertificate *JSONWebKey `json:"policyCertificate,omitempty"`
}

CertificateManagementBody the body of the JWT used for the PolicyCertificates APIs

type CertificateModification

type CertificateModification string

CertificateModification enumerates the values for certificate modification.

const (
	// IsAbsent After the operation was performed, the certificate is no longer present in the set of
	// certificates.
	IsAbsent CertificateModification = "IsAbsent"
	// IsPresent After the operation was performed, the certificate is in the set of certificates.
	IsPresent CertificateModification = "IsPresent"
)

func PossibleCertificateModificationValues

func PossibleCertificateModificationValues() []CertificateModification

PossibleCertificateModificationValues returns an array of possible values for the CertificateModification const type.

type Client

type Client struct {
	BaseClient
}

Client is the describes the interface for the per-tenant enclave service.

func NewClient

func NewClient() Client

NewClient creates an instance of the Client client.

func (Client) AttestOpenEnclave

func (client Client) AttestOpenEnclave(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (result Response, err error)

AttestOpenEnclave processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote

func (Client) AttestOpenEnclavePreparer

func (client Client) AttestOpenEnclavePreparer(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (*http.Request, error)

AttestOpenEnclavePreparer prepares the AttestOpenEnclave request.

func (Client) AttestOpenEnclaveResponder

func (client Client) AttestOpenEnclaveResponder(resp *http.Response) (result Response, err error)

AttestOpenEnclaveResponder handles the response to the AttestOpenEnclave request. The method always closes the http.Response Body.

func (Client) AttestOpenEnclaveSender

func (client Client) AttestOpenEnclaveSender(req *http.Request) (*http.Response, error)

AttestOpenEnclaveSender sends the AttestOpenEnclave request. The method will close the http.Response Body if it receives an error.

func (Client) AttestSgxEnclave

func (client Client) AttestSgxEnclave(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (result Response, err error)

AttestSgxEnclave processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote

func (Client) AttestSgxEnclavePreparer

func (client Client) AttestSgxEnclavePreparer(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (*http.Request, error)

AttestSgxEnclavePreparer prepares the AttestSgxEnclave request.

func (Client) AttestSgxEnclaveResponder

func (client Client) AttestSgxEnclaveResponder(resp *http.Response) (result Response, err error)

AttestSgxEnclaveResponder handles the response to the AttestSgxEnclave request. The method always closes the http.Response Body.

func (Client) AttestSgxEnclaveSender

func (client Client) AttestSgxEnclaveSender(req *http.Request) (*http.Response, error)

AttestSgxEnclaveSender sends the AttestSgxEnclave request. The method will close the http.Response Body if it receives an error.

func (Client) AttestTpm

func (client Client) AttestTpm(ctx context.Context, instanceURL string, request TpmAttestationRequest) (result TpmAttestationResponse, err error)

AttestTpm processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object

func (Client) AttestTpmPreparer

func (client Client) AttestTpmPreparer(ctx context.Context, instanceURL string, request TpmAttestationRequest) (*http.Request, error)

AttestTpmPreparer prepares the AttestTpm request.

func (Client) AttestTpmResponder

func (client Client) AttestTpmResponder(resp *http.Response) (result TpmAttestationResponse, err error)

AttestTpmResponder handles the response to the AttestTpm request. The method always closes the http.Response Body.

func (Client) AttestTpmSender

func (client Client) AttestTpmSender(req *http.Request) (*http.Response, error)

AttestTpmSender sends the AttestTpm request. The method will close the http.Response Body if it receives an error.

type CloudError

type CloudError struct {
	Error *CloudErrorBody `json:"error,omitempty"`
}

CloudError an error response from Attestation.

type CloudErrorBody

type CloudErrorBody struct {
	// Code - An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty"`
	// Message - A message describing the error, intended to be suitable for displaying in a user interface.
	Message *string `json:"message,omitempty"`
}

CloudErrorBody an error response from Attestation.

type DataType

type DataType string

DataType enumerates the values for data type.

