authority

package

v1.1.0 Latest Latest Go to latest Published: Oct 9, 2024 License: AGPL-3.0 Imports: 33 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/edgelesssys/contrast

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type AuthInfo
- func (a *AuthInfo) SetReport(report attestation.Report)
type Authority
- func New(hist *history.History, reg *prometheus.Registry, log *slog.Logger) *Authority
type Credentials
type State

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrAlreadyRecovered is returned if seedEngine initialization was requested but a seed is already set.
	ErrAlreadyRecovered = errors.New("coordinator is already recovered")
	// ErrNeedsRecovery is returned if state exists, but no secrets are available, e.g. after restart.
	ErrNeedsRecovery = errors.New("coordinator is in recovery mode")
)

View Source

var ErrNoManifest = errors.New("no manifest configured")

ErrNoManifest is returned when a manifest is needed but not present.

Functions ¶

This section is empty.

Types ¶

type AuthInfo ¶ added in v1.1.0

type AuthInfo struct {
	// TLSInfo holds details from the TLS handshake.
	credentials.TLSInfo
	// State is the coordinator state at the time of the TLS handshake.
	State *State
	// Report is the attestation report sent by the peer.
	Report attestation.Report
}

AuthInfo is used to pass channel authentication information and state to gRPC handlers.

It implements [snp.validateCallbacker] to capture report data from the TLS handshake.

func (*AuthInfo) SetReport ¶ added in v1.1.0

func (a *AuthInfo) SetReport(report attestation.Report)

SetReport takes the validated report and attaches it to the AuthInfo.

type Authority ¶

type Authority struct {
	userapi.UnimplementedUserAPIServer
	// contains filtered or unexported fields
}

Authority manages the manifest state of Contrast.

func New ¶

func New(hist *history.History, reg *prometheus.Registry, log *slog.Logger) *Authority

New creates a new Authority instance.

func (*Authority) Credentials ¶ added in v1.1.0

func (a *Authority) Credentials(reg *prometheus.Registry, issuer atls.Issuer) (*Credentials, func())

Credentials creates new transport credentials that validate peers according to the latest manifest.

func (*Authority) GetManifests ¶ added in v0.8.0

func (a *Authority) GetManifests(_ context.Context, _ *userapi.GetManifestsRequest,
) (*userapi.GetManifestsResponse, error)

GetManifests retrieves the current CA certificates, the manifest history and all policies.

func (*Authority) GetSeedEngine ¶ added in v1.1.0

func (m *Authority) GetSeedEngine() (*seedengine.SeedEngine, error)

GetSeedEngine returns the seed engine.

func (*Authority) Recover ¶ added in v0.8.0

func (a *Authority) Recover(_ context.Context, req *userapi.RecoverRequest) (*userapi.RecoverResponse, error)

Recover recovers the Coordinator from a seed and salt.

func (*Authority) SetManifest ¶

func (a *Authority) SetManifest(ctx context.Context, req *userapi.SetManifestRequest) (*userapi.SetManifestResponse, error)

SetManifest registers a new manifest at the Coordinator.

type Credentials ¶ added in v1.1.0

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials are gRPC transport credentials that dynamically update with the Coordinator state.

func (*Credentials) ClientHandshake ¶ added in v1.1.0

func (c *Credentials) ClientHandshake(_ context.Context, _ string, _ net.Conn) (net.Conn, credentials.AuthInfo, error)

ClientHandshake is not implemented.

func (*Credentials) Clone ¶ added in v1.1.0

func (c *Credentials) Clone() credentials.TransportCredentials

Clone is only necessary for clients and thus not implemented.

func (*Credentials) Info ¶ added in v1.1.0

func (c *Credentials) Info() credentials.ProtocolInfo

Info provides information about the protocol.

func (*Credentials) OverrideServerName ¶ added in v1.1.0

func (c *Credentials) OverrideServerName(_ string) error

OverrideServerName is not implemented.

func (*Credentials) ServerHandshake ¶ added in v1.1.0

func (c *Credentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)

ServerHandshake implements an aTLS handshake for the latest state.

If successful, the state will be passed to gRPC as AuthInfo.

type State ¶ added in v1.1.0

type State struct {
	Manifest *manifest.Manifest
	CA       *ca.CA
	// contains filtered or unexported fields
}

State is a snapshot of the Coordinator's manifest history.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL