From de57cb6422eb81f7594fab2f2798b8a3796b9f8a Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Fri, 29 Sep 2023 17:46:26 +0800 Subject: [PATCH 01/18] Add AzureCC provider, call sidecar to get MAA token --- pom.xml | 10 ++- .../azure/AzureCCAttestationProvider.java | 90 +++++++++++++++++++ 2 files changed, 98 insertions(+), 2 deletions(-) create mode 100644 src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java diff --git a/pom.xml b/pom.xml index aa10fea..c57b2d4 100644 --- a/pom.xml +++ b/pom.xml @@ -38,6 +38,12 @@ uid2-attestation-api 1.1.0 + + com.google.code.gson + gson + 2.10 + compile + @@ -57,8 +63,8 @@ -h target/headers - 8 - 8 + 11 + 11 diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java new file mode 100644 index 0000000..0366f46 --- /dev/null +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -0,0 +1,90 @@ +package com.uid2.attestation.azure; + +import com.uid2.enclave.AttestationException; +import com.uid2.enclave.IAttestationProvider; + +import com.google.gson.Gson; +import com.google.gson.reflect.TypeToken; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URI; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.Base64; +import java.util.HashMap; + +public class AzureCCAttestationProvider implements IAttestationProvider { + private final String maaEndpoint; + private static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; + private final String skrEndpoint; + private static final String DefaultSkrEndpoint = "http://localhost:8080/attest/maa"; + private final HttpClient httpClient; + + public AzureCCAttestationProvider() { + this(DefaultSkrEndpoint, DefaultMaaEndpoint, null); + } + public AzureCCAttestationProvider(String maaEndpoint) { + this(maaEndpoint, DefaultSkrEndpoint, null); + } + + public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint) { + this(maaEndpoint, skrEndpoint, null); + } + + public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient) { + this.maaEndpoint = maaEndpoint; + this.skrEndpoint = skrEndpoint; + + if (httpClient != null) { + this.httpClient = httpClient; + } else { + this.httpClient = HttpClient.newHttpClient(); + } + } + @Override + public byte[] getAttestationRequest(byte[] publicKey) throws AttestationException { + var base64Encoder = Base64.getEncoder(); + var gson = new Gson(); + + var runtimeData = new HashMap(); + runtimeData.put("location", getLocation()); + runtimeData.put("publicKey", base64Encoder.encodeToString(publicKey)); + String runtimeDataJson = gson.toJson(runtimeData); + + var body = new HashMap(); + body.put("maa_endpoint", this.maaEndpoint); + body.put("runtime_data", base64Encoder.encodeToString(runtimeDataJson.getBytes())); + String bodyJson = gson.toJson(body); + + var request = HttpRequest.newBuilder() + .uri(URI.create(skrEndpoint)) + .header("Content-Type", "application/json") + .POST(HttpRequest.BodyPublishers.ofString(bodyJson)) + .build(); + + try { + HttpResponse response = this.httpClient.send(request, HttpResponse.BodyHandlers.ofString()); + if (response.statusCode() != HttpURLConnection.HTTP_OK) { + throw new AttestationException("Skr failed with status code: " + response.statusCode() + " body: " + response.body()); + } + + var responseBodyType = new TypeToken>(){}; + var responseBody = gson.fromJson(response.body(), responseBodyType); + var token = responseBody.get("token"); + if (token == null) { + throw new AttestationException("token field not exist in Skr response"); + } + return token.getBytes(); + } catch (IOException e) { + throw new AttestationException(e); + } catch (InterruptedException e) { + throw new AttestationException(e); + } + } + + private String getLocation() throws AttestationException { + return ""; + } +} \ No newline at end of file From 144b52ea6eed92d82566f201f1c3201d42fab12e Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Mon, 9 Oct 2023 17:46:14 +0800 Subject: [PATCH 02/18] UT for AzureCC provider --- pom.xml | 12 +++ .../azure/AzureCCAttestationProvider.java | 65 +++++++++---- .../azure/AzureCCAttestationProviderTest.java | 94 +++++++++++++++++++ 3 files changed, 151 insertions(+), 20 deletions(-) create mode 100644 src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java diff --git a/pom.xml b/pom.xml index c57b2d4..fca569f 100644 --- a/pom.xml +++ b/pom.xml @@ -44,6 +44,18 @@ 2.10 compile + + junit + junit + 4.13.1 + test + + + org.mockito + mockito-inline + 5.2.0 + test + diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 0366f46..89f197a 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -4,7 +4,6 @@ import com.uid2.enclave.IAttestationProvider; import com.google.gson.Gson; -import com.google.gson.reflect.TypeToken; import java.io.IOException; import java.net.HttpURLConnection; @@ -13,27 +12,34 @@ import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.util.Base64; -import java.util.HashMap; +import java.util.Map; public class AzureCCAttestationProvider implements IAttestationProvider { private final String maaEndpoint; - private static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; + public static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; + private final String skrEndpoint; - private static final String DefaultSkrEndpoint = "http://localhost:8080/attest/maa"; + public static final String DefaultSkrEndpoint = "http://localhost:8080/attest/maa"; + private final HttpClient httpClient; + private String location; public