trustedservices

README

Configuration

• server-addr (optional): address of the VTS server in the form <host>:<port>. If not specified, this defaults to 127.0.0.1:50051. Unless listen-addr is specified (see below), VTS server will extract the port to listen on from this setting (but will listen on all local interfaces)
• listen-addr (optional): The address the VTS server will listen on in the form <host>:<port>. Only specify this if you want to restrict the server to listen on a particular interface; otherwise, the server will listen on all interfaces on the port specified in server-addr.
• tls (optional): specifies whether TLS should be used for client connections. Defaults to true.
• cert: path to the file containing the certificate that should be used by the server if tls (see above) is true.
• cert-key: path to the file containing the key associated with the certificate specified by server-cert (see above).
• ca-certs (optional): a list of paths to certificates that will be used in addition to system certs during mutual validation with the client when tls (see above) is true.

Documentation

Overview

Copyright 2022-2023 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2022-2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Copyright 2022-2024 Contributors to the Veraison project. SPDX-License-Identifier: Apache-2.0

Index

• Constants
• Variables
• func LoadTLSCreds(certPath, keyPath string, caPaths []string) (credentials.TransportCredentials, error)
• type GRPC
  • func (o *GRPC) Close() error
  • func (o *GRPC) GetAttestation(ctx context.Context, token *proto.AttestationToken) (*proto.AppraisalContext, error)
  • func (o *GRPC) GetEARSigningPublicKey(context.Context, *emptypb.Empty) (*proto.PublicKey, error)
  • func (o *GRPC) GetServiceState(context.Context, *emptypb.Empty) (*proto.ServiceState, error)
  • func (c *GRPC) GetSupportedProvisioningMediaTypes(context.Context, *emptypb.Empty) (*proto.MediaTypeList, error)
  • func (c *GRPC) GetSupportedVerificationMediaTypes(context.Context, *emptypb.Empty) (*proto.MediaTypeList, error)
  • func (o *GRPC) Init(v *viper.Viper, evm plugin.IManager[handler.IEvidenceHandler], ...) error
  • func (o *GRPC) Run() error
  • func (o *GRPC) SubmitEndorsements(ctx context.Context, req *proto.SubmitEndorsementsRequest) (*proto.SubmitEndorsementsResponse, error)
• type GRPCConfig
  • func NewGRPCConfig() *GRPCConfig
• type ITrustedServices
  • func NewGRPC(taStore, enStore kvstore.IKVStore, ...) ITrustedServices

Constants

const DummyTenantID = "0"

XXX should be (also) serviceID should be passed as a parameter

Variables

var (
	DefaultVTSAddr = "127.0.0.1:50051"
)

Functions

func LoadTLSCreds

func LoadTLSCreds(
	certPath, keyPath string,
	caPaths []string,
) (credentials.TransportCredentials, error)

Types

type GRPC

type GRPC struct {
	ServerAddress string

	TaStore            kvstore.IKVStore
	EnStore            kvstore.IKVStore
	EvPluginManager    plugin.IManager[handler.IEvidenceHandler]
	EndPluginManager   plugin.IManager[handler.IEndorsementHandler]
	StorePluginManager plugin.IManager[handler.IStoreHandler]
	PolicyManager      *policymanager.PolicyManager
	EarSigner          earsigner.IEarSigner

	Server *grpc.Server
	Socket net.Listener

	proto.UnimplementedVTSServer
	// contains filtered or unexported fields
}

func (*GRPC) Close

func (o *GRPC) Close() error

func (*GRPC) GetAttestation

func (o *GRPC) GetAttestation(
	ctx context.Context,
	token *proto.AttestationToken,
) (*proto.AppraisalContext, error)

func (*GRPC) GetEARSigningPublicKey

func (o *GRPC) GetEARSigningPublicKey(context.Context, *emptypb.Empty) (*proto.PublicKey, error)

func (*GRPC) GetServiceState

func (o *GRPC) GetServiceState(context.Context, *emptypb.Empty) (*proto.ServiceState, error)

func (*GRPC) GetSupportedProvisioningMediaTypes

func (c *GRPC) GetSupportedProvisioningMediaTypes(context.Context, *emptypb.Empty) (*proto.MediaTypeList, error)

func (*GRPC) GetSupportedVerificationMediaTypes

func (c *GRPC) GetSupportedVerificationMediaTypes(context.Context, *emptypb.Empty) (*proto.MediaTypeList, error)

func (*GRPC) Init

func (o *GRPC) Init(
	v *viper.Viper,
	evm plugin.IManager[handler.IEvidenceHandler],
	endm plugin.IManager[handler.IEndorsementHandler],
	stm plugin.IManager[handler.IStoreHandler],
) error

func (*GRPC) Run

func (o *GRPC) Run() error

func (*GRPC) SubmitEndorsements

func (o *GRPC) SubmitEndorsements(ctx context.Context, req *proto.SubmitEndorsementsRequest) (*proto.SubmitEndorsementsResponse, error)

type GRPCConfig

type GRPCConfig struct {
	ServerAddress string   `mapstructure:"server-addr" valid:"dialstring"`
	ListenAddress string   `mapstructure:"listen-addr" valid:"dialstring" config:"zerodefault"`
	UseTLS        bool     `mapstructure:"tls" config:"zerodefault"`
	ServerCert    string   `mapstructure:"cert" config:"zerodefault"`
	ServerCertKey string   `mapstructure:"cert-key" config:"zerodefault"`
	CACerts       []string `mapstructure:"ca-certs" config:"zerodefault"`
}

Supported parameters:

• vts.server-addr: string w/ syntax specified in https://github.com/grpc/grpc/blob/master/doc/naming.md

• TODO(tho) load balancing config See https://github.com/grpc/grpc/blob/master/doc/load-balancing.md

func NewGRPCConfig

func NewGRPCConfig() *GRPCConfig

type ITrustedServices

type ITrustedServices interface {
	Init(
		cfg *viper.Viper,
		evm plugin.IManager[handler.IEvidenceHandler],
		endm plugin.IManager[handler.IEndorsementHandler],
		stm plugin.IManager[handler.IStoreHandler],
	) error
	Close() error
	Run() error

	proto.VTSServer
}

func NewGRPC

func NewGRPC(
	taStore, enStore kvstore.IKVStore,
	evpluginManager plugin.IManager[handler.IEvidenceHandler],
	endpluginManager plugin.IManager[handler.IEndorsementHandler],
	storepluginManager plugin.IManager[handler.IStoreHandler],
	policyManager *policymanager.PolicyManager,
	earSigner earsigner.IEarSigner,
	logger *zap.SugaredLogger,
) ITrustedServices