mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-18 10:57:13 -05:00
39 lines
963 B
Go
39 lines
963 B
Go
|
/*
|
||
|
Copyright (c) Edgeless Systems GmbH
|
||
|
|
||
|
SPDX-License-Identifier: AGPL-3.0-only
|
||
|
*/
|
||
|
|
||
|
// The AMDKDS package implements interaction with the AMD KDS (Key Distribution Service).
|
||
|
package amdkds
|
||
|
|
||
|
import (
|
||
|
"crypto/x509"
|
||
|
"fmt"
|
||
|
|
||
|
"github.com/google/go-sev-guest/abi"
|
||
|
"github.com/google/go-sev-guest/verify/trust"
|
||
|
)
|
||
|
|
||
|
// KDSClient is a client for interacting with the AMD KDS.
|
||
|
type KDSClient struct {
|
||
|
getter trust.HTTPSGetter
|
||
|
}
|
||
|
|
||
|
// NewKDSClient creates a new KDS Client.
|
||
|
func NewKDSClient(getter trust.HTTPSGetter) *KDSClient {
|
||
|
return &KDSClient{
|
||
|
getter: getter,
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// CertChain queries the AMD KDS for the certificate chain for given signing type (VCEK / VLEK).
|
||
|
func (c *KDSClient) CertChain(signingType abi.ReportSigner) (ask, ark *x509.Certificate, err error) {
|
||
|
askark, err := trust.GetProductChain("Milan", signingType, c.getter)
|
||
|
if err != nil {
|
||
|
return nil, nil, fmt.Errorf("retrieving certificate chain: %w", err)
|
||
|
}
|
||
|
|
||
|
return askark.Ask, askark.Ark, nil
|
||
|
}
|