util

Documentation

Overview

Package util provides helper funtions to prepare materials for talking to attestation verifiers.

Index

• Constants
• Variables
• func GetRegion(client *metadata.Client) (string, error)
• func NewRESTClient(ctx context.Context, asAddr string, ProjectID string, Region string) (verifier.Client, error)
• func PrincipalFetcher(audience string, mdsClient *metadata.Client) ([][]byte, error)
• type Instance
• type MetadataServer
  • func NewMetadataServer(data Instance) (*MetadataServer, error)
  • func (s *MetadataServer) Stop()
• type MockAttestationServer
  • func NewMockAttestationServer() (*MockAttestationServer, error)
  • func (s *MockAttestationServer) Stop()
• type MockOauth2Server
  • func NewMockOauth2Server() (*MockOauth2Server, error)
  • func (s *MockOauth2Server) Stop()
• type TpmKeyFetcher

Constants

const FakeChallengeUUID = "947b4f7b-e6d4-4cfe-971c-39ffe00268ba"

FakeChallengeUUID is the challenge for fake attestation server

const FakeCustomAudience = "https://api.test.com"

FakeCustomNonce is the custom audience for fake attestation server

const FakeTpmNonce = "R29vZ0F0dGVzdFYxeGtJUGlRejFPOFRfTzg4QTRjdjRpQQ=="

FakeTpmNonce is the tpm nonce for fake attestation server

Variables

var FakeCustomNonce = []string{"1234567890", "1234567890"}

FakeCustomNonce is the custom nonce for fake attestation server

Functions

func GetRegion

func GetRegion(client *metadata.Client) (string, error)

GetRegion retrieves region information from GCE metadata server

func NewRESTClient

func NewRESTClient(ctx context.Context, asAddr string, ProjectID string, Region string) (verifier.Client, error)

NewRESTClient returns a REST verifier.Client that points to the given address. It defaults to the Attestation Verifier instance at https://confidentialcomputing.googleapis.com.

func PrincipalFetcher

func PrincipalFetcher(audience string, mdsClient *metadata.Client) ([][]byte, error)

PrincipalFetcher fetch ID token with specific audience from Metadata server. See https://cloud.google.com/functions/docs/securing/authenticating#functions-bearer-token-example-go.

Types

type Instance

type Instance struct {
	ProjectID     string
	ProjectNumber string
	InstanceID    string
	InstanceName  string
	Zone          string
}

Instance struct for supported fake values for metadata server.

type MetadataServer

type MetadataServer struct {
	// contains filtered or unexported fields
}

MetadataServer provides fake implementation for the GCE metadata server.

func NewMetadataServer

func NewMetadataServer(data Instance) (*MetadataServer, error)

NewMetadataServer starts and hooks up a Server, serving env. data is the mock Instance data the metadata server will respond with.

func (*MetadataServer) Stop

func (s *MetadataServer) Stop()

Stop shuts down the server and restores original metadataHostEnv env var.

type MockAttestationServer

type MockAttestationServer struct {
	Server *httptest.Server
}

MockAttestationServer provides fake implementation for the GCE attestation server.

func NewMockAttestationServer

func NewMockAttestationServer() (*MockAttestationServer, error)

NewMockAttestationServer creates a mock verifier

func (*MockAttestationServer) Stop

func (s *MockAttestationServer) Stop()

Stop shuts down the server.

type MockOauth2Server

type MockOauth2Server struct {
	Server       *httptest.Server
	OriginalCred string
}

MockOauth2Server is a struct for mocking Oauth2Server

func NewMockOauth2Server

func NewMockOauth2Server() (*MockOauth2Server, error)

NewMockOauth2Server creates a mock Oauth2 server for testing purpose

func (*MockOauth2Server) Stop

func (s *MockOauth2Server) Stop()

Stop cleans up the fake credential, reset the original one, and shuts down the server.

type TpmKeyFetcher

type TpmKeyFetcher func(rw io.ReadWriter) (*client.Key, error)

TpmKeyFetcher abstracts the fetching of various types of Attestation Key from TPM