azure-security-attestation
attestation_client_models.hpp
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation. All rights reserved.
2 // SPDX-License-Identifier: MIT
3 
10 #pragma once
11 
13 #include <azure/core/context.hpp>
14 #include <azure/core/http/http.hpp>
15 #include <azure/core/internal/extendable_enumeration.hpp>
16 #include <azure/core/nullable.hpp>
17 #include <azure/core/paged_response.hpp>
18 #include <azure/core/response.hpp>
19 #include <iostream>
20 #include <memory>
21 #include <string>
22 #include <unordered_map>
23 #include <vector>
24 
25 namespace Azure { namespace Security { namespace Attestation { namespace Models {
26 
32  class AttestationType final
33  : public Azure::Core::_internal::ExtendableEnumeration<AttestationType> {
34  public:
40  explicit AttestationType(std::string attestationType)
41  : ExtendableEnumeration(std::move(attestationType))
42  {
43  }
44 
50 
56 
62  };
63 
75  struct OpenIdMetadata final
76  {
79  Azure::Nullable<std::string> Issuer;
80 
84  Azure::Nullable<std::string> JsonWebKeySetUrl;
85 
88  Azure::Nullable<std::vector<std::string>> SupportedResponseTypes;
89 
93  Azure::Nullable<std::vector<std::string>> SupportedTokenSigningAlgorithms;
94 
97  Azure::Nullable<std::vector<std::string>> SupportedClaims;
98  };
99 
108  struct AttestationSigner final
109  {
112  Azure::Nullable<std::string> KeyId;
113 
118  Azure::Nullable<std::vector<std::string>> CertificateChain;
119  };
120 
125  {
130  Azure::Nullable<std::string> Algorithm;
131 
137  Azure::Nullable<std::string> KeyId;
138 
146  Azure::Nullable<AttestationSigner> Key;
147 
155  Azure::Nullable<std::string> ContentType;
156 
165  Azure::Nullable<std::string> KeyURL;
166 
174  Azure::Nullable<std::vector<std::string>> Critical;
175 
184  Azure::Nullable<std::string> X509Url;
185 
193  Azure::Nullable<std::string> Type;
194 
202  Azure::Nullable<std::string> CertificateThumbprint;
203 
211  Azure::Nullable<std::string> CertificateSha256Thumbprint;
212 
220  Azure::Nullable<std::vector<std::string>> X509CertificateChain;
221  };
222 
227  {
230  std::vector<AttestationSigner> Signers;
231  };
232 
236  template <typename T> struct AttestationTokenOptional
237  {
242  T Body;
243  };
244 
245  template <> struct AttestationTokenOptional<void>
246  {
247  };
248 
279  template <typename T> struct AttestationToken final : public AttestationTokenOptional<T>
280  {
284  std::string RawToken;
285 
289  std::string SignedElements;
290 
294  std::vector<uint8_t> Signature;
295 
300 
301  // RFC 7519 properties.
302 
311  Azure::Nullable<Azure::DateTime> ExpiresOn;
312 
320  Azure::Nullable<Azure::DateTime> IssuedOn;
321 
329  Azure::Nullable<Azure::DateTime> NotBefore;
330 
338  Azure::Nullable<std::string> Issuer;
339 
346  Azure::Nullable<std::string> UniqueIdentifier;
347 
354  Azure::Nullable<std::string> Subject;
355 
362  Azure::Nullable<std::string> Audience;
363  };
364 
365  struct AttestationResult final
366  {
367 
370  Azure::Nullable<std::string> Nonce;
371 
373  Azure::Nullable<std::string> Version;
374 
378  Azure::Nullable<std::string> RunTimeClaims;
379 
384  Azure::Nullable<std::string> InitTimeClaims;
385 
389  Azure::Nullable<std::string> PolicyClaims;
390 
395  Azure::Nullable<std::vector<uint8_t>> EnclaveHeldData;
396 
398  Azure::Nullable<std::string> VerifierType;
399 
404  Azure::Nullable<AttestationSigner> PolicySigner;
405 
409  Azure::Nullable<std::vector<uint8_t>> PolicyHash;
410 
414  Azure::Nullable<bool> SgxIsDebuggable;
415 
418  Azure::Nullable<int> SgxProductId;
419 
425  Azure::Nullable<std::vector<uint8_t>> SgxMrEnclave;
426 
432  Azure::Nullable<std::vector<uint8_t>> SgxMrSigner;
433 
438  Azure::Nullable<int> SgxSvn;
439 
444  Azure::Nullable<std::string> SgxCollateral;
445  };
446 
