attestation

package
v0.20240212.1092743 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2024 License: MPL-2.0 Imports: 7 Imported by: 0

Documentation

Overview

Package attestation implements the Azure ARM Attestation service API version 2022-08-01.

Describes the interface for the per-tenant enclave service.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func UserAgent 

func UserAgent() string

UserAgent returns the UserAgent string to use when sending http.Requests.

func Version 

func Version() string

Version returns the semantic version (see http://semver.org) of the client.

Types

type AttestOpenEnclaveRequest 

type AttestOpenEnclaveRequest struct {
	// Report - OpenEnclave report from the enclave to be attested (a URL-encoded base64 string)
	Report *string `json:"report,omitempty"`
	// RuntimeData - Runtime data provided by the enclave at the time of report generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
	RuntimeData *RuntimeData `json:"runtimeData,omitempty"`
	// InitTimeData - Base64Url encoded "InitTime data". The MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
	InitTimeData *InitTimeData `json:"initTimeData,omitempty"`
	// DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated.
	DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"`
	// Nonce - Nonce for incoming request - emitted in the generated attestation token
	Nonce *string `json:"nonce,omitempty"`
}

AttestOpenEnclaveRequest attestation request for Intel SGX enclaves

type AttestSevSnpVMRequest 

type AttestSevSnpVMRequest struct {
	// Report - Hardware rooted report of the virtual machine being attested along with the signing certificate chain and optionally, additional endorsements
	Report *string `json:"report,omitempty"`
	// RuntimeData - Runtime data provided by the enclave at the time of report generation. The MAA will verify that the run time data is known to the attestation target.
	RuntimeData *RuntimeData `json:"runtimeData,omitempty"`
	// InitTimeData - Initialization data provided by the enclave at the time of report generation. The MAA will verify that the init time data is known to the attestation target.
	InitTimeData *InitTimeData `json:"initTimeData,omitempty"`
	// DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated.
	DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"`
	// Nonce - Nonce for incoming request - emitted in the generated attestation token
	Nonce *string `json:"nonce,omitempty"`
}

AttestSevSnpVMRequest attestation request for AMD SEV SNP Virtual Machine

type AttestSgxEnclaveRequest 

type AttestSgxEnclaveRequest struct {
	// Quote - Quote of the enclave to be attested (a URL-encoded base64 string)
	Quote *string `json:"quote,omitempty"`
	// RuntimeData - Runtime data provided by the enclave at the time of quote generation. The MAA will verify that the first 32 bytes of the report_data field of the quote contains the SHA256 hash of the decoded "data" field of the runtime data.
	RuntimeData *RuntimeData `json:"runtimeData,omitempty"`
	// InitTimeData - Initialization data provided when the enclave is created. MAA will verify that the init data was known to the enclave. Note that InitTimeData is invalid for CoffeeLake processors.
	InitTimeData *InitTimeData `json:"initTimeData,omitempty"`
	// DraftPolicyForAttestation - Attest against the provided draft policy. Note that the resulting token cannot be validated.
	DraftPolicyForAttestation *string `json:"draftPolicyForAttestation,omitempty"`
	// Nonce - Nonce for incoming request - emitted in the generated attestation token
	Nonce *string `json:"nonce,omitempty"`
}

AttestSgxEnclaveRequest attestation request for Intel SGX enclaves

type BaseClient 

type BaseClient struct {
	autorest.Client
}

BaseClient is the base client for Attestation.

func New 

func New() BaseClient

New creates an instance of the BaseClient client.

func NewWithoutDefaults 

func NewWithoutDefaults() BaseClient

NewWithoutDefaults creates an instance of the BaseClient client.

type CertificateManagementBody 

type CertificateManagementBody struct {
	// PolicyCertificate - RFC 7517 Json Web Key describing the certificate.
	PolicyCertificate *JSONWebKey `json:"policyCertificate,omitempty"`
}

CertificateManagementBody the body of the JWT used for the PolicyCertificates APIs

type CertificateModification 

type CertificateModification string

CertificateModification enumerates the values for certificate modification. 

