Documentation ¶
Overview ¶
Package core provides the core functionality for the Coordinator object including state transition, APIs for marbles and clients, handling of manifests and the sealing functionalities.
Index ¶
- type BaseVec
- type ClientCore
- type Core
- func (c *Core) Activate(ctx context.Context, req *rpc.ActivationReq) (*rpc.ActivationResp, error)
- func (c *Core) GetCertQuote(ctx context.Context) (string, []byte, error)
- func (c *Core) GetManifestSignature(ctx context.Context) ([]byte, []byte)
- func (c *Core) GetSecrets(ctx context.Context, requestedSecrets []string, client *user.User) (map[string]manifest.Secret, error)
- func (c *Core) GetStatus(ctx context.Context) (statusCode int, status string, err error)
- func (c *Core) GetTLSConfig() (*tls.Config, error)
- func (c *Core) GetTLSMarbleRootCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (c *Core) GetTLSRootCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)
- func (c *Core) GetUpdateLog(ctx context.Context) (string, error)
- func (c *Core) Recover(ctx context.Context, secret []byte) (int, error)
- func (c *Core) SetManifest(ctx context.Context, rawManifest []byte) (map[string][]byte, error)
- func (c *Core) UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) error
- func (c *Core) VerifyUser(ctx context.Context, clientCerts []*x509.Certificate) (*user.User, error)
- func (c *Core) WriteSecrets(ctx context.Context, rawSecretManifest []byte, updater *user.User) error
- type CounterVec
- type NullBaseVec
- type NullCollector
- type NullCounter
- type NullCounterVec
- func (NullCounterVec) GetMetricWith(labels prometheus.Labels) (prometheus.Counter, error)
- func (NullCounterVec) GetMetricWithLabelValues(lvs ...string) (prometheus.Counter, error)
- func (NullCounterVec) With(labels prometheus.Labels) prometheus.Counter
- func (NullCounterVec) WithLabelValues(lvs ...string) prometheus.Counter
- type NullMetric
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type BaseVec ¶ added in v0.4.0
type BaseVec interface { prometheus.Collector Delete(labels prometheus.Labels) bool DeleteLabelValues(lvs ...string) bool Reset() }
type ClientCore ¶
type ClientCore interface { SetManifest(ctx context.Context, rawManifest []byte) (recoverySecretMap map[string][]byte, err error) GetCertQuote(ctx context.Context) (cert string, certQuote []byte, err error) GetManifestSignature(ctx context.Context) (manifestSignature []byte, manifest []byte) GetSecrets(ctx context.Context, requestedSecrets []string, requestUser *user.User) (map[string]manifest.Secret, error) GetStatus(ctx context.Context) (statusCode int, status string, err error) GetUpdateLog(ctx context.Context) (updateLog string, err error) Recover(ctx context.Context, encryptionKey []byte) (int, error) VerifyUser(ctx context.Context, clientCerts []*x509.Certificate) (*user.User, error) UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) error WriteSecrets(ctx context.Context, rawSecretManifest []byte, updater *user.User) error }
ClientCore provides the core functionality for the client. It can be used by e.g. a http server
type Core ¶
type Core struct {
// contains filtered or unexported fields
}
Core implements the core logic of the Coordinator
func NewCore ¶
func NewCore(dnsNames []string, qv quote.Validator, qi quote.Issuer, sealer seal.Sealer, recovery recovery.Recovery, zapLogger *zap.Logger, promFactory *promauto.Factory) (*Core, error)
NewCore creates and initializes a new Core object
func NewCoreWithMocks ¶
func NewCoreWithMocks() *Core
NewCoreWithMocks creates a new core object with quote and seal mocks for testing.
func (*Core) Activate ¶
func (c *Core) Activate(ctx context.Context, req *rpc.ActivationReq) (*rpc.ActivationResp, error)
Activate implements the MarbleAPI function to authenticate a marble (implements the MarbleServer interface)
Verifies the marble's integrity and subsequently provides the marble with a certificate for authentication and application-specific parameters as defined in the Coordinator's manifest.
req needs to contain a MarbleType present in the Coordinator's manifest and a CSR with the Subject and DNSNames set with desired values.
