Share via


AttestationToken Class

Definition

Represents an Attestation Token object.

public class AttestationToken
type AttestationToken = class
Public Class AttestationToken
Inheritance
AttestationToken

Constructors

AttestationToken()

Creates a new attestation token, used for mocking.

AttestationToken(AttestationTokenSigningKey)

Creates a new unsecured attestation token with an empty body. Used for the ResetPolicy(AttestationType, AttestationTokenSigningKey, CancellationToken) API.

AttestationToken(BinaryData, AttestationTokenSigningKey)

Creates a new attestation token based on the supplied body signed with the specified signing key.

AttestationToken(BinaryData)

Initializes a new instance of the AttestationToken class as an unsecured JSON Web Token, with body as the body of the token.

Properties

Algorithm

Json Web Token Header "algorithm". See https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.1 for details. If the value of Algorithm is "none" it indicates that the token is unsecured.

CertificateThumbprint

Returns the thumbprint of the X.509 certificate which was used to verify the attestation token.

Null until the ValidateToken(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken) method has been called.

ContentType

Json Web Token Header "content type". See https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.10 for details.

Critical

JSON Web Token Header "Critical". RFC 7515 section 4.1.11 for details.

ExpirationTime

Expiration time for the token.

IssuedAtTime

Time at which this token was issued.

Issuer

Json Web Token Body Issuer. See https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.1 for details.

KeyId

Json Web Token Header "Key ID". See https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.4 for details.

KeyUrl

Json Web Token Header "Key URL". See https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.2 for details.

NotBeforeTime

Time before which this token is not valid.

SigningCertificate

Returns the X.509 certificate which was used to verify the attestation token.

Null until the ValidateToken(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken) method has been called.

TokenBodyBytes

Decoded body for the attestation token. See https://tools.ietf.org/html/rfc7515 for more details.

TokenHeaderBytes

Decoded header for the attestation token. See https://tools.ietf.org/html/rfc7515 for more details.

TokenSignatureBytes

Decoded signature for the attestation token. See https://tools.ietf.org/html/rfc7515 for more details.

Type

Json Web Token Header "type". See https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.9 for details.

If present, the value for this field is normally "JWT".

X509CertificateChain

An array of X509Certificate which represent a certificate chain used to sign the token. RFC 7515 section 4.1.6 for details.

X509CertificateSha256Thumbprint

The "thumbprint" of the certificate used to sign the request generated using the SHA256 algorithm. RFC 7515 section 4.1.8 for details.

X509CertificateThumbprint

The "thumbprint" of the certificate used to sign the request. RFC 7515 section 4.1.7 for details.

X509Url

Json Web Token Header "X509 URL". See https://www.rfc-editor.org/rfc/rfc7515.html#section-4.1.5 for details.

Methods

Deserialize(String)

Creates a new instance of the AttestationToken class based on a specified JSON Web Token.

GetBody<T>()

Retrieves the body of the AttestationToken as the specified type.

Serialize()

Serializes the attestation token to a JSON Web Token

ValidateToken(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken)

Validate a JSON Web Token returned by the MAA.

If the caller provides a set of signers, than that set of signers will be used as the complete set of candidates for signing. If the caller does not provide a set of signers, then the ValidateToken(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken) API will a set of callers derived from the contents of the attestation token.
ValidateTokenAsync(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken)

Validate a JSON Web Token returned by the MAA.

If the caller provides a set of signers, than that set of signers will be used as the complete set of candidates for signing. If the caller does not provide a set of signers, then the ValidateTokenAsync(AttestationTokenValidationOptions, IReadOnlyList<AttestationSigner>, CancellationToken) API will a set of callers derived from the contents of the attestation token.

Applies to