const (
	// CertificateModificationIsAbsent After the operation was performed, the certificate is no longer present
	// in the set of certificates.
	CertificateModificationIsAbsent CertificateModification = "IsAbsent"
	// CertificateModificationIsPresent After the operation was performed, the certificate is in the set of
	// certificates.
	CertificateModificationIsPresent CertificateModification = "IsPresent"
)

func PossibleCertificateModificationValues 

func PossibleCertificateModificationValues() []CertificateModification

PossibleCertificateModificationValues returns an array of possible values for the CertificateModification const type.

type Client 

type Client struct {
	BaseClient
}

Client is the describes the interface for the per-tenant enclave service.

func NewClient 

func NewClient() Client

NewClient creates an instance of the Client client.

func (Client) AttestOpenEnclave 

func (client Client) AttestOpenEnclave(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (result Response, err error)

AttestOpenEnclave processes an OpenEnclave report , producing an artifact. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote

func (Client) AttestOpenEnclavePreparer 

func (client Client) AttestOpenEnclavePreparer(ctx context.Context, instanceURL string, request AttestOpenEnclaveRequest) (*http.Request, error)

AttestOpenEnclavePreparer prepares the AttestOpenEnclave request.

func (Client) AttestOpenEnclaveResponder 

func (client Client) AttestOpenEnclaveResponder(resp *http.Response) (result Response, err error)

AttestOpenEnclaveResponder handles the response to the AttestOpenEnclave request. The method always closes the http.Response Body.

func (Client) AttestOpenEnclaveSender 

func (client Client) AttestOpenEnclaveSender(req *http.Request) (*http.Response, error)

AttestOpenEnclaveSender sends the AttestOpenEnclave request. The method will close the http.Response Body if it receives an error.

func (Client) AttestSevSnpVM 

func (client Client) AttestSevSnpVM(ctx context.Context, instanceURL string, request AttestSevSnpVMRequest) (result Response, err error)

AttestSevSnpVM processes a SEV SNP Boot chain. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote

func (Client) AttestSevSnpVMPreparer 

func (client Client) AttestSevSnpVMPreparer(ctx context.Context, instanceURL string, request AttestSevSnpVMRequest) (*http.Request, error)

AttestSevSnpVMPreparer prepares the AttestSevSnpVM request.

func (Client) AttestSevSnpVMResponder 

func (client Client) AttestSevSnpVMResponder(resp *http.Response) (result Response, err error)

AttestSevSnpVMResponder handles the response to the AttestSevSnpVM request. The method always closes the http.Response Body.

func (Client) AttestSevSnpVMSender 

func (client Client) AttestSevSnpVMSender(req *http.Request) (*http.Response, error)

AttestSevSnpVMSender sends the AttestSevSnpVM request. The method will close the http.Response Body if it receives an error.

func (Client) AttestSgxEnclave 

func (client Client) AttestSgxEnclave(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (result Response, err error)

AttestSgxEnclave processes an SGX enclave quote, producing an artifact. The type of artifact produced is dependent upon attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object containing the quote

func (Client) AttestSgxEnclavePreparer 

func (client Client) AttestSgxEnclavePreparer(ctx context.Context, instanceURL string, request AttestSgxEnclaveRequest) (*http.Request, error)

AttestSgxEnclavePreparer prepares the AttestSgxEnclave request.

func (Client) AttestSgxEnclaveResponder 

func (client Client) AttestSgxEnclaveResponder(resp *http.Response) (result Response, err error)

AttestSgxEnclaveResponder handles the response to the AttestSgxEnclave request. The method always closes the http.Response Body.

func (Client) AttestSgxEnclaveSender 

func (client Client) AttestSgxEnclaveSender(req *http.Request) (*http.Response, error)

AttestSgxEnclaveSender sends the AttestSgxEnclave request. The method will close the http.Response Body if it receives an error.

func (Client) AttestTpm 

func (client Client) AttestTpm(ctx context.Context, instanceURL string, request TpmAttestationRequest) (result TpmAttestationResponse, err error)

AttestTpm processes attestation evidence from a VBS enclave, producing an attestation result. The attestation result produced is dependent upon the attestation policy. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. request - request object

func (Client) AttestTpmPreparer 

func (client Client) AttestTpmPreparer(ctx context.Context, instanceURL string, request TpmAttestationRequest) (*http.Request, error)

