clientapi

Documentation

Overview

package clientapi implements methods for users to interact with the Coordinator.

Index

• type ClientAPI
  • func New(txHandle transactionHandle, recovery recovery.Recovery, core core, ...) (*ClientAPI, error)
  • func (a *ClientAPI) FeatureEnabled(ctx context.Context, feature string) bool
  • func (a *ClientAPI) GetCertQuote(ctx context.Context, nonce []byte) (cert string, certQuote []byte, err error)
  • func (a *ClientAPI) GetManifestSignature(ctx context.Context) (manifestSignatureRootECDSA, manifest []byte, err error)
  • func (a *ClientAPI) GetSecrets(ctx context.Context, requestedSecrets []string, client *user.User) (map[string]manifest.Secret, error)
  • func (a *ClientAPI) GetStatus(ctx context.Context) (state.State, string, error)
  • func (a *ClientAPI) GetUpdateLog(ctx context.Context) ([]string, error)
  • func (a *ClientAPI) Recover(ctx context.Context, encryptionKey []byte) (keysLeft int, err error)
  • func (a *ClientAPI) SetManifest(ctx context.Context, rawManifest []byte) (recoverySecretMap map[string][]byte, err error)
  • func (a *ClientAPI) SignQuote(ctx context.Context, quote []byte) (signature []byte, tcbStatus string, err error)
  • func (a *ClientAPI) UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) (err error)
  • func (a *ClientAPI) VerifyUser(ctx context.Context, clientCerts []*x509.Certificate) (*user.User, error)
  • func (a *ClientAPI) WriteSecrets(ctx context.Context, userSecrets map[string]manifest.UserSecret, ...) (err error)
• type QuoteVerifyError
  • func (e QuoteVerifyError) Error() string
  • func (e QuoteVerifyError) Unwrap() error

Types

type ClientAPI

type ClientAPI struct {
	// contains filtered or unexported fields
}

ClientAPI implements the client API.

func New

func New(txHandle transactionHandle, recovery recovery.Recovery, core core, log *zap.Logger,
) (*ClientAPI, error)

New returns an initialized instance of the ClientAPI.

func (*ClientAPI) FeatureEnabled

func (a *ClientAPI) FeatureEnabled(ctx context.Context, feature string) bool

FeatureEnabled returns true if the given feature is enabled in the manifest.

func (*ClientAPI) GetCertQuote

func (a *ClientAPI) GetCertQuote(ctx context.Context, nonce []byte) (cert string, certQuote []byte, err error)

GetCertQuote gets the Coordinators certificate and corresponding quote (containing the cert).

Returns the remote attestation quote of its own certificate alongside this certificate, which allows to verify the Coordinator's integrity and authentication for use of the ClientAPI.

func (*ClientAPI) GetManifestSignature

func (a *ClientAPI) GetManifestSignature(ctx context.Context) (manifestSignatureRootECDSA, manifest []byte, err error)

GetManifestSignature returns the hash of the manifest.

Returns ECDSA signature and byte encoded representation of the active manifest.

func (*ClientAPI) GetSecrets

func (a *ClientAPI) GetSecrets(ctx context.Context, requestedSecrets []string, client *user.User) (map[string]manifest.Secret, error)

GetSecrets allows a user to retrieve secrets from the Coordinator.

func (*ClientAPI) GetStatus

func (a *ClientAPI) GetStatus(ctx context.Context) (state.State, string, error)

GetStatus returns status information about the state of the Coordinator.

func (*ClientAPI) GetUpdateLog

func (a *ClientAPI) GetUpdateLog(ctx context.Context) ([]string, error)

GetUpdateLog returns the update history of the Coordinator.

func (*ClientAPI) Recover

func (a *ClientAPI) Recover(ctx context.Context, encryptionKey []byte) (keysLeft int, err error)

Recover sets an encryption key (ideally decrypted from the recovery data) and tries to unseal and load a saved state of the Coordinator.

func (*ClientAPI) SetManifest

func (a *ClientAPI) SetManifest(ctx context.Context, rawManifest []byte) (recoverySecretMap map[string][]byte, err error)

SetManifest sets the manifest of the Coordinator.

rawManifest is the manifest of type Manifest in JSON format. recoverySecretMap is a map of recovery secrets that can be used to recover the Coordinator.

func (*ClientAPI) SignQuote

func (a *ClientAPI) SignQuote(ctx context.Context, quote []byte) (signature []byte, tcbStatus string, err error)

SignQuote verifies the quote and signs it with the Coordinator's root key.

func (*ClientAPI) UpdateManifest

func (a *ClientAPI) UpdateManifest(ctx context.Context, rawUpdateManifest []byte, updater *user.User) (err error)

UpdateManifest allows to update certain package parameters of the original manifest, supplied via a JSON manifest.

func (*ClientAPI) VerifyUser

func (a *ClientAPI) VerifyUser(ctx context.Context, clientCerts []*x509.Certificate) (*user.User, error)

VerifyUser checks if a given client certificate matches the admin certificates specified in the manifest.

func (*ClientAPI) WriteSecrets

func (a *ClientAPI) WriteSecrets(ctx context.Context, userSecrets map[string]manifest.UserSecret, updater *user.User) (err error)

WriteSecrets allows a user to set certain user-defined secrets for the Coordinator.

type QuoteVerifyError

type QuoteVerifyError struct {
	// contains filtered or unexported fields
}

QuoteVerifyError is returned if a given quote could not be verified.

func (QuoteVerifyError) Error

func (e QuoteVerifyError) Error() string

Error returns the error message.

func (QuoteVerifyError) Unwrap

func (e QuoteVerifyError) Unwrap() error

Unwrap returns the wrapped error.