const (
	// Binary The contents of the field should be treated as binary and not interpreted by MAA.
	Binary DataType = "Binary"
	// JSON The contents of the field should be treated as a JSON object and may be further interpreted by MAA.
	JSON DataType = "JSON"
)

func PossibleDataTypeValues

func PossibleDataTypeValues() []DataType

PossibleDataTypeValues returns an array of possible values for the DataType const type.

type InitTimeData

type InitTimeData struct {
	// Data - UTF-8 encoded Initialization Data passed into the trusted environment when it is created. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
	// DataType - The type of data contained within the "data" field. Possible values include: 'Binary', 'JSON'
	DataType DataType `json:"dataType,omitempty"`
}

InitTimeData defines the "initialization time data" used to provision the attestation target for use by the MAA

type JSONWebKey

type JSONWebKey struct {
	// Alg - The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	Alg *string `json:"alg,omitempty"`
	// Crv - The "crv" (curve) parameter identifies the curve type
	Crv *string `json:"crv,omitempty"`
	// D - RSA private exponent or ECC private key
	D *string `json:"d,omitempty"`
	// Dp - RSA Private Key Parameter
	Dp *string `json:"dp,omitempty"`
	// Dq - RSA Private Key Parameter
	Dq *string `json:"dq,omitempty"`
	// E - RSA public exponent, in Base64
	E *string `json:"e,omitempty"`
	// K - Symmetric key
	K *string `json:"k,omitempty"`
	// Kid - The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	Kid *string `json:"kid,omitempty"`
	// Kty - The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	Kty *string `json:"kty,omitempty"`
	// N - RSA modulus, in Base64
	N *string `json:"n,omitempty"`
	// P - RSA secret prime
	P *string `json:"p,omitempty"`
	// Q - RSA secret prime, with p < q
	Q *string `json:"q,omitempty"`
	// Qi - RSA Private Key Parameter
	Qi *string `json:"qi,omitempty"`
	// Use - Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	Use *string `json:"use,omitempty"`
	// X - X coordinate for the Elliptic Curve point
	X *string `json:"x,omitempty"`
	// X5c - The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c *[]string `json:"x5c,omitempty"`
	// Y - Y coordinate for the Elliptic Curve point
	Y *string `json:"y,omitempty"`
}

JSONWebKey ...

type JSONWebKeySet

type JSONWebKeySet struct {
	autorest.Response `json:"-"`
	// Keys - The value of the "keys" parameter is an array of JWK values.  By
	// default, the order of the JWK values within the array does not imply
	// an order of preference among them, although applications of JWK Sets
	// can choose to assign a meaning to the order for their purposes, if
	// desired.
	Keys *[]JSONWebKey `json:"keys,omitempty"`
}

JSONWebKeySet ...

type MetadataConfigurationClient

type MetadataConfigurationClient struct {
	BaseClient
}

MetadataConfigurationClient is the describes the interface for the per-tenant enclave service.

func NewMetadataConfigurationClient

func NewMetadataConfigurationClient() MetadataConfigurationClient

NewMetadataConfigurationClient creates an instance of the MetadataConfigurationClient client.

func (MetadataConfigurationClient) Get

func (client MetadataConfigurationClient) Get(ctx context.Context, instanceURL string) (result SetObject, err error)

Get retrieves metadata about the attestation signing keys in use by the attestation service Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.

func (MetadataConfigurationClient) GetPreparer

func (client MetadataConfigurationClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)

GetPreparer prepares the Get request.

func (MetadataConfigurationClient) GetResponder

func (client MetadataConfigurationClient) GetResponder(resp *http.Response) (result SetObject, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (MetadataConfigurationClient) GetSender

func (client MetadataConfigurationClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type PolicyCertificatesClient

type PolicyCertificatesClient struct {
	BaseClient
}

PolicyCertificatesClient is the describes the interface for the per-tenant enclave service.

func NewPolicyCertificatesClient

func NewPolicyCertificatesClient() PolicyCertificatesClient

NewPolicyCertificatesClient creates an instance of the PolicyCertificatesClient client.

func (PolicyCertificatesClient) Add

func (client PolicyCertificatesClient) Add(ctx context.Context, instanceURL string, policyCertificateToAdd string) (result PolicyCertificatesModifyResponse, err error)