AttestTpmPreparer prepares the AttestTpm request.

func (Client) AttestTpmResponder 

func (client Client) AttestTpmResponder(resp *http.Response) (result TpmAttestationResponse, err error)

AttestTpmResponder handles the response to the AttestTpm request. The method always closes the http.Response Body.

func (Client) AttestTpmSender 

func (client Client) AttestTpmSender(req *http.Request) (*http.Response, error)

AttestTpmSender sends the AttestTpm request. The method will close the http.Response Body if it receives an error.

type CloudError 

type CloudError struct {
	Error *CloudErrorBody `json:"error,omitempty"`
}

CloudError an error response from Attestation.

type CloudErrorBody 

type CloudErrorBody struct {
	// Code - An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
	Code *string `json:"code,omitempty"`
	// Message - A message describing the error, intended to be suitable for displaying in a user interface.
	Message *string `json:"message,omitempty"`
}

CloudErrorBody an error response from Attestation.

type DataType 

type DataType string

DataType enumerates the values for data type. 

const (
	// DataTypeBinary The field's content should be treated as binary and not interpreted by MAA.
	DataTypeBinary DataType = "Binary"
	// DataTypeJSON The field's content should be treated as UTF-8 JSON text that may be further interpreted by
	// MAA. Refer to RFC 8259 for a description of JSON serialization standards for interoperability.
	DataTypeJSON DataType = "JSON"
)

func PossibleDataTypeValues 

func PossibleDataTypeValues() []DataType

PossibleDataTypeValues returns an array of possible values for the DataType const type.

type InitTimeData 

type InitTimeData struct {
	// Data - Initialization time data are passed into the Trusted Execution Environment (TEE) when it is created. For an Icelake SGX quote, the SHA256 hash of the InitTimeData must match the lower 32 bytes of the quote's "config id" attribute. For a SEV-SNP quote, the SHA256 hash of the InitTimeData must match the quote's "host data" attribute. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
	// DataType - The type of data contained within the "data" field. Possible values include: 'DataTypeBinary', 'DataTypeJSON'
	DataType DataType `json:"dataType,omitempty"`
}

InitTimeData initialization time data are a conduit for any configuration information that is unknown when building the Trusted Execution Environment (TEE) and is defined at TEE launch time. This data can be used with confidential container or VM scenarios to capture configuration settings such as disk volume content, network configuration, etc.

type JSONWebKey 

type JSONWebKey struct {
	// Alg - The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	Alg *string `json:"alg,omitempty"`
	// Crv - The "crv" (curve) parameter identifies the curve type
	Crv *string `json:"crv,omitempty"`
	// D - RSA private exponent or ECC private key
	D *string `json:"d,omitempty"`
	// Dp - RSA Private Key Parameter
	Dp *string `json:"dp,omitempty"`
	// Dq - RSA Private Key Parameter
	Dq *string `json:"dq,omitempty"`
	// E - RSA public exponent, in Base64
	E *string `json:"e,omitempty"`
	// K - Symmetric key
	K *string `json:"k,omitempty"`
	// Kid - The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	Kid *string `json:"kid,omitempty"`
	// Kty - The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	Kty *string `json:"kty,omitempty"`
	// N - RSA modulus, in Base64
	N *string `json:"n,omitempty"`
	// P - RSA secret prime
	P *string `json:"p,omitempty"`
	// Q - RSA secret prime, with p < q
	Q *string `json:"q,omitempty"`
	// Qi - RSA Private Key Parameter
	Qi *string `json:"qi,omitempty"`
	// Use - Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	Use *string `json:"use,omitempty"`
	// X - X coordinate for the Elliptic Curve point
	X *string `json:"x,omitempty"`
	// X5c - The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c *[]string `json:"x5c,omitempty"`
	// Y - Y coordinate for the Elliptic Curve point
	Y *string `json:"y,omitempty"`
}

JSONWebKey ...

type JSONWebKeySet 

type JSONWebKeySet struct {
	autorest.Response `json:"-"`
	// Keys - The value of the "keys" parameter is an array of JWK values.  By
	// default, the order of the JWK values within the array does not imply
	// an order of preference among them, although applications of JWK Sets
	// can choose to assign a meaning to the order for their purposes, if
	// desired.
	Keys *[]JSONWebKey `json:"keys,omitempty"`
}