449  struct TpmAttestationResult final
450  {
456  std::string TpmResult;
457  };
458 
464  class PolicyModification final
465  : public Azure::Core::_internal::ExtendableEnumeration<PolicyModification> {
466  public:
473  explicit PolicyModification(std::string modification)
474  : ExtendableEnumeration(std::move(modification))
475  {
476  }
477  PolicyModification() = default;
478 
484 
490  };
491 
496  {
501 
505  std::vector<uint8_t> PolicyTokenHash;
506 
511  Azure::Nullable<AttestationSigner> PolicySigner;
512  };
513 
518  : public Azure::Core::_internal::ExtendableEnumeration<PolicyCertificateModification> {
519  public:
526  explicit PolicyCertificateModification(std::string modification)
527  : ExtendableEnumeration(std::move(modification))
528  {
529  }
530 
531  PolicyCertificateModification() = default;
532 
539 
546  };
547 
552  {
555  std::string CertificateThumbprint;
556  PolicyCertificateModification CertificateModification;
557  };
558 
563  {
567  std::vector<AttestationSigner> Certificates;
568  };
569 
570 }}}} // namespace Azure::Security::Attestation::Models
Azure::Security::Attestation::Models::AttestationToken::NotBefore
Azure::Nullable< Azure::DateTime > NotBefore
Definition: attestation_client_models.hpp:329
Azure::Security::Attestation::Models::IsolatedModeCertificateListResult::Certificates
std::vector< AttestationSigner > Certificates
The current set of policy management certificates.
Definition: attestation_client_models.hpp:567
Azure::Security::Attestation::Models::IsolatedModeCertificateListResult
Represents a set of Isolated Mode certificates for the current attestation instance.
Definition: attestation_client_models.hpp:563
Azure::Security::Attestation::Models::AttestationResult::VerifierType
Azure::Nullable< std::string > VerifierType
The verifier which generated this AttestationResult.
Definition: attestation_client_models.hpp:398
Azure::Security::Attestation::Models::PolicyResult::PolicySigner
Azure::Nullable< AttestationSigner > PolicySigner
A JSON Web Key containing the signer of the policy token. If not present, the token was unsecured.
Definition: attestation_client_models.hpp:511
Azure::Security::Attestation::Models::AttestationTokenOptional
Optional elements when an AttestationToken is specialized on a type.
Definition: attestation_client_models.hpp:237
Azure::Security::Attestation::Models::AttestationResult::SgxSvn
Azure::Nullable< int > SgxSvn
The security version number of the SGX enclave.
Definition: attestation_client_models.hpp:438
Azure::Security::Attestation::Models::OpenIdMetadata::SupportedResponseTypes
Azure::Nullable< std::vector< std::string > > SupportedResponseTypes
The response types that are supported by the service.
Definition: attestation_client_models.hpp:88
Azure::Security::Attestation::Models::PolicyCertificateModification
Represents the result of a policy certificate modification.
Definition: attestation_client_models.hpp:518
Azure::Security::Attestation::Models::AttestationResult::SgxIsDebuggable
Azure::Nullable< bool > SgxIsDebuggable
If present, reflects that the enclave being attestated can be debugged.
Definition: attestation_client_models.hpp:414
Azure::Security::Attestation::Models::AttestationTokenHeader::CertificateSha256Thumbprint
Azure::Nullable< std::string > CertificateSha256Thumbprint
Definition: attestation_client_models.hpp:211
Azure::Security::Attestation::Models::AttestationTokenHeader::Algorithm
Azure::Nullable< std::string > Algorithm
Definition: attestation_client_models.hpp:130
Azure::Security::Attestation::Models::AttestationTokenHeader::CertificateThumbprint
Azure::Nullable< std::string > CertificateThumbprint
Definition: attestation_client_models.hpp:202
Azure::Security::Attestation::Models::PolicyResult
Result of a SetPolicy or ResetPolicy operation.
