Skip to content

Commit

Permalink
Code fixes; Spelling check; static analysis fixes (#25808)
Browse files Browse the repository at this point in the history
  • Loading branch information
@LarryOsterman
LarryOsterman authored Jan 11, 2022
1 parent b0b36ab commit 1902c04
Show file tree
Hide file tree
Showing 23 changed files with 137 additions and 126 deletions.
3 changes: 1 addition & 2 deletions sdk/attestation/azure-security-attestation/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,7 @@ AttestOpenEnclaveOptions options = AttestOpenEnclaveOptions
* `attestSgxEnclave` and `attestOpenEnclave` return an `AttestationResponse` type instead of
a `Response` type to get access to the `AttestationToken` returned from the attestation service.
* Converted the `AttestationToken` and `AttestationSigner` types to interfaces since there are no scenarios where customers
will instantiate them directly (`AttestationToken` will be instantiated via the `AttestationPolicyToken` class which will
be introduced later.)
will instantiate them directly.
* Renamed `buildAttestationClient` to `buildClient` and `buildAsyncAttestationClient` to `buildAsyncClient` to match API
design guidelines.
* Removed `buildPolicyClient`, `buildPolicyAsyncClient`, `buildPolicyCertificatesClient` and `buildPolicyCertificatesAsyncClient` methods
Expand Down
54 changes: 47 additions & 7 deletions ...on/src/main/java/com/azure/security/attestation/AttestationAdministrationAsyncClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,9 +188,49 @@ public Mono<Response<String>> getAttestationPolicyWithResponse(AttestationType a
public Mono<String> getAttestationPolicy(AttestationType attestationType) {
return getAttestationPolicyWithResponse(attestationType, null)
.flatMap(FluxUtil::toMono);
}

/**
* Retrieves the current policy for an attestation type.
* <p>
* <b>NOTE:</b>
* The {@code getAttestationPolicy} API returns the underlying
* attestation policy specified by the user. This is NOT the full attestation policy maintained by
* the attestation service. Specifically it does not include the signing certificates used to verify the attestation
* policy.
* </p>
* <p>
* To retrieve the signing certificates used to sign the policy, use the {@link AttestationAdministrationAsyncClient#getAttestationPolicyWithResponse(AttestationType, AttestationTokenValidationOptions)} API.
* The {@link Response} object is an instance of an {@link com.azure.security.attestation.models.AttestationResponse} object
* and the caller can retrieve the full information maintained by the service by calling the {@link AttestationResponse#getToken()} method.
* The returned {@link com.azure.security.attestation.models.AttestationToken} object will be
* the value stored by the attestation service.
* </p>
*
* <P><strong>Retrieve the current attestation policy for SGX enclaves.</strong></P>
* <!-- src_embed com.azure.security.attestation.AttestationAdministrationAsyncClient.getPolicyWithOptions -->
* <pre>
* Mono&lt;String&gt; policyMono2 = client.getAttestationPolicy&#40;AttestationType.SGX_ENCLAVE,
* new AttestationTokenValidationOptions&#40;&#41;
* .setValidationSlack&#40;Duration.ofSeconds&#40;10&#41;&#41;&#41;;
* policyMono2.subscribe&#40;policy -&gt; System.out.printf&#40;&quot;Current SGX policy: %s&#92;n&quot;, policy&#41;&#41;;
* </pre>
* <!-- end com.azure.security.attestation.AttestationAdministrationAsyncClient.getPolicyWithOptions -->
*
* @param attestationType Specifies the trusted execution environment to be used to validate the evidence.
* @param options Token validation options to validate returned attestation token.
* @throws IllegalArgumentException thrown if parameters fail the validation.
* @throws HttpResponseException thrown if the request is rejected by server.
* @throws RuntimeException all other wrapped checked exceptions if the request fails to be sent.
* @return the response to an attestation policy operation.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono<String> getAttestationPolicy(AttestationType attestationType, AttestationTokenValidationOptions options) {
return getAttestationPolicyWithResponse(attestationType, options)
.flatMap(FluxUtil::toMono);
}


/**
* Retrieves the current policy for an attestation type.
*
Expand All @@ -213,7 +253,7 @@ Mono<Response<String>> getAttestationPolicyWithResponse(AttestationType attestat
String policyJwt = token.getValue().getBody(com.azure.security.attestation.implementation.models.PolicyResult.class).getPolicy();
AttestationTokenImpl policyToken = new AttestationTokenImpl(policyJwt);
StoredAttestationPolicy storedPolicy = policyToken.getBody(StoredAttestationPolicy.class);
String policy = null;
String policy;
// If there's a stored attestation policy in the token, convert it to a string.
if (storedPolicy != null) {
policy = new String(storedPolicy.getAttestationPolicy(), StandardCharsets.UTF_8);
Expand Down Expand Up @@ -796,7 +836,7 @@ Mono<Response<PolicyCertificatesModificationResult>> addPolicyManagementCertific