JSONWebKeySet ...

type MetadataConfigurationClient 

type MetadataConfigurationClient struct {
	BaseClient
}

MetadataConfigurationClient is the describes the interface for the per-tenant enclave service.

func NewMetadataConfigurationClient 

func NewMetadataConfigurationClient() MetadataConfigurationClient

NewMetadataConfigurationClient creates an instance of the MetadataConfigurationClient client.

func (MetadataConfigurationClient) Get 

func (client MetadataConfigurationClient) Get(ctx context.Context, instanceURL string) (result OpenIDConfigurationResponse, err error)

Get retrieves metadata about the attestation signing keys in use by the attestation service Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.

func (MetadataConfigurationClient) GetPreparer 

func (client MetadataConfigurationClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)

GetPreparer prepares the Get request.

func (MetadataConfigurationClient) GetResponder 

func (client MetadataConfigurationClient) GetResponder(resp *http.Response) (result OpenIDConfigurationResponse, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (MetadataConfigurationClient) GetSender 

func (client MetadataConfigurationClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type OpenIDConfigurationResponse 

type OpenIDConfigurationResponse struct {
	autorest.Response `json:"-"`
	// ResponseTypesSupported - Types supported in the OpenID metadata API
	ResponseTypesSupported *[]string `json:"response_types_supported,omitempty"`
	// IDTokenSigningAlgValuesSupported - List of the supported signing algorithms
	IDTokenSigningAlgValuesSupported *[]string `json:"id_token_signing_alg_values_supported,omitempty"`
	// RevocationEndpoint - Revocation endpoint
	RevocationEndpoint *string `json:"revocation_endpoint,omitempty"`
	// Issuer - Issuer tenant base endpoint
	Issuer *string `json:"issuer,omitempty"`
	// JwksURI - The URI to retrieve the signing keys
	JwksURI *string `json:"jwks_uri,omitempty"`
	// ClaimsSupported - Set of claims supported by the OpenID metadata endpoint
	ClaimsSupported *[]string `json:"claims_supported,omitempty"`
}

OpenIDConfigurationResponse the response to the OpenID metadata description document API

type PolicyCertificatesClient 

type PolicyCertificatesClient struct {
	BaseClient
}

PolicyCertificatesClient is the describes the interface for the per-tenant enclave service.

func NewPolicyCertificatesClient 

func NewPolicyCertificatesClient() PolicyCertificatesClient

NewPolicyCertificatesClient creates an instance of the PolicyCertificatesClient client.

func (PolicyCertificatesClient) Add 

func (client PolicyCertificatesClient) Add(ctx context.Context, instanceURL string, policyCertificateToAdd string) (result PolicyCertificatesModifyResponse, err error)

Add sends the add request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. policyCertificateToAdd - an RFC7519 JSON Web Token whose body is an RFC7517 JSON Web Key object. The RFC7519 JWT must be signed with one of the existing signing certificates

func (PolicyCertificatesClient) AddPreparer 

func (client PolicyCertificatesClient) AddPreparer(ctx context.Context, instanceURL string, policyCertificateToAdd string) (*http.Request, error)

AddPreparer prepares the Add request.

func (PolicyCertificatesClient) AddResponder 

func (client PolicyCertificatesClient) AddResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)

AddResponder handles the response to the Add request. The method always closes the http.Response Body.

func (PolicyCertificatesClient) AddSender 

func (client PolicyCertificatesClient) AddSender(req *http.Request) (*http.Response, error)

AddSender sends the Add request. The method will close the http.Response Body if it receives an error.

func (PolicyCertificatesClient) Get 

func (client PolicyCertificatesClient) Get(ctx context.Context, instanceURL string) (result PolicyCertificatesResponse, err error)

Get sends the get request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.

func (PolicyCertificatesClient) GetPreparer 

func (client PolicyCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)

GetPreparer prepares the Get request.

func (PolicyCertificatesClient) GetResponder 

func (client PolicyCertificatesClient) GetResponder(resp *http.Response) (result PolicyCertificatesResponse, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (PolicyCertificatesClient) GetSender 

func (client PolicyCertificatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (PolicyCertificatesClient) Remove 

func (client PolicyCertificatesClient) Remove(ctx context.Context, instanceURL string, policyCertificateToRemove string) (result PolicyCertificatesModifyResponse, err error)