Add sends the add request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. policyCertificateToAdd - an RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates

func (PolicyCertificatesClient) AddPreparer

func (client PolicyCertificatesClient) AddPreparer(ctx context.Context, instanceURL string, policyCertificateToAdd string) (*http.Request, error)

AddPreparer prepares the Add request.

func (PolicyCertificatesClient) AddResponder

func (client PolicyCertificatesClient) AddResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)

AddResponder handles the response to the Add request. The method always closes the http.Response Body.

func (PolicyCertificatesClient) AddSender

func (client PolicyCertificatesClient) AddSender(req *http.Request) (*http.Response, error)

AddSender sends the Add request. The method will close the http.Response Body if it receives an error.

func (PolicyCertificatesClient) Get

func (client PolicyCertificatesClient) Get(ctx context.Context, instanceURL string) (result PolicyCertificatesResponse, err error)

Get sends the get request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.

func (PolicyCertificatesClient) GetPreparer

func (client PolicyCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)

GetPreparer prepares the Get request.

func (PolicyCertificatesClient) GetResponder

func (client PolicyCertificatesClient) GetResponder(resp *http.Response) (result PolicyCertificatesResponse, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (PolicyCertificatesClient) GetSender

func (client PolicyCertificatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (PolicyCertificatesClient) Remove

func (client PolicyCertificatesClient) Remove(ctx context.Context, instanceURL string, policyCertificateToRemove string) (result PolicyCertificatesModifyResponse, err error)

Remove sends the remove request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. policyCertificateToRemove - an RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certificates

func (PolicyCertificatesClient) RemovePreparer

func (client PolicyCertificatesClient) RemovePreparer(ctx context.Context, instanceURL string, policyCertificateToRemove string) (*http.Request, error)

RemovePreparer prepares the Remove request.

func (PolicyCertificatesClient) RemoveResponder

func (client PolicyCertificatesClient) RemoveResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)

RemoveResponder handles the response to the Remove request. The method always closes the http.Response Body.

func (PolicyCertificatesClient) RemoveSender

func (client PolicyCertificatesClient) RemoveSender(req *http.Request) (*http.Response, error)

RemoveSender sends the Remove request. The method will close the http.Response Body if it receives an error.

type PolicyCertificatesModificationResult

type PolicyCertificatesModificationResult struct {
	// CertificateThumbprint - Hex encoded SHA1 Hash of the binary representation certificate which was added or removed
	CertificateThumbprint *string `json:"x-ms-certificate-thumbprint,omitempty"`
	// CertificateResolution - The result of the operation. Possible values include: 'IsPresent', 'IsAbsent'
	CertificateResolution CertificateModification `json:"x-ms-policycertificates-result,omitempty"`
}

PolicyCertificatesModificationResult the result of a policy certificate modification

type PolicyCertificatesModifyResponse

type PolicyCertificatesModifyResponse struct {
	autorest.Response `json:"-"`
	// Token - An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object.
	Token *string `json:"token,omitempty"`
}

PolicyCertificatesModifyResponse the response to an attestation policy management API

type PolicyCertificatesResponse

type PolicyCertificatesResponse struct {
	autorest.Response `json:"-"`
	// Token - An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes
	Token *string `json:"token,omitempty"`
}

PolicyCertificatesResponse the response to an attestation policy management API

type PolicyCertificatesResult

type PolicyCertificatesResult struct {
	// PolicyCertificates - SHA256 Hash of the binary representation certificate which was added or removed
	PolicyCertificates *JSONWebKeySet `json:"x-ms-policy-certificates,omitempty"`
}

PolicyCertificatesResult the result of a call to retrieve policy certificates.

type PolicyClient

type PolicyClient struct {
	BaseClient
}

PolicyClient is the describes the interface for the per-tenant enclave service.

func NewPolicyClient

func NewPolicyClient() PolicyClient

NewPolicyClient creates an instance of the PolicyClient client.

func (PolicyClient) Get

func (client PolicyClient) Get(ctx context.Context, instanceURL string, attestationType Type) (result PolicyResponse, err error)

