azure.security.attestation.aio package

class azure.security.attestation.aio.AttestationClient(credential: AsyncTokenCredential, instance_url: str, **kwargs: Any)[source]
An AttestationClient object enables access to the Attestation family of APIs provided

by the attestation service.

Parameters
  • instance_url (str) – base url of the service

  • credential (AsyncTokenCredential) – Credentials for the caller used to interact with the service.

Keyword Arguments
  • pipeline (AsyncPipelineClient) – If omitted, the standard pipeline is used.

  • transport (AsyncHttpTransport) – If omitted, the standard pipeline is used.

  • policies (list[AsyncHTTPPolicy]) – If omitted, the standard pipeline is used.

For additional client creation configuration options, please see https://aka.ms/azsdk/python/options.

async attest_open_enclave(report: bytes, inittime_data: Optional[azure.security.attestation._models.AttestationData] = None, runtime_data: Optional[azure.security.attestation._models.AttestationData] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.AttestationResult][source]

Attests the validity of an Open Enclave report.

Parameters
Keyword Arguments

draft_policy (str) – “draft” or “experimental” policy to be used with this attestation request. If this parameter is provided, then this policy document will be used for the attestation request. This allows a caller to test various policy documents against actual data before applying the policy document via the set_policy API.

Returns

Attestation service response encapsulating an AttestationResult.

Return type

azure.security.attestation.AttestationResponse[azure.security.attestation.AttestationResult]

Note

Note that if the draft_policy parameter is provided, the resulting attestation token will be an unsecured attestation token.

For additional request configuration options, please see Python Request Options.

async attest_sgx_enclave(quote: bytes, inittime_data: Optional[azure.security.attestation._models.AttestationData] = None, runtime_data: Optional[azure.security.attestation._models.AttestationData] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.AttestationResult][source]

Attests the validity of an SGX quote.

Parameters
Keyword Arguments

draft_policy (str) – “draft” or “experimental” policy to be used with this attestation request. If this parameter is provided, then this policy document will be used for the attestation request. This allows a caller to test various policy documents against actual data before applying the policy document via the set_policy API

Returns

Attestation service response encapsulating an AttestationResult.

Return type

azure.security.attestation.AttestationResponse[azure.security.attestation.AttestationResult]

Note

Note that if the draft_policy parameter is provided, the resulting attestation token will be an unsecured attestation token.

For additional request configuration options, please see Python Request Options.

async attest_tpm(request: azure.security.attestation._models.TpmAttestationRequest, **kwargs: Any) → azure.security.attestation._models.TpmAttestationResponse[source]

Attest a TPM based enclave.

See the TPM Attestation Protocol Reference for more information.

Parameters

request (azure.security.attestation.TpmAttestationRequest) – Incoming request to send to the TPM attestation service.

Returns

A structure containing the response from the TPM attestation.

Return type

azure.security.attestation.TpmAttestationResponse

async close()None[source]
async get_openidmetadata(**kwargs: Any) → Any[source]

Retrieves the OpenID metadata configuration document for this attestation instance.

Returns

OpenId Metadata document for the attestation service instance.

Return type

Any

async get_signing_certificates(**kwargs: Any) → List[azure.security.attestation._models.AttestationSigner][source]

Returns the set of signing certificates used to sign attestation tokens.

Returns

A list of azure.security.attestation.AttestationSigner objects.

Return type

list[azure.security.attestation.AttestationSigner]

For additional request configuration options, please see Python Request Options.

class azure.security.attestation.aio.AttestationAdministrationClient(credential: AsyncTokenCredential, instance_url: str, **kwargs: Any)[source]

Provides administrative APIs for managing an instance of the Attestation Service.

Parameters
  • instance_url (str) – base url of the service

  • credential (AsyncTokenCredential) – Credentials for the caller used to interact with the service.

Keyword Arguments
  • pipeline (AsyncPipelineClient) – If omitted, the standard pipeline is used.

  • transport (AsyncHttpTransport) – If omitted, the standard pipeline is used.

  • policies (list[AsyncHTTPPolicy]) – If omitted, the standard pipeline is used.