Definition: attestation_client_models.hpp:496
Azure::Security::Attestation::Models::AttestationToken::ExpiresOn
Azure::Nullable< Azure::DateTime > ExpiresOn
Definition: attestation_client_models.hpp:311
Azure::Security::Attestation::Models::AttestationResult::InitTimeClaims
Azure::Nullable< std::string > InitTimeClaims
InitTime claims.
Definition: attestation_client_models.hpp:384
Azure::Security::Attestation::Models::AttestationToken::Subject
Azure::Nullable< std::string > Subject
Definition: attestation_client_models.hpp:354
Azure::Security::Attestation::Models::IsolatedModeCertificateModificationResult
Represents the result of an Isolated Mode certificate modification API.
Definition: attestation_client_models.hpp:552
Azure::Security::Attestation::Models::AttestationToken::Signature
std::vector< uint8_t > Signature
Signature (if present) for the attestation token.
Definition: attestation_client_models.hpp:294
Azure::Security::Attestation::Models::AttestationSigner::CertificateChain
Azure::Nullable< std::vector< std::string > > CertificateChain
An array of PEM encoded X .509 certificates.The first certificate in the array will be used to sign a...
Definition: attestation_client_models.hpp:118
Azure::Security::Attestation::Models::PolicyModification::PolicyModification
PolicyModification(std::string modification)
Construct a new PolicyModification object.
Definition: attestation_client_models.hpp:473
Azure::Security::Attestation::Models::PolicyCertificateModification::IsAbsent
static AZ_ATTESTATION_DLLEXPORT const PolicyCertificateModification IsAbsent
After the operation was performed, the certificate is no longer present in the set of certificates.
Definition: attestation_client_models.hpp:545
Azure::Security::Attestation::Models::OpenIdMetadata::SupportedTokenSigningAlgorithms
Azure::Nullable< std::vector< std::string > > SupportedTokenSigningAlgorithms
The algorithms which can be used to sign attestation tokens.
Definition: attestation_client_models.hpp:93
Azure::Security::Attestation::Models::AttestationResult::SgxMrEnclave
Azure::Nullable< std::vector< uint8_t > > SgxMrEnclave
If present, the contents of the MRENCLAVE register for the SGX enclave being attested - this reflects...
Definition: attestation_client_models.hpp:425
Azure::Security::Attestation::Models::AttestationToken::UniqueIdentifier
Azure::Nullable< std::string > UniqueIdentifier
Definition: attestation_client_models.hpp:346
Azure::Security::Attestation::Models::AttestationTokenHeader::Critical
Azure::Nullable< std::vector< std::string > > Critical
Definition: attestation_client_models.hpp:174
Azure::Security::Attestation::Models::PolicyCertificateModification::IsPresent
static AZ_ATTESTATION_DLLEXPORT const PolicyCertificateModification IsPresent
After the operation was performed, the certificate is in the set of certificates.
Definition: attestation_client_models.hpp:538
Azure::Security::Attestation::Models::OpenIdMetadata::SupportedClaims
Azure::Nullable< std::vector< std::string > > SupportedClaims
A list of claims which may be returned by the attestation service.
Definition: attestation_client_models.hpp:97
Azure::Security::Attestation::Models::OpenIdMetadata::Issuer
Azure::Nullable< std::string > Issuer
The issuer which will be used for tokens generated by this instance.
Definition: attestation_client_models.hpp:79
Azure::Security::Attestation::Models::AttestationResult::PolicySigner
Azure::Nullable< AttestationSigner > PolicySigner
If the attestation policy is signed, this will be the certificate chain used to sign the policy.
Definition: attestation_client_models.hpp:404
Azure::Security::Attestation::Models::AttestationType::OpenEnclave
static AZ_ATTESTATION_DLLEXPORT const AttestationType OpenEnclave
Specifies that this should apply to SGX enclaves using the OpenEnclave APIs.
Definition: attestation_client_models.hpp:55
Azure::Security::Attestation::Models::AttestationResult::Version
Azure::Nullable< std::string > Version
The version of this attestation response.
Definition: attestation_client_models.hpp:373
Azure::Security::Attestation::Models::TpmAttestationResult::TpmResult
std::string TpmResult
The JSON encoded value returned from TPM attestation. The TPM attestation protocol is defined here
Definition: attestation_client_models.hpp:456
Azure::Security::Attestation::Models::OpenIdMetadata
Contains information about this instance of the attestation service, which can be used to validate at...
