Add Store Interface handler

Fixes #138 Signed-off-by: Yogesh Deshpande <[email protected]>
veraison · Mar 14, 2024 · 6b18d7b · 6b18d7b
1 parent 8e55820
commit 6b18d7b
Show file tree

Hide file tree

Showing 75 changed files with 1,154 additions and 497 deletions.
diff --git a/auth/problem.go b/auth/problem.go
@@ -1,3 +1,5 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
 package auth
 
 import (

diff --git a/builtin/builtin_loader.go b/builtin/builtin_loader.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package builtin
 

diff --git a/builtin/builtin_manager.go b/builtin/builtin_manager.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package builtin
 

diff --git a/builtin/schemes.gen.go b/builtin/schemes.gen.go
@@ -12,9 +12,13 @@ import (
 var plugins = []plugin.IPluggable{
 	&scheme1.EvidenceHandler{},
 	&scheme1.EndorsementHandler{},
+	&scheme1.StoreHandler{},
 	&scheme2.EvidenceHandler{},
+	&scheme2.StoreHandler{},
 	&scheme3.EvidenceHandler{},
 	&scheme3.EndorsementHandler{},
+	&scheme3.StoreHandler{},
 	&scheme4.EvidenceHandler{},
 	&scheme4.EndorsementHandler{},
+	&scheme4.StoreHandler{},
 }
diff --git a/end-to-end/input/corim-src/build-endorsements.sh b/end-to-end/input/corim-src/build-endorsements.sh
@@ -1,4 +1,6 @@
 #!/bin/bash
+# Copyright 2024 Contributors to the Veraison project.
+# SPDX-License-Identifier: Apache-2.0
 set -e
 
 TEMP_DIR=/tmp/veraison-end-to-end

diff --git a/handler/README.md b/handler/README.md
@@ -1,6 +1,6 @@
-This package defines [`IEvidenceHandler`](ievidencehandler.go) and
-[`IEndorsementHandler`](iendorsementhandler.go) [pluggable](../plugin/README.md)
+This package defines [`IEvidenceHandler`](ievidencehandler.go), 
+[`IEndorsementHandler`](iendorsementhandler.go) and [`IStoreHandler`](istorehandler.go) [pluggable](../plugin/README.md)
 interfaces and associated RPC channels. These are used to add new attestation
 scheme to Veraison services. Additionally, the package defines a [couple
 of wrappers](plugin.go) around `plugin.RegisterImplementation` for registering
-implementations of these two interfaces.
+implementations of these three interfaces.
diff --git a/handler/endorsement.go b/handler/endorsement.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

diff --git a/handler/endorsement_rpc.go b/handler/endorsement_rpc.go
@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

diff --git a/handler/error.go b/handler/error.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

diff --git a/handler/error_test.go b/handler/error_test.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

diff --git a/handler/evidence_rpc.go b/handler/evidence_rpc.go
@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 
@@ -45,59 +45,6 @@ func (s *RPCServer) GetSupportedMediaTypes(args interface{}, resp *[]string) err
 	return nil
 }
 
-type SynthKeysArgs struct {
-	TenantID        string
-	EndorsementJSON []byte
-}
-
-func (s *RPCServer) SynthKeysFromRefValue(args SynthKeysArgs, resp *[]string) error {
-	var (
-		err    error
-		swComp Endorsement
-	)
-
-	err = json.Unmarshal(args.EndorsementJSON, &swComp)
-	if err != nil {
-		return fmt.Errorf("unmarshaling software component: %w", err)
-	}
-
-	*resp, err = s.Impl.SynthKeysFromRefValue(args.TenantID, &swComp)
-
-	return err
-}
-
-func (s *RPCServer) SynthKeysFromTrustAnchor(args SynthKeysArgs, resp *[]string) error {
-	var (
-		err error
-		ta  Endorsement
-	)
-
-	err = json.Unmarshal(args.EndorsementJSON, &ta)
-	if err != nil {
-		return fmt.Errorf("unmarshaling trust anchor: %w", err)
-	}
-
-	*resp, err = s.Impl.SynthKeysFromTrustAnchor(args.TenantID, &ta)
-
-	return err
-}
-
-func (s *RPCServer) GetTrustAnchorIDs(data []byte, resp *[]string) error {
-	var (
-		err   error
-		token proto.AttestationToken
-	)
-
-	err = json.Unmarshal(data, &token)
-	if err != nil {
-		return fmt.Errorf("unmarshaling attestation token: %w", err)
-	}
-
-	*resp, err = s.Impl.GetTrustAnchorIDs(&token)
-
-	return err
-}
-
 type ExtractClaimsArgs struct {
 	Token        []byte
 	TrustAnchors []string
@@ -216,73 +163,6 @@ func (s *RPCClient) GetSupportedMediaTypes() []string {
 	return resp
 }
 