// Generate an attestation token for that stored attestation policy. We use the common function in
// PolicyResult which is used in creating the SetPolicy hash.
String base64Certificate = null;
String base64Certificate;

try {
base64Certificate = Base64.getEncoder().encodeToString(options.getCertificate().getEncoded());
Expand All @@ -810,7 +850,7 @@ Mono<Response<PolicyCertificatesModificationResult>> addPolicyManagementCertific
AttestationCertificateManagementBody certificateBody = new AttestationCertificateManagementBody()
.setPolicyCertificate(jwk);

AttestationToken addToken = null;
AttestationToken addToken;
try {
addToken = AttestationTokenImpl.createSecuredToken(SERIALIZER_ADAPTER.serialize(certificateBody, SerializerEncoding.JSON), options.getAttestationSigner());
} catch (IOException e) {
Expand Down Expand Up @@ -856,7 +896,7 @@ Mono<Response<PolicyCertificatesModificationResult>> addPolicyManagementCertific
* </pre>
* <!-- end com.azure.security.attestation.AttestationAdministrationAsyncClient.removePolicyManagementCertificate -->
*
* <p><strong><i>Note:</i></strong> It is not considered an error to removethe same certificate twice. If
* <p><strong><i>Note:</i></strong> It is not considered an error to remove the same certificate twice. If
* the same certificate is removed twice, the service ignores the second remove request. This also means that
* it is not an error to remove a certificate which was not actually in the set of policy certificates.</p>
*
Expand Down Expand Up @@ -900,7 +940,7 @@ public Mono<PolicyCertificatesModificationResult> removePolicyManagementCertific
* </pre>
* <!-- end com.azure.security.attestation.AttestationAdministrationAsyncClient.removePolicyManagementCertificateWithResponse -->
*
* <p><strong><i>Note:</i></strong> It is not considered an error to removethe same certificate twice. If
* <p><strong><i>Note:</i></strong> It is not considered an error to remove the same certificate twice. If
* the same certificate is removed twice, the service ignores the second remove request. This also means that
* it is not an error to remove a certificate which was not actually in the set of policy certificates.</p>
*
Expand Down Expand Up @@ -935,7 +975,7 @@ Mono<Response<PolicyCertificatesModificationResult>> removePolicyManagementCerti

// Generate an attestation token for that stored attestation policy. We use the common function in
// PolicyResult which is used in creating the SetPolicy hash.
String base64Certificate = null;
String base64Certificate;

try {
base64Certificate = Base64.getEncoder().encodeToString(options.getCertificate().getEncoded());
Expand All @@ -949,7 +989,7 @@ Mono<Response<PolicyCertificatesModificationResult>> removePolicyManagementCerti
AttestationCertificateManagementBody certificateBody = new AttestationCertificateManagementBody()
.setPolicyCertificate(jwk);

AttestationToken addToken = null;
AttestationToken addToken;
try {
addToken = AttestationTokenImpl.createSecuredToken(SERIALIZER_ADAPTER.serialize(certificateBody, SerializerEncoding.JSON), options.getAttestationSigner());
} catch (IOException e) {
Expand Down
42 changes: 40 additions & 2 deletions ...station/src/main/java/com/azure/security/attestation/AttestationAdministrationClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,44 @@ public String getAttestationPolicy(AttestationType attestationType) {
* <!-- end com.azure.security.attestation.AttestationAdministrationClient.getPolicyWithResponse -->
*
* @param attestationType Specifies the trusted execution environment whose policy should be retrieved.
* @param options Options used when validating the attestation token.
* @throws IllegalArgumentException thrown if parameters fail the validation.
* @throws HttpResponseException thrown if the request is rejected by server.
* @throws RuntimeException all other wrapped checked exceptions if the request fails to be sent.
* @return the response to an attestation policy operation.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public String getAttestationPolicy(AttestationType attestationType, AttestationTokenValidationOptions options) {
return asyncClient.getAttestationPolicy(attestationType, options).block();
}