AzureCCAttestationProvider() { - this(DefaultSkrEndpoint, DefaultMaaEndpoint, null); + this(DefaultSkrEndpoint, DefaultMaaEndpoint, null, null); } public AzureCCAttestationProvider(String maaEndpoint) { - this(maaEndpoint, DefaultSkrEndpoint, null); + this(maaEndpoint, DefaultSkrEndpoint, null, null); } public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint) { - this(maaEndpoint, skrEndpoint, null); + this(maaEndpoint, skrEndpoint, null, null); } public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient) { + this(maaEndpoint, skrEndpoint, httpClient, null); + } + + public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient, String location) { this.maaEndpoint = maaEndpoint; this.skrEndpoint = skrEndpoint; @@ -42,26 +48,29 @@ public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpCl } else { this.httpClient = HttpClient.newHttpClient(); } + + if (location != null) { + this.location = location; + } } + @Override public byte[] getAttestationRequest(byte[] publicKey) throws AttestationException { var base64Encoder = Base64.getEncoder(); var gson = new Gson(); - var runtimeData = new HashMap(); - runtimeData.put("location", getLocation()); - runtimeData.put("publicKey", base64Encoder.encodeToString(publicKey)); + var runtimeData = Map.of("location", getLocation(), "publicKey", base64Encoder.encodeToString(publicKey)); String runtimeDataJson = gson.toJson(runtimeData); - var body = new HashMap(); - body.put("maa_endpoint", this.maaEndpoint); - body.put("runtime_data", base64Encoder.encodeToString(runtimeDataJson.getBytes())); - String bodyJson = gson.toJson(body); + var skrRequest = new SkrRequest(); + skrRequest.maa_endpoint = this.maaEndpoint; + skrRequest.runtime_data = base64Encoder.encodeToString(runtimeDataJson.getBytes()); + String requestBody = gson.toJson(skrRequest); var request = HttpRequest.newBuilder() .uri(URI.create(skrEndpoint)) .header("Content-Type", "application/json") - .POST(HttpRequest.BodyPublishers.ofString(bodyJson)) + .POST(HttpRequest.BodyPublishers.ofString(requestBody)) .build(); try { @@ -70,13 +79,15 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio throw new AttestationException("Skr failed with status code: " + response.statusCode() + " body: " + response.body()); } - var responseBodyType = new TypeToken>(){}; - var responseBody = gson.fromJson(response.body(), responseBodyType); - var token = responseBody.get("token"); - if (token == null) { + var skrResponse = gson.fromJson(response.body(), SkrResponse.class); + if (skrResponse == null) { + throw new AttestationException("response is null"); + } + + if (skrResponse.token == null || skrResponse.token.isEmpty()) { throw new AttestationException("token field not exist in Skr response"); } - return token.getBytes(); + return skrResponse.token.getBytes(); } catch (IOException e) { throw new AttestationException(e); } catch (InterruptedException e) { @@ -85,6 +96,20 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio } private String getLocation() throws AttestationException { + if (this.location != null) { + return this.location; + } + + // TODO(lun.wang) get location from meta server return ""; } + + private static class SkrRequest { + private String maa_endpoint; + private String runtime_data; + } + + private static class SkrResponse { + private String token; + } } \ No newline at end of file diff --git a/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java b/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java new file mode 100644 index 0000000..e7f4657 --- /dev/null +++ b/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java @@ -0,0 +1,94 @@ +package com.uid2.attestation.azure; + +import com.uid2.enclave.AttestationException; + +import com.google.gson.Gson; +import org.junit.Assert; +import org.junit.Test; +import org.mockito.ArgumentCaptor; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; +import static org.mockito.Mockito.verify; + +import java.net.HttpURLConnection; +import java.net.http.HttpClient; +import java.net.http.HttpRequest; +import java.net.http.HttpResponse; +import java.util.Map; + +public class AzureCCAttestationProviderTest { + @Test + public void testGetAttestationRequestSuccess() throws Exception { + var gson = new Gson(); + + // Mock response + final var publicTokenMock = new byte[] {0x01, 0x02}; + final var maaTokenMock = "abc"; + final var httpResponseMock = mock(HttpResponse.class); + when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_OK); + when(httpResponseMock.body()).thenReturn(gson.toJson(Map.of("token", maaTokenMock))); + + final var httpClientMock = mock(HttpClient.class); + when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); + + // Verify output + final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, + AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + var output = provider.getAttestationRequest(publicTokenMock); + Assert.assertArrayEquals(maaTokenMock.getBytes(), output); + + // Verify sent request + var requestCaptor = ArgumentCaptor.forClass(HttpRequest.class); + verify(httpClientMock).send(requestCaptor.capture(), any(HttpResponse.BodyHandler.class)); + var request = requestCaptor.getValue(); + Assert.assertEquals(AzureCCAttestationProvider.DefaultSkrEndpoint, request.uri().toString()); + } + + @Test + public void testGetAttestationRequestFailure_InvalidStatusCode() throws Exception { + final var publicTokenMock = new byte[] {0x01, 