Merge pull request #13 from IABTechLab/tjm-UID2-2761-add-core-url-att…

…estation-request

Adding user data to the attestation request

pom.xml

@@ -7,7 +7,7 @@
 
   <groupId>com.uid2</groupId>
   <artifactId>attestation-gcp</artifactId>
-  <version>1.4.2-dd1920710d</version>
+  <version>1.4.15-SNAPSHOT</version>
 
   <name>${project.groupId}:${project.artifactId}</name>
   <description>UID 2.0 operator GCP attestation</description>
@@ -35,12 +35,21 @@
     <url>https://github.com/IABTechLab/uid2-attestation-gcp</url>
   </scm>
 
-  <distributionManagement>
-    <snapshotRepository>
-      <id>ossrh</id>
-      <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
-    </snapshotRepository>
-  </distributionManagement>
+    <repositories>
+        <repository>
+            <id>snapshots-repo</id>
+            <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+            <releases><enabled>false</enabled></releases>
+            <snapshots><enabled>true</enabled></snapshots>
+        </repository>
+    </repositories>
+    <distributionManagement>
+      <snapshotRepository>
+        <id>ossrh</id>
+        <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
+      </snapshotRepository>
+    </distributionManagement>
+
 
   <dependencyManagement>
     <dependencies>
@@ -58,7 +67,7 @@
     <dependency>
       <groupId>com.uid2</groupId>
       <artifactId>uid2-attestation-api</artifactId>
-      <version>1.5.0-676519b018</version>
+      <version>2.0.0-f968aec0e3</version>
     </dependency>
     <dependency>
       <groupId>junit</groupId>

src/main/java/com/uid2/attestation/gcp/OidcAttestationProvider.java

@@ -63,7 +63,7 @@ public boolean isReady() {
 	}
 
 	@Override
-	public byte[] getAttestationRequest(@SuppressWarnings("unused") byte[] publicKey) throws AttestationException {
+	public byte[] getAttestationRequest(@SuppressWarnings("unused") byte[] publicKey, byte[] userData) throws AttestationException {
 		String token = null;
 		try {
 			token = new String(Files.readAllBytes(Paths.get(tokenFilePath)));

src/main/java/com/uid2/attestation/gcp/VmidAttestationProvider.java

@@ -17,7 +17,7 @@ public class VmidAttestationProvider implements IAttestationProvider {
 	private String metadataEndpoint = "http://metadata/computeMetadata/v1/instance/service-accounts/default/identity";
 
 	@Override
-	public byte[] getAttestationRequest(byte[] publicKey) throws AttestationException {
+	public byte[] getAttestationRequest(byte[] publicKey, byte[] userData) throws AttestationException {
 		// encode publicKey into base64 string and pass as audience
 		String audience = Base64.getEncoder().encodeToString(publicKey);
 

src/test/java/com/uid2/attestation/gcp/OidcAttestationProviderTest.java

@@ -11,7 +11,9 @@
 import java.time.Instant;
 
 public class OidcAttestationProviderTest {
-
+	private final byte[] publicKey = new byte[] { 0x01, 0x02, 0x03 };
+	private final byte[] userData = new byte[] {0x04, 0x05};
+
 	private String getResourcePath(String name) {
 		try {
 			return Paths.get(OidcAttestationProviderTest.class.getResource(name).toURI()).toFile().getAbsolutePath();
@@ -47,23 +49,23 @@ public void testIsReadyFailure_FileNotExist() {
 	@Test
 	public void testLoadTokenFileSuccess() throws AttestationException {
 		final OidcAttestationProvider provider = new OidcAttestationProvider(getResourcePath("/com.uid2.attestation.gcp/test/OidcToken.txt"));
-		byte[] output = provider.getAttestationRequest(new byte[] { 0x01, 0x02, 0x03 });
+		byte[] output = provider.getAttestationRequest(publicKey, userData);
 		String outputString = new String(output, StandardCharsets.US_ASCII);
 		Assert.assertEquals("oidc.token", outputString);
 	}
 
 	@Test
 	public void testLoadTokenFileFailure_FileNotExist() {
 		final OidcAttestationProvider provider = new OidcAttestationProvider("/com.uid2.attestation.gcp/test/OidcToken_non_exist");
-		Assert.assertThrows(AttestationException.class, ()-> provider.getAttestationRequest(new byte[] { 0x01, 0x02, 0x03 }));
+		Assert.assertThrows(AttestationException.class, ()-> provider.getAttestationRequest(publicKey, userData));
 
 		final OidcAttestationProvider providerDefaultPath = new OidcAttestationProvider();
-		Assert.assertThrows(AttestationException.class, ()-> providerDefaultPath.getAttestationRequest(new byte[] { 0x01, 0x02, 0x03 }));
+		Assert.assertThrows(AttestationException.class, ()-> providerDefaultPath.getAttestationRequest(publicKey, userData));
 	}
 
 	@Test
 	public void testLoadTokenFileFailure_Empty() {
 		final OidcAttestationProvider provider = new OidcAttestationProvider(getResourcePath("/com.uid2.attestation.gcp/test/OidcTokenEmpty.txt"));
-		Assert.assertThrows(AttestationException.class, ()-> provider.getAttestationRequest(new byte[] { 0x01, 0x02, 0x03 }));
+		Assert.assertThrows(AttestationException.class, ()-> provider.getAttestationRequest(publicKey, userData));
 	}
 }

src/test/java/com/uid2/attestation/gcp/VmidAttestationProviderTest.java

@@ -11,7 +11,7 @@ public class VmidAttestationProviderTest  {
 	public void testAgainstDebugHttpServer() throws AttestationException {
 		final VmidAttestationProvider provider = new VmidAttestationProvider();
 		provider.setMetadataEndpoint("https://httpbin.org/get");
-		byte[] output = provider.getAttestationRequest(new byte[] { 0x01, 0x02, 0x03 });
+		byte[] output = provider.getAttestationRequest(new byte[] { 0x01, 0x02, 0x03 }, new byte[] {0x04, 0x05});
 		String outputString = new String(output, StandardCharsets.US_ASCII);
 		System.out.println(outputString);