mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
a5021c52d3
* add ASK caching in joinservice Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use cached ASK in Azure SEV-SNP attestation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update test charts Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typ Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make caching mechanism less provider-specific Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add `omitempty` flag Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * frontload certificate getter Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * rename frontloaded function Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pass cached certificates to constructor Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix race condition Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix marshalling of empty certs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validator usage Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [wip] add certcache tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add certcache tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix validator test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unused fields in validator Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix certificate precedence Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use separate context Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * linter fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Remove unnecessary comment Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * use background context Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Use error format directive Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * `azure` -> `Azure` Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * improve error messages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add x509 -> PEM util function Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use crypto util functions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix certificate replacement logic Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only require ASK from certcache Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix comment typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
72 lines
2.5 KiB
Go
72 lines
2.5 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package choose
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/edgelesssys/constellation/v2/internal/atls"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/aws/nitrotpm"
|
|
awssnp "github.com/edgelesssys/constellation/v2/internal/attestation/aws/snp"
|
|
azuresnp "github.com/edgelesssys/constellation/v2/internal/attestation/azure/snp"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/azure/trustedlaunch"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/gcp"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/qemu"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/tdx"
|
|
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
|
|
"github.com/edgelesssys/constellation/v2/internal/config"
|
|
)
|
|
|
|
// Issuer returns the issuer for the given variant.
|
|
func Issuer(attestationVariant variant.Variant, log attestation.Logger) (atls.Issuer, error) {
|
|
switch attestationVariant {
|
|
case variant.AWSSEVSNP{}:
|
|
return awssnp.NewIssuer(log), nil
|
|
case variant.AWSNitroTPM{}:
|
|
return nitrotpm.NewIssuer(log), nil
|
|
case variant.AzureTrustedLaunch{}:
|
|
return trustedlaunch.NewIssuer(log), nil
|
|
case variant.AzureSEVSNP{}:
|
|
return azuresnp.NewIssuer(log), nil
|
|
case variant.GCPSEVES{}:
|
|
return gcp.NewIssuer(log), nil
|
|
case variant.QEMUVTPM{}:
|
|
return qemu.NewIssuer(log), nil
|
|
case variant.QEMUTDX{}:
|
|
return tdx.NewIssuer(log), nil
|
|
case variant.Dummy{}:
|
|
return atls.NewFakeIssuer(variant.Dummy{}), nil
|
|
default:
|
|
return nil, fmt.Errorf("unknown attestation variant: %s", attestationVariant)
|
|
}
|
|
}
|
|
|
|
// Validator returns the validator for the given variant.
|
|
func Validator(cfg config.AttestationCfg, log attestation.Logger) (atls.Validator, error) {
|
|
switch cfg := cfg.(type) {
|
|
case *config.AWSSEVSNP:
|
|
return awssnp.NewValidator(cfg, log), nil
|
|
case *config.AWSNitroTPM:
|
|
return nitrotpm.NewValidator(cfg, log), nil
|
|
case *config.AzureTrustedLaunch:
|
|
return trustedlaunch.NewValidator(cfg, log), nil
|
|
case *config.AzureSEVSNP:
|
|
return azuresnp.NewValidator(cfg, log), nil
|
|
case *config.GCPSEVES:
|
|
return gcp.NewValidator(cfg, log), nil
|
|
case *config.QEMUVTPM:
|
|
return qemu.NewValidator(cfg, log), nil
|
|
case *config.QEMUTDX:
|
|
return tdx.NewValidator(cfg, log), nil
|
|
case *config.DummyCfg:
|
|
return atls.NewFakeValidator(variant.Dummy{}), nil
|
|
default:
|
|
return nil, fmt.Errorf("unknown attestation variant: %s", cfg.GetVariant())
|
|
}
|
|
}
|