0x02}; + final var httpResponseMock = mock(HttpResponse.class); + when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_INTERNAL_ERROR); + + final var httpClientMock = mock(HttpClient.class); + when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); + + final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, + AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); + Assert.assertTrue(thrown.getMessage().startsWith("Skr failed with status code: " + HttpURLConnection.HTTP_INTERNAL_ERROR)); + } + + @Test + public void testGetAttestationRequestFailure_EmptyResponseBody() throws Exception { + final var publicTokenMock = new byte[] {0x01, 0x02}; + final var httpResponseMock = mock(HttpResponse.class); + when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_OK); + + final var httpClientMock = mock(HttpClient.class); + when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); + + final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, + AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); + Assert.assertEquals("response is null", thrown.getMessage()); + } + + @Test + public void testGetAttestationRequestFailure_InvalidResponseBody() throws Exception { + var gson = new Gson(); + final var publicTokenMock = new byte[] {0x01, 0x02}; + final var httpResponseMock = mock(HttpResponse.class); + when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_OK); + when(httpResponseMock.body()).thenReturn(gson.toJson(Map.of("key", 123))); + + final var httpClientMock = mock(HttpClient.class); + when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); + + final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, + AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); + Assert.assertEquals("token field not exist in Skr response", thrown.getMessage()); + } +} From 625c6d0e961c3d76d26739e32c08dc2f1352570d Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 09:43:20 +0800 Subject: [PATCH 03/18] Refine naming and document for Azure CC --- .../azure/AzureCCAttestationProvider.java | 59 ++++++++++++------- .../azure/AzureCCAttestationProviderTest.java | 15 ++--- 2 files changed, 45 insertions(+), 29 deletions(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 89f197a..7f64260 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -16,32 +16,53 @@ public class AzureCCAttestationProvider implements IAttestationProvider { private final String maaEndpoint; - public static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; + private static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; - private final String skrEndpoint; - public static final String DefaultSkrEndpoint = "http://localhost:8080/attest/maa"; + private final String skrUrl; + private static final String DefaultSkrUrl = "http://localhost:8080/attest/maa"; private final HttpClient httpClient; private String location; public AzureCCAttestationProvider() { - this(DefaultSkrEndpoint, DefaultMaaEndpoint, null, null); + this(null, null, null, null); } + public AzureCCAttestationProvider(String maaEndpoint) { - this(maaEndpoint, DefaultSkrEndpoint, null, null); + this(maaEndpoint, null, null, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint) { - this(maaEndpoint, skrEndpoint, null, null); + public AzureCCAttestationProvider(String maaEndpoint, String skrUrl) { + this(maaEndpoint, skrUrl, null, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient) { - this(maaEndpoint, skrEndpoint, httpClient, null); + public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient) { + this(maaEndpoint, skrUrl, httpClient, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient, String location) { - this.maaEndpoint = maaEndpoint; - this.skrEndpoint = skrEndpoint; + /** + * Azure confidential container provider. + * Use SKR sidecar (https://github.com/microsoft/confidential-sidecar-containers) to get MAA token. + * + * @param maaEndpoint request param to the SKR sidecar API, e.g. sharedeus.eus.attest.azure.net + * @param skrUrl SKR sidecar API URL + * @param httpClient + * @param location deployment location, for testing + * + * @return provider + */ + public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient, String location) { + if (maaEndpoint != null ) { + this.maaEndpoint = maaEndpoint; + } else { + this.maaEndpoint = DefaultMaaEndpoint; + } + + if (skrUrl != null) { + this.skrUrl = skrUrl; + } else { + this.skrUrl = DefaultSkrUrl; + } if (httpClient != null) { this.httpClient = httpClient; @@ -51,6 +72,8 @@ public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpCl if (location != null) { this.location = location; + } else { + this.location = getLocation(); } } @@ -59,7 +82,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio var base64Encoder = Base64.getEncoder(); var gson = new Gson(); - var runtimeData = Map.of("location", getLocation(), "publicKey", base64Encoder.encodeToString(publicKey)); + var runtimeData = Map.of("location", this.location, "publicKey", base64Encoder.encodeToString(publicKey)); String runtimeDataJson = gson.toJson(runtimeData); var skrRequest = new SkrRequest(); @@ -68,7 +91,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio String requestBody = gson.toJson(skrRequest); var request = HttpRequest.newBuilder() - .uri(URI.create(skrEndpoint)) + .uri(URI.create(this.skrUrl)) .header("Content-Type", "application/json") .POST(HttpRequest.BodyPublishers.ofString(requestBody)) .build(); @@ -95,12 +118,8 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio } } - private String getLocation() throws AttestationException { - if (this.location != null) { - return this.location; - } - - // TODO(lun.wang) get location from meta server + private String getLocation() { + // TODO(lun.wang) get location return ""; } diff --git a/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java b/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java index e7f4657..6941559 100644 --- a/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java +++ b/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java @@ -24,6 +24,7 @@ public void testGetAttestationRequestSuccess() throws Exception { // Mock response final var publicTokenMock = new byte[] {0x01, 0x02}; + final var skrUrlMock = "http://skr"; final var maaTokenMock = "abc"; final var httpResponseMock = mock(HttpResponse.class); when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_OK); @@ -33,8 +34,7 @@ public void testGetAttestationRequestSuccess() throws Exception { when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); // Verify output - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, skrUrlMock, httpClientMock); var output = provider.getAttestationRequest(publicTokenMock); Assert.assertArrayEquals(maaTokenMock.getBytes(), output); @@ -42,7 +42,7 @@ public void testGetAttestationRequestSuccess() throws Exception { var requestCaptor = ArgumentCaptor.forClass(HttpRequest.class); verify(httpClientMock).send(requestCaptor.capture(), any(HttpResponse.BodyHandler.class)); var request = requestCaptor.getValue(); - Assert.assertEquals(AzureCCAttestationProvider.DefaultSkrEndpoint, request.uri().toString()); + Assert.assertEquals(skrUrlMock, request.uri().toString()); } @Test @@ -54,8 +54,7 @@ public void testGetAttestationRequestFailure_InvalidStatusCode() throws Exceptio final var httpClientMock = mock(HttpClient.class); when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, null, httpClientMock); var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); Assert.assertTrue(thrown.getMessage().startsWith("Skr failed with status code: " + HttpURLConnection.HTTP_INTERNAL_ERROR)); } @@ -69,8 +68,7 @@ public void testGetAttestationRequestFailure_EmptyResponseBody() throws Exceptio final var httpClientMock = mock(HttpClient.class); when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, null, httpClientMock); var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); Assert.assertEquals("response is null", thrown.getMessage()); } @@ -86,8 +84,7 @@ public void testGetAttestationRequestFailure_InvalidResponseBody() throws Except final var httpClientMock = mock(HttpClient.class); when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, null, httpClientMock); var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); Assert.assertEquals("token field not exist in Skr response", thrown.getMessage()); } From 5682ea84167510d57e4f4e754cd036ca4c1a11a8 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 10:41:41 +0800 Subject: [PATCH 04/18] Refine Azure CC provider to accept a MAA base URL --- .../azure/AzureCCAttestationProvider.java | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 7f64260..6eff786 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -15,8 +15,9 @@ import java.util.Map; public class AzureCCAttestationProvider implements IAttestationProvider { - private final String maaEndpoint; - private static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; + private final String maaServerBaseUrl; + private static final String DefaultMaaServerBaseUrl = "https://sharedeus.eus.attest.azure.net"; + private final String maaEndpoint; // request param to SKR API which is parsed from maaServerBaseUrl private final String skrUrl; private static final String DefaultSkrUrl = "http://localhost:8080/attest/maa"; @@ -28,36 +29,38 @@ public AzureCCAttestationProvider() { this(null, null, null, null); } - public AzureCCAttestationProvider(String maaEndpoint) { - this(maaEndpoint, null, null, null); + public AzureCCAttestationProvider(String maaServerBaseUrl) { + this(maaServerBaseUrl, null, null, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrUrl) { - this(maaEndpoint, skrUrl, null, null); + public AzureCCAttestationProvider(String maaServerBaseUrl, String skrUrl) { + this(maaServerBaseUrl, skrUrl, null, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient) { - this(maaEndpoint, skrUrl, httpClient, null); + public AzureCCAttestationProvider(String maaServerBaseUrl, String skrUrl, HttpClient httpClient) { + this(maaServerBaseUrl, skrUrl, httpClient, null); } /** * Azure confidential container provider. * Use SKR sidecar (https://github.com/microsoft/confidential-sidecar-containers) to get MAA token. * - * @param maaEndpoint request param to the SKR sidecar API, e.g. sharedeus.eus.attest.azure.net + * @param maaServerBaseUrl attestation server base URL, e.g. https://sharedeus.eus.attest.azure.net * @param skrUrl SKR sidecar API URL * @param httpClient * @param location deployment location, for testing * * @return provider */ - public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient, String location) { - if (maaEndpoint != null ) { - this.maaEndpoint = maaEndpoint; + public AzureCCAttestationProvider(String maaServerBaseUrl, String skrUrl, HttpClient httpClient, String location) { + if (maaServerBaseUrl != null ) { + this.maaServerBaseUrl = maaServerBaseUrl; } else { - this.maaEndpoint = DefaultMaaEndpoint; + this.maaServerBaseUrl = DefaultMaaServerBaseUrl; } + this.maaEndpoint = URI.create(this.maaServerBaseUrl).getHost(); + if (skrUrl != null) { this.skrUrl = skrUrl; } else { From f39c079dc2558af0c9b409f181b1881643662b95 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 11:07:20 +0800 Subject: [PATCH 05/18] Fix GitHub workflows --- .github/workflows/build-and-test.yaml | 9 ++++ .github/workflows/build.yaml | 11 ----- .github/workflows/check_version/action.yaml | 39 --------------- .github/workflows/create-release-branch.yaml | 39 --------------- .../workflows/download_gpg_key/action.yaml | 30 ------------ .github/workflows/publish-major.yaml | 17 +++++++ .github/workflows/publish-minor.yaml | 17 +++++++ .github/workflows/publish-patch.yaml | 17 +++++++ .github/workflows/publish-snapshot.yaml | 33 +++++++------ .github/workflows/release-major-minor.yaml | 47 ------------------- .github/workflows/release-patch.yaml | 47 ------------------- .github/workflows/release.yaml | 16 ------- 12 files changed, 76 insertions(+), 246 deletions(-) create mode 100644 .github/workflows/build-and-test.yaml delete mode 100644 .github/workflows/build.yaml delete mode 100644 .github/workflows/check_version/action.yaml delete mode 100644 .github/workflows/create-release-branch.yaml delete mode 100644 .github/workflows/download_gpg_key/action.yaml create mode 100644 .github/workflows/publish-major.yaml create mode 100644 .github/workflows/publish-minor.yaml create mode 100644 .github/workflows/publish-patch.yaml delete mode 100644 .github/workflows/release-major-minor.yaml delete mode 100644 .github/workflows/release-patch.yaml delete mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml new file mode 100644 index 0000000..6f6f7a5 --- /dev/null +++ b/.github/workflows/build-and-test.yaml @@ -0,0 +1,9 @@ +name: Build and Test +on: [pull_request, push, workflow_dispatch] + +jobs: + build: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@main + with: + java_version: "11" + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml deleted file mode 100644 index 5db5f0c..0000000 --- a/.github/workflows/build.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: Build -on: [push] - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Build - run: mvn -B clean compile test diff --git a/.github/workflows/check_version/action.yaml b/.github/workflows/check_version/action.yaml deleted file mode 100644 index bf09b14..0000000 --- a/.github/workflows/check_version/action.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: Check Version -# This workflow checks that the version in the commit is valid. -# Valid meaning: -# - Not Already Released -# - Has -SNAPSHOT for now released workflows -inputs: - needs_snapshot: - description: 'If set to true, this version needs a -SNAPSHOT' - required: 'true' - type: string -outputs: - version: - description: 'The Version of the package' - value: ${{ steps.version.outputs.jar_version }} -runs: - using: "composite" - - steps: - - name: Get Jar Version - id: version - shell: bash - run: echo "::set-output name=jar_version::$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)" - - name: Check if Version has Snapshot - if: ${{ inputs.needs_snapshot == 'true' }} - shell: bash - run: grep -q "\-SNAPSHOT" <<< "${{ steps.version.outputs.jar_version }}" - - name: Check if Version has no Snapshot - if: ${{ inputs.needs_snapshot == 'false' }} - shell: bash - run: grep -vq "\-SNAPSHOT" <<< "${{ steps.version.outputs.jar_version }}" - - name: Check if Version is released - shell: bash - run: | - export VERSION=${{ steps.version.outputs.jar_version }} - if [[ $VERSION == *"-SNAPSHOT"* ]]; then - export VERSION=$(echo $VERSION | awk '{ print substr( $0, 1, length($0)-9 ) }') - fi - mvn dependency:get -Dartifact=$(mvn help:evaluate -Dexpression=project.name -q -DforceStdout):$VERSION || exit 0 - exit 1 diff --git a/.github/workflows/create-release-branch.yaml b/.github/workflows/create-release-branch.yaml deleted file mode 100644 index 586376b..0000000 --- a/.github/workflows/create-release-branch.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: Create Release Branch -on: - workflow_dispatch: - inputs: - version: - description: 'The version tag to create the branch from' - type: string - required: true - workflow_call: - inputs: - version: - description: 'The version tag to create the branch from' - type: string - required: true - -jobs: - create_branch: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Get Short Version - id: version - run: | - echo "::set-output name=short_version::$(echo ${{ github.event.inputs.version }} | rev | cut -c3- | rev)" - - name: Checkout Branch from tag - run: | - git fetch --tags - git checkout -b release-${{ steps.version.outputs.short_version }} ${{ github.event.inputs.version }} - - name: Bump Version - run: mvn versions:set -DnextSnapshot - - name: Commit Pom.xml - uses: EndBug/add-and-commit@v9 - with: - add: 'pom.xml' - author_name: Release Workflow - author_email: unifiedid-admin+release@thetradedesk.com - push: '--set-upstream origin release-${{ steps.version.outputs.short_version }}' - message: 'release-branch-${{ github.event.inputs.version }}' diff --git a/.github/workflows/download_gpg_key/action.yaml b/.github/workflows/download_gpg_key/action.yaml deleted file mode 100644 index e1c3c0d..0000000 --- a/.github/workflows/download_gpg_key/action.