/**
* Retrieves the current policy for an attestation type.
* <p>
* <b>NOTE:</b>
* The {@link AttestationAdministrationAsyncClient#getAttestationPolicyWithResponse(AttestationType, AttestationTokenValidationOptions, Context)} API returns the underlying
* attestation policy specified by the user. This is NOT the full attestation policy maintained by
* the attestation service. Specifically it does not include the signing certificates used to verify the attestation
* policy.
* </p>
* <p>
* To retrieve the signing certificates used to sign the policy, {@link Response} object returned from this API
* is an instance of an {@link com.azure.security.attestation.models.AttestationResponse} object
* and the caller can retrieve the full policy object maintained by the service by calling the
* {@link AttestationResponse#getToken()} method.
* The returned {@link com.azure.security.attestation.models.AttestationToken} object will be
* the value stored by the attestation service.
* </p>
*
* <p><strong>Retrieve the current attestation policy for SGX enclaves.</strong></p>
* <!-- src_embed com.azure.security.attestation.AttestationAdministrationClient.getPolicyWithResponse -->
* <pre>
* Response&lt;String&gt; response = client.getAttestationPolicyWithResponse&#40;AttestationType.SGX_ENCLAVE, null, Context.NONE&#41;;
* </pre>
* <!-- end com.azure.security.attestation.AttestationAdministrationClient.getPolicyWithResponse -->
*
* @param attestationType Specifies the trusted execution environment whose policy should be retrieved.
* @param validationOptions Options used when validating the token returned by the attestation service.
* @param context Context for the operation.
* @throws IllegalArgumentException thrown if parameters fail the validation.
Expand Down Expand Up @@ -567,7 +605,7 @@ public PolicyCertificatesModificationResult removePolicyManagementCertificate(Po
* </pre>
* <!-- end com.azure.security.attestation.AttestationAdministrationClient.removePolicyManagementCertificateWithResponse -->
*
* <p><strong><i>Note:</i></strong> It is not considered an error to removethe same certificate twice. If
* <p><strong><i>Note:</i></strong> It is not considered an error to remove the same certificate twice. If
* the same certificate is removed twice, the service ignores the second remove request. This also means that
* it is not an error to remove a certificate which was not actually in the set of policy certificates.</p>
*
Expand All @@ -583,4 +621,4 @@ public PolicyCertificatesModificationResult removePolicyManagementCertificate(Po
public Response<PolicyCertificatesModificationResult> removePolicyManagementCertificateWithResponse(PolicyManagementCertificateOptions options, Context context) {
return asyncClient.removePolicyManagementCertificateWithResponse(options, context).block();
}
};
}
7 changes: 1 addition & 6 deletions .../src/main/java/com/azure/security/attestation/AttestationAdministrationClientBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ public AttestationAdministrationClientBuilder endpoint(String endpoint) {
try {
new URL(endpoint);
} catch (MalformedURLException ex) {
logger.logExceptionAsError(new IllegalArgumentException(ex));
throw logger.logExceptionAsError(new IllegalArgumentException(ex));
}
clientImplBuilder.instanceUrl(endpoint);
return this;
Expand Down Expand Up @@ -307,11 +307,6 @@ public AttestationAdministrationAsyncClient buildAsyncClient() {
return new AttestationAdministrationAsyncClient(buildInnerClient(), this.tokenValidationOptions);
}

/**
* Legacy API surface which will be removed shortly.
*/


/**
* Builds an instance of AttestationClientImpl with the provided parameters.
*
Expand Down
52 changes: 1 addition & 51 deletions ...rity-attestation/src/main/java/com/azure/security/attestation/AttestationAsyncClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -329,31 +329,6 @@ public Mono<AttestationResult> attestOpenEnclave(BinaryData report) {
.flatMap(FluxUtil::toMono);
}


/**
* Attest an OpenEnclave report.
*
* <p>This method is a convenience method which attests evidence from an OpenEnclave enclave
* with no {@code RuntimeData} or {@code InitTimeData}.</p>
* <p>The {@code report} is generated via the <a href='https://openenclave.github.io/openenclave/api/enclave_8h_aefcb89c91a9078d595e255bd7901ac71.html'>{@code }oe_get_report}</a>.</p>
* It returns an {@link AttestationResult} containing the claims emitted by the attestation service.
* <!-- src_embed com.azure.security.attestation.AttestationAsyncClient.attestOpenEnclaveWithReport -->
* <pre>
* Mono&lt;AttestationResult&gt; resultWithReport = client.attestOpenEnclave&#40;openEnclaveReport&#41;;
* </pre>
* <!-- end com.azure.security.attestation.AttestationAsyncClient.attestOpenEnclaveWithReport -->
*
* @param report - OpenEnclave report to attest.
* @throws IllegalArgumentException thrown if parameters fail the validation.
* @throws HttpResponseException thrown if the request is rejected by server.
* @throws RuntimeException all other wrapped checked exceptions if the request fails to be sent.
* @return the result of an attestation operation.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono<Response<AttestationResult>> attestOpenEnclaveWithResponse(BinaryData report) {
return withContext(context -> this.attestOpenEnclaveWithResponse(new AttestationOptions(report), context));
}

/**
* Attest an OpenEnclave report, specifying RunTimeData and InitTimeData.
*
Expand Down Expand Up @@ -438,31 +413,6 @@ Mono<Response<AttestationResult>> attestOpenEnclaveWithResponse(AttestationOptio
});
}

