From 21a05b0696d66e12875206f52d48aeaab4f8d0f3 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 6 Feb 2025 14:07:48 +1100 Subject: [PATCH 1/8] Add Protocol enum --- .../java/com/uid2/shared/secure/Protocol.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 src/main/java/com/uid2/shared/secure/Protocol.java diff --git a/src/main/java/com/uid2/shared/secure/Protocol.java b/src/main/java/com/uid2/shared/secure/Protocol.java new file mode 100644 index 00000000..69b2dcd5 --- /dev/null +++ b/src/main/java/com/uid2/shared/secure/Protocol.java @@ -0,0 +1,19 @@ +package com.uid2.shared.secure; + +public enum Protocol { + GCP_OIDC("gcp-oidc"), + GCP_VMID("gcp-vmid"), + AWS_NITRO("aws-nitro"), + AZURE_CC_ACI("azure-cc"), + AZURE_CC_AKS("azure-cc-aks"); + + private final String protocolValue; + + Protocol(String protocolValue) { + this.protocolValue = protocolValue; + } + + public String toString() { + return this.protocolValue; + } +} From 9352070e4140d75e2778eeff617d747bc0bb02e6 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 6 Feb 2025 14:08:02 +1100 Subject: [PATCH 2/8] Change gcp-vmid to use Protocol enum --- .../java/com/uid2/shared/secure/gcp/VmConfigVerifier.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/uid2/shared/secure/gcp/VmConfigVerifier.java b/src/main/java/com/uid2/shared/secure/gcp/VmConfigVerifier.java index a67814fc..be7ca196 100644 --- a/src/main/java/com/uid2/shared/secure/gcp/VmConfigVerifier.java +++ b/src/main/java/com/uid2/shared/secure/gcp/VmConfigVerifier.java @@ -19,6 +19,7 @@ import com.google.protobuf.Any; import com.google.protobuf.InvalidProtocolBufferException; import com.uid2.shared.Utils; +import com.uid2.shared.secure.Protocol; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -116,14 +117,14 @@ public VmConfigId getVmConfigId(InstanceDocument id) { String templatizedConfig = templatizeVmConfig(cloudInitConfig); str.append(getSha256Base64Encoded(templatizedConfig)); } else if (forbiddenMetadataKeys.contains(metadataItem.getKey())) { - LOGGER.debug("gcp-vmid attestation got forbidden metadata key: " + metadataItem.getKey()); + LOGGER.debug("{} attestation got forbidden metadata key: {}", Protocol.GCP_VMID, metadataItem.getKey()); return VmConfigId.failure("forbidden metadata key: " + metadataItem.getKey(), id.getProjectId()); } } String badAuditLog = findUnauthorizedAuditLog(id); if (badAuditLog != null) { - LOGGER.debug("attestation failed because of audit log: " + badAuditLog); + LOGGER.debug("attestation failed because of audit log: {}", badAuditLog); return VmConfigId.failure("bad audit log: " + badAuditLog, id.getProjectId()); } @@ -205,7 +206,7 @@ private boolean validateAuditLog(AuditLog auditLog) { if (allowedMethodsFromInstanceAuditLogs.contains(auditLog.getMethodName())) { return true; } else { - LOGGER.warn("gcp-vmid attestation receives unauthorized method: " + auditLog.getMethodName()); + LOGGER.warn("{} attestation receives unauthorized method: {}", Protocol.GCP_VMID, auditLog.getMethodName()); return false; } } From 8fc926466f848adda25b0f96d00b5b7d2797d122 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 6 Feb 2025 14:09:18 +1100 Subject: [PATCH 3/8] Change gcp-oidc to use Protocol enum --- .../uid2/shared/secure/GcpOidcCoreAttestationService.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/uid2/shared/secure/GcpOidcCoreAttestationService.java b/src/main/java/com/uid2/shared/secure/GcpOidcCoreAttestationService.java index be6afd0f..debc1607 100644 --- a/src/main/java/com/uid2/shared/secure/GcpOidcCoreAttestationService.java +++ b/src/main/java/com/uid2/shared/secure/GcpOidcCoreAttestationService.java @@ -39,10 +39,10 @@ public void attest(byte[] attestationRequest, byte[] publicKey, Handler Date: Thu, 6 Feb 2025 14:26:26 +1100 Subject: [PATCH 4/8] Change Azure to use Protocol enum --- .../secure/AzureCCCoreAttestationService.java | 6 ++-- .../azurecc/IMaaTokenSignatureValidator.java | 3 +- .../secure/azurecc/MaaTokenPayload.java | 