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: Setup Dependancies -inputs: - key: - descriptions: 'The Key to be imported' - required: true - type: string - -runs: - using: "composite" - steps: - - name: Setup settings.xml - shell: bash - run: | - mkdir ~/.m2 - echo "" >> ~/.m2/settings.xml - echo " " >> ~/.m2/settings.xml - echo " " >> ~/.m2/settings.xml - echo " \${repo.id}" >> ~/.m2/settings.xml - echo " \${repo.login}" >> ~/.m2/settings.xml - echo " \${repo.pwd}" >> ~/.m2/settings.xml - echo " " >> ~/.m2/settings.xml - echo " " >> ~/.m2/settings.xml - echo "" >> ~/.m2/settings.xml - - name: Import GPG key - shell: bash - run: | - echo -n "$GPG_SIGNING_KEY" | base64 --decode > private.key - gpg --batch --import private.key - env: - GPG_SIGNING_KEY: ${{ inputs.key }} diff --git a/.github/workflows/publish-major.yaml b/.github/workflows/publish-major.yaml new file mode 100644 index 0000000..3b4bfec --- /dev/null +++ b/.github/workflows/publish-major.yaml @@ -0,0 +1,17 @@ +name: Publish Major Package +on: + workflow_dispatch: + inputs: + publish_to_maven: + description: 'True to publish the artifacts to maven repository, false to skip the step' + default: true + required: false + type: boolean +jobs: + build-publish-package: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-java-publish-versioned-package.yaml@main + with: + release_type: 'Major' + publish_to_maven: ${{ inputs.publish_to_maven }} + java_version: "11" + secrets: inherit diff --git a/.github/workflows/publish-minor.yaml b/.github/workflows/publish-minor.yaml new file mode 100644 index 0000000..73fed0c --- /dev/null +++ b/.github/workflows/publish-minor.yaml @@ -0,0 +1,17 @@ +name: Publish Minor Package +on: + workflow_dispatch: + inputs: + publish_to_maven: + description: 'True to publish the artifacts to maven repository, false to skip the step' + default: true + required: false + type: boolean +jobs: + build-publish-package: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-java-publish-versioned-package.yaml@main + with: + release_type: 'Minor' + publish_to_maven: ${{ inputs.publish_to_maven }} + java_version: "11" + secrets: inherit diff --git a/.github/workflows/publish-patch.yaml b/.github/workflows/publish-patch.yaml new file mode 100644 index 0000000..433c289 --- /dev/null +++ b/.github/workflows/publish-patch.yaml @@ -0,0 +1,17 @@ +name: Publish Patch Package +on: + workflow_dispatch: + inputs: + publish_to_maven: + description: 'True to publish the artifacts to maven repository, false to skip the step' + default: true + required: false + type: boolean +jobs: + build-publish-package: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-java-publish-versioned-package.yaml@main + with: + release_type: 'Patch' + publish_to_maven: ${{ inputs.publish_to_maven }} + java_version: "11" + secrets: inherit diff --git a/.github/workflows/publish-snapshot.yaml b/.github/workflows/publish-snapshot.yaml index 6539f14..3f2b68d 100644 --- a/.github/workflows/publish-snapshot.yaml +++ b/.github/workflows/publish-snapshot.yaml @@ -1,18 +1,17 @@ -name: Publish Snapshot -on: workflow_dispatch - +name: Publish Snapshot Package +on: + workflow_dispatch: + inputs: + publish_to_maven: + description: 'True to publish the artifacts to maven repository, false to skip the step' + default: true + required: false + type: boolean jobs: - publish: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: ./.github/workflows/download_gpg_key - with: - key: ${{ secrets.GPG_KEY }} - - name: Check Version is snapshot - id: check_verion - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'true' - - name: Deploy Snapshot - run: mvn -B -Drepo.id=ossrh -Drepo.login="{{ secrets.SONATYPE_REPO_ACCOUNT }}" -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy + build-publish-package: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-java-publish-versioned-package.yaml@main + with: + release_type: 'Snapshot' + publish_to_maven: ${{ inputs.publish_to_maven }} + java_version: "11" + secrets: inherit diff --git a/.github/workflows/release-major-minor.yaml b/.github/workflows/release-major-minor.yaml deleted file mode 100644 index 27089bf..0000000 --- a/.github/workflows/release-major-minor.yaml +++ /dev/null @@ -1,47 +0,0 @@ -name: Release Major/Minor -on: [workflow_dispatch] - -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: ./.github/workflows/download_gpg_key - with: - key: ${{ secrets.GPG_KEY }} - - name: Check Version before any work - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'true' - - name: Remove Snapshot - run: mvn -B versions:set -DremoveSnapshot - - name: Check Version snapshot removed - id: check_version - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'false' - - name: Commit Pom.xml - uses: EndBug/add-and-commit@v9 - with: - add: 'pom.xml' - author_name: Release Workflow - author_email: unifiedid-admin+release@thetradedesk.com - message: 'release-${{ steps.check_version.outputs.version }}' - tag: '${{ steps.check_version.outputs.version }}' - - name: Publish - run: mvn -B -Drepo.id=ossrh -Drepo.login="{{ secrets.SONATYPE_REPO_ACCOUNT }}" -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy - #" - - name: Bump Version - run: mvn build-helper:parse-version versions:set -DnewVersion=\${parsedVersion.majorVersion}.