Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UID2-4808 Add AKS protocol for AzureCCCoreAttestationService #374

Merged
merged 20 commits into from
Feb 6, 2025
Merged

UID2-4808 Add AKS protocol for AzureCCCoreAttestationService #374

merged 20 commits into from
Feb 6, 2025

Conversation

cYKatherine
Copy link
Contributor

@cYKatherine cYKatherine commented Feb 3, 2025
edited
Loading

@cYKatherine cYKatherine self-assigned this Feb 3, 2025
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from 71335dc to 79b38c1 Compare February 4, 2025 00:19
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from 79b38c1 to 25ef824 Compare February 4, 2025 02:46
cYKatherine
cYKatherine commented Feb 4, 2025
View reviewed changes
src/test/java/com/uid2/shared/secure/AzureCCAksCoreAttestationServiceTest.java Outdated

@Test
public void testHappyPath() throws AttestationException {
var provider = new AzureCCAksCoreAttestationService(alwaysPassTokenValidator, alwaysPassPolicyValidator);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is exactly the same as src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java, except testing on AzureCCAksCoreAttestationService

cYKatherine
cYKatherine commented Feb 4, 2025
View reviewed changes
src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java Outdated
@@ -97,6 +97,7 @@ private MaaTokenPayload generateBasicPayload() {
.vmDebuggable(false)
.runtimeData(generateBasicRuntimeData())
.ccePolicyDigest(CCE_POLICY_DIGEST)
.azureProtocol("azure-cc")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default set it to be azure-cc. Test AKS in the tests below.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use MaaTokenPayload.AZURE_CC_ACI_PROTOCOL here?

cody-constine-ttd
cody-constine-ttd reviewed Feb 4, 2025
View reviewed changes
src/main/java/com/uid2/shared/secure/AzureCCAksCoreAttestationService.java Outdated

// CC stands for Confidential Container
@Slf4j
public class AzureCCAksCoreAttestationService extends AzureCCCoreAttestationServiceBase {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we actually need child classes for these? Could they just be one class that takes in the AZURE_CC_PROTOCOL?

@cYKatherine cYKatherine changed the title UID2-4808 Add paraent class for AzureCCCoreAttestationService UID2-4808 Add AKS protocol for AzureCCCoreAttestationService Feb 4, 2025
mcollins-ttd
mcollins-ttd reviewed Feb 5, 2025
View reviewed changes
src/main/java/com/uid2/shared/secure/azurecc/IMaaTokenSignatureValidator.java
@@ -10,5 +10,5 @@ public interface IMaaTokenSignatureValidator {
* @return Parsed token payload.
* @throws AttestationException
*/
MaaTokenPayload validate(String tokenString) throws AttestationException;
MaaTokenPayload validate(String tokenString, String protocol) throws AttestationException;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we introduce an enum for the protocols instead of using a String?

@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch 3 times, most recently from c0056d8 to 8b3af91 Compare February 5, 2025 22:35
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from 8b3af91 to a34056a Compare February 5, 2025 22:38
mcollins-ttd
mcollins-ttd reviewed Feb 6, 2025
View reviewed changes
src/test/java/com/uid2/shared/secure/AzureCCCoreAttestationServiceTest.java Outdated Show resolved Hide resolved
src/test/java/com/uid2/shared/secure/azurecc/MaaTokenSignatureValidatorTest.java Outdated Show resolved Hide resolved
src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java Outdated
@@ -97,6 +97,7 @@ private MaaTokenPayload generateBasicPayload() {
.vmDebuggable(false)
.runtimeData(generateBasicRuntimeData())
.ccePolicyDigest(CCE_POLICY_DIGEST)
.azureProtocol("azure-cc")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we use MaaTokenPayload.AZURE_CC_ACI_PROTOCOL here?

src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java Outdated Show resolved Hide resolved
@cYKatherine cYKatherine force-pushed the kcc-UID2-4808-add-enclave-id-aks branch from ffeb876 to ed3c07d Compare February 6, 2025 02:39
@cYKatherine cYKatherine merged commit 4d8dd46 into main Feb 6, 2025
3 checks passed
@cYKatherine cYKatherine deleted the kcc-UID2-4808-add-enclave-id-aks branch February 6, 2025 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cody-constine-ttd cody-constine-ttd cody-constine-ttd left review comments

@sunnywu sunnywu sunnywu approved these changes

@mcollins-ttd mcollins-ttd mcollins-ttd approved these changes

@thomasm-ttd thomasm-ttd Awaiting requested review from thomasm-ttd

@asloobq asloobq Awaiting requested review from asloobq

@vishalegbert-ttd vishalegbert-ttd Awaiting requested review from vishalegbert-ttd

@abuabraham-ttd abuabraham-ttd Awaiting requested review from abuabraham-ttd

Assignees

@cYKatherine cYKatherine

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cYKatherine @sunnywu @cody-constine-ttd @mcollins-ttd