Definition: attestation_client_models.hpp:76
Azure::Security::Attestation::Models::PolicyResult::PolicyResolution
PolicyModification PolicyResolution
Result of a modification.
Definition: attestation_client_models.hpp:500
Azure::Security::Attestation::Models::AttestationResult::RunTimeClaims
Azure::Nullable< std::string > RunTimeClaims
JSON encoded runtime claims - this will be the input RunTimeData parameter decoded and interpreted as...
Definition: attestation_client_models.hpp:378
Azure::Security::Attestation::Models::AttestationResult
Definition: attestation_client_models.hpp:366
Azure::Security::Attestation::Models::AttestationTokenHeader::KeyURL
Azure::Nullable< std::string > KeyURL
Definition: attestation_client_models.hpp:165
Azure::Security::Attestation::Models::AttestationTokenHeader::ContentType
Azure::Nullable< std::string > ContentType
Definition: attestation_client_models.hpp:155
Azure::Security::Attestation::Models::PolicyModification
The PolicyModification enumeration represents the result of an attestation policy modification.
Definition: attestation_client_models.hpp:465
Azure::Security::Attestation::Models::AttestationSigner::KeyId
Azure::Nullable< std::string > KeyId
The KeyID associated with the Certificate Chain.
Definition: attestation_client_models.hpp:112
Azure::Security::Attestation::Models::AttestationToken::IssuedOn
Azure::Nullable< Azure::DateTime > IssuedOn
Definition: attestation_client_models.hpp:320
Azure
Azure SDK abstractions.
Definition: attestation_administration_client.hpp:13
Azure::Security::Attestation::Models::AttestationResult::SgxCollateral
Azure::Nullable< std::string > SgxCollateral
A JSON encoded string representing the collateral which was used to perform the attestation operation...
Definition: attestation_client_models.hpp:444
Azure::Security::Attestation::Models::AttestationResult::PolicyHash
Azure::Nullable< std::vector< uint8_t > > PolicyHash
The SHA256 hash of the policy which was used generating the attestation result.
Definition: attestation_client_models.hpp:409
Azure::Security::Attestation::Models::TpmAttestationResult
The result of a call to AttestTpm.
Definition: attestation_client_models.hpp:450
Azure::Security::Attestation::Models::PolicyModification::Updated
static AZ_ATTESTATION_DLLEXPORT const PolicyModification Updated
Specifies that the policy object was updated.
Definition: attestation_client_models.hpp:483
Azure::Security::Attestation::Models::AttestationType::SgxEnclave
static AZ_ATTESTATION_DLLEXPORT const AttestationType SgxEnclave
Specifies that this should apply to SGX enclaves.
Definition: attestation_client_models.hpp:49
Azure::Security::Attestation::Models::AttestationType::Tpm
static AZ_ATTESTATION_DLLEXPORT const AttestationType Tpm
Specifies that this should apply to TPM enclaves.
Definition: attestation_client_models.hpp:61
dll_import_export.hpp
DLL export macro.
Azure::Security::Attestation::Models::AttestationTokenHeader::Key
Azure::Nullable< AttestationSigner > Key
Definition: attestation_client_models.hpp:146
Azure::Security::Attestation::Models::AttestationTokenHeader::KeyId
Azure::Nullable< std::string > KeyId
The "kid" token header property See RFC 7515 section 4.1.4
Definition: attestation_client_models.hpp:137
Azure::Security::Attestation::Models::AttestationToken
An AttestationResult reflects the result of an Attestation operation.
Definition: attestation_client_models.hpp:280
Azure::Security::Attestation::Models::AttestationTokenOptional::Body
T Body
The deserialized body of the attestation token.
Definition: attestation_client_models.hpp:242
Azure::Security::Attestation::Models::AttestationTokenHeader
An AttestationTokenHeader represents common properties in an the RFC 7515 JSON Web Token.
Definition: attestation_client_models.hpp:125
Azure::Security::Attestation::Models::AttestationResult::SgxProductId
Azure::Nullable< int > SgxProductId
If present, the ProductId for the enclave being attested.