\${parsedVersion.nextMinorVersion}.0-SNAPSHOT versions:commit - - name: Check Version Bump Was Successful - id: check_version_after - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'true' - - name: Commit Pom.xml - uses: EndBug/add-and-commit@v9 - with: - add: 'pom.xml' - author_name: Release Workflow - author_email: unifiedid-admin+release@thetradedesk.com - message: 'Increment ${{ steps.check_version.outputs.version }} to ${{ steps.check_version_after.outputs.version }}' diff --git a/.github/workflows/release-patch.yaml b/.github/workflows/release-patch.yaml deleted file mode 100644 index 481fd1b..0000000 --- a/.github/workflows/release-patch.yaml +++ /dev/null @@ -1,47 +0,0 @@ -name: Release Patch -on: workflow_dispatch - -jobs: - release: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: ./.github/workflows/download_gpg_key - with: - key: ${{ secrets.GPG_KEY }} - - name: Check Version before any work - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'true' - - name: Remove Snapshot - run: mvn -B versions:set -DremoveSnapshot - - name: Check Version snapshot removed - id: check_version - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'false' - - name: Commit Pom.xml - uses: EndBug/add-and-commit@v9 - with: - add: 'pom.xml' - author_name: Release Workflow - author_email: unifiedid-admin+release@thetradedesk.com - message: 'release-${{ steps.check_version.outputs.version }}' - tag: '${{ steps.check_version.outputs.version }}' - - name: Publish - run: mvn -B -Drepo.id=ossrh -Drepo.login="{{ secrets.SONATYPE_REPO_ACCOUNT }}" -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy - #" - - name: Bump Version - run: mvn versions:set -DnextSnapshot - - name: Check Version Bump Was Successful - id: check_version_after - uses: ./.github/workflows/check_version - with: - needs_snapshot: 'true' - - name: Commit Pom.xml - uses: EndBug/add-and-commit@v9 - with: - add: 'pom.xml' - author_name: Release Workflow - author_email: unifiedid-admin+release@thetradedesk.com - message: 'Increment ${{ steps.check_version.outputs.version }} to ${{ steps.check_version_after.outputs.version }}' diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml deleted file mode 100644 index aa35319..0000000 --- a/.github/workflows/release.yaml +++ /dev/null @@ -1,16 +0,0 @@ -name: Release -on: workflow_dispatch - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - uses: ./.github/workflows/download_gpg_key - with: - key: ${{ secrets.GPG_KEY }} - - name: Remove Snapshot - run: mvn versions:set -DremoveSnapshot - - name: Deploy Snapshot - run: mvn -Drepo.id=ossrh -Drepo.login="{{ secrets.SONATYPE_REPO_ACCOUNT }}" -Drepo.pwd="${{ secrets.SONATYPE_REPO_PASSWORD }}" -Dgpg.passphrase="${{ secrets.GPG_PASSPHRASE }}" clean deploy From 7616b339ec7c9692ae36854617bcde292f5d1ec2 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 11:14:55 +0800 Subject: [PATCH 06/18] Fix maven plugin --- pom.xml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pom.xml b/pom.xml index fca569f..c1fb8b9 100644 --- a/pom.xml +++ b/pom.xml @@ -154,6 +154,18 @@ + + org.jacoco + jacoco-maven-plugin + 0.8.8 + + + + prepare-agent + + + + From ab65f3b1d55db88934c0c87a3312170b2cf04a08 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 11:22:02 +0800 Subject: [PATCH 07/18] Fix javadoc for Azure CC provider --- .../uid2/attestation/azure/AzureCCAttestationProvider.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 6eff786..b1befb0 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -45,12 +45,11 @@ public AzureCCAttestationProvider(String maaServerBaseUrl, String skrUrl, HttpCl * Azure confidential container provider. * Use SKR sidecar (https://github.com/microsoft/confidential-sidecar-containers) to get MAA token. * - * @param maaServerBaseUrl attestation server base URL, e.g. https://sharedeus.eus.attest.azure.net - * @param skrUrl SKR sidecar API URL - * @param httpClient + * @param maaServerBaseUrl attestation server base URL, e.g. https://sharedeus.eus.attest.azure.net, default url will be used if it's null + * @param skrUrl SKR sidecar API URL, default URL will be used if it's null + * @param httpClient new httpClient object will be created if it's null * @param location deployment location, for testing * - * @return provider */ public AzureCCAttestationProvider(String maaServerBaseUrl, String skrUrl, HttpClient httpClient, String location) { if (maaServerBaseUrl != null ) { From 57d2215533086b68dea8ca7136908f6dacf645c0 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 11:28:08 +0800 Subject: [PATCH 08/18] Add empty version.json --- version.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 version.json diff --git a/version.json b/version.json new file mode 100644 index 0000000..e69de29 From 8f8d865bac0388cb5c8aaca23bd0b1ea254aebfa Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 10 Oct 2023 03:29:46 +0000 Subject: [PATCH 09/18] Released Snapshot version: 0.0.0-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c1fb8b9..c7829e4 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.uid2 attestation-azure - 1.1.0-SNAPSHOT + 0.0.0-SNAPSHOT ${project.groupId}:${project.artifactId} Azure SGX Enclave attestation From 5b4b138672acbf8d0a70d1cb6aa327033c13d0f8 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 11:55:33 +0800 Subject: [PATCH 10/18] Set version.json --- version.json | 1 + 1 file changed, 1 insertion(+) diff --git a/version.json b/version.json index e69de29..ecf94b1 100644 --- a/version.json +++ b/version.json @@ -0,0 +1 @@ +{ "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", "version": "1.2", "publicReleaseRefSpec": [ "^refs/heads/master$", "^refs/heads/v\\d+(?:\\.