Remove sends the remove request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. policyCertificateToRemove - an RFC7519 JSON Web Token whose body is an AttestationCertificateManagementBody object. The RFC7519 JWT must be signed with one of the existing signing certificates

func (PolicyCertificatesClient) RemovePreparer 

func (client PolicyCertificatesClient) RemovePreparer(ctx context.Context, instanceURL string, policyCertificateToRemove string) (*http.Request, error)

RemovePreparer prepares the Remove request.

func (PolicyCertificatesClient) RemoveResponder 

func (client PolicyCertificatesClient) RemoveResponder(resp *http.Response) (result PolicyCertificatesModifyResponse, err error)

RemoveResponder handles the response to the Remove request. The method always closes the http.Response Body.

func (PolicyCertificatesClient) RemoveSender 

func (client PolicyCertificatesClient) RemoveSender(req *http.Request) (*http.Response, error)

RemoveSender sends the Remove request. The method will close the http.Response Body if it receives an error.

type PolicyCertificatesModificationResult 

type PolicyCertificatesModificationResult struct {
	// CertificateThumbprint - Hex encoded SHA1 Hash of the binary representation certificate which was added or removed
	CertificateThumbprint *string `json:"x-ms-certificate-thumbprint,omitempty"`
	// CertificateResolution - The result of the operation. Possible values include: 'CertificateModificationIsPresent', 'CertificateModificationIsAbsent'
	CertificateResolution CertificateModification `json:"x-ms-policycertificates-result,omitempty"`
}

PolicyCertificatesModificationResult the result of a policy certificate modification

type PolicyCertificatesModifyResponse 

type PolicyCertificatesModifyResponse struct {
	autorest.Response `json:"-"`
	// Token - An RFC7519 JSON Web Token structure whose body is a PolicyCertificatesModificationResult object.
	Token *string `json:"token,omitempty"`
}

PolicyCertificatesModifyResponse the response to an attestation policy management API

type PolicyCertificatesResponse 

type PolicyCertificatesResponse struct {
	autorest.Response `json:"-"`
	// Token - An RFC7519 JSON Web Token structure containing a PolicyCertificatesResults object which contains the certificates used to validate policy changes
	Token *string `json:"token,omitempty"`
}

PolicyCertificatesResponse the response to an attestation policy management API

type PolicyCertificatesResult 

type PolicyCertificatesResult struct {
	// PolicyCertificates - SHA256 Hash of the binary representation certificate which was added or removed
	PolicyCertificates *JSONWebKeySet `json:"x-ms-policy-certificates,omitempty"`
}

PolicyCertificatesResult the result of a call to retrieve policy certificates.

type PolicyClient 

type PolicyClient struct {
	BaseClient
}

PolicyClient is the describes the interface for the per-tenant enclave service.

func NewPolicyClient 

func NewPolicyClient() PolicyClient

NewPolicyClient creates an instance of the PolicyClient client.

func (PolicyClient) Get 

func (client PolicyClient) Get(ctx context.Context, instanceURL string, attestationType Type) (result PolicyResponse, err error)

Get sends the get request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence

func (PolicyClient) GetPreparer 

func (client PolicyClient) GetPreparer(ctx context.Context, instanceURL string, attestationType Type) (*http.Request, error)

GetPreparer prepares the Get request.

func (PolicyClient) GetResponder 

func (client PolicyClient) GetResponder(resp *http.Response) (result PolicyResponse, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (PolicyClient) GetSender 

func (client PolicyClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

func (PolicyClient) Reset 

func (client PolicyClient) Reset(ctx context.Context, instanceURL string, attestationType Type, policyJws string) (result PolicyResponse, err error)

Reset sends the reset request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence policyJws - JSON Web Signature with an empty policy document

func (PolicyClient) ResetPreparer 

func (client PolicyClient) ResetPreparer(ctx context.Context, instanceURL string, attestationType Type, policyJws string) (*http.Request, error)

ResetPreparer prepares the Reset request.

