azure.security.attestation.aio package¶
-
class
azure.security.attestation.aio.
AttestationClient
(credential: AsyncTokenCredential, instance_url: str, **kwargs: Any)[source]¶ - An AttestationClient object enables access to the Attestation family of APIs provided
by the attestation service.
- Parameters
instance_url (str) – base url of the service
credential (
AsyncTokenCredential
) – Credentials for the caller used to interact with the service.
- Keyword Arguments
pipeline (AsyncPipelineClient) – If omitted, the standard pipeline is used.
transport (AsyncHttpTransport) – If omitted, the standard pipeline is used.
policies (list[AsyncHTTPPolicy]) – If omitted, the standard pipeline is used.
For additional client creation configuration options, please see https://aka.ms/azsdk/python/options.
-
async
attest_open_enclave
(report: bytes, inittime_data: Optional[azure.security.attestation._models.AttestationData] = None, runtime_data: Optional[azure.security.attestation._models.AttestationData] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.AttestationResult][source]¶ Attests the validity of an Open Enclave report.
- Parameters
report (bytes) – An open_enclave report generated from an Intel(tm) SGX enclave
inittime_data (azure.security.attestation.AttestationData) – Data presented at the time that the SGX enclave was initialized.
runtime_data (azure.security.attestation.AttestationData) – Data presented at the time that the open_enclave report was created.
- Keyword Arguments
draft_policy (str) – “draft” or “experimental” policy to be used with this attestation request. If this parameter is provided, then this policy document will be used for the attestation request. This allows a caller to test various policy documents against actual data before applying the policy document via the set_policy API.
- Returns
Attestation service response encapsulating an
AttestationResult
.- Return type
azure.security.attestation.AttestationResponse[azure.security.attestation.AttestationResult]
Note
Note that if the draft_policy parameter is provided, the resulting attestation token will be an unsecured attestation token.
For additional request configuration options, please see Python Request Options.
-
async
attest_sgx_enclave
(quote: bytes, inittime_data: Optional[azure.security.attestation._models.AttestationData] = None, runtime_data: Optional[azure.security.attestation._models.AttestationData] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.AttestationResult][source]¶ Attests the validity of an SGX quote.
- Parameters
quote (bytes) – An SGX quote generated from an Intel(tm) SGX enclave
inittime_data (azure.security.attestation.AttestationData) – Data presented at the time that the SGX enclave was initialized.
runtime_data (azure.security.attestation.AttestationData) – Data presented at the time that the SGX quote was created.
- Keyword Arguments
draft_policy (str) – “draft” or “experimental” policy to be used with this attestation request. If this parameter is provided, then this policy document will be used for the attestation request. This allows a caller to test various policy documents against actual data before applying the policy document via the set_policy API
- Returns
Attestation service response encapsulating an
AttestationResult
.- Return type
azure.security.attestation.AttestationResponse[azure.security.attestation.AttestationResult]
Note
Note that if the draft_policy parameter is provided, the resulting attestation token will be an unsecured attestation token.
For additional request configuration options, please see Python Request Options.
-
async
attest_tpm
(request: azure.security.attestation._models.TpmAttestationRequest, **kwargs: Any) → azure.security.attestation._models.TpmAttestationResponse[source]¶ Attest a TPM based enclave.
See the TPM Attestation Protocol Reference for more information.
- Parameters
request (azure.security.attestation.TpmAttestationRequest) – Incoming request to send to the TPM attestation service.
- Returns
A structure containing the response from the TPM attestation.
- Return type
-
async
get_openidmetadata
(**kwargs: Any) → Any[source]¶ Retrieves the OpenID metadata configuration document for this attestation instance.
- Returns
OpenId Metadata document for the attestation service instance.
- Return type
Any
-
async
get_signing_certificates
(**kwargs: Any) → List[azure.security.attestation._models.AttestationSigner][source]¶ Returns the set of signing certificates used to sign attestation tokens.
- Returns
A list of
azure.security.attestation.AttestationSigner
objects.- Return type
For additional request configuration options, please see Python Request Options.
-
class
azure.security.attestation.aio.
AttestationAdministrationClient
(credential: AsyncTokenCredential, instance_url: str, **kwargs: Any)[source]¶ Provides administrative APIs for managing an instance of the Attestation Service.
- Parameters
instance_url (str) – base url of the service
credential (
AsyncTokenCredential
) – Credentials for the caller used to interact with the service.
- Keyword Arguments
pipeline (AsyncPipelineClient) – If omitted, the standard pipeline is used.
transport (AsyncHttpTransport) – If omitted, the standard pipeline is used.
policies (list[AsyncHTTPPolicy]) – If omitted, the standard pipeline is used.
For additional client creation configuration options, please see https://aka.ms/azsdk/python/options.
-
async
add_policy_management_certificate
(certificate_to_add: bytes, signing_key: azure.security.attestation._models.AttestationSigningKey, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyCertificatesModificationResult][source]¶ Adds a new policy management certificate to the set of policy management certificates for the instance.
- Parameters
certificate_to_add (bytes) – DER encoded X.509 certificate to add to the list of attestation policy management certificates.
signing_key (azure.security.attestation.AttestationSigningKey) – Signing Key representing one of the existing attestation signing certificates.
- Returns
Attestation service response encapsulating the status of the add request.
- Return type
azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyCertificatesModificationResult]
The
PolicyCertificatesModificationResult
response to theadd_policy_management_certificate()
API contains two attributes of interest.The first is certificate_resolution, which indicates whether the certificate in question is present in the set of policy management certificates after the operation has completed, or if it is absent.
The second is the thumbprint of the certificate added. The thumbprint for the certificate is the SHA1 hash of the DER encoding of the certificate.
-
async
get_policy
(attestation_type, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[str][source]¶ Retrieves the attestation policy for a specified attestation type.
- Parameters
attestation_type (azure.security.attestation.AttestationType) –
azure.security.attestation.AttestationType
for which to retrieve the policy.- Returns
Attestation service response encapsulating a string attestation policy.
- Return type
- Raises
azure.security.attestation.AttestationTokenValidationException – Raised when an attestation token is invalid.
-
async
get_policy_management_certificates
(**kwargs: Any) → AttestationResponse[list[list[bytes]]][source]¶ Retrieves the set of policy management certificates for the instance.
The list of policy management certificates will only be non-empty if the attestation service instance is in Isolated mode.
- Returns
Attestation service response encapsulating a list of DER encoded X.509 certificate chains.
- Return type
azure.security.attestation.AttestationResponse[list[list[bytes]]]
-
async
remove_policy_management_certificate
(certificate_to_add: bytes, signing_key: azure.security.attestation._models.AttestationSigningKey, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyCertificatesModificationResult][source]¶ Removes a new policy management certificate to the set of policy management certificates for the instance.
- Parameters
certificate_to_add (bytes) – DER encoded X.509 certificate to add to the list of attestation policy management certificates.
signing_key (azure.security.attestation.AttestationSigningKey) – Signing Key representing one of the existing attestation signing certificates.
- Returns
Attestation service response encapsulating a list of DER encoded X.509 certificate chains.
- Return type
azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyCertificatesModificationResult]
The
PolicyCertificatesModificationResult
response to theremove_policy_management_certificate()
API contains two attributes of interest.The first is certificate_resolution, which indicates whether the certificate in question is present in the set of policy management certificates after the operation has completed, or if it is absent.
The second is the thumbprint of the certificate added. The thumbprint for the certificate is the SHA1 hash of the DER encoding of the certificate.
-
async
reset_policy
(attestation_type: azure.security.attestation._generated.models._azure_attestation_rest_client_enums.AttestationType, signing_key: Optional[azure.security.attestation._models.AttestationSigningKey] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyResult][source]¶ Resets the attestation policy for the specified attestation type to the default value.
- Parameters
attestation_type (azure.security.attestation.AttestationType) –
azure.security.attestation.AttestationType
for which to set the policy.attestation_policy (str) – Attestation policy to be reset.
signing_key (azure.security.attestation.AttestationSigningKey) – Signing key to be used to sign the policy before sending it to the service.
- Returns
Attestation service response encapsulating a
PolicyResult
.- Return type
azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyResult]
- Raises
azure.security.attestation.AttestationTokenValidationException – Raised when an attestation token is invalid.
Note
If the attestation instance is in Isolated mode, then the signing_key parameter MUST be a signing key containing one of the certificates returned by
get_policy_management_certificates()
.If the attestation instance is in AAD mode, then the signing_key parameter does not need to be provided.
-
async
set_policy
(attestation_type: azure.security.attestation._generated.models._azure_attestation_rest_client_enums.AttestationType, attestation_policy: str, signing_key: Optional[azure.security.attestation._models.AttestationSigningKey] = None, **kwargs: Any) → azure.security.attestation._models.AttestationResponse[azure.security.attestation._models.PolicyResult][source]¶ Sets the attestation policy for the specified attestation type.
- Parameters
attestation_type (azure.security.attestation.AttestationType) –
azure.security.attestation.AttestationType
for which to set the policy.attestation_policy (str) – Attestation policy to be set.
signing_key (azure.security.attestation.AttestationSigningKey) – Signing key to be used to sign the policy before sending it to the service.
- Returns
Attestation service response encapsulating a
PolicyResult
.- Return type
azure.security.attestation.AttestationResponse[azure.security.attestation.PolicyResult]
- Raises
azure.security.attestation.AttestationTokenValidationException – Raised when an attestation token is invalid.
Note
If the attestation instance is in Isolated mode, then the signing_key parameter MUST be a signing key containing one of the certificates returned by
get_policy_management_certificates()
.If the attestation instance is in AAD mode, then the signing_key parameter does not need to be provided.