Refine naming and document for Azure CC

src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java

@@ -16,32 +16,53 @@
 
 public class AzureCCAttestationProvider implements IAttestationProvider {
 	private final String maaEndpoint;
-	public static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net";
+	private static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net";
 
-	private final String skrEndpoint;
-	public static final String DefaultSkrEndpoint = "http://localhost:8080/attest/maa";
+	private final String skrUrl;
+	private static final String DefaultSkrUrl = "http://localhost:8080/attest/maa";
 
 	private final HttpClient httpClient;
 	private String location;
 
 	public AzureCCAttestationProvider() {
-		this(DefaultSkrEndpoint, DefaultMaaEndpoint, null, null);
+		this(null, null, null, null);
 	}
+
 	public AzureCCAttestationProvider(String maaEndpoint) {
-		this(maaEndpoint, DefaultSkrEndpoint, null, null);
+		this(maaEndpoint, null, null, null);
 	}
 
-	public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint) {
-		this(maaEndpoint, skrEndpoint, null, null);
+	public AzureCCAttestationProvider(String maaEndpoint, String skrUrl) {
+		this(maaEndpoint, skrUrl, null, null);
 	}
 
-	public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient) {
-		this(maaEndpoint, skrEndpoint, httpClient, null);
+	public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient) {
+		this(maaEndpoint, skrUrl, httpClient, null);
 	}
 
-	public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient, String location) {
-		this.maaEndpoint = maaEndpoint;
-		this.skrEndpoint = skrEndpoint;
+	/**
+	 * Azure confidential container provider.
+	 * Use SKR sidecar (https://github.com/microsoft/confidential-sidecar-containers) to get MAA token.
+	 *
+	 * @param maaEndpoint request param to the SKR sidecar API, e.g. sharedeus.eus.attest.azure.net
+	 * @param skrUrl SKR sidecar API URL
+	 * @param httpClient
+	 * @param location deployment location, for testing
+	 *
+	 * @return provider
+	 */
+	public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient, String location) {
+		if (maaEndpoint != null ) {
+			this.maaEndpoint = maaEndpoint;
+		} else {
+			this.maaEndpoint = DefaultMaaEndpoint;
+		}
+
+		if (skrUrl != null) {
+			this.skrUrl = skrUrl;
+		} else {
+			this.skrUrl = DefaultSkrUrl;
+		}
 
 		if (httpClient != null) {
 			this.httpClient = httpClient;
@@ -51,6 +72,8 @@ public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpCl
 
 		if (location != null) {
 			this.location = location;
+		} else {
+			this.location = getLocation();
 		}
 	}
 
@@ -59,7 +82,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio
 		var base64Encoder = Base64.getEncoder();
 		var gson = new Gson();
 
-		var runtimeData = Map.of("location", getLocation(), "publicKey", base64Encoder.encodeToString(publicKey));
+		var runtimeData = Map.of("location", this.location, "publicKey", base64Encoder.encodeToString(publicKey));
 		String runtimeDataJson = gson.toJson(runtimeData);
 
 		var skrRequest = new SkrRequest();
@@ -68,7 +91,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio
 
 		String requestBody = gson.toJson(skrRequest);
 		var request = HttpRequest.newBuilder()
-				.uri(URI.create(skrEndpoint))
+				.uri(URI.create(this.skrUrl))
 				.header("Content-Type", "application/json")
 				.POST(HttpRequest.BodyPublishers.ofString(requestBody))
 				.build();
@@ -95,12 +118,8 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio
 		}
 	}
 
-	private String getLocation() throws AttestationException {
-		if (this.location != null) {
-			return this.location;
-		}
-
-		// TODO(lun.wang) get location from meta server
+	private String getLocation() {
+		// TODO(lun.wang) get location
 		return "";
 	}
 

src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java

@@ -24,6 +24,7 @@ public void testGetAttestationRequestSuccess() throws Exception {
 
         // Mock response
         final var publicTokenMock = new byte[] {0x01, 0x02};
+        final var skrUrlMock = "http://skr";
         final var maaTokenMock = "abc";
         final var httpResponseMock = mock(HttpResponse.class);
         when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_OK);
@@ -33,16 +34,15 @@ public void testGetAttestationRequestSuccess() throws Exception {
         when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock);
 
         // Verify output
-        final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint,
-                AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock);
+        final var provider = new AzureCCAttestationProvider(null, skrUrlMock, httpClientMock);
         var output = provider.getAttestationRequest(publicTokenMock);
         Assert.assertArrayEquals(maaTokenMock.getBytes(), output);
 
         // Verify sent request
         var requestCaptor = ArgumentCaptor.forClass(HttpRequest.class);
         verify(httpClientMock).send(requestCaptor.capture(), any(HttpResponse.BodyHandler.class));
         var request = requestCaptor.getValue();
-        Assert.assertEquals(AzureCCAttestationProvider.DefaultSkrEndpoint, request.uri().toString());
+        Assert.assertEquals(skrUrlMock, request.uri().toString());
     }
 
     @Test
@@ -54,8 +54,7 @@ public void testGetAttestationRequestFailure_InvalidStatusCode() throws Exceptio
         final var httpClientMock = mock(HttpClient.class);
         when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock);
 
-        final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint,
-                AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock);
+        final var provider = new AzureCCAttestationProvider(null, null, httpClientMock);
         var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock));
         Assert.assertTrue(thrown.getMessage().startsWith("Skr failed with status code: " + HttpURLConnection.HTTP_INTERNAL_ERROR));
     }
@@ -69,8 +68,7 @@ public void testGetAttestationRequestFailure_EmptyResponseBody() throws Exceptio
         final var httpClientMock = mock(HttpClient.class);
         when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock);
 
-        final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint,
-                AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock);
+        final var provider = new AzureCCAttestationProvider(null, null, httpClientMock);
         var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock));
         Assert.assertEquals("response is null", thrown.getMessage());
     }
@@ -86,8 +84,7 @@ public void testGetAttestationRequestFailure_InvalidResponseBody() throws Except
         final var httpClientMock = mock(HttpClient.class);
         when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock);
 
-        final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint,
-                AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock);
+        final var provider = new AzureCCAttestationProvider(null, null, httpClientMock);
         var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock));
         Assert.assertEquals("token field not exist in Skr response", thrown.getMessage());
     }