Get sends the get request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence

func (PolicyClient) GetPreparer

func (client PolicyClient) GetPreparer(ctx context.Context, instanceURL string, attestationType Type) (*http.Request, error)

GetPreparer prepares the Get request.

func (PolicyClient) GetResponder

func (client PolicyClient) GetResponder(resp *http.Response) (result PolicyResponse, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (PolicyClient) GetSender

func (client PolicyClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (PolicyClient) Reset

func (client PolicyClient) Reset(ctx context.Context, instanceURL string, attestationType Type, policyJws string) (result PolicyResponse, err error)

Reset sends the reset request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence policyJws - JSON Web Signature with an empty policy document

func (PolicyClient) ResetPreparer

func (client PolicyClient) ResetPreparer(ctx context.Context, instanceURL string, attestationType Type, policyJws string) (*http.Request, error)

ResetPreparer prepares the Reset request.

func (PolicyClient) ResetResponder

func (client PolicyClient) ResetResponder(resp *http.Response) (result PolicyResponse, err error)

ResetResponder handles the response to the Reset request. The method always closes the http.Response Body.

func (PolicyClient) ResetSender

func (client PolicyClient) ResetSender(req *http.Request) (*http.Response, error)

ResetSender sends the Reset request. The method will close the http.Response Body if it receives an error.

func (PolicyClient) Set

func (client PolicyClient) Set(ctx context.Context, instanceURL string, attestationType Type, newAttestationPolicy string) (result PolicyResponse, err error)

Set sends the set request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence newAttestationPolicy - JWT Expressing the new policy whose body is a StoredAttestationPolicy object.

func (PolicyClient) SetPreparer

func (client PolicyClient) SetPreparer(ctx context.Context, instanceURL string, attestationType Type, newAttestationPolicy string) (*http.Request, error)

SetPreparer prepares the Set request.

func (PolicyClient) SetResponder

func (client PolicyClient) SetResponder(resp *http.Response) (result PolicyResponse, err error)

SetResponder handles the response to the Set request. The method always closes the http.Response Body.

func (PolicyClient) SetSender

func (client PolicyClient) SetSender(req *http.Request) (*http.Response, error)

SetSender sends the Set request. The method will close the http.Response Body if it receives an error.

type PolicyModification

type PolicyModification string

PolicyModification enumerates the values for policy modification.

const (
	// Removed The specified policy object was removed.
	Removed PolicyModification = "Removed"
	// Updated The specified policy object was updated.
	Updated PolicyModification = "Updated"
)

func PossiblePolicyModificationValues

func PossiblePolicyModificationValues() []PolicyModification

PossiblePolicyModificationValues returns an array of possible values for the PolicyModification const type.

type PolicyResponse

type PolicyResponse struct {
	autorest.Response `json:"-"`
	// Token - An RFC7519 JSON Web Token structure whose body is an PolicyResult object.
	Token *string `json:"token,omitempty"`
}

PolicyResponse the response to an attestation policy operation

type PolicyResult

type PolicyResult struct {
	// PolicyResolution - The result of the operation. Possible values include: 'Updated', 'Removed'
	PolicyResolution PolicyModification `json:"x-ms-policy-result,omitempty"`
	// PolicyTokenHash - The SHA256 hash of the policy object modified (a URL-encoded base64 string)
	PolicyTokenHash *string `json:"x-ms-policy-token-hash,omitempty"`
	// PolicySigner - The certificate used to sign the policy object, if specified
	PolicySigner *JSONWebKey `json:"x-ms-policy-signer,omitempty"`
	// Policy - A JSON Web Token containing a StoredAttestationPolicy object with the attestation policy
	Policy *string `json:"x-ms-policy,omitempty"`
}

PolicyResult the result of a policy certificate modification

type Response

type Response struct {
	autorest.Response `json:"-"`
	// Token - An RFC 7519 JSON Web Token, the body of which is an AttestationResult object.
	Token *string `json:"token,omitempty"`
}

