azure-security-attestation
attestation_client_options.hpp
Go to the documentation of this file.
1 // Copyright (c) Microsoft Corporation. All rights reserved.
2 // SPDX-License-Identifier: MIT
3 
10 #pragma once
11 
12 #include "azure/attestation/attestation_client_models.hpp"
13 #include "dll_import_export.hpp"
14 #include <azure/core/internal/client_options.hpp>
15 #include <azure/core/internal/extendable_enumeration.hpp>
16 
17 namespace Azure { namespace Security { namespace Attestation {
18 
27  using TokenValidationCallbackFn = std::function<void(
28  Models::AttestationToken<void> const& token,
29  Models::AttestationSigner const& tokenSigner)>;
30 
33  struct AttestationTokenValidationOptions final
34  {
39  bool ValidateToken{true};
40 
46  bool ValidateSigner{true};
47 
52  bool ValidateExpirationTime{true};
53 
58  bool ValidateNotBeforeTime{true};
59 
64  bool ValidateIssuer{false};
65 
70  std::string ExpectedIssuer;
71 
74  std::chrono::seconds TimeValidationSlack{0};
75 
87  TokenValidationCallbackFn ValidationCallback;
88  };
89 
93  struct AttestationClientOptions final : public Azure::Core::_internal::ClientOptions
94  {
97  std::string ApiVersion{"2020-10-01"};
98 
102  AttestationTokenValidationOptions TokenValidationOptions;
109  AttestationClientOptions(AttestationTokenValidationOptions const& tokenValidationOptions = {})
110  : Azure::Core::_internal::ClientOptions(), TokenValidationOptions(tokenValidationOptions)
111  {
112  }
113  };
114 
118  struct AttestationAdministrationClientOptions final : public Azure::Core::_internal::ClientOptions
119  {
122  std::string ApiVersion{"2020-10-01"};
125  AttestationTokenValidationOptions TokenValidationOptions;
132  AttestationAdministrationClientOptions(
133  AttestationTokenValidationOptions const& tokenValidationOptions = {})
134  : Azure::Core::_internal::ClientOptions(), TokenValidationOptions(tokenValidationOptions)
135  {
136  }
137  };
138 
142  class AttestationDataType final
143  : public Azure::Core::_internal::ExtendableEnumeration<AttestationDataType> {
144 
145  public:
151  explicit AttestationDataType(std::string dataType)
152  : Azure::Core::_internal::ExtendableEnumeration<AttestationDataType>(std::move(dataType))
153  {
154  }
155 
161  AZ_ATTESTATION_DLLEXPORT static const AttestationDataType Json;
162 
168  AZ_ATTESTATION_DLLEXPORT static const AttestationDataType Binary;
169  };
170 
175  struct AttestationData final
176  {
183  std::vector<uint8_t> Data;
184 
187  AttestationDataType DataType;
188  };
189 
193  struct AttestSgxEnclaveOptions final
194  {
198  Azure::Nullable<AttestationData> RunTimeData{};
199 
203  Azure::Nullable<AttestationData> InitTimeData{};
204 
209  Azure::Nullable<std::string> Nonce{};
210 
215  Azure::Nullable<std::string> DraftPolicyForAttestation{};
216 
222  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
223  };
224 
228  struct AttestOpenEnclaveOptions final
229  {
233  Azure::Nullable<AttestationData> RunTimeData{};
234 
238  Azure::Nullable<AttestationData> InitTimeData{};
239 
244  Azure::Nullable<std::string> Nonce{};
245 
250  Azure::Nullable<std::string> DraftPolicyForAttestation{};
251 
257  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
258  };
259 
262  struct AttestTpmOptions final
263  {
269  std::string Payload;
270  };
271 
278  struct AttestationSigningKey final
279  {
283  std::string PemEncodedPrivateKey;
284 
290  std::string PemEncodedX509Certificate;
291  };
292 
295  struct GetPolicyOptions final
296  {
302  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
303  };
304 
307  struct SetPolicyOptions final
308  {
311  Azure::Nullable<AttestationSigningKey> SigningKey;
312 
318  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
319  };
320 
324  struct GetIsolatedModeCertificatesOptions final
325  {
331  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
332  };
333 
337  struct AddIsolatedModeCertificateOptions final
338  {
344  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
345  };
346 
350  struct RemoveIsolatedModeCertificateOptions final
351  {
357  Azure::Nullable<AttestationTokenValidationOptions> TokenValidationOptionsOverride{};
358  };
359 
360 }}} // namespace Azure::Security::Attestation
Azure::Security::Attestation::AttestOpenEnclaveOptions::DraftPolicyForAttestation
Azure::Nullable< std::string > DraftPolicyForAttestation
A test hook which allows developers to test attestation policies before they commit them to the servi...
Definition: attestation_client_options.hpp:250
Azure::Security::Attestation::SetPolicyOptions::SigningKey
Azure::Nullable< AttestationSigningKey > SigningKey
Optional Signing Key which is used to sign the SetPolicy request.
Definition: attestation_client_options.hpp:311
Azure::Security::Attestation::AttestationClientOptions::AttestationClientOptions
AttestationClientOptions(AttestationTokenValidationOptions const &tokenValidationOptions={})
Construct a new Attestation Client Options object.
Definition: attestation_client_options.hpp:109
Azure::Security::Attestation::AttestOpenEnclaveOptions::InitTimeData
Azure::Nullable< AttestationData > InitTimeData
Data created when the enclave was created. Not supported on Coffeelake processors.
Definition: attestation_client_options.hpp:238
Azure::Security::Attestation::AttestationTokenValidationOptions::ValidateToken
bool ValidateToken
Controls whether attestation tokens are validated at all.
Definition: attestation_client_options.hpp:39
Azure::Security::Attestation::AttestTpmOptions::Payload
std::string Payload
JSON Data to send to the attestation service for TPM attestation.
Definition: attestation_client_options.hpp:269
Azure::Security::Attestation::AttestationTokenValidationOptions::ValidateSigner
bool ValidateSigner
Controls whether the signature for the attestation token should be validated.
Definition: attestation_client_options.hpp:46
attestation_client_models.hpp
Defines the Azure Attestation API types.
Azure::Security::Attestation::AttestationAdministrationClientOptions::ApiVersion
std::string ApiVersion
Version to use when communicating with the attestation service.
Definition: attestation_client_options.hpp:122
Azure::Security::Attestation::AttestationTokenValidationOptions::ValidationCallback
TokenValidationCallbackFn ValidationCallback
The TokenValidationCallback specifies a callback function which can perform additional token validati...
Definition: attestation_client_options.hpp:87
Azure::Security::Attestation::AttestSgxEnclaveOptions::InitTimeData
Azure::Nullable< AttestationData > InitTimeData
Data created when the enclave was created. Not supported on Coffeelake processors.
Definition: attestation_client_options.hpp:203
Azure::Security::Attestation::AttestationTokenValidationOptions::ValidateExpirationTime
bool ValidateExpirationTime
Controls whether the attestation token expiration time is checked.
Definition: attestation_client_options.hpp:52
Azure::Security::Attestation::AttestationSigningKey
The AttestationSigningKey represents a tuple of asymmetric private cryptographic key and X....
Definition: attestation_client_options.hpp:279
Azure::Security::Attestation::AttestSgxEnclaveOptions::RunTimeData
Azure::Nullable< AttestationData > RunTimeData
Data created dynamically within the enclave.
Definition: attestation_client_options.hpp:198
Azure::Security::Attestation::AttestationClientOptions::ApiVersion
std::string ApiVersion
Version to use when communicating with the attestation service.
Definition: attestation_client_options.hpp:97
Azure::Security::Attestation::AttestationAdministrationClientOptions::AttestationAdministrationClientOptions
AttestationAdministrationClientOptions(AttestationTokenValidationOptions const &tokenValidationOptions={})
Construct a new Attestation Client Options object.
