Skip to content

Commit c5c0b87

Browse files
feat: [confidentialcomputing] Added support for signed container image and custom audience and nonce requests (#9701)
* feat: Added support for signed container image and custom audience and nonce requests New fields have been incorporated into the VerifyAttestationRequest proto message to accommodate two additional features: signed container image and custom audience and nonce. PiperOrigin-RevId: 551026956 Source-Link: googleapis/googleapis@a31b53e Source-Link: https://github.com/googleapis/googleapis-gen/commit/640cd434fc3b469bbc236fc4d5251b696b1801b6 Copy-Tag: eyJwIjoiamF2YS1jb25maWRlbnRpYWxjb21wdXRpbmcvLk93bEJvdC55YW1sIiwiaCI6IjY0MGNkNDM0ZmMzYjQ2OWJiYzIzNmZjNGQ1MjUxYjY5NmIxODAxYjYifQ== * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
1 parent 4659951 commit c5c0b87

20 files changed

Lines changed: 5541 additions & 39 deletions

File tree

java-confidentialcomputing/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,7 @@ Java is a registered trademark of Oracle and/or its affiliates.
201201
[kokoro-badge-link-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/java-confidentialcomputing/java11.html
202202
[stability-image]: https://img.shields.io/badge/stability-preview-yellow
203203
[maven-version-image]: https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-confidentialcomputing.svg
204-
[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-confidentialcomputing/0.7.0
204+
[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-confidentialcomputing/0.8.0
205205
[authentication]: https://github.com/googleapis/google-cloud-java#authentication
206206
[auth-scopes]: https://developers.google.com/identity/protocols/oauth2/scopes
207207
[predefined-iam-roles]: https://cloud.google.com/iam/docs/understanding-roles#predefined_roles

java-confidentialcomputing/google-cloud-confidentialcomputing/src/main/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClient.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -327,6 +327,8 @@ public final UnaryCallable<CreateChallengeRequest, Challenge> createChallengeCal
327327
* .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
328328
* .setGcpCredentials(GcpCredentials.newBuilder().build())
329329
* .setTpmAttestation(TpmAttestation.newBuilder().build())
330+
* .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
331+
* .setTokenOptions(TokenOptions.newBuilder().build())
330332
* .build();
331333
* VerifyAttestationResponse response = confidentialComputingClient.verifyAttestation(request);
332334
* }
@@ -358,6 +360,8 @@ public final VerifyAttestationResponse verifyAttestation(VerifyAttestationReques
358360
* .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
359361
* .setGcpCredentials(GcpCredentials.newBuilder().build())
360362
* .setTpmAttestation(TpmAttestation.newBuilder().build())
363+
* .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
364+
* .setTokenOptions(TokenOptions.newBuilder().build())
361365
* .build();
362366
* ApiFuture<VerifyAttestationResponse> future =
363367
* confidentialComputingClient.verifyAttestationCallable().futureCall(request);

java-confidentialcomputing/google-cloud-confidentialcomputing/src/main/resources/META-INF/native-image/com.google.cloud.confidentialcomputing.v1/reflect-config.json

