-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathMaaTokenSignatureValidatorTest.java
54 lines (46 loc) · 2.34 KB
/
MaaTokenSignatureValidatorTest.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package com.uid2.shared.secure.azurecc;
import com.uid2.shared.secure.AttestationException;
import com.uid2.shared.secure.Protocol;
import com.uid2.shared.secure.TestClock;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import java.util.stream.Stream;
import static com.uid2.shared.secure.TestUtils.loadFromJson;
import static com.uid2.shared.secure.azurecc.MaaTokenUtils.validateAndParseToken;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class MaaTokenSignatureValidatorTest {
@ParameterizedTest
@MethodSource("argumentProvider")
public void testPayload(String payloadPath, Protocol protocol) throws Exception {
// expire at 1695313895
var payload = loadFromJson(payloadPath);
var clock = new TestClock();
clock.setCurrentTimeMs(1695313893000L);
var expectedCcePolicy = "fef932e0103f6132437e8a1223f32efc4bea63342f893b5124645224ef29ba73";
var expectedLocation = "East US";
var expectedPublicKey = "abc";
var tokenPayload = validateAndParseToken(payload, clock, protocol);
assertEquals(true, tokenPayload.isSevSnpVM());
assertEquals(true, tokenPayload.isUtilityVMCompliant());
assertEquals(false, tokenPayload.isVmDebuggable());
assertEquals(expectedCcePolicy, tokenPayload.getCcePolicyDigest());
assertEquals(expectedLocation, tokenPayload.getRuntimeData().getLocation());
assertEquals(expectedPublicKey, tokenPayload.getRuntimeData().getPublicKey());
}
@Disabled
// replace below Placeholder with real MAA token to run E2E verification.
public void testE2E() throws AttestationException {
var maaToken = "<Placeholder>";
var maaServerUrl = "https://sharedeus.eus.attest.azure.net";
var validator = new MaaTokenSignatureValidator(maaServerUrl);
var token = validator.validate(maaToken, Protocol.AZURE_CC_ACI);
}
static Stream<Arguments> argumentProvider() {
return Stream.of(
Arguments.of("/com.uid2.shared/test/secure/azurecc/jwt_payload_aci.json", Protocol.AZURE_CC_ACI),
Arguments.of("/com.uid2.shared/test/secure/azurecc/jwt_payload_aks.json", Protocol.AZURE_CC_AKS)
);
}
}