Definition: attestation_client_options.hpp:132
Azure::Security::Attestation::AttestationTokenValidationOptions
The AttestationTokenValidationOptions represents a set of options which control how attestation token...
Definition: attestation_client_options.hpp:34
Azure::Security::Attestation::AttestationTokenValidationOptions::ValidateIssuer
bool ValidateIssuer
Controls whether the issuer of the attestation token is checked.
Definition: attestation_client_options.hpp:64
Azure::Security::Attestation::AttestTpmOptions
Parameters sent to the attestation service for the AttestTpm API.
Definition: attestation_client_options.hpp:263
Azure::Security::Attestation::RemoveIsolatedModeCertificateOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:357
Azure::Security::Attestation::AttestationSigningKey::PemEncodedPrivateKey
std::string PemEncodedPrivateKey
A PEM encoded RSA or ECDSA private key which will be used to sign an attestation token.
Definition: attestation_client_options.hpp:283
Azure::Security::Attestation::AttestationAdministrationClientOptions::TokenValidationOptions
AttestationTokenValidationOptions TokenValidationOptions
Options sent when validating tokens received by the attestation service.
Definition: attestation_client_options.hpp:125
Azure::Security::Attestation::AttestationClientOptions
Define the options to create an Attestation client.
Definition: attestation_client_options.hpp:94
Azure::Security::Attestation::AttestOpenEnclaveOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:257
Azure::Security::Attestation::AttestationTokenValidationOptions::TimeValidationSlack
std::chrono::seconds TimeValidationSlack
The slack used when comparing two time elements.
Definition: attestation_client_options.hpp:74
Azure::Security::Attestation::AttestSgxEnclaveOptions::DraftPolicyForAttestation
Azure::Nullable< std::string > DraftPolicyForAttestation
A test hook which allows developers to test attestation policies before they commit them to the servi...
Definition: attestation_client_options.hpp:215
Azure::Security::Attestation::AttestationTokenValidationOptions::ValidateNotBeforeTime
bool ValidateNotBeforeTime
Controls whether or not the attestation token start time is checked.
Definition: attestation_client_options.hpp:58
Azure::Security::Attestation::AttestationDataType
The AttestationDataType represents how the attestation service should interpret the AttestOptions::Ru...
Definition: attestation_client_options.hpp:143
Azure::Security::Attestation::RemoveIsolatedModeCertificateOptions
Parameters sent to the attestation service when removing a policy management certificate.
Definition: attestation_client_options.hpp:351
Azure::Security::Attestation::AttestationData
AttestationData represents a block of data to be sent to the attestation service. See the description...
Definition: attestation_client_options.hpp:176
Azure::Security::Attestation::SetPolicyOptions
Parameters sent to the attestation service when setting an attestation policy.
Definition: attestation_client_options.hpp:308
Azure
Azure SDK abstractions.
Definition: attestation_administration_client.hpp:13
Azure::Security::Attestation::GetPolicyOptions
Parameters sent to the attestation service when retrieving an attestation policy.
Definition: attestation_client_options.hpp:296
Azure::Security::Attestation::AttestationClientOptions::TokenValidationOptions
AttestationTokenValidationOptions TokenValidationOptions
Options sent when validating tokens received by the attestation service.
Definition: attestation_client_options.hpp:102
Azure::Security::Attestation::TokenValidationCallbackFn
std::function< void(Models::AttestationToken< void > const &token, Models::AttestationSigner const &tokenSigner)> TokenValidationCallbackFn
The TokenValidationCallbackFn represents a callback which is called to allow the caller to perform ad...
Definition: attestation_client_options.hpp:29
Azure::Security::Attestation::AttestSgxEnclaveOptions::Nonce
Azure::Nullable< std::string > Nonce
Nonce which is sent to the attestation service to allow a caller to prevent replay attacks.
Definition: attestation_client_options.hpp:209
Azure::Security::Attestation::AttestSgxEnclaveOptions
Parameters sent to the attestation service for the AttestationClient::AttestSgxEnclave API.
