connector

package

v1.0.1 Latest Latest Go to latest Published: Sep 22, 2023 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/arvind5/trustauthority-client

Links

Open Source Insights

README ¶

Intel® Trust Authority Connector

Go module for communicating with Intel Trust Authority via REST APIs.

Download

Download the latest version of the module with the following command:

go get github.com/arvind5/trustauthority-client/go-connector

Go Requirement

Use go1.19 or newer. Follow https://go.dev/doc/install for installation of Go.

Unit Tests

To run the tests, run cd go-connector && go test ./...

See the example test in go-connector/token_test.go for an example of a test.

Usage

Create a new Connector instance, then use the exposed interfaces to access different parts of the Intel Trust Authority API.

import "github.com/arvind5/trustauthority-client/go-connector"

cfg := connector.Config{
        // Replace TRUSTAUTHORITY_URL with real Intel Trust Authority URL
        BaseUrl: "TRUSTAUTHORITY_URL",
        // Replace TRUSTAUTHORITY_API_URL with real Intel Trust Authority API URL
        ApiUrl: "TRUSTAUTHORITY_API_URL",
        // Provide TLS config
        TlsCfg: &tls.Config{},
        // Replace TRUSTAUTHORITY_API_KEY with real API key
        ApiKey: "TRUSTAUTHORITY_API_KEY",
        // Provide Retry config
        RClient: &connector.RetryConfig{},
}

retryCfg := connector.RetryConfig{
        // Minimum time to wait between retries, default is 2s
        RetryWaitMin:
        // Maximum time to wait between retries, default is 10s
        RetryWaitMax:
        // Maximum number of retries, default is 2
        RetryMax:
        // CheckRetry specifies the policy for handling retries, and is called
        // after each request. Default retries when http status code is one among 500, 503 and 504
        // and when there is client timeout or if a service is unavailable
        CheckRetry:
        // Backoff specifies the policy for how long to wait between retries, default is DefaultBackoff, which 
        // provides a default callback for Backoff which will perform exponential backoff based on the attempt
        // number and limited by the provided minimum and maximum durations.
        BackOff:
}

connector, err := connector.New(&cfg)
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To get Intel Trust Authority signed nonce

req := connector.GetNonceArgs{
    RequestId: reqId,
}
resp, err := connector.GetNonce(req)
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To get Intel Trust Authority signed token with Nonce and Evidence

req := connector.GetTokenArgs{
    Nonce:     nonce,
    Evidence:  evidence,
    PolicyIds: policyIds,
    RequestId: reqId,
}
resp, err := connector.GetToken(req)
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To verify Intel Trust Authority signed token

parsedToken, err := connector.VerifyToken(string(token))
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To download Intel Trust Authority token signing certificates

jwks, err := connector.GetTokenSigningCertificates()
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To attest TEE with Intel Trust Authority using TEE Adapter

To create adapter refer go-sgx or go-tdx:

req := connector.AttestArgs{
    Adapter:   adapter,
    PolicyIds: policyIds,
    RequestId: reqId,
}
resp, err := connector.Attest(req)
if err != nil {
    return err
}

License

This source is distributed under the BSD-style license found in the LICENSE file.

Documentation ¶

Overview ¶

Index ¶

Constants
type AttestArgs
type AttestResponse
type AttestationTokenResponse
type Config
type Connector
- func New(cfg *Config) (Connector, error)
type Evidence
type EvidenceAdapter
type GetNonceArgs
type GetNonceResponse
type GetTokenArgs
type GetTokenResponse
type RetryConfig
type VerifierNonce

Constants ¶

View Source

const (
	HeaderRequestId = "request-id"
	HeaderTraceId   = "trace-id"

	AtsCertChainMaxLen         = 10
	MaxRetries                 = 2
	DefaultRetryWaitMinSeconds = 2
	DefaultRetryWaitMaxSeconds = 10
	ServiceUnavailableError    = `service unavailable`
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AttestArgs ¶

type AttestArgs struct {
	Adapter   EvidenceAdapter
	PolicyIds []uuid.UUID
	RequestId string
}

AttestArgs holds the request parameters needed for attestation with Intel Trust Authority

type AttestResponse ¶

type AttestResponse struct {
	Token   string
	Headers http.Header
}

AttestResponse holds the response parameters recieved during attestation flow

type AttestationTokenResponse ¶

type AttestationTokenResponse struct {
	Token string `json:"token"`
}

AttestationTokenResponse holds the token recieved from Intel Trust Authority

type Config ¶

type Config struct {
	BaseUrl string
	TlsCfg  *tls.Config
	ApiUrl  string
	ApiKey  string

	*RetryConfig
	// contains filtered or unexported fields
}

Config holds the Intel Trust Authority configuration for Connector

type Connector ¶

type Connector interface {
	GetTokenSigningCertificates() ([]byte, error)
	GetNonce(GetNonceArgs) (GetNonceResponse, error)
	GetToken(GetTokenArgs) (GetTokenResponse, error)
	Attest(AttestArgs) (AttestResponse, error)
	VerifyToken(string) (*jwt.Token, error)
}

Connector is an interface which exposes methods for calling Intel Trust Authority REST APIs

func New ¶

func New(cfg *Config) (Connector, error)

New returns a new Connector instance

type Evidence ¶

type Evidence struct {
	Type     uint32
	Evidence []byte
	UserData []byte
	EventLog []byte
}

Evidence is used to store Quote to be sent for Attestation

type EvidenceAdapter ¶

type EvidenceAdapter interface {
	CollectEvidence(nonce []byte) (*Evidence, error)
}

EvidenceAdapter is an interface which exposes methods for collecting Quote from Platform

type GetNonceArgs ¶

type GetNonceArgs struct {
	RequestId string
}

GetNonceArgs holds the request parameters needed for getting nonce from Intel Trust Authority

type GetNonceResponse ¶

type GetNonceResponse struct {
	Nonce   *VerifierNonce
	Headers http.Header
}

GetNonceResponse holds the response parameters recieved from nonce endpoint

type GetTokenArgs ¶

type GetTokenArgs struct {
	Nonce     *VerifierNonce
	Evidence  *Evidence
	PolicyIds []uuid.UUID
	RequestId string
}

GetTokenArgs holds the request parameters needed for getting token from Intel Trust Authority

type GetTokenResponse ¶

type GetTokenResponse struct {
	Token   string
	Headers http.Header
}

GetTokenResponse holds the response parameters recieved from attest endpoint

type RetryConfig ¶

type RetryConfig struct {
	RetryWaitMin *time.Duration // Minimum time to wait between retries
	RetryWaitMax *time.Duration // Maximum time to wait between retries
	RetryMax     *int           // Maximum number of retries

	CheckRetry retryablehttp.CheckRetry
	BackOff    retryablehttp.Backoff
}

RetryConfig holds the configuration for automatic retries to tolerate minor outages

type VerifierNonce ¶

type VerifierNonce struct {
	Val       []byte `json:"val"`
	Iat       []byte `json:"iat"`
	Signature []byte `json:"signature"`
}

VerifierNonce holds the signed nonce issued from Intel Trust Authority

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL