Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-15 16:09:39 -05:00
Code Issues Projects Releases Packages Wiki Activity

verify: use fixed user data

Browse source
This commit is contained in:
Thomas Tendyck 2023-01-17 15:28:07 +01:00 committed by Thomas Tendyck
parent 85f33b2140
commit f0f109a1ea
8 changed files with 47 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

21
verify/server/server.go
View file

@ -16,6 +16,7 @@ import (
"sync"
"time"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/verify/verifyproto"
"go.uber.org/zap"
@ -107,13 +108,9 @@ func (s *Server) GetAttestation(ctx context.Context, req *verifyproto.GetAttesta
log.Errorf("Received attestation request with empty nonce")
return nil, status.Error(codes.InvalidArgument, "nonce is required to issue attestation")
}
if len(req.UserData) == 0 {
log.Errorf("Received attestation request with empty user data")
return nil, status.Error(codes.InvalidArgument, "user data is required to issue attestation")
}
log.Infof("Creating attestation")
statement, err := s.issuer.Issue(req.UserData, req.Nonce)
statement, err := s.issuer.Issue([]byte(constants.ConstellationVerifyServiceUserData), req.Nonce)
if err != nil {
return nil, status.Errorf(codes.Internal, "issuing attestation statement: %v", err)
}
@ -132,12 +129,6 @@ func (s *Server) getAttestationHTTP(w http.ResponseWriter, r *http.Request) {
http.Error(w, "nonce parameter is required exactly once", http.StatusBadRequest)
return
}
userDataB64 := r.URL.Query()["userData"]
if len(userDataB64) != 1 || userDataB64[0] == "" {
log.Errorf("Received attestation request with empty or multiple user data parameter")
http.Error(w, "userData parameter is required exactly once", http.StatusBadRequest)
return
}
nonce, err := base64.URLEncoding.DecodeString(nonceB64[0])
if err != nil {
@ -145,15 +136,9 @@ func (s *Server) getAttestationHTTP(w http.ResponseWriter, r *http.Request) {
http.Error(w, fmt.Sprintf("invalid base64 encoding for nonce: %v", err), http.StatusBadRequest)
return
}
userData, err := base64.URLEncoding.DecodeString(userDataB64[0])
if err != nil {
log.With(zap.Error(err)).Errorf("Received attestation request with invalid user data")
http.Error(w, fmt.Sprintf("invalid base64 encoding for userData: %v", err), http.StatusBadRequest)
return
}
log.Infof("Creating attestation")
quote, err := s.issuer.Issue(userData, nonce)
quote, err := s.issuer.Issue([]byte(constants.ConstellationVerifyServiceUserData), nonce)
if err != nil {
http.Error(w, fmt.Sprintf("issuing attestation statement: %v", err), http.StatusInternalServerError)
return

73
verify/server/server_test.go
View file

@ -11,7 +11,6 @@ import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"io"
"net"
"net/http"
@ -83,30 +82,19 @@ func TestGetAttestationGRPC(t *testing.T) {
"success": {
issuer: stubIssuer{attestation: []byte("quote")},
request: &verifyproto.GetAttestationRequest{
Nonce: []byte("nonce"),
UserData: []byte("userData"),
Nonce: []byte("nonce"),
},
},
"issuer fails": {
issuer: stubIssuer{issueErr: errors.New("issuer error")},
request: &verifyproto.GetAttestationRequest{
Nonce: []byte("nonce"),
UserData: []byte("userData"),
Nonce: []byte("nonce"),
},
wantErr: true,
},
"no nonce": {
issuer: stubIssuer{attestation: []byte("quote")},
request: &verifyproto.GetAttestationRequest{
UserData: []byte("userData"),
},
wantErr: true,
},
"no userData": {
issuer: stubIssuer{attestation: []byte("quote")},
request: &verifyproto.GetAttestationRequest{
Nonce: []byte("nonce"),
},
issuer: stubIssuer{attestation: []byte("quote")},
request: &verifyproto.GetAttestationRequest{},
wantErr: true,
},
}
@ -138,67 +126,26 @@ func TestGetAttestationHTTP(t *testing.T) {
wantErr bool
}{
"success": {
request: fmt.Sprintf(
"?nonce=%s&userData=%s",
base64.URLEncoding.EncodeToString([]byte("nonce")),
base64.URLEncoding.EncodeToString([]byte("userData")),
),
issuer: stubIssuer{attestation: []byte("quote")},
request: "?nonce=" + base64.URLEncoding.EncodeToString([]byte("nonce")),
issuer: stubIssuer{attestation: []byte("quote")},
},
"invalid nonce in query": {
request: fmt.Sprintf(
"?nonce=not-base-64&userData=%s",
base64.URLEncoding.EncodeToString([]byte("userData")),
),
request: "?nonce=not-base-64",
issuer: stubIssuer{attestation: []byte("quote")},
wantErr: true,
},
"no nonce in query": {
request: fmt.Sprintf(
"?userData=%s",
base64.URLEncoding.EncodeToString([]byte("userData")),
),
request: "?foo=bar",
issuer: stubIssuer{attestation: []byte("quote")},
wantErr: true,
},
"empty nonce in query": {
request: fmt.Sprintf(
"?nonce=&userData=%s",
base64.URLEncoding.EncodeToString([]byte("userData")),
),
issuer: stubIssuer{attestation: []byte("quote")},
wantErr: true,
},
"invalid userData in query": {
request: fmt.Sprintf(
"?nonce=%s&userData=not-base-64",
base64.URLEncoding.EncodeToString([]byte("nonce")),
),
issuer: stubIssuer{attestation: []byte("quote")},
wantErr: true,
},
"no userData in query": {
request: fmt.Sprintf(
"?nonce=%s",
base64.URLEncoding.EncodeToString([]byte("nonce")),
),
issuer: stubIssuer{attestation: []byte("quote")},
wantErr: true,
},
"empty userData in query": {
request: fmt.Sprintf(
"?nonce=%s&userData=",
base64.URLEncoding.EncodeToString([]byte("nonce")),
),
request: "?nonce=",
issuer: stubIssuer{attestation: []byte("quote")},
wantErr: true,
},
"issuer fails": {
request: fmt.Sprintf(
"?nonce=%s&userData=%s",
base64.URLEncoding.EncodeToString([]byte("nonce")),
base64.URLEncoding.EncodeToString([]byte("userData")),
),
request: "?nonce=" + base64.URLEncoding.EncodeToString([]byte("nonce")),
issuer: stubIssuer{issueErr: errors.New("errors")},
wantErr: true,
},