|
| AttestationAdministrationClient (AttestationAdministrationClient const &attestationClient)=default |
| Construct a new Attestation Administration Client object from another attestation administration client. More...
|
|
virtual | ~AttestationAdministrationClient ()=default |
| Destructor. More...
|
|
std::string const | Endpoint () const |
| Returns the Endpoint which the client is communicating with. More...
|
|
Response< Models::AttestationToken< std::string > > | GetAttestationPolicy (Models::AttestationType const &attestationType, GetPolicyOptions const &options=GetPolicyOptions{}, Azure::Core::Context const &context=Azure::Core::Context{}) const |
| Retrieves an Attestation Policy from the service. More...
|
|
Response< Models::AttestationToken< Models::PolicyResult > > | SetAttestationPolicy (Models::AttestationType const &attestationType, std::string const &policyToSet, SetPolicyOptions const &options=SetPolicyOptions{}, Azure::Core::Context const &context=Azure::Core::Context{}) const |
| Sets the attestation policy for the specified AttestationType. More...
|
|
Response< Models::AttestationToken< Models::PolicyResult > > | ResetAttestationPolicy (Models::AttestationType const &attestationType, SetPolicyOptions const &options=SetPolicyOptions{}, Azure::Core::Context const &context=Azure::Core::Context{}) const |
| Resets the attestation policy for the specified AttestationType to its default. More...
|
|
Models::AttestationToken< void > | CreateAttestationPolicyToken (Azure::Nullable< std::string > const &policyToSet, Azure::Nullable< AttestationSigningKey > const &signingKey={}) const |
| Returns an Attestation Token object which would be sent to the attestation service to set or reset an attestation policy. More...
|
|
Response< Models::AttestationToken< Models::IsolatedModeCertificateListResult > > | GetIsolatedModeCertificates (GetIsolatedModeCertificatesOptions const &options=GetIsolatedModeCertificatesOptions{}, Azure::Core::Context const &context=Azure::Core::Context{}) const |
| Retrieves the list of isolated mode management certificates. More...
|
|
Response< Models::AttestationToken< Models::IsolatedModeCertificateModificationResult > > | AddIsolatedModeCertificate (std::string const &pemEncodedCertificateToAdd, AttestationSigningKey const &signerForRequest, AddIsolatedModeCertificateOptions const &options=AddIsolatedModeCertificateOptions{}, Azure::Core::Context const &context=Azure::Core::Context{}) const |
| Adds a new certificate to the list of policy management certificates. More...
|
|
Response< Models::AttestationToken< Models::IsolatedModeCertificateModificationResult > > | RemoveIsolatedModeCertificate (std::string const &pemEncodedCertificateToAdd, AttestationSigningKey const &signerForRequest, RemoveIsolatedModeCertificateOptions const &options=RemoveIsolatedModeCertificateOptions{}, Azure::Core::Context const &context=Azure::Core::Context{}) const |
| Removes a certificate from the list of policy management certificates for the instance. More...
|
|
- Note
- : Attestation administration APIs cannot be used on shared attestation service instances.
The Administration family of APIs provide APIs to manage:
- Attestation policies.
- Attestation policy management certificates (Isolated attestation service instances only).
There are three flavors of attestation service instances:
- Shared Mode
- AAD Mode
- Isolated Mode
Shared mode attestation service instances do not allow any administration actions at all. They exist to allow customers to perform attestation operations without requiring any customizations.
AAD Mode instances allow customers to modify attestation policies. When the attestation instance is in AAD mode, the creator of the instance indicates that they trust ARM RBAC and Microsoft AAD to validate client connections to the service. As such, additional proof of authorization is not required for administrative operations.
To verify that the attestation service received the attestation policy, the service returns the SHA256 hash of the policy token which was sent ot the service. To simplify the customer experience of interacting with the SetAttestationPolicy and ResetAttestationPolicy APIs, CreateSetAttestationPolicyToken API will generate the same token that would be send to the service.
To ensure that the token which was sent from the client matches the token which was received by the attestation service, the customer can call CreateSetAttestationPolicyToken and then generate the SHA256 of that token and compare it with the value returned by the service - the two hash values should be identical.
- Parameters
-
policyToSet | The policy document to set. |
signingKey | Optional Attestation Signing Key to be used to sign the policy. |
- Returns
- Models::AttestationToken<void> Attestation token which would be sent to the attestation service based on this signing key.
- Note
- : If policyToSet is null, then this generates a policy reset token.
The SetAttestationPolicy API sets the attestation policy for the specified attestationType to the value specified.
The result of a SetAttestationPolicy API call is a PolicyResult object, which contains the result of the operation, the hash of the AttestationToken object sent to the service, and (if the SetPolicyOptions contains a SigningKey
field) the certificate which was used to sign the attestation policy.
Note that the hash of the AttestationToken is not immediately derivable from the inputs to this function - the function calls the CreateAttestationPolicyToken to create the underlying token which will be sent to the service.
In order to verify that the attestation service correctly received the attestation policy sent by the client, the caller of the SetAttestationPolicy can also call CreateAttestationPolicyToken and calculate the SHA256 hash of the RawToken field and check to ensure that it matches the value returned by the service.
- Parameters
-
attestationType | Sets the policy on the specified AttestationType. |
policyToSet | The policy document to set. |
options | Options used when setting the policy, including signer. |
context | User defined context for the operation. |
- Returns
- Response<Models::AttestationToken<Models::PolicyResult>> The result of the set policy operation.