-
Notifications
You must be signed in to change notification settings - Fork 107
/
proxy.go
73 lines (57 loc) · 1.95 KB
/
proxy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
// Package proxy implements the Oasis IAS proxy endpoint.
package proxy
import (
"context"
"github.com/oasisprotocol/oasis-core/go/common/logging"
"github.com/oasisprotocol/oasis-core/go/common/sgx/ias"
"github.com/oasisprotocol/oasis-core/go/ias/api"
)
// CommonName is the CommonName for the IAS proxy TLS certificate.
const CommonName = "ias-proxy"
var _ api.Endpoint = (*proxyEndpoint)(nil)
// Authenticator is the interface used to authenticate gRPC requests.
type Authenticator interface {
// VerifyEvidence returns nil iff the signer's evidenice may attest
// via the gRPC server.
//
// Caller authentication information may be derived from the context.
VerifyEvidence(ctx context.Context, evidence *api.Evidence) error
}
type noOpAuthenticator struct{}
func (n *noOpAuthenticator) VerifyEvidence(ctx context.Context, evidence *api.Evidence) error {
return nil
}
type proxyEndpoint struct {
endpoint api.Endpoint
authenticator Authenticator
logger *logging.Logger
}
func (p *proxyEndpoint) VerifyEvidence(ctx context.Context, evidence *api.Evidence) (*ias.AVRBundle, error) {
if err := p.authenticator.VerifyEvidence(ctx, evidence); err != nil {
p.logger.Warn("failed to authenticate IAS VerifyEvidence request",
"err", err,
)
return nil, err
}
return p.endpoint.VerifyEvidence(ctx, evidence)
}
func (p *proxyEndpoint) GetSPIDInfo(ctx context.Context) (*api.SPIDInfo, error) {
return p.endpoint.GetSPIDInfo(ctx)
}
func (p *proxyEndpoint) GetSigRL(ctx context.Context, epidGID uint32) ([]byte, error) {
// TODO: Validate the EPID group ID.
return p.endpoint.GetSigRL(ctx, epidGID)
}
func (p *proxyEndpoint) Cleanup() {
}
// New creates a new proxy endpoint.
func New(endpoint api.Endpoint, authenticator Authenticator) api.Endpoint {
if authenticator == nil {
authenticator = &noOpAuthenticator{}
}
return &proxyEndpoint{
endpoint: endpoint,
authenticator: authenticator,
logger: logging.GetLogger("ias/proxy"),
}
}