func (PolicyClient) ResetResponder 

func (client PolicyClient) ResetResponder(resp *http.Response) (result PolicyResponse, err error)

ResetResponder handles the response to the Reset request. The method always closes the http.Response Body.

func (PolicyClient) ResetSender 

func (client PolicyClient) ResetSender(req *http.Request) (*http.Response, error)

ResetSender sends the Reset request. The method will close the http.Response Body if it receives an error.

func (PolicyClient) Set 

func (client PolicyClient) Set(ctx context.Context, instanceURL string, attestationType Type, newAttestationPolicy string) (result PolicyResponse, err error)

Set sends the set request. Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net. attestationType - specifies the trusted execution environment to be used to validate the evidence newAttestationPolicy - JWT Expressing the new policy whose body is a StoredAttestationPolicy object.

func (PolicyClient) SetPreparer 

func (client PolicyClient) SetPreparer(ctx context.Context, instanceURL string, attestationType Type, newAttestationPolicy string) (*http.Request, error)

SetPreparer prepares the Set request.

func (PolicyClient) SetResponder 

func (client PolicyClient) SetResponder(resp *http.Response) (result PolicyResponse, err error)

SetResponder handles the response to the Set request. The method always closes the http.Response Body.

func (PolicyClient) SetSender 

func (client PolicyClient) SetSender(req *http.Request) (*http.Response, error)

SetSender sends the Set request. The method will close the http.Response Body if it receives an error.

type PolicyModification 

type PolicyModification string

PolicyModification enumerates the values for policy modification. 

const (
	// PolicyModificationRemoved The specified policy object was removed.
	PolicyModificationRemoved PolicyModification = "Removed"
	// PolicyModificationUpdated The specified policy object was updated.
	PolicyModificationUpdated PolicyModification = "Updated"
)

func PossiblePolicyModificationValues 

func PossiblePolicyModificationValues() []PolicyModification

PossiblePolicyModificationValues returns an array of possible values for the PolicyModification const type.

type PolicyResponse 

type PolicyResponse struct {
	autorest.Response `json:"-"`
	// Token - An RFC7519 JSON Web Token structure whose body is an PolicyResult object.
	Token *string `json:"token,omitempty"`
}

PolicyResponse the response to an attestation policy operation

type PolicyResult 

type PolicyResult struct {
	// PolicyResolution - The result of the operation. Possible values include: 'PolicyModificationUpdated', 'PolicyModificationRemoved'
	PolicyResolution PolicyModification `json:"x-ms-policy-result,omitempty"`
	// PolicyTokenHash - The SHA256 hash of the policy object modified (a URL-encoded base64 string)
	PolicyTokenHash *string `json:"x-ms-policy-token-hash,omitempty"`
	// PolicySigner - The certificate used to sign the policy object, if specified
	PolicySigner *JSONWebKey `json:"x-ms-policy-signer,omitempty"`
	// Policy - A JSON Web Token containing a StoredAttestationPolicy object with the attestation policy
	Policy *string `json:"x-ms-policy,omitempty"`
}

PolicyResult the result of a policy certificate modification

type Response 

type Response struct {
	autorest.Response `json:"-"`
	// Token - An RFC 7519 JSON Web Token, the body of which is an AttestationResult object.
	Token *string `json:"token,omitempty"`
}

