AttestationClient class
Attestation Client class.
The AttestationClient class enables access to the Attestation related APIs:
- getOpenIdMetadata
- getAttestationSigners
- attestSgxEnclave
- attestOpenEnclave
- attestTpm
Constructors
| Attestation |
Creates an instance of AttestationClient. Example usage: |
| Attestation |
Creates an instance of AttestationClient with options and credentials. Example usage: Note that credentials are required to call the |
Methods
| attest |
Attests an OpenEnclave report generated from an SGX Enclave using the OpenEnclave SDK. |
| attest |
Attests a quote generated from SGX Enclave using the Intel SDK. |
| attest |
Attest a TPM based enclave. See the TPM Attestation Protocol Reference for more information. Example For example, the initial call for a TPM attestation operation is: where stringToBytes converts the string to UTF8. Note that the attestTpm requires an attestation client which is configured with authentication credentials. |
| get |
Returns the list of attestation signers which can be used to sign attestation service tokens. |
| get |
Returns the OpenID Metadata discovery document for the attestation service instance. |
Constructor Details
AttestationClient(string, AttestationClientOptions)
Creates an instance of AttestationClient.
Example usage:
import { AttestationClient } from "@azure/attestation";
const client = new AttestationClient(
"<service endpoint>"
);
new AttestationClient(endpoint: string, options?: AttestationClientOptions)Parameters
- endpoint
-
string
The attestation instance base URI, for example https://mytenant.attest.azure.net.
- options
- AttestationClientOptions
Options used to configure the Attestation Client.
AttestationClient(string, TokenCredential, AttestationClientOptions)
Creates an instance of AttestationClient with options and credentials.
Example usage:
import { AttestationClient } from "@azure/attestation";
const client = new AttestationClient(
"<service endpoint>",
new TokenCredential("<>"),
{ tokenValidationOptions: { validateToken: false } }
);
Note that credentials are required to call the attestTpm API.
new AttestationClient(endpoint: string, credentials: TokenCredential, options?: AttestationClientOptions)Parameters
- endpoint
-
string
The attestation instance base URI, for example https://mytenant.attest.azure.net.
- credentials
- TokenCredential
Credentials used to configure the attestation client.
- options
- AttestationClientOptions
Method Details
attestOpenEnclave(Uint8Array | Buffer | Blob, AttestOpenEnclaveOptions)
Attests an OpenEnclave report generated from an SGX Enclave using the OpenEnclave SDK.
function attestOpenEnclave(report: Uint8Array | Buffer | Blob, options?: AttestOpenEnclaveOptions): Promise<AttestationResponse<AttestationResult>>Parameters
- report
-
Uint8Array | Buffer | Blob
An OpenEnclave report generated by an SGX enclave.
- options
- AttestOpenEnclaveOptions
Operation options for the attestOpenEnclave API call.
Returns
Promise<AttestationResponse<AttestationResult>>
Returns an AttestationResponse whose body is an AttestationResult describing the claims returned by the attestation service.
attestSgxEnclave(Uint8Array | Buffer | Blob, AttestSgxEnclaveOptions)
Attests a quote generated from SGX Enclave using the Intel SDK.
function attestSgxEnclave(quote: Uint8Array | Buffer | Blob, options?: AttestSgxEnclaveOptions): Promise<AttestationResponse<AttestationResult>>Parameters
- quote
-
Uint8Array | Buffer | Blob
An SGX quote generated by an SGX enclave.
- options
- AttestSgxEnclaveOptions
Operation options for the attestOpenEnclave API call.
Returns
Promise<AttestationResponse<AttestationResult>>
Returns an AttestationResponse whose body is an AttestationResult describing the claims returned by the attestation service.
attestTpm(string, AttestTpmOptions)
Attest a TPM based enclave.
See the TPM Attestation Protocol Reference for more information.
Example
For example, the initial call for a TPM attestation operation is:
const encodedPayload = JSON.stringify({ payload: { type: "aikcert" } });
const result = await client.attestTpm(encodedPayload);
where stringToBytes converts the string to UTF8.
Note that the attestTpm requires an attestation client which is configured with authentication credentials.
function attestTpm(request: string, options?: AttestTpmOptions): Promise<string>Parameters
- request
-
string
Incoming request to send to the TPM attestation service, Utf8 encoded.
- options
- AttestTpmOptions
Pipeline options for TPM attestation request.
Returns
Promise<string>
A structure containing the response from the TPM attestation, Utf8 encoded.
Remarks
The incoming requests to the TPM attestation API are stringified JSON objects.
getAttestationSigners(AttestationClientOperationOptions)
Returns the list of attestation signers which can be used to sign attestation service tokens.
function getAttestationSigners(options?: AttestationClientOperationOptions): Promise<AttestationSigner[]>Parameters
Client operation options.
Returns
Promise<AttestationSigner[]>
the set of AttestationSigners which may be used to sign attestation tokens.
getOpenIdMetadata(AttestationClientOperationOptions)
Returns the OpenID Metadata discovery document for the attestation service instance.
function getOpenIdMetadata(options?: AttestationClientOperationOptions): Promise<Record<string, unknown>>Parameters
Client operation options.
Returns
Promise<Record<string, unknown>>
The OpenID metadata discovery document for the attestation service.