Throw AttestationClientException when protocol not valid

cYKatherine · cYKatherine · commit a34056aac51f · 2025-02-06T09:38:27.000+11:00
diff --git a/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenPayload.java b/src/main/java/com/uid2/shared/secure/azurecc/MaaTokenPayload.java
@@ -1,5 +1,8 @@
 package com.uid2.shared.secure.azurecc;
 
+import com.uid2.shared.secure.AttestationClientException;
+import com.uid2.shared.secure.AttestationException;
+import com.uid2.shared.secure.AttestationFailure;
 import lombok.Builder;
 import lombok.Value;
 
@@ -26,12 +29,13 @@ public boolean isSevSnpVM(){
         return SEV_SNP_VM_TYPE.equalsIgnoreCase(attestationType);
     }
 
-    public boolean isUtilityVMCompliant(){
+    public boolean isUtilityVMCompliant() throws AttestationClientException {
         if (azureProtocol == AZURE_CC_ACI_PROTOCOL) {
             return AZURE_COMPLIANT_UVM.equalsIgnoreCase(complianceStatus);
         } else if (azureProtocol == AZURE_CC_AKS_PROTOCOL) {
             return AZURE_COMPLIANT_UVM_AKS.equalsIgnoreCase(complianceStatus);
+        } else {
+            throw new AttestationClientException(String.format("Azure protocol: %s not supported", azureProtocol), AttestationFailure.INVALID_PROTOCOL);
         }
-        return false;
     }
 }
diff --git a/src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java b/src/test/java/com/uid2/shared/secure/azurecc/PolicyValidatorTest.java
@@ -163,4 +163,16 @@ public void testValidationFailure_AksWithOtherUvm() {
         assertEquals("Not run in Azure Compliance Utility VM", t.getMessage());
         assertEquals(AttestationFailure.BAD_FORMAT, ((AttestationClientException)t).getAttestationFailure());
     }
+
+    @Test
+    public void testValidationFailure_InvalidProtocol() {
+        var validator = new PolicyValidator(ATTESTATION_URL);
+        var aksPayload = generateBasicPayload()
+                .toBuilder()
+                .azureProtocol("fake-protocol")
+                .build();
+        Throwable t = assertThrows(AttestationException.class, ()-> validator.validate(aksPayload, PUBLIC_KEY));
+        assertEquals("Azure protocol: fake-protocol not supported", t.getMessage());
+        assertEquals(AttestationFailure.INVALID_PROTOCOL, ((AttestationClientException)t).getAttestationFailure());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,8 @@`
`1`	`1`	`package com.uid2.shared.secure.azurecc;`
`2`	`2`
	`3`	`+import com.uid2.shared.secure.AttestationClientException;`
	`4`	`+import com.uid2.shared.secure.AttestationException;`
	`5`	`+import com.uid2.shared.secure.AttestationFailure;`
`3`	`6`	`import lombok.Builder;`
`4`	`7`	`import lombok.Value;`
`5`	`8`
`@@ -26,12 +29,13 @@ public boolean isSevSnpVM(){`
`26`	`29`	`return SEV_SNP_VM_TYPE.equalsIgnoreCase(attestationType);`
`27`	`30`	`}`
`28`	`31`
`29`		`- public boolean isUtilityVMCompliant(){`
	`32`	`+ public boolean isUtilityVMCompliant() throws AttestationClientException {`
`30`	`33`	`if (azureProtocol == AZURE_CC_ACI_PROTOCOL) {`
`31`	`34`	`return AZURE_COMPLIANT_UVM.equalsIgnoreCase(complianceStatus);`
`32`	`35`	`} else if (azureProtocol == AZURE_CC_AKS_PROTOCOL) {`
`33`	`36`	`return AZURE_COMPLIANT_UVM_AKS.equalsIgnoreCase(complianceStatus);`
	`37`	`+ } else {`
	`38`	`+ throw new AttestationClientException(String.format("Azure protocol: %s not supported", azureProtocol), AttestationFailure.INVALID_PROTOCOL);`
`34`	`39`	`}`
`35`		`- return false;`
`36`	`40`	`}`
`37`	`41`	`}`