9 +++--- .../azurecc/MaaTokenSignatureValidator.java | 3 +- .../AzureCCCoreAttestationServiceTest.java | 32 ++++++++----------- .../MaaTokenSignatureValidatorTest.java | 9 +++--- .../shared/secure/azurecc/MaaTokenUtils.java | 3 +- .../secure/azurecc/PolicyValidatorTest.java | 18 +++-------- 8 files changed, 35 insertions(+), 48 deletions(-) diff --git a/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java b/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java index 417f5e32..196c8ae0 100644 --- a/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java +++ b/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java @@ -25,14 +25,14 @@ public class AzureCCCoreAttestationService implements ICoreAttestationService { private final IPolicyValidator policyValidator; - private final String azureCcProtocol; + private final Protocol azureCcProtocol; - public AzureCCCoreAttestationService(String maaServerBaseUrl, String attestationUrl, String azureCcProtocol) { + public AzureCCCoreAttestationService(String maaServerBaseUrl, String attestationUrl, Protocol azureCcProtocol) { this(new MaaTokenSignatureValidator(maaServerBaseUrl), new PolicyValidator(attestationUrl), azureCcProtocol); } // used in UT - protected AzureCCCoreAttestationService(IMaaTokenSignatureValidator tokenSignatureValidator, IPolicyValidator policyValidator, String azureCcProtocol) { + protected AzureCCCoreAttestationService(IMaaTokenSignatureValidator tokenSignatureValidator, IPolicyValidator policyValidator, Protocol azureCcProtocol) { this.tokenSignatureValidator = tokenSignatureValidator; this.policyValidator = policyValidator; this.azureCcProtocol = azureCcProtocol; diff --git a/src/main/java/com/uid2/shared/secure/azurecc/IMaaTokenSignatureValidator.java b/src/main/java/com/uid2/shared/secure/azurecc/IMaaTokenSignatureValidator.java index 3019abb4..f5bd3e52 100644 --- a/src/main/java/com/uid2/shared/secure/azurecc/IMaaTokenSignatureValidator.java +++ b/src/main/java/com/uid2/shared/secure/azurecc/IMaaTokenSignatureValidator.java @@ -1,6 +1,7 @@ package com.uid2.shared.secure.azurecc; import com.uid2.shared.secure.AttestationException; +import com.uid2.shared.secure.Protocol; public interface IMaaTokenSignatureValidator { /** @@ -10,5 +11,5 @@ public interface IMaaTokenSignatureValidator { * @return Parsed token payload. * @throws AttestationException */ - MaaTokenPayload validate(String tokenString, String protocol) throws AttestationException; + MaaTokenPayload validate(String tokenString, Protocol protocol) throws AttestationException; } diff --git a/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenPayload.java b/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenPayload.java index 25d4b4ea..10d42771 100644 --- a/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenPayload.java +++ b/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenPayload.java @@ -3,6 +3,7 @@ import com.uid2.shared.secure.AttestationClientException; import com.uid2.shared.secure.AttestationException; import com.uid2.shared.secure.AttestationFailure; +import com.uid2.shared.secure.Protocol; import lombok.Builder; import lombok.Value; @@ -10,14 +11,12 @@ @Builder(toBuilder = true) public class MaaTokenPayload { public static final String SEV_SNP_VM_TYPE = "sevsnpvm"; - public static final String AZURE_CC_ACI_PROTOCOL = "azure-cc"; - public static final String AZURE_CC_AKS_PROTOCOL = "azure-cc-aks"; // the `x-ms-compliance-status` value for ACI CC public static final String AZURE_COMPLIANT_UVM = "azure-compliant-uvm"; // the `x-ms-compliance-status` value for AKS CC public static final String AZURE_COMPLIANT_UVM_AKS = "azure-signed-katacc-uvm"; - private String azureProtocol; + private Protocol azureProtocol; private String attestationType; private String complianceStatus; private boolean vmDebuggable; @@ -30,9 +29,9 @@ public boolean isSevSnpVM(){ } public boolean isUtilityVMCompliant() throws AttestationClientException { - if (azureProtocol == AZURE_CC_ACI_PROTOCOL) { + if (azureProtocol == Protocol.AZURE_CC_ACI) { return AZURE_COMPLIANT_UVM.equalsIgnoreCase(complianceStatus); - } else if (azureProtocol == AZURE_CC_AKS_PROTOCOL) { + } else if (azureProtocol == Protocol.AZURE_CC_AKS) { return AZURE_COMPLIANT_UVM_AKS.equalsIgnoreCase(complianceStatus); } else { throw new AttestationClientException(String.format("Azure protocol: %s not supported", azureProtocol), AttestationFailure.INVALID_PROTOCOL); diff --git a/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidator.java b/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidator.java index 75bd321c..1673329d 100644 --- a/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidator.java +++ b/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidator.java @@ -8,6 +8,7 @@ import com.uid2.shared.secure.AttestationClientException; import com.uid2.shared.secure.AttestationException; import com.uid2.shared.secure.AttestationFailure; +import com.uid2.shared.secure.Protocol; import java.io.IOException; import java.util.Map; @@ -51,7 +52,7 @@ private TokenVerifier buildTokenVerifier(String kid) throws AttestationException } @Override - public MaaTokenPayload validate(String tokenString, String protocol) throws AttestationException { + public MaaTokenPayload validate(String tokenString, Protocol protocol) throws AttestationException { if (Strings.isNullOrEmpty(tokenString)) { throw new IllegalArgumentException("tokenString can not be null or empty"); } diff --git a/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java b/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java index 24d4703f..247efbe5 100644 --- a/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java +++ b/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java @@ -11,6 +11,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.EnumSource; import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.ValueSource; import org.mockito.Mock; @@ -65,8 +66,8 @@ public void setup() throws AttestationException { } @ParameterizedTest - @MethodSource("argumentProvider") - public void testHappyPath(String azureProtocol) throws AttestationException { + @EnumSource(value = Protocol.class, names = {"AZURE_CC_ACI", "AZURE_CC_AKS"}) + public void testHappyPath(Protocol azureProtocol) throws AttestationException { var provider = new AzureCCCoreAttestationService(alwaysPassTokenValidator, alwaysPassPolicyValidator, azureProtocol); provider.registerEnclave(ENCLAVE_ID); attest(provider, ar -> { @@ -76,8 +77,8 @@ public void testHappyPath(String azureProtocol) throws AttestationException { } @ParameterizedTest - @MethodSource("argumentProvider") - public void testSignatureCheckFailed_ClientError(String azureProtocol) throws AttestationException { + @EnumSource(value = Protocol.class, names = {"AZURE_CC_ACI", "AZURE_CC_AKS"}) + public void testSignatureCheckFailed_ClientError(Protocol azureProtocol) throws AttestationException { var errorStr = "token signature validation failed"; when(alwaysFailTokenValidator.validate(any(), any())).thenThrow(new AttestationClientException(errorStr, AttestationFailure.BAD_PAYLOAD)); var provider = new AzureCCCoreAttestationService(alwaysFailTokenValidator, alwaysPassPolicyValidator, azureProtocol); @@ -90,8 +91,8 @@ public void testSignatureCheckFailed_ClientError(String azureProtocol) throws At } @ParameterizedTest - @MethodSource("argumentProvider") - public void testSignatureCheckFailed_ServerError(String azureProtocol) throws AttestationException { + @EnumSource(value = Protocol.class, names = {"AZURE_CC_ACI", "AZURE_CC_AKS"}) + public void testSignatureCheckFailed_ServerError(Protocol azureProtocol) throws AttestationException { when(alwaysFailTokenValidator.validate(any(), any())).thenThrow(new AttestationException("unknown server error")); var provider = new AzureCCCoreAttestationService(alwaysFailTokenValidator, alwaysPassPolicyValidator, azureProtocol); provider.registerEnclave(ENCLAVE_ID); @@ -102,8 +103,8 @@ public void testSignatureCheckFailed_ServerError(String azureProtocol) throws At } @ParameterizedTest - @MethodSource("argumentProvider") - public void testPolicyCheckSuccess_ClientError(String azureProtocol) throws AttestationException { + @EnumSource(value = Protocol.class, names = {"AZURE_CC_ACI", "AZURE_CC_AKS"}) + public void testPolicyCheckSuccess_ClientError(Protocol azureProtocol) throws AttestationException { var errorStr = "policy validation failed"; when(alwaysFailPolicyValidator.validate(any(), any())).thenThrow(new AttestationClientException(errorStr, AttestationFailure.BAD_PAYLOAD)); var provider = new AzureCCCoreAttestationService(alwaysFailTokenValidator, alwaysFailPolicyValidator, azureProtocol); @@ -116,8 +117,8 @@ public void testPolicyCheckSuccess_ClientError(String azureProtocol) throws Atte } @ParameterizedTest - @MethodSource("argumentProvider") - public void testPolicyCheckFailed_ServerError(String azureProtocol) throws AttestationException { + @EnumSource(value = Protocol.class, names = {"AZURE_CC_ACI", "AZURE_CC_AKS"}) + public void testPolicyCheckFailed_ServerError(Protocol azureProtocol) throws AttestationException { when(alwaysFailPolicyValidator.validate(any(), any())).thenThrow(new AttestationException("unknown server error")); var provider = new AzureCCCoreAttestationService(alwaysFailTokenValidator, alwaysFailPolicyValidator, azureProtocol); provider.registerEnclave(ENCLAVE_ID); @@ -128,8 +129,8 @@ public void testPolicyCheckFailed_ServerError(String azureProtocol) throws Attes } @ParameterizedTest - @MethodSource("argumentProvider") - public void testEnclaveNotRegistered(String azureProtocol) throws AttestationException { + @EnumSource(value = Protocol.class, names = {"AZURE_CC_ACI", "AZURE_CC_AKS"}) + public void testEnclaveNotRegistered(Protocol azureProtocol) throws AttestationException { var provider = new AzureCCCoreAttestationService(alwaysFailTokenValidator, alwaysPassPolicyValidator, azureProtocol); attest(provider, ar -> { assertTrue(ar.succeeded()); @@ -144,11 +145,4 @@ private static void attest(ICoreAttestationService provider, Handler argumentProvider() { - return Stream.of( - Arguments.of(MaaTokenPayload.AZURE_CC_ACI_PROTOCOL), - Arguments.of(MaaTokenPayload.AZURE_CC_AKS_PROTOCOL) - ); - } } diff --git a/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidatorTest.java b/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidatorTest.java index e932d1f5..b14dba46 100644 --- a/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidatorTest.java +++ b/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidatorTest.java @@ -1,6 +1,7 @@ package com.uid2.shared.secure.azurecc; import com.uid2.shared.secure.AttestationException; +import com.uid2.shared.secure.Protocol; import com.uid2.shared.secure.TestClock; import org.junit.jupiter.api.Disabled; import org.junit.jupiter.params.ParameterizedTest; @@ -16,7 +17,7 @@ public class MaaTokenSignatureValidatorTest { @ParameterizedTest @MethodSource("argumentProvider") - public void testPayload(String payloadPath, String protocol) throws Exception { + public void testPayload(String payloadPath, Protocol protocol) throws Exception { // expire at 1695313895 var payload = loadFromJson(payloadPath); var clock = new TestClock(); @@ -41,13 +42,13 @@ public void testE2E() throws AttestationException { var maaToken = ""; var maaServerUrl = "https://sharedeus.eus.attest.azure.net"; var validator = new MaaTokenSignatureValidator(maaServerUrl); - var token = validator.validate(maaToken, MaaTokenPayload.AZURE_CC_ACI_PROTOCOL); + var token = validator.validate(maaToken, Protocol.AZURE_CC_ACI); } static Stream argumentProvider() { return Stream.of( - Arguments.of("/com.uid2.shared/test/secure/azurecc/jwt_payload_aci.json", MaaTokenPayload.AZURE_CC_ACI_PROTOCOL), - Arguments.of("/com.uid2.shared/test/secure/azurecc/jwt_payload_aks.json", MaaTokenPayload.AZURE_CC_AKS_PROTOCOL) + Arguments.of("/com.uid2.shared/test/secure/azurecc/jwt_payload_aci.json", Protocol.AZURE_CC_ACI), + Arguments.of("/com.uid2.shared/test/secure/azurecc/jwt_payload_aks.json", Protocol.AZURE_CC_AKS) ); } } diff --git a/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenUtils.java b/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenUtils.java index 82714b1e..303996a8 100644 --- a/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenUtils.java +++ b/src/test/java/com/uid2/shared/secure/azurecc/MaaTokenUtils.java @@ -4,6 +4,7 @@ import com.google.gson.JsonObject; import com.uid2.shared.Const; import com.uid2.shared.secure.AttestationException; +import com.uid2.shared.secure.Protocol; import java.security.KeyPairGenerator; import java.security.PublicKey; @@ -14,7 +15,7 @@ public class MaaTokenUtils { public static final String MAA_BASE_URL = "https://sharedeus.eus.attest.azure.net"; - public static MaaTokenPayload validateAndParseToken(JsonObject payload, Clock clock, String protocol) throws Exception{ + public static MaaTokenPayload validateAndParseToken(JsonObject payload, Clock clock, Protocol protocol) throws Exception{ var gen = KeyPairGenerator.getInstance(Const.Name.AsymetricEncryptionKeyClass); gen.initialize(2048, new SecureRandom()); var keyPair = gen.generateKeyPair(); diff --git a/src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java b/src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java index 9e4cde11..e5b4f977 100644 --- a/src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java +++ b/src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java @@ -3,6 +3,7 @@ import com.uid2.shared.secure.AttestationClientException; import com.uid2.shared.secure.AttestationException; import com.uid2.shared.secure.AttestationFailure; +import com.uid2.shared.secure.Protocol; import org.junit.jupiter.api.Test; import java.nio.ByteBuffer; @@ -97,7 +98,7 @@ private MaaTokenPayload generateBasicPayload() { .vmDebuggable(false) .runtimeData(generateBasicRuntimeData()) .ccePolicyDigest(CCE_POLICY_DIGEST) - .azureProtocol(MaaTokenPayload.AZURE_CC_ACI_PROTOCOL) + .azureProtocol(Protocol.AZURE_CC_ACI) .build(); } @@ -145,7 +146,7 @@ public void testValidationSuccess_AksWithAzureSignedKataccUvm() throws Attestati var aksPayload = generateBasicPayload() .toBuilder() .complianceStatus("azure-signed-katacc-uvm") - .azureProtocol(MaaTokenPayload.AZURE_CC_AKS_PROTOCOL) + .azureProtocol(Protocol.AZURE_CC_AKS) .build(); var enclaveId = validator.validate(aksPayload, PUBLIC_KEY); assertEquals(CCE_POLICY_DIGEST, enclaveId); @@ -157,22 +158,11 @@ public void testValidationFailure_AksWithOtherUvm() { var aksPayload = generateBasicPayload() .toBuilder() .complianceStatus("fake-compliance") - .azureProtocol(MaaTokenPayload.AZURE_CC_AKS_PROTOCOL) + .azureProtocol(Protocol.AZURE_CC_AKS) .build(); Throwable t = assertThrows(AttestationException.class, ()-> validator.validate(aksPayload, PUBLIC_KEY)); assertEquals("Not run in Azure Compliance Utility VM", t.getMessage()); assertEquals(AttestationFailure.BAD_FORMAT, ((AttestationClientException)t).getAttestationFailure()); } - @Test - public void testValidationFailure_InvalidProtocol() { - var validator = new PolicyValidator(ATTESTATION_URL); - var aksPayload = generateBasicPayload() - .toBuilder() - .azureProtocol("fake-protocol") - .build(); - Throwable t = assertThrows(AttestationException.class, ()-> validator.validate(aksPayload, PUBLIC_KEY)); - assertEquals("Azure protocol: fake-protocol not supported", t.getMessage()); - assertEquals(AttestationFailure.INVALID_PROTOCOL, ((AttestationClientException)t).getAttestationFailure()); - } } From 1aff4a58df81ec2bcccbb1af5f972e9012835c9f Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 6 Feb 2025 14:28:02 +1100 Subject: [PATCH 5/8] Change aws-nitro to use Protocol enum --- .../com/uid2/shared/secure/NitroCoreAttestationService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/shared/secure/NitroCoreAttestationService.java