Response the result of an attestation operation

type Result

type Result struct {
	// Jti - Unique Identifier for the token
	Jti *string `json:"jti,omitempty"`
	// Iss - The Principal who issued the token
	Iss *string `json:"iss,omitempty"`
	// Iat - The time at which the token was issued, in the number of seconds since 1970-01-0T00:00:00Z UTC
	Iat *float64 `json:"iat,omitempty"`
	// Exp - The expiration time after which the token is no longer valid, in the number of seconds since 1970-01-0T00:00:00Z UTC
	Exp *float64 `json:"exp,omitempty"`
	// Nbf - The not before time before which the token cannot be considered valid, in the number of seconds since 1970-01-0T00:00:00Z UTC
	Nbf *float64 `json:"nbf,omitempty"`
	// Cnf - An RFC 7800 Proof of Possession Key
	Cnf interface{} `json:"cnf,omitempty"`
	// Nonce - The Nonce input to the attestation request, if provided.
	Nonce *string `json:"nonce,omitempty"`
	// Version - The Schema version of this structure. Current Value: 1.0
	Version *string `json:"x-ms-ver,omitempty"`
	// RuntimeClaims - Runtime Claims
	RuntimeClaims interface{} `json:"x-ms-runtime,omitempty"`
	// InittimeClaims - Inittime Claims
	InittimeClaims interface{} `json:"x-ms-inittime,omitempty"`
	// PolicyClaims - Policy Generated Claims
	PolicyClaims interface{} `json:"x-ms-policy,omitempty"`
	// VerifierType - The Attestation type being attested.
	VerifierType *string `json:"x-ms-attestation-type,omitempty"`
	// PolicySigner - The certificate used to sign the policy object, if specified.
	PolicySigner *JSONWebKey `json:"x-ms-policy-signer,omitempty"`
	// PolicyHash - The SHA256 hash of the BASE64URL encoded policy text used for attestation (a URL-encoded base64 string)
	PolicyHash *string `json:"x-ms-policy-hash,omitempty"`
	// IsDebuggable - True if the enclave is debuggable, false otherwise
	IsDebuggable *bool `json:"x-ms-sgx-is-debuggable,omitempty"`
	// ProductID - The SGX Product ID for the enclave.
	ProductID *float64 `json:"x-ms-sgx-product-id,omitempty"`
	// MrEnclave - The HEX encoded SGX MRENCLAVE value for the enclave.
	MrEnclave *string `json:"x-ms-sgx-mrenclave,omitempty"`
	// MrSigner - The HEX encoded SGX MRSIGNER value for the enclave.
	MrSigner *string `json:"x-ms-sgx-mrsigner,omitempty"`
	// Svn - The SGX SVN value for the enclave.
	Svn *float64 `json:"x-ms-sgx-svn,omitempty"`
	// EnclaveHeldData - A copy of the RuntimeData specified as an input to the attest call. (a URL-encoded base64 string)
	EnclaveHeldData *string `json:"x-ms-sgx-ehd,omitempty"`
	// SgxCollateral - The SGX SVN value for the enclave.
	SgxCollateral interface{} `json:"x-ms-sgx-collateral,omitempty"`
	// DeprecatedVersion - DEPRECATED: Private Preview version of x-ms-ver claim.
	DeprecatedVersion *string `json:"ver,omitempty"`
	// DeprecatedIsDebuggable - DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable claim.
	DeprecatedIsDebuggable *bool `json:"is-debuggable,omitempty"`
	// DeprecatedSgxCollateral - DEPRECATED: Private Preview version of x-ms-sgx-collateral claim.
	DeprecatedSgxCollateral interface{} `json:"maa-attestationcollateral,omitempty"`
	// DeprecatedEnclaveHeldData - DEPRECATED: Private Preview version of x-ms-sgx-ehd claim. (a URL-encoded base64 string)
	DeprecatedEnclaveHeldData *string `json:"aas-ehd,omitempty"`
	// DeprecatedEnclaveHeldData2 - DEPRECATED: Private Preview version of x-ms-sgx-ehd claim. (a URL-encoded base64 string)
	DeprecatedEnclaveHeldData2 *string `json:"maa-ehd,omitempty"`
	// DeprecatedProductID - DEPRECATED: Private Preview version of x-ms-sgx-product-id
	DeprecatedProductID *float64 `json:"product-id,omitempty"`
	// DeprecatedMrEnclave - DEPRECATED: Private Preview version of x-ms-sgx-mrenclave.
	DeprecatedMrEnclave *string `json:"sgx-mrenclave,omitempty"`
	// DeprecatedMrSigner - DEPRECATED: Private Preview version of x-ms-sgx-mrsigner.
	DeprecatedMrSigner *string `json:"sgx-mrsigner,omitempty"`
	// DeprecatedSvn - DEPRECATED: Private Preview version of x-ms-sgx-svn.
	DeprecatedSvn *float64 `json:"svn,omitempty"`
	// DeprecatedTee - DEPRECATED: Private Preview version of x-ms-tee.
	DeprecatedTee *string `json:"tee,omitempty"`
	// DeprecatedPolicySigner - DEPRECATED: Private Preview version of x-ms-policy-signer
	DeprecatedPolicySigner *JSONWebKey `json:"policy_signer,omitempty"`
	// DeprecatedPolicyHash - DEPRECATED: Private Preview version of x-ms-policy-hash (a URL-encoded base64 string)
	DeprecatedPolicyHash *string `json:"policy_hash,omitempty"`
	// DeprecatedRpData - DEPRECATED: Private Preview version of nonce
	DeprecatedRpData *string `json:"rp_data,omitempty"`
}

