Documentation ¶
Index ¶
- Variables
- type AuthInfo
- type Authority
- func (a *Authority) Credentials(reg *prometheus.Registry, issuer atls.Issuer) (*Credentials, func())
- func (a *Authority) GetManifests(_ context.Context, _ *userapi.GetManifestsRequest) (*userapi.GetManifestsResponse, error)
- func (m *Authority) GetSeedEngine() (*seedengine.SeedEngine, error)
- func (a *Authority) Recover(_ context.Context, req *userapi.RecoverRequest) (*userapi.RecoverResponse, error)
- func (a *Authority) SetManifest(ctx context.Context, req *userapi.SetManifestRequest) (*userapi.SetManifestResponse, error)
- type Credentials
- func (c *Credentials) ClientHandshake(_ context.Context, _ string, _ net.Conn) (net.Conn, credentials.AuthInfo, error)
- func (c *Credentials) Clone() credentials.TransportCredentials
- func (c *Credentials) Info() credentials.ProtocolInfo
- func (c *Credentials) OverrideServerName(_ string) error
- func (c *Credentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)
- type State
Constants ¶
This section is empty.
Variables ¶
var ( // ErrAlreadyRecovered is returned if seedEngine initialization was requested but a seed is already set. ErrAlreadyRecovered = errors.New("coordinator is already recovered") // ErrNeedsRecovery is returned if state exists, but no secrets are available, e.g. after restart. ErrNeedsRecovery = errors.New("coordinator is in recovery mode") )
var ErrNoManifest = errors.New("no manifest configured")
ErrNoManifest is returned when a manifest is needed but not present.
Functions ¶
This section is empty.
Types ¶
type AuthInfo ¶ added in v1.1.0
type AuthInfo struct { // TLSInfo holds details from the TLS handshake. credentials.TLSInfo // State is the coordinator state at the time of the TLS handshake. State *State // Report is the attestation report sent by the peer. Report attestation.Report }
AuthInfo is used to pass channel authentication information and state to gRPC handlers.
It implements [snp.validateCallbacker] to capture report data from the TLS handshake.
type Authority ¶
type Authority struct { userapi.UnimplementedUserAPIServer // contains filtered or unexported fields }
Authority manages the manifest state of Contrast.
func (*Authority) Credentials ¶ added in v1.1.0
func (a *Authority) Credentials(reg *prometheus.Registry, issuer atls.Issuer) (*Credentials, func())
Credentials creates new transport credentials that validate peers according to the latest manifest.
func (*Authority) GetManifests ¶ added in v0.8.0
func (a *Authority) GetManifests(_ context.Context, _ *userapi.GetManifestsRequest, ) (*userapi.GetManifestsResponse, error)
GetManifests retrieves the current CA certificates, the manifest history and all policies.
func (*Authority) GetSeedEngine ¶ added in v1.1.0
func (m *Authority) GetSeedEngine() (*seedengine.SeedEngine, error)
GetSeedEngine returns the seed engine.
func (*Authority) Recover ¶ added in v0.8.0
func (a *Authority) Recover(_ context.Context, req *userapi.RecoverRequest) (*userapi.RecoverResponse, error)
Recover recovers the Coordinator from a seed and salt.
func (*Authority) SetManifest ¶
func (a *Authority) SetManifest(ctx context.Context, req *userapi.SetManifestRequest) (*userapi.SetManifestResponse, error)
SetManifest registers a new manifest at the Coordinator.
type Credentials ¶ added in v1.1.0
type Credentials struct {
// contains filtered or unexported fields
}
Credentials are gRPC transport credentials that dynamically update with the Coordinator state.
func (*Credentials) ClientHandshake ¶ added in v1.1.0
func (c *Credentials) ClientHandshake(_ context.Context, _ string, _ net.Conn) (net.Conn, credentials.AuthInfo, error)
ClientHandshake is not implemented.
func (*Credentials) Clone ¶ added in v1.1.0
func (c *Credentials) Clone() credentials.TransportCredentials
Clone is only necessary for clients and thus not implemented.
func (*Credentials) Info ¶ added in v1.1.0
func (c *Credentials) Info() credentials.ProtocolInfo
Info provides information about the protocol.
func (*Credentials) OverrideServerName ¶ added in v1.1.0
func (c *Credentials) OverrideServerName(_ string) error
OverrideServerName is not implemented.
func (*Credentials) ServerHandshake ¶ added in v1.1.0
func (c *Credentials) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo, error)
ServerHandshake implements an aTLS handshake for the latest state.
If successful, the state will be passed to gRPC as AuthInfo.