Definition: attestation_client_models.hpp:418
Azure::Security::Attestation::Models::AttestationTokenHeader::X509CertificateChain
Azure::Nullable< std::vector< std::string > > X509CertificateChain
Definition: attestation_client_models.hpp:220
Azure::Security::Attestation::Models::AttestationToken::Issuer
Azure::Nullable< std::string > Issuer
Definition: attestation_client_models.hpp:338
Azure::Security::Attestation::Models::AttestationResult::EnclaveHeldData
Azure::Nullable< std::vector< uint8_t > > EnclaveHeldData
If the RunTimeData parameter is specified as being of DataType::Binary, this will be the value of the...
Definition: attestation_client_models.hpp:395
AZ_ATTESTATION_DLLEXPORT
#define AZ_ATTESTATION_DLLEXPORT
Applies DLL export attribute, when applicable.
Definition: dll_import_export.hpp:36
Azure::Security::Attestation::Models::AttestationTokenHeader::Type
Azure::Nullable< std::string > Type
Definition: attestation_client_models.hpp:193
Azure::Security::Attestation::Models::AttestationToken::Audience
Azure::Nullable< std::string > Audience
Definition: attestation_client_models.hpp:362
Azure::Security::Attestation::Models::PolicyCertificateModification::PolicyCertificateModification
PolicyCertificateModification(std::string modification)
Construct a new PolicyResolution object.
Definition: attestation_client_models.hpp:526
Azure::Security::Attestation::Models::AttestationType
The AttestationType type represent a Trusted Execution Environment supported by the attestation servi...
Definition: attestation_client_models.hpp:33
Azure::Security::Attestation::Models::AttestationTokenHeader::X509Url
Azure::Nullable< std::string > X509Url
Definition: attestation_client_models.hpp:184
Azure::Security::Attestation::Models::PolicyResult::PolicyTokenHash
std::vector< uint8_t > PolicyTokenHash
The SHA256 hash of the policy object which was received by the service.
Definition: attestation_client_models.hpp:505
Azure::Security::Attestation::Models::TokenValidationCertificateResult::Signers
std::vector< AttestationSigner > Signers
The collection of signers.
Definition: attestation_client_models.hpp:230
Azure::Security::Attestation::Models::AttestationResult::SgxMrSigner
Azure::Nullable< std::vector< uint8_t > > SgxMrSigner
If present, the contents of the MRSIGNER register for the SGX enclave being attested - this reflects ...
Definition: attestation_client_models.hpp:432
Azure::Security::Attestation::Models::AttestationSigner
An AttestationSigner represents an X .509 certificate and KeyID pair.
Definition: attestation_client_models.hpp:109
Azure::Security::Attestation::Models::AttestationType::AttestationType
AttestationType(std::string attestationType)
Construct a new AttestationType object.
Definition: attestation_client_models.hpp:40
Azure::Security::Attestation::Models::OpenIdMetadata::JsonWebKeySetUrl
Azure::Nullable< std::string > JsonWebKeySetUrl
A URI which can be used to retrieve the AttestationSigner objects returned by the attestation service...
Definition: attestation_client_models.hpp:84
Azure::Security::Attestation::Models::AttestationToken::Header
Models::AttestationTokenHeader Header
RFC 7515 header properties.
Definition: attestation_client_models.hpp:299
Azure::Security::Attestation::Models::AttestationToken::SignedElements
std::string SignedElements
The elements of the raw token which will be signed by the Signature.
Definition: attestation_client_models.hpp:289
Azure::Security::Attestation::Models::TokenValidationCertificateResult
A collection of AttestationSigner objects.
Definition: attestation_client_models.hpp:227
Azure::Security::Attestation::Models::PolicyModification::Removed
static AZ_ATTESTATION_DLLEXPORT const PolicyModification Removed
Specifies that the policy object was removed.
Definition: attestation_client_models.hpp:489
Azure::Security::Attestation::Models::AttestationResult::Nonce
Azure::Nullable< std::string > Nonce
The nonce provided by the client in the attestation operation.
Definition: attestation_client_models.hpp:370
Azure::Security::Attestation::Models::AttestationResult::PolicyClaims
Azure::Nullable< std::string > PolicyClaims
PolicyClaims is the JSON encoded values of all the claims created by attestation policies on this ins...
Definition: attestation_client_models.hpp:389
Azure::Security::Attestation::Models::AttestationToken::RawToken
std::string RawToken
The full RFC 7515 JWS/JWT token returned by the attestation service.
Definition: attestation_client_models.hpp:284