Result a Microsoft Azure Attestation response token body - the body of a response token issued by MAA

type RuntimeData

type RuntimeData struct {
	// Data - UTF-8 encoded Runtime Data generated by the trusted environment (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
	// DataType - The type of data contained within the "data" field. Possible values include: 'Binary', 'JSON'
	DataType DataType `json:"dataType,omitempty"`
}

RuntimeData defines the "run time data" provided by the attestation target for use by the MAA

type SetObject

type SetObject struct {
	autorest.Response `json:"-"`
	Value             interface{} `json:"value,omitempty"`
}

SetObject ...

type SigningCertificatesClient

type SigningCertificatesClient struct {
	BaseClient
}

SigningCertificatesClient is the describes the interface for the per-tenant enclave service.

func NewSigningCertificatesClient

func NewSigningCertificatesClient() SigningCertificatesClient

NewSigningCertificatesClient creates an instance of the SigningCertificatesClient client.

func (SigningCertificatesClient) Get

func (client SigningCertificatesClient) Get(ctx context.Context, instanceURL string) (result JSONWebKeySet, err error)

Get retrieves metadata signing certificates in use by the attestation service Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.

func (SigningCertificatesClient) GetPreparer

func (client SigningCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)

GetPreparer prepares the Get request.

func (SigningCertificatesClient) GetResponder

func (client SigningCertificatesClient) GetResponder(resp *http.Response) (result JSONWebKeySet, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (SigningCertificatesClient) GetSender

func (client SigningCertificatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type StoredAttestationPolicy

type StoredAttestationPolicy struct {
	// AttestationPolicy - Policy text to set as a sequence of UTF-8 encoded octets. (a URL-encoded base64 string)
	AttestationPolicy *string `json:"AttestationPolicy,omitempty"`
}

StoredAttestationPolicy ...

type TpmAttestationRequest

type TpmAttestationRequest struct {
	// Data - Protocol data containing artifacts for attestation. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
}

TpmAttestationRequest attestation request for Trusted Platform Module (TPM) attestation.

type TpmAttestationResponse

type TpmAttestationResponse struct {
	autorest.Response `json:"-"`
	// Data - Protocol data containing attestation service response. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
}

TpmAttestationResponse attestation response for Trusted Platform Module (TPM) attestation.

type Type

type Type string

Type enumerates the values for type.

const (
	// OpenEnclave OpenEnclave extensions to SGX
	OpenEnclave Type = "OpenEnclave"
	// SgxEnclave Intel Software Guard eXtensions
	SgxEnclave Type = "SgxEnclave"
	// Tpm Edge TPM Virtualization Based Security
	Tpm Type = "Tpm"
)

func PossibleTypeValues

func PossibleTypeValues() []Type

PossibleTypeValues returns an array of possible values for the Type const type.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL