IABTechLab
diff --git a/‎.trivyignore‎
Lines changed: 3 additions & 0 deletions b/‎.trivyignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎pom.xml‎
Lines changed: 7 additions & 22 deletions b/‎pom.xml‎
Lines changed: 7 additions & 22 deletions
diff --git a/‎src/main/java/com/uid2/shared/Const.java‎
Lines changed: 1 addition & 5 deletions b/‎src/main/java/com/uid2/shared/Const.java‎
Lines changed: 1 addition & 5 deletions
diff --git a/‎src/main/java/com/uid2/shared/attest/AttestationFactory.java‎
Lines changed: 0 additions & 6 deletions b/‎src/main/java/com/uid2/shared/attest/AttestationFactory.java‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎src/main/java/com/uid2/shared/cloud/CloudUtils.java‎
Lines changed: 0 additions & 41 deletions b/‎src/main/java/com/uid2/shared/cloud/CloudUtils.java‎
Lines changed: 0 additions & 41 deletions
diff --git a/‎src/main/java/com/uid2/shared/secure/GcpVmidCoreAttestationService.java‎
Lines changed: 0 additions & 125 deletions b/‎src/main/java/com/uid2/shared/secure/GcpVmidCoreAttestationService.java‎
Lines changed: 0 additions & 125 deletions
diff --git a/‎src/main/java/com/uid2/shared/secure/gcp/InstanceDocument.java‎
Lines changed: 0 additions & 82 deletions b/‎src/main/java/com/uid2/shared/secure/gcp/InstanceDocument.java‎
Lines changed: 0 additions & 82 deletions
diff --git a/‎src/main/java/com/uid2/shared/secure/gcp/InstanceDocumentVerifier.java‎
Lines changed: 0 additions & 32 deletions b/‎src/main/java/com/uid2/shared/secure/gcp/InstanceDocumentVerifier.java‎
Lines changed: 0 additions & 32 deletions
@@ -1,3 +1,6 @@
 # List any vulnerability that are to be accepted
 # See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ 
 # for more details
+
+# UID2-6128
+CVE-2025-55163 exp:2025-10-30
@@ -5,7 +5,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-shared</artifactId>
-    <version>11.1.69</version>
+    <version>11.1.91</version>
     <name>${project.groupId}:${project.artifactId}</name>
     <description>Library for all the shared uid2 operations</description>
     <url>https://github.com/IABTechLab/uid2docs</url>
@@ -169,35 +169,20 @@
             <artifactId>sts</artifactId>
         </dependency>
         <dependency>
-            <groupId>com.google.api-client</groupId>
-            <artifactId>google-api-client</artifactId>
-            <version>2.6.0</version>
+            <groupId>com.google.http-client</groupId>
+            <artifactId>google-http-client</artifactId>
+            <version>1.45.0</version>
         </dependency>
         <dependency>
-            <groupId>com.google.apis</groupId>
-            <artifactId>google-api-services-compute</artifactId>
-            <version>v1-rev20221205-2.0.0</version>
+            <groupId>com.google.http-client</groupId>
+            <artifactId>google-http-client-gson</artifactId>
+            <version>1.45.0</version>
         </dependency>
         <dependency>
             <groupId>com.google.auth</groupId>
             <artifactId>google-auth-library-oauth2-http</artifactId>
             <version>1.30.0</version>
         </dependency>
-        <dependency>
-            <groupId>com.google.auth</groupId>
-            <artifactId>google-auth-library-credentials</artifactId>
-            <version>1.30.0</version>
-        </dependency>
-        <dependency>
-            <groupId>com.google.cloud</groupId>
-            <artifactId>google-cloud-logging</artifactId>
-            <version>3.15.12</version>
-        </dependency>
-        <dependency>
-            <groupId>com.google.protobuf</groupId>
-            <artifactId>protobuf-java</artifactId>
-            <version>3.25.5</version>
-        </dependency>
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-security-attestation</artifactId>
 
@@ -32,10 +32,6 @@ public static class Config {
 
         public static final String UidInstanceIdPrefixProp = "uid_instance_id_prefix";
 
-        // GCP
-        public static final String GoogleCredentialsProp = "google_credentials";
-        public static final String GcpEnclaveParamsProp = "gcp_enclave_params";
-
         // Azure
         public static final String MaaServerBaseUrlProp = "maa_server_base_url";
 
@@ -91,7 +87,7 @@ public static class Config {
 
         // Others
         public static final String SaltsExpiredShutdownHours = "salts_expired_shutdown_hours";
-        public static final String KeysetKeyShutdownHours = "keyset_key_shutdown_hours";
+        public static final String StoreRefreshStaleShutdownHours = "store_refresh_stale_shutdown_hours";
         public static final String encryptionSupportVersion = "encryption_support_version";
     }
 
 
@@ -12,12 +12,6 @@ public static IAttestationProvider getNitroAttestation() throws Exception {
         return (IAttestationProvider) c.newInstance();
     }
 
-    public static IAttestationProvider getGcpVmidAttestation() throws Exception {
-        Class<?> cls = Class.forName("com.uid2.attestation.gcp.VmidAttestationProvider");
-        Constructor<?> c = cls.getConstructor();
-        return (IAttestationProvider) c.newInstance();
-    }
-
     public static IAttestationProvider getGcpOidcAttestation() throws Exception {
         Class<?> cls = Class.forName("com.uid2.attestation.gcp.OidcAttestationProvider");
         Constructor<?> c = cls.getConstructor();
 
@@ -1,17 +1,12 @@
 package com.uid2.shared.cloud;
 
-import com.google.api.services.compute.ComputeScopes;
-import com.google.auth.oauth2.GoogleCredentials;
 import com.uid2.shared.Const;
-import com.uid2.shared.Utils;
 import io.vertx.core.json.JsonObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.ByteArrayInputStream;
 import java.net.*;
 import java.nio.file.Path;
-import java.util.Collections;
 
 public class CloudUtils {
     private static final Logger LOGGER = LoggerFactory.getLogger(CloudUtils.class);
@@ -49,42 +44,6 @@ public static TaggableCloudStorage createStorage(String cloudBucket) {
         );
     }
 
-    public static GoogleCredentials getGoogleCredentialsFromConfig(JsonObject jsonConfig) {
-        GoogleCredentials credentials = getGoogleCredentialsFromConfigInternal(jsonConfig);
-        if (credentials != null && credentials.createScopedRequired()) {
-            // only needs compute readonly scope
-            LOGGER.info("Requesting scope: " + ComputeScopes.COMPUTE_READONLY);
-            credentials.createScoped(Collections.singletonList(ComputeScopes.COMPUTE_READONLY));
-        }
-        return credentials;
-    }
-
-    private static GoogleCredentials getGoogleCredentialsFromConfigInternal(JsonObject jsonConfig) {
-        if (System.getenv("GOOGLE_APPLICATION_CREDENTIALS") != null) {
-            try {
-                GoogleCredentials ret = GoogleCredentials.getApplicationDefault();
-                LOGGER.info("Using GOOGLE_APPLICATION_CREDENTIALS from environment");
-                return ret;
-
-            } catch (Exception ex) {
-                LOGGER.error("Unable to read google credentials " + ex.getMessage(), ex);
-                return null;
-            }
-        }
-
-        try {
-            String encodedCreds = jsonConfig.getString(Const.Config.GoogleCredentialsProp);
-            if (encodedCreds == null) return null;
-            byte[] credentials = Utils.decodeBase64String(encodedCreds);
-            if (credentials == null) return null;
-            GoogleCredentials ret = GoogleCredentials.fromStream(new ByteArrayInputStream(credentials));
-            LOGGER.info("Using google_credentials provided through vertx-config (env or config)");
-            return ret;
-        } catch (Exception ex) {
-            LOGGER.error("Unable to read google credentials " + ex.getMessage(), ex);
-            return null;
-        }
-    }
 
     public static String normalizeFilePath(Path path) {
         return normalizFilePath(path.toString());