Returns a signed certificate-key-pair and the application's parameters if the authentication was successful. Returns an error if the authentication failed.
func (*Core) GetCertQuote ¶
GetCertQuote gets the Coordinators certificate and corresponding quote (containing the cert)
Returns the a remote attestation quote of its own certificate alongside this certificate that allows to verify the Coordinator's integrity and authentication for use of the ClientAPI.
func (*Core) GetManifestSignature ¶
GetManifestSignature returns the hash of the manifest
Returns a SHA256 hash of the active manifest.
func (*Core) GetSecrets ¶ added in v0.4.0
func (c *Core) GetSecrets(ctx context.Context, requestedSecrets []string, client *user.User) (map[string]manifest.Secret, error)
GetSecrets allows a user to read out secrets from the core
func (*Core) GetTLSConfig ¶
GetTLSConfig gets the core's TLS configuration
func (*Core) GetTLSMarbleRootCertificate ¶ added in v0.4.0
func (c *Core) GetTLSMarbleRootCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetTLSMarbleRootCertificate creates a TLS certificate for the Coordinator's x509 marbleRoot certificate
func (*Core) GetTLSRootCertificate ¶ added in v0.3.0
func (c *Core) GetTLSRootCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error)
GetTLSRootCertificate creates a TLS certificate for the Coordinators self-signed x509 certificate
func (*Core) GetUpdateLog ¶ added in v0.4.0
GetUpdateLog returns the update history of the coordinator
func (*Core) Recover ¶ added in v0.1.1
Recover sets an encryption key (ideally decrypted from the recovery data) and tries to unseal and load a saved state again.
func (*Core) SetManifest ¶
SetManifest sets the manifest, once and for all
rawManifest is the manifest of type Manifest in JSON format.
func (*Core) UpdateManifest ¶ added in v0.3.0
func (c *Core) UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) error
UpdateManifest allows to update certain package parameters, supplied via a JSON manifest
func (*Core) VerifyUser ¶ added in v0.4.0
VerifyUser checks if a given client certificate matches the admin certificates specified in the manifest
type CounterVec ¶ added in v0.4.0
type CounterVec interface { BaseVec GetMetricWith(labels prometheus.Labels) (prometheus.Counter, error) GetMetricWithLabelValues(lvs ...string) (prometheus.Counter, error) With(labels prometheus.Labels) prometheus.Counter WithLabelValues(lvs ...string) prometheus.Counter }
type NullBaseVec ¶ added in v0.4.0
type NullBaseVec struct {
NullCollector
}
func (NullBaseVec) Delete ¶ added in v0.4.0
func (NullBaseVec) Delete(labels prometheus.Labels) bool
func (NullBaseVec) DeleteLabelValues ¶ added in v0.4.0
func (NullBaseVec) DeleteLabelValues(lvs ...string) bool
func (NullBaseVec) Reset ¶ added in v0.4.0
func (NullBaseVec) Reset()
type NullCollector ¶ added in v0.4.0
type NullCollector struct{}
func (NullCollector) Collect ¶ added in v0.4.0
func (NullCollector) Collect(chan<- prometheus.Metric)
func (NullCollector) Describe ¶ added in v0.4.0
func (NullCollector) Describe(chan<- *prometheus.Desc)
type NullCounter ¶ added in v0.4.0
type NullCounter struct { NullMetric NullCollector }
func (NullCounter) Add ¶ added in v0.4.0
func (NullCounter) Add(float64)
func (NullCounter) Inc ¶ added in v0.4.0
func (NullCounter) Inc()
type NullCounterVec ¶ added in v0.4.0
type NullCounterVec struct {
NullBaseVec
}
func (NullCounterVec) GetMetricWith ¶ added in v0.4.0
func (NullCounterVec) GetMetricWith(labels prometheus.Labels) (prometheus.Counter, error)
func (NullCounterVec) GetMetricWithLabelValues ¶ added in v0.4.0
func (NullCounterVec) GetMetricWithLabelValues(lvs ...string) (prometheus.Counter, error)
func (NullCounterVec) With ¶ added in v0.4.0
func (NullCounterVec) With(labels prometheus.Labels) prometheus.Counter
func (NullCounterVec) WithLabelValues ¶ added in v0.4.0
func (NullCounterVec) WithLabelValues(lvs ...string) prometheus.Counter
type NullMetric ¶ added in v0.4.0
type NullMetric struct{}
func (NullMetric) Desc ¶ added in v0.4.0
func (NullMetric) Desc() *prometheus.Desc