b/src/main/java/com/uid2/shared/secure/NitroCoreAttestationService.java index 700379c9..576f3180 100644 --- a/src/main/java/com/uid2/shared/secure/NitroCoreAttestationService.java +++ b/src/main/java/com/uid2/shared/secure/NitroCoreAttestationService.java @@ -69,7 +69,7 @@ private AttestationResult attestInternal(byte[] publicKey, AttestationRequest aR return new AttestationResult(AttestationFailure.FORBIDDEN_ENCLAVE); } - LOGGER.info("Successfully attested aws-nitro against registered enclaves, enclave id: " + id.toString()); + LOGGER.info("Successfully attested {} against registered enclaves, enclave id: {}", Protocol.AWS_NITRO, id); return new AttestationResult(aDoc.getPublicKey(), id.toString()); } From 054a5883e92d65c8f91d5efe18d7c13560f61343 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 6 Feb 2025 14:32:04 +1100 Subject: [PATCH 6/8] Use switch for different protocol value --- .../java/com/uid2/shared/secure/Protocol.java | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/src/main/java/com/uid2/shared/secure/Protocol.java b/src/main/java/com/uid2/shared/secure/Protocol.java index 69b2dcd5..b5cbbe63 100644 --- a/src/main/java/com/uid2/shared/secure/Protocol.java +++ b/src/main/java/com/uid2/shared/secure/Protocol.java @@ -1,19 +1,27 @@ package com.uid2.shared.secure; public enum Protocol { - GCP_OIDC("gcp-oidc"), - GCP_VMID("gcp-vmid"), - AWS_NITRO("aws-nitro"), - AZURE_CC_ACI("azure-cc"), - AZURE_CC_AKS("azure-cc-aks"); - - private final String protocolValue; - - Protocol(String protocolValue) { - this.protocolValue = protocolValue; - } + GCP_OIDC, + GCP_VMID, + AWS_NITRO, + AZURE_CC_ACI, + AZURE_CC_AKS; public String toString() { - return this.protocolValue; + switch(this) { + case GCP_OIDC: + return "gcp-oidc"; + case GCP_VMID: + return "gcp-vmid"; + case AWS_NITRO: + return "aws-nitro"; + case AZURE_CC_ACI: + return "azure-cc"; + case AZURE_CC_AKS: + return "azure-cc-aks"; + default: + return "unknown-protocol"; + } + } } From 41056d92b14c174966a27f04163e059a138af883 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Thu, 6 Feb 2025 14:34:43 +1100 Subject: [PATCH 7/8] Remove unnecessary inputs --- .../uid2/shared/secure/AzureCCCoreAttestationServiceTest.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java b/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java index 247efbe5..cbfb5be4 100644 --- a/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java +++ b/src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java @@ -7,13 +7,9 @@ import io.vertx.core.AsyncResult; import io.vertx.core.Handler; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.EnumSource; -import org.junit.jupiter.params.provider.MethodSource; -import org.junit.jupiter.params.provider.ValueSource; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoSettings; From 92da8c6074a9baef8f79d05c05db2f3e620c6ec9 Mon Sep 17 00:00:00 2001 From: Katherine Chen Date: Fri, 7 Feb 2025 14:59:27 +1100 Subject: [PATCH 8/8] Add backwards compatibility --- .../com/uid2/shared/secure/AzureCCCoreAttestationService.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java b/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java index 196c8ae0..8a19e94d 100644 --- a/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java +++ b/src/main/java/com/uid2/shared/secure/AzureCCCoreAttestationService.java @@ -31,6 +31,10 @@ public AzureCCCoreAttestationService(String maaServerBaseUrl, String attestation this(new MaaTokenSignatureValidator(maaServerBaseUrl), new PolicyValidator(attestationUrl), azureCcProtocol); } + public AzureCCCoreAttestationService(String maaServerBaseUrl, String attestationUrl) { + this(new MaaTokenSignatureValidator(maaServerBaseUrl), new PolicyValidator(attestationUrl), Protocol.AZURE_CC_ACI); + } + // used in UT protected AzureCCCoreAttestationService(IMaaTokenSignatureValidator tokenSignatureValidator, IPolicyValidator policyValidator, Protocol azureCcProtocol) { this.tokenSignatureValidator = tokenSignatureValidator;