\\d+)?$" ], "cloudBuild": { "setVersionVariables": true, "buildNumber": { "enabled": true, "includeCommitId": { "when": "always" } } } } From 71b0bf70c154794629af525116573d4df04523aa Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 10 Oct 2023 03:57:48 +0000 Subject: [PATCH 11/18] Released Snapshot version: 1.2.2-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c7829e4..c0be7f4 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.uid2 attestation-azure - 0.0.0-SNAPSHOT + 1.2.2-SNAPSHOT ${project.groupId}:${project.artifactId} Azure SGX Enclave attestation From d98c33d5104788c32b6543750abcb706d10c9e6f Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 15:51:52 +0800 Subject: [PATCH 12/18] Refine Azure CC error message --- .../uid2/attestation/azure/AzureCCAttestationProvider.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index b1befb0..54e4b41 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -114,9 +114,9 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio } return skrResponse.token.getBytes(); } catch (IOException e) { - throw new AttestationException(e); + throw new AttestationException("failed to access Skr API: " + e.getMessage()); } catch (InterruptedException e) { - throw new AttestationException(e); + throw new AttestationException("failed to access Skr API: " + e.getMessage()); } } From 05ebde856ebb32af2f052b7f034a82607b7aeec6 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 16:02:18 +0800 Subject: [PATCH 13/18] Update Skr port to 9000 --- .../com/uid2/attestation/azure/AzureCCAttestationProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 54e4b41..a3f4701 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -20,7 +20,7 @@ public class AzureCCAttestationProvider implements IAttestationProvider { private final String maaEndpoint; // request param to SKR API which is parsed from maaServerBaseUrl private final String skrUrl; - private static final String DefaultSkrUrl = "http://localhost:8080/attest/maa"; + private static final String DefaultSkrUrl = "http://localhost:9000/attest/maa"; private final HttpClient httpClient; private String location; From 8ae7b6924726f13b39f706d228612c83a1bd7433 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 10 Oct 2023 08:04:43 +0000 Subject: [PATCH 14/18] Released Snapshot version: 1.2.5-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c0be7f4..ebf9ec9 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.uid2 attestation-azure - 1.2.2-SNAPSHOT + 1.2.5-SNAPSHOT ${project.groupId}:${project.artifactId} Azure SGX Enclave attestation From 80bcedaf293e11822d75cefd30682b1821bf1593 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Tue, 10 Oct 2023 17:30:27 +0800 Subject: [PATCH 15/18] Azure CC: hard code location for now --- .../com/uid2/attestation/azure/AzureCCAttestationProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index a3f4701..3bab43c 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -122,7 +122,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio private String getLocation() { // TODO(lun.wang) get location - return ""; + return "East US"; } private static class SkrRequest { From f25dfe788e6fbd88865daac7770ccea8f26f78a1 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 10 Oct 2023 09:34:29 +0000 Subject: [PATCH 16/18] Released Snapshot version: 1.2.7-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ebf9ec9..10a99aa 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.uid2 attestation-azure - 1.2.5-SNAPSHOT + 1.2.7-SNAPSHOT ${project.groupId}:${project.artifactId} Azure SGX Enclave attestation From ff4037f958f005ea0943b3202495f619d8931669 Mon Sep 17 00:00:00 2001 From: Lun Wang Date: Wed, 11 Oct 2023 13:09:44 +0800 Subject: [PATCH 17/18] Define RuntimeData class --- .../attestation/azure/AzureCCAttestationProvider.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 3bab43c..2c7ebc1 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -84,9 +84,11 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio var base64Encoder = Base64.getEncoder(); var gson = new Gson(); - var runtimeData = Map.of("location", this.location, "publicKey", base64Encoder.encodeToString(publicKey)); + var runtimeData = new RuntimeData(); + runtimeData.location = this.location; + runtimeData.publicKey = base64Encoder.encodeToString(publicKey); String runtimeDataJson = gson.toJson(runtimeData); - + var skrRequest = new SkrRequest(); skrRequest.maa_endpoint = this.maaEndpoint; skrRequest.runtime_data = base64Encoder.encodeToString(runtimeDataJson.getBytes()); @@ -125,6 +127,11 @@ private String getLocation() { return "East US"; } + private static class RuntimeData { + private String location; + private String publicKey; + } + private static class SkrRequest { private String maa_endpoint; private String runtime_data; From 79a996eb998701ab6bbc559ef1dedd0728521f9e Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Thu, 12 Oct 2023 05:32:43 +0000 Subject: [PATCH 18/18] Released Snapshot version: 1.2.9-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 10a99aa..6550e00 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ com.uid2 attestation-azure - 1.2.7-SNAPSHOT + 1.2.9-SNAPSHOT ${project.groupId}:${project.artifactId} Azure SGX Enclave attestation