/**
* Attest an SGX Enclave Quote.
*
* <p>This method is a convenience method which attests evidence from an OpenEnclave enclave
* with no {@code RuntimeData} or {@code InitTimeData}.</p>
* <p>The {@code report} is generated via the <a href='https://openenclave.github.io/openenclave/api/enclave_8h_aefcb89c91a9078d595e255bd7901ac71.html'>{@code }oe_get_report}</a>.</p>
* It returns an {@link AttestationResult} containing the claims emitted by the attestation service.
* <!-- src_embed com.azure.security.attestation.AttestationAsyncClient.attestSgxEnclaveWithResponseWithReport -->
* <pre>
* Mono&lt;Response&lt;AttestationResult&gt;&gt; responseWithReport = client.attestSgxEnclaveWithResponse&#40;sgxQuote&#41;;
* </pre>
* <!-- end com.azure.security.attestation.AttestationAsyncClient.attestSgxEnclaveWithResponseWithReport -->
*
*
* @param quote Attestation options for Intel SGX enclaves.
* @throws IllegalArgumentException thrown if parameters fail the validation.
* @throws HttpResponseException thrown if the request is rejected by server.
* @throws RuntimeException all other wrapped checked exceptions if the request fails to be sent.
* @return the result of an attestation operation.
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono<Response<AttestationResult>> attestSgxEnclaveWithResponse(BinaryData quote) {
return withContext(context -> this.attestSgxEnclaveWithResponse(new AttestationOptions(quote), context));
}

/**
* Attest an SGX Enclave Quote.
*
Expand All @@ -484,7 +434,7 @@ public Mono<Response<AttestationResult>> attestSgxEnclaveWithResponse(BinaryData
*/
@ServiceMethod(returns = ReturnType.SINGLE)
public Mono<AttestationResult> attestSgxEnclave(BinaryData quote) {
return attestSgxEnclaveWithResponse(quote)
return attestSgxEnclaveWithResponse(new AttestationOptions(quote))
.flatMap(FluxUtil::toMono);
}

Expand Down
2 changes: 1 addition & 1 deletion ...ty-attestation/src/main/java/com/azure/security/attestation/AttestationClientBuilder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public AttestationClientBuilder endpoint(String endpoint) {
try {
new URL(endpoint);
} catch (MalformedURLException ex) {
logger.logExceptionAsError(new IllegalArgumentException(ex));
throw logger.logExceptionAsError(new IllegalArgumentException(ex));
}
clientImplBuilder.instanceUrl(endpoint);
return this;
Expand Down
8 changes: 4 additions & 4 deletions ...main/java/com/azure/security/attestation/implementation/models/AttestationResultImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public final class AttestationResultImpl implements com.azure.security.attestati
private Instant exp;

/*
* The not before time before which the token cannot be considered valid,
* The "not before" time before which the token cannot be considered valid,
* in the number of seconds since 1970-01-0T00:00:00Z UTC
*/
private Instant nbf;
Expand Down Expand Up @@ -107,7 +107,7 @@ public final class AttestationResultImpl implements com.azure.security.attestati
private Float svn;

/*
* A copy of the RuntimeData specified as an input to the attest call.
* A copy of the RuntimeData specified as an input to the Attest call.
*/
private byte[] enclaveHeldData;

Expand Down Expand Up @@ -156,7 +156,7 @@ public final class AttestationResultImpl implements com.azure.security.attestati


/**
* Get the nbf property: The not before time before which the token cannot be considered valid, in the number of
* Get the nbf property: The "not before" time before which the token cannot be considered valid, in the number of
* seconds since 1970-01-0T00:00:00Z UTC.
*
* @return the nbf value.
Expand Down Expand Up @@ -283,7 +283,7 @@ public final class AttestationResultImpl implements com.azure.security.attestati
}

/**
* Get the enclaveHeldData property: A copy of the RuntimeData specified as an input to the attest call.
* Get the enclaveHeldData property: A copy of the RuntimeData specified as an input to the Attest API call.
*
* @return the enclaveHeldData value.
*/
Expand Down
2 changes: 1 addition & 1 deletion ...main/java/com/azure/security/attestation/implementation/models/AttestationSignerImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ AttestationSignerImpl setKeyId(String keyId) {
/**
* Gets the Certificates associated with this signer.
*
* The Certificates is an X.509 certificate chain associated with a particular attestation signer.
* Certificates are an X.509 certificate chain associated with a particular attestation signer.
*
* It corresponds to the `x5c` property on a JSON Web Key. See <a href="https://datatracker.ietf.org/doc/html/rfc7517#section-4.7">JsonWebKey RFC Section 4.7</a>
* for more details.
Expand Down
Loading

0 comments on commit 1902c04

Please sign in to comment.