diff --git a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java index 89f197a..7f64260 100644 --- a/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java +++ b/src/main/java/com/uid2/attestation/azure/AzureCCAttestationProvider.java @@ -16,32 +16,53 @@ public class AzureCCAttestationProvider implements IAttestationProvider { private final String maaEndpoint; - public static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; + private static final String DefaultMaaEndpoint = "sharedeus.eus.attest.azure.net"; - private final String skrEndpoint; - public static final String DefaultSkrEndpoint = "http://localhost:8080/attest/maa"; + private final String skrUrl; + private static final String DefaultSkrUrl = "http://localhost:8080/attest/maa"; private final HttpClient httpClient; private String location; public AzureCCAttestationProvider() { - this(DefaultSkrEndpoint, DefaultMaaEndpoint, null, null); + this(null, null, null, null); } + public AzureCCAttestationProvider(String maaEndpoint) { - this(maaEndpoint, DefaultSkrEndpoint, null, null); + this(maaEndpoint, null, null, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint) { - this(maaEndpoint, skrEndpoint, null, null); + public AzureCCAttestationProvider(String maaEndpoint, String skrUrl) { + this(maaEndpoint, skrUrl, null, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient) { - this(maaEndpoint, skrEndpoint, httpClient, null); + public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient) { + this(maaEndpoint, skrUrl, httpClient, null); } - public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpClient httpClient, String location) { - this.maaEndpoint = maaEndpoint; - this.skrEndpoint = skrEndpoint; + /** + * Azure confidential container provider. + * Use SKR sidecar (https://github.com/microsoft/confidential-sidecar-containers) to get MAA token. + * + * @param maaEndpoint request param to the SKR sidecar API, e.g. sharedeus.eus.attest.azure.net + * @param skrUrl SKR sidecar API URL + * @param httpClient + * @param location deployment location, for testing + * + * @return provider + */ + public AzureCCAttestationProvider(String maaEndpoint, String skrUrl, HttpClient httpClient, String location) { + if (maaEndpoint != null ) { + this.maaEndpoint = maaEndpoint; + } else { + this.maaEndpoint = DefaultMaaEndpoint; + } + + if (skrUrl != null) { + this.skrUrl = skrUrl; + } else { + this.skrUrl = DefaultSkrUrl; + } if (httpClient != null) { this.httpClient = httpClient; @@ -51,6 +72,8 @@ public AzureCCAttestationProvider(String maaEndpoint, String skrEndpoint, HttpCl if (location != null) { this.location = location; + } else { + this.location = getLocation(); } } @@ -59,7 +82,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio var base64Encoder = Base64.getEncoder(); var gson = new Gson(); - var runtimeData = Map.of("location", getLocation(), "publicKey", base64Encoder.encodeToString(publicKey)); + var runtimeData = Map.of("location", this.location, "publicKey", base64Encoder.encodeToString(publicKey)); String runtimeDataJson = gson.toJson(runtimeData); var skrRequest = new SkrRequest(); @@ -68,7 +91,7 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio String requestBody = gson.toJson(skrRequest); var request = HttpRequest.newBuilder() - .uri(URI.create(skrEndpoint)) + .uri(URI.create(this.skrUrl)) .header("Content-Type", "application/json") .POST(HttpRequest.BodyPublishers.ofString(requestBody)) .build(); @@ -95,12 +118,8 @@ public byte[] getAttestationRequest(byte[] publicKey) throws AttestationExceptio } } - private String getLocation() throws AttestationException { - if (this.location != null) { - return this.location; - } - - // TODO(lun.wang) get location from meta server + private String getLocation() { + // TODO(lun.wang) get location return ""; } diff --git a/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java b/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java index e7f4657..6941559 100644 --- a/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java +++ b/src/test/java/com/uid2/attestation/azure/AzureCCAttestationProviderTest.java @@ -24,6 +24,7 @@ public void testGetAttestationRequestSuccess() throws Exception { // Mock response final var publicTokenMock = new byte[] {0x01, 0x02}; + final var skrUrlMock = "http://skr"; final var maaTokenMock = "abc"; final var httpResponseMock = mock(HttpResponse.class); when(httpResponseMock.statusCode()).thenReturn(HttpURLConnection.HTTP_OK); @@ -33,8 +34,7 @@ public void testGetAttestationRequestSuccess() throws Exception { when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); // Verify output - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, skrUrlMock, httpClientMock); var output = provider.getAttestationRequest(publicTokenMock); Assert.assertArrayEquals(maaTokenMock.getBytes(), output); @@ -42,7 +42,7 @@ public void testGetAttestationRequestSuccess() throws Exception { var requestCaptor = ArgumentCaptor.forClass(HttpRequest.class); verify(httpClientMock).send(requestCaptor.capture(), any(HttpResponse.BodyHandler.class)); var request = requestCaptor.getValue(); - Assert.assertEquals(AzureCCAttestationProvider.DefaultSkrEndpoint, request.uri().toString()); + Assert.assertEquals(skrUrlMock, request.uri().toString()); } @Test @@ -54,8 +54,7 @@ public void testGetAttestationRequestFailure_InvalidStatusCode() throws Exceptio final var httpClientMock = mock(HttpClient.class); when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, null, httpClientMock); var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); Assert.assertTrue(thrown.getMessage().startsWith("Skr failed with status code: " + HttpURLConnection.HTTP_INTERNAL_ERROR)); } @@ -69,8 +68,7 @@ public void testGetAttestationRequestFailure_EmptyResponseBody() throws Exceptio final var httpClientMock = mock(HttpClient.class); when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, null, httpClientMock); var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); Assert.assertEquals("response is null", thrown.getMessage()); } @@ -86,8 +84,7 @@ public void testGetAttestationRequestFailure_InvalidResponseBody() throws Except final var httpClientMock = mock(HttpClient.class); when(httpClientMock.send(any(HttpRequest.class), any(HttpResponse.BodyHandler.class))).thenReturn(httpResponseMock); - final var provider = new AzureCCAttestationProvider(AzureCCAttestationProvider.DefaultMaaEndpoint, - AzureCCAttestationProvider.DefaultSkrEndpoint, httpClientMock); + final var provider = new AzureCCAttestationProvider(null, null, httpClientMock); var thrown = Assert.assertThrows(AttestationException.class, () -> provider.getAttestationRequest(publicTokenMock)); Assert.assertEquals("token field not exist in Skr response", thrown.getMessage()); }