Response the result of an attestation operation

type Result 

type Result struct {
	// Jti - Unique Identifier for the token
	Jti *string `json:"jti,omitempty"`
	// Iss - The Principal who issued the token
	Iss *string `json:"iss,omitempty"`
	// Iat - The time at which the token was issued, in the number of seconds since 1970-01-0T00:00:00Z UTC
	Iat *float64 `json:"iat,omitempty"`
	// Exp - The expiration time after which the token is no longer valid, in the number of seconds since 1970-01-0T00:00:00Z UTC
	Exp *float64 `json:"exp,omitempty"`
	// Nbf - The not before time before which the token cannot be considered valid, in the number of seconds since 1970-01-0T00:00:00Z UTC
	Nbf *float64 `json:"nbf,omitempty"`
	// Cnf - An RFC 7800 Proof of Possession Key
	Cnf interface{} `json:"cnf,omitempty"`
	// Nonce - The Nonce input to the attestation request, if provided.
	Nonce *string `json:"nonce,omitempty"`
	// Version - The Schema version of this structure. Current Value: 1.0
	Version *string `json:"x-ms-ver,omitempty"`
	// RuntimeClaims - Runtime Claims
	RuntimeClaims interface{} `json:"x-ms-runtime,omitempty"`
	// InittimeClaims - Inittime Claims
	InittimeClaims interface{} `json:"x-ms-inittime,omitempty"`
	// PolicyClaims - Policy Generated Claims
	PolicyClaims interface{} `json:"x-ms-policy,omitempty"`
	// VerifierType - The Attestation type being attested.
	VerifierType *string `json:"x-ms-attestation-type,omitempty"`
	// PolicySigner - The certificate used to sign the policy object, if specified.
	PolicySigner *JSONWebKey `json:"x-ms-policy-signer,omitempty"`
	// PolicyHash - The SHA256 hash of the BASE64URL encoded policy text used for attestation (a URL-encoded base64 string)
	PolicyHash *string `json:"x-ms-policy-hash,omitempty"`
	// IsDebuggable - True if the enclave is debuggable, false otherwise
	IsDebuggable *bool `json:"x-ms-sgx-is-debuggable,omitempty"`
	// ProductID - The SGX Product ID for the enclave.
	ProductID *float64 `json:"x-ms-sgx-product-id,omitempty"`
	// MrEnclave - The HEX encoded SGX MRENCLAVE value for the enclave.
	MrEnclave *string `json:"x-ms-sgx-mrenclave,omitempty"`
	// MrSigner - The HEX encoded SGX MRSIGNER value for the enclave.
	MrSigner *string `json:"x-ms-sgx-mrsigner,omitempty"`
	// Svn - The SGX SVN value for the enclave.
	Svn *float64 `json:"x-ms-sgx-svn,omitempty"`
	// EnclaveHeldData - A copy of the RuntimeData specified as an input to the attest call. (a URL-encoded base64 string)
	EnclaveHeldData *string `json:"x-ms-sgx-ehd,omitempty"`
	// SgxCollateral - The SGX SVN value for the enclave.
	SgxCollateral interface{} `json:"x-ms-sgx-collateral,omitempty"`
	// DeprecatedVersion - DEPRECATED: Private Preview version of x-ms-ver claim.
	DeprecatedVersion *string `json:"ver,omitempty"`
	// DeprecatedIsDebuggable - DEPRECATED: Private Preview version of x-ms-sgx-is-debuggable claim.
	DeprecatedIsDebuggable *bool `json:"is-debuggable,omitempty"`
	// DeprecatedSgxCollateral - DEPRECATED: Private Preview version of x-ms-sgx-collateral claim.
	DeprecatedSgxCollateral interface{} `json:"maa-attestationcollateral,omitempty"`
	// DeprecatedEnclaveHeldData - DEPRECATED: Private Preview version of x-ms-sgx-ehd claim. (a URL-encoded base64 string)
	DeprecatedEnclaveHeldData *string `json:"aas-ehd,omitempty"`
	// DeprecatedEnclaveHeldData2 - DEPRECATED: Private Preview version of x-ms-sgx-ehd claim. (a URL-encoded base64 string)
	DeprecatedEnclaveHeldData2 *string `json:"maa-ehd,omitempty"`
	// DeprecatedProductID - DEPRECATED: Private Preview version of x-ms-sgx-product-id
	DeprecatedProductID *float64 `json:"product-id,omitempty"`
	// DeprecatedMrEnclave - DEPRECATED: Private Preview version of x-ms-sgx-mrenclave.
	DeprecatedMrEnclave *string `json:"sgx-mrenclave,omitempty"`
	// DeprecatedMrSigner - DEPRECATED: Private Preview version of x-ms-sgx-mrsigner.
	DeprecatedMrSigner *string `json:"sgx-mrsigner,omitempty"`
	// DeprecatedSvn - DEPRECATED: Private Preview version of x-ms-sgx-svn.
	DeprecatedSvn *float64 `json:"svn,omitempty"`
	// DeprecatedTee - DEPRECATED: Private Preview version of x-ms-tee.
	DeprecatedTee *string `json:"tee,omitempty"`
	// DeprecatedPolicySigner - DEPRECATED: Private Preview version of x-ms-policy-signer
	DeprecatedPolicySigner *JSONWebKey `json:"policy_signer,omitempty"`
	// DeprecatedPolicyHash - DEPRECATED: Private Preview version of x-ms-policy-hash (a URL-encoded base64 string)
	DeprecatedPolicyHash *string `json:"policy_hash,omitempty"`
	// DeprecatedRpData - DEPRECATED: Private Preview version of nonce
	DeprecatedRpData *string `json:"rp_data,omitempty"`
}