For additional client creation configuration options, please see https://aka.ms/azsdk/python/options.

async add_policy_management_certificate(certificate_to_add: bytes, signing_key: azure.security.attestation._models.AttestationSigningKey, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyCertificatesModificationResult][source]

Adds a new policy management certificate to the set of policy management certificates for the instance.

Parameters
  • certificate_to_add (bytes) – DER encoded X.509 certificate to add to the list of attestation policy management certificates.

  • signing_key (azure.security.attestation.AttestationSigningKey) – Signing Key representing one of the existing attestation signing certificates.

Returns

Attestation service response encapsulating the status of the add request.

Return type

azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyCertificatesModificationResult]

The PolicyCertificatesModificationResult response to the add_policy_management_certificate() API contains two attributes of interest.

The first is certificate_resolution, which indicates whether the certificate in question is present in the set of policy management certificates after the operation has completed, or if it is absent.

The second is the thumbprint of the certificate added. The thumbprint for the certificate is the SHA1 hash of the DER encoding of the certificate.

async close()None[source]
async get_policy(attestation_type, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[str][source]

Retrieves the attestation policy for a specified attestation type.

Parameters

attestation_type (azure.security.attestation.AttestationType) – azure.security.attestation.AttestationType for which to retrieve the policy.

Returns

Attestation service response encapsulating a string attestation policy.

Return type

azure.security.attestation.AttestationResponse[str]

Raises

azure.security.attestation.AttestationTokenValidationException – Raised when an attestation token is invalid.

async get_policy_management_certificates(**kwargs: Any) → AttestationResponse[list[list[bytes]]][source]

Retrieves the set of policy management certificates for the instance.

The list of policy management certificates will only be non-empty if the attestation service instance is in Isolated mode.

Returns

Attestation service response encapsulating a list of DER encoded X.509 certificate chains.

Return type

azure.security.attestation.AttestationResponse[list[list[bytes]]]

async remove_policy_management_certificate(certificate_to_add: bytes, signing_key: azure.security.attestation._models.AttestationSigningKey, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyCertificatesModificationResult][source]

Removes a new policy management certificate to the set of policy management certificates for the instance.

Parameters
  • certificate_to_add (bytes) – DER encoded X.509 certificate to add to the list of attestation policy management certificates.

  • signing_key (azure.security.attestation.AttestationSigningKey) – Signing Key representing one of the existing attestation signing certificates.

Returns

Attestation service response encapsulating a list of DER encoded X.509 certificate chains.

Return type

azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyCertificatesModificationResult]

The PolicyCertificatesModificationResult response to the remove_policy_management_certificate() API contains two attributes of interest.

The first is certificate_resolution, which indicates whether the certificate in question is present in the set of policy management certificates after the operation has completed, or if it is absent.

The second is the thumbprint of the certificate added. The thumbprint for the certificate is the SHA1 hash of the DER encoding of the certificate.

async reset_policy(attestation_type: azure.security.attestation._generated.models._azure_attestation_rest_client_enums.AttestationType, signing_key: Optional[azure.security.attestation._models.AttestationSigningKey] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyResult][source]

Resets the attestation policy for the specified attestation type to the default value.

Parameters
Returns

Attestation service response encapsulating a PolicyResult.

Return type

azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyResult]

Raises

azure.security.attestation.AttestationTokenValidationException – Raised when an attestation token is invalid.

Note

If the attestation instance is in Isolated mode, then the signing_key parameter MUST be a signing key containing one of the certificates returned by get_policy_management_certificates().

If the attestation instance is in AAD mode, then the signing_key parameter does not need to be provided.

async set_policy(attestation_type: azure.security.attestation._generated.models._azure_attestation_rest_client_enums.AttestationType, attestation_policy: str, signing_key: Optional[azure.security.attestation._models.AttestationSigningKey] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyResult][source]

Sets the attestation policy for the specified attestation type.

Parameters
Returns

Attestation service response encapsulating a PolicyResult.

Return type

azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyResult]

Raises

azure.security.attestation.AttestationTokenValidationException – Raised when an attestation token is invalid.

Note

If the attestation instance is in Isolated mode, then the signing_key parameter MUST be a signing key containing one of the certificates returned by get_policy_management_certificates().

If the attestation instance is in AAD mode, then the signing_key parameter does not need to be provided.