-func (s *RPCClient) SynthKeysFromRefValue(tenantID string, swComp *Endorsement) ([]string, error) {
-	var (
-		err  error
-		resp []string
-		args SynthKeysArgs
-	)
-
-	args.TenantID = tenantID
-
-	args.EndorsementJSON, err = json.Marshal(swComp)
-	if err != nil {
-		return nil, fmt.Errorf("marshaling software component: %w", err)
-	}
-
-	err = s.client.Call("Plugin.SynthKeysFromRefValue", args, &resp)
-	if err != nil {
-		err = ParseError(err)
-		return nil, fmt.Errorf("Plugin.SynthKeysFromRefValue RPC call failed: %w", err) // nolint
-	}
-
-	return resp, nil
-}
-
-func (s *RPCClient) SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error) {
-	var (
-		err  error
-		resp []string
-		args SynthKeysArgs
-	)
-
-	args.TenantID = tenantID
-
-	args.EndorsementJSON, err = json.Marshal(ta)
-	if err != nil {
-		return nil, fmt.Errorf("marshaling trust anchor: %w", err)
-	}
-
-	err = s.client.Call("Plugin.SynthKeysFromTrustAnchor", args, &resp)
-	if err != nil {
-		err = ParseError(err)
-		return nil, fmt.Errorf("Plugin.SynthKeysFromTrustAnchor RPC call failed: %w", err) // nolint
-	}
-
-	return resp, nil
-}
-
-func (s *RPCClient) GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error) {
-	var (
-		err  error
-		data []byte
-		resp []string
-	)
-
-	data, err = json.Marshal(token)
-	if err != nil {
-		return []string{""}, fmt.Errorf("marshaling token: %w", err)
-	}
-
-	err = s.client.Call("Plugin.GetTrustAnchorIDs", data, &resp)
-	if err != nil {
-		err = ParseError(err)
-		return []string{""}, fmt.Errorf("Plugin.GetTrustAnchorIDs RPC call failed: %w", err) // nolint
-	}
-
-	return resp, nil
-}
-
 func (s *RPCClient) ExtractEvidence(token *proto.AttestationToken, trustAnchors []string) (*ExtractedClaims, error) {
 	var (
 		err       error

diff --git a/handler/idecoder_manager.go b/handler/idecoder_manager.go
@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

diff --git a/handler/iendorsementhandler.go b/handler/iendorsementhandler.go
@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 

diff --git a/handler/ievidencehandler.go b/handler/ievidencehandler.go
@@ -1,4 +1,4 @@
-// Copyright 2021-2023 Contributors to the Veraison project.
+// Copyright 2021-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 
@@ -10,15 +10,10 @@ import (
 
 // IEvidenceHandler defines the interface to functionality for working with
 // attestation scheme specific evidence tokens. This includes validating token
-// integrity, and extracting an appraising claims.
+// integrity, extracting and appraising claims.
 type IEvidenceHandler interface {
 	plugin.IPluggable
 
-	// GetTrustAnchorIDs returns an array of trust anchor identifiers used
-	// to retrieve the trust anchors associated with this token. The trust anchors may be necessary to validate the
-	// entire token and/or extract its claims (if it is encrypted).
-	GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)
-
 	// ExtractClaims parses the attestation token and returns claims
 	// extracted therefrom.
 	ExtractClaims(
@@ -48,20 +43,12 @@ type IEvidenceHandler interface {
 		endorsementsStrings []string,
 	) error
 
-	// AppraiseEvidence evaluates the specified  EvidenceContext against
+	// AppraiseEvidence evaluates the specified EvidenceContext against
 	// the specified endorsements, and returns an AttestationResult.
 	AppraiseEvidence(
 		ec *proto.EvidenceContext,
 		endorsements []string,
 	) (*ear.AttestationResult, error)
-
-	// SynthKeysFromRefValue synthesizes lookup key(s) for the
-	// provided reference value endorsement.
-	SynthKeysFromRefValue(tenantID string, refVal *Endorsement) ([]string, error)
-
-	// SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided
-	// trust anchor.
-	SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error)
 }
 
 // ExtractedClaims contains a map of claims extracted from an attestation

diff --git a/handler/istorehandler.go b/handler/istorehandler.go
@@ -0,0 +1,29 @@
+// Copyright 2024 Contributors to the Veraison project.
+// SPDX-License-Identifier: Apache-2.0
+package handler
+
+import (
+	"github.com/veraison/services/plugin"
+	"github.com/veraison/services/proto"
+)
+
+// IStoreHandler defines the interface to functionality for working with
+// attestation scheme specific store interfaces. This includes extracting
+// Trust Anchor IDs from attestation token, and synthesizing,
+// Reference Value and TrustAnchor Keys from supplied endorsements
+type IStoreHandler interface {
+	plugin.IPluggable
+
+	// GetTrustAnchorIDs returns an array of trust anchor identifiers used
+	// to retrieve the trust anchors associated with this token. The trust anchors may be necessary to validate the
+	// entire token and/or extract its claims (if it is encrypted).
+	GetTrustAnchorIDs(token *proto.AttestationToken) ([]string, error)
+
+	// SynthKeysFromRefValue synthesizes lookup key(s) for the
+	// provided reference value endorsement.
+	SynthKeysFromRefValue(tenantID string, refVal *Endorsement) ([]string, error)
+
+	// SynthKeysFromTrustAnchor synthesizes lookup key(s) for the provided
+	// trust anchor.
+	SynthKeysFromTrustAnchor(tenantID string, ta *Endorsement) ([]string, error)
+}
diff --git a/handler/plugin.go b/handler/plugin.go
@@ -1,4 +1,4 @@
-// Copyright 2022-2023 Contributors to the Veraison project.
+// Copyright 2022-2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler
 
@@ -19,3 +19,10 @@ func RegisterEvidenceHandler(i IEvidenceHandler) {
 		panic(err)
 	}
 }
+
+func RegisterStoreHandler(i IStoreHandler) {
+	err := plugin.RegisterImplementation("store-handler", i, StoreHandlerRPC)
+	if err != nil {
+		panic(err)
+	}
+}
diff --git a/handler/result.go b/handler/result.go
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2024 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package handler