Result a Microsoft Azure Attestation response token body - the body of a response token issued by MAA

type RuntimeData 

type RuntimeData struct {
	// Data - Runtime data are generated by the Trusted Execution Environment (TEE). For an SGX quote (Coffeelake or Icelake), the SHA256 hash of the RuntimeData must match the lower 32 bytes of the quote's "report data" attribute. For a SEV-SNP quote, the SHA256 hash of the RuntimeData must match the quote's "report data" attribute. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
	// DataType - The type of data contained within the "data" field. Possible values include: 'DataTypeBinary', 'DataTypeJSON'
	DataType DataType `json:"dataType,omitempty"`
}

RuntimeData runtime data are a conduit for any information defined by the Trusted Execution Environment (TEE) when actually running.

type SigningCertificatesClient 

type SigningCertificatesClient struct {
	BaseClient
}

SigningCertificatesClient is the describes the interface for the per-tenant enclave service.

func NewSigningCertificatesClient 

func NewSigningCertificatesClient() SigningCertificatesClient

NewSigningCertificatesClient creates an instance of the SigningCertificatesClient client.

func (SigningCertificatesClient) Get 

func (client SigningCertificatesClient) Get(ctx context.Context, instanceURL string) (result JSONWebKeySet, err error)

Get retrieves metadata signing certificates in use by the attestation service Parameters: instanceURL - the attestation instance base URI, for example https://mytenant.attest.azure.net.

func (SigningCertificatesClient) GetPreparer 

func (client SigningCertificatesClient) GetPreparer(ctx context.Context, instanceURL string) (*http.Request, error)

GetPreparer prepares the Get request.

func (SigningCertificatesClient) GetResponder 

func (client SigningCertificatesClient) GetResponder(resp *http.Response) (result JSONWebKeySet, err error)

GetResponder handles the response to the Get request. The method always closes the http.Response Body.

func (SigningCertificatesClient) GetSender 

func (client SigningCertificatesClient) GetSender(req *http.Request) (*http.Response, error)

GetSender sends the Get request. The method will close the http.Response Body if it receives an error.

type StoredAttestationPolicy 

type StoredAttestationPolicy struct {
	// AttestationPolicy - Policy text to set as a sequence of UTF-8 encoded octets. (a URL-encoded base64 string)
	AttestationPolicy *string `json:"AttestationPolicy,omitempty"`
}

StoredAttestationPolicy ...

type TpmAttestationRequest 

type TpmAttestationRequest struct {
	// Data - Protocol data containing artifacts for attestation. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
}

TpmAttestationRequest attestation request for Trusted Platform Module (TPM) attestation.

type TpmAttestationResponse 

type TpmAttestationResponse struct {
	autorest.Response `json:"-"`
	// Data - Protocol data containing attestation service response. (a URL-encoded base64 string)
	Data *string `json:"data,omitempty"`
}

TpmAttestationResponse attestation response for Trusted Platform Module (TPM) attestation.

type Type 

type Type string

Type enumerates the values for type. 

const (
	// TypeOpenEnclave OpenEnclave extensions to SGX
	TypeOpenEnclave Type = "OpenEnclave"
	// TypeSevSnpVM AMD SEV SNP Virtual Machine
	TypeSevSnpVM Type = "SevSnpVm"
	// TypeSgxEnclave Intel Software Guard eXtensions
	TypeSgxEnclave Type = "SgxEnclave"
	// TypeTpm Edge TPM Virtualization Based Security
	TypeTpm Type = "Tpm"
)

func PossibleTypeValues 

func PossibleTypeValues() []Type

PossibleTypeValues returns an array of possible values for the Type const type.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.