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -395,6 +395,42 @@
395395
"allDeclaredClasses": true,
396396
"allPublicClasses": true
397397
},
398+
{
399+
"name": "com.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo",
400+
"queryAllDeclaredConstructors": true,
401+
"queryAllPublicConstructors": true,
402+
"queryAllDeclaredMethods": true,
403+
"allPublicMethods": true,
404+
"allDeclaredClasses": true,
405+
"allPublicClasses": true
406+
},
407+
{
408+
"name": "com.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo$Builder",
409+
"queryAllDeclaredConstructors": true,
410+
"queryAllPublicConstructors": true,
411+
"queryAllDeclaredMethods": true,
412+
"allPublicMethods": true,
413+
"allDeclaredClasses": true,
414+
"allPublicClasses": true
415+
},
416+
{
417+
"name": "com.google.cloud.confidentialcomputing.v1.ContainerImageSignature",
418+
"queryAllDeclaredConstructors": true,
419+
"queryAllPublicConstructors": true,
420+
"queryAllDeclaredMethods": true,
421+
"allPublicMethods": true,
422+
"allDeclaredClasses": true,
423+
"allPublicClasses": true
424+
},
425+
{
426+
"name": "com.google.cloud.confidentialcomputing.v1.ContainerImageSignature$Builder",
427+
"queryAllDeclaredConstructors": true,
428+
"queryAllPublicConstructors": true,
429+
"queryAllDeclaredMethods": true,
430+
"allPublicMethods": true,
431+
"allDeclaredClasses": true,
432+
"allPublicClasses": true
433+
},
398434
{
399435
"name": "com.google.cloud.confidentialcomputing.v1.CreateChallengeRequest",
400436
"queryAllDeclaredConstructors": true,
@@ -431,6 +467,51 @@
431467
"allDeclaredClasses": true,
432468
"allPublicClasses": true
433469
},
470+
{
471+
"name": "com.google.cloud.confidentialcomputing.v1.SignedEntity",
472+
"queryAllDeclaredConstructors": true,
473+
"queryAllPublicConstructors": true,
474+
"queryAllDeclaredMethods": true,
475+
"allPublicMethods": true,
476+
"allDeclaredClasses": true,
477+
"allPublicClasses": true
478+
},
479+
{
480+
"name": "com.google.cloud.confidentialcomputing.v1.SignedEntity$Builder",
481+
"queryAllDeclaredConstructors": true,
482+
"queryAllPublicConstructors": true,
483+
"queryAllDeclaredMethods": true,
484+
"allPublicMethods": true,
485+
"allDeclaredClasses": true,
486+
"allPublicClasses": true
487+
},
488+
{
489+
"name": "com.google.cloud.confidentialcomputing.v1.SigningAlgorithm",
490+
"queryAllDeclaredConstructors": true,
491+
"queryAllPublicConstructors": true,
492+
"queryAllDeclaredMethods": true,
493+
"allPublicMethods": true,
494+
"allDeclaredClasses": true,
495+
"allPublicClasses": true
496+
},
497+
{
498+
"name": "com.google.cloud.confidentialcomputing.v1.TokenOptions",
499+
"queryAllDeclaredConstructors": true,
500+
"queryAllPublicConstructors": true,
501+
"queryAllDeclaredMethods": true,
502+
"allPublicMethods": true,
503+
"allDeclaredClasses": true,
504+
"allPublicClasses": true
505+
},
506+
{
507+
"name": "com.google.cloud.confidentialcomputing.v1.TokenOptions$Builder",
508+
"queryAllDeclaredConstructors": true,
509+
"queryAllPublicConstructors": true,
510+
"queryAllDeclaredMethods": true,
511+
"allPublicMethods": true,
512+
"allDeclaredClasses": true,
513+
"allPublicClasses": true
514+
},
434515
{
435516
"name": "com.google.cloud.confidentialcomputing.v1.TpmAttestation",
436517
"queryAllDeclaredConstructors": true,

java-confidentialcomputing/google-cloud-confidentialcomputing/src/test/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClientHttpJsonTest.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,8 @@ public void verifyAttestationTest() throws Exception {
195195
.setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
196196
.setGcpCredentials(GcpCredentials.newBuilder().build())
197197
.setTpmAttestation(TpmAttestation.newBuilder().build())
198+
.setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
199+
.setTokenOptions(TokenOptions.newBuilder().build())
198200
.build();
199201

200202
VerifyAttestationResponse actualResponse = client.verifyAttestation(request);
@@ -228,6 +230,8 @@ public void verifyAttestationExceptionTest() throws Exception {
228230
.setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
229231
.setGcpCredentials(GcpCredentials.newBuilder().build())
230232
.setTpmAttestation(TpmAttestation.newBuilder().build())
233+
.setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
234+
.setTokenOptions(TokenOptions.newBuilder().build())
231235
.build();
232236
client.verifyAttestation(request);
233237
Assert.fail("No exception raised");

java-confidentialcomputing/google-cloud-confidentialcomputing/src/test/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClientTest.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,8 @@ public void verifyAttestationTest() throws Exception {
191191
.setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
192192
.setGcpCredentials(GcpCredentials.newBuilder().build())
193193
.setTpmAttestation(TpmAttestation.newBuilder().build())
194+
.setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
195+
.setTokenOptions(TokenOptions.newBuilder().build())
194196
.build();
195197

196198
VerifyAttestationResponse actualResponse = client.verifyAttestation(request);
@@ -203,6 +205,9 @@ public void verifyAttestationTest() throws Exception {
203205
Assert.assertEquals(request.getChallenge(), actualRequest.getChallenge());
204206
Assert.assertEquals(request.getGcpCredentials(), actualRequest.getGcpCredentials());
205207
Assert.assertEquals(request.getTpmAttestation(), actualRequest.getTpmAttestation());
208+
Assert.assertEquals(
209+
request.getConfidentialSpaceInfo(), actualRequest.getConfidentialSpaceInfo());
210+
Assert.assertEquals(request.getTokenOptions(), actualRequest.getTokenOptions());
206211
Assert.assertTrue(
207212
channelProvider.isHeaderSent(
208213
ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
@@ -220,6 +225,8 @@ public void verifyAttestationExceptionTest() throws Exception {
220225
.setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
221226
.setGcpCredentials(GcpCredentials.newBuilder().build())
222227
.setTpmAttestation(TpmAttestation.newBuilder().build())
228+
.setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
229+
.setTokenOptions(TokenOptions.newBuilder().build())
223230
.build();
224231
client.verifyAttestation(request);
225232
Assert.fail("No exception raised");

0 commit comments

Comments
 (0)