Definition: attestation_client_options.hpp:194
Azure::Security::Attestation::AddIsolatedModeCertificateOptions
Parameters sent to the attestation service when adding a new policy management certificate.
Definition: attestation_client_options.hpp:338
dll_import_export.hpp
DLL export macro.
Azure::Security::Attestation::AttestSgxEnclaveOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:222
Azure::Security::Attestation::AttestOpenEnclaveOptions
Parameters sent to the attestation service for the AttestationClient::AttestOpenEnclave API.
Definition: attestation_client_options.hpp:229
Azure::Security::Attestation::Models::AttestationToken
An AttestationResult reflects the result of an Attestation operation.
Definition: attestation_client_models.hpp:280
Azure::Security::Attestation::AttestationDataType::Json
static AZ_ATTESTATION_DLLEXPORT const AttestationDataType Json
When specified, instructs the attestation service to express the runtime data in the generated token ...
Definition: attestation_client_options.hpp:161
Azure::Security::Attestation::AttestationData::Data
std::vector< uint8_t > Data
Data contained within attestation evidence.
Definition: attestation_client_options.hpp:183
Azure::Security::Attestation::AttestationAdministrationClientOptions
Define the options to create an Attestation Administration client.
Definition: attestation_client_options.hpp:119
Azure::Security::Attestation::AttestOpenEnclaveOptions::RunTimeData
Azure::Nullable< AttestationData > RunTimeData
Data created dynamically within the enclave.
Definition: attestation_client_options.hpp:233
Azure::Security::Attestation::AttestationSigningKey::PemEncodedX509Certificate
std::string PemEncodedX509Certificate
A PEM encoded X.509 certificate which will be sent to the attestation service to validate an attestat...
Definition: attestation_client_options.hpp:290
AZ_ATTESTATION_DLLEXPORT
#define AZ_ATTESTATION_DLLEXPORT
Applies DLL export attribute, when applicable.
Definition: dll_import_export.hpp:36
Azure::Security::Attestation::AttestationData::DataType
AttestationDataType DataType
Reflects how the Data field should be represented in the resulting attestation token.
Definition: attestation_client_options.hpp:187
Azure::Security::Attestation::GetIsolatedModeCertificatesOptions
Parameters sent to the attestation service when retrieving the list of policy management certificates...
Definition: attestation_client_options.hpp:325
Azure::Security::Attestation::GetPolicyOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:302
Azure::Security::Attestation::SetPolicyOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:318
Azure::Security::Attestation::AttestationDataType::Binary
static AZ_ATTESTATION_DLLEXPORT const AttestationDataType Binary
When specified, instructs the attestation service to express the runtime data in the generated token ...
Definition: attestation_client_options.hpp:168
Azure::Security::Attestation::GetIsolatedModeCertificatesOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:331
Azure::Security::Attestation::AddIsolatedModeCertificateOptions::TokenValidationOptionsOverride
Azure::Nullable< AttestationTokenValidationOptions > TokenValidationOptionsOverride
Specifies the options which should be used to validate the attestation token returned by the attestat...
Definition: attestation_client_options.hpp:344
Azure::Security::Attestation::AttestationDataType::AttestationDataType
AttestationDataType(std::string dataType)
Construct a new attestation DataType object.
Definition: attestation_client_options.hpp:151
Azure::Security::Attestation::Models::AttestationSigner
An AttestationSigner represents an X .509 certificate and KeyID pair.
Definition: attestation_client_models.hpp:109
Azure::Security::Attestation::AttestationTokenValidationOptions::ExpectedIssuer
std::string ExpectedIssuer
The expected issuer for this attestation token.
Definition: attestation_client_options.hpp:70
Azure::Security::Attestation::AttestOpenEnclaveOptions::Nonce
Azure::Nullable< std::string > Nonce
Nonce which is sent to the attestation service to allow a caller to prevent replay attacks.
Definition: attestation_client_options.hpp:244
Generated by   doxygen 1.8.18