Categorygithub.com/arvind5/trustauthority-clientgo-connector
package
1.0.1
Repository: https://github.com/arvind5/trustauthority-client.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
17
Dependents
2
Files
588 SLOC

# README

Intel® Trust Authority Connector

Go module for communicating with Intel Trust Authority via REST APIs.

Download

Download the latest version of the module with the following command:

go get github.com/arvind5/trustauthority-client/go-connector

Go Requirement

Use go1.19 or newer. Follow https://go.dev/doc/install for installation of Go.

Unit Tests

To run the tests, run cd go-connector && go test ./...

See the example test in go-connector/token_test.go for an example of a test.

Usage

Create a new Connector instance, then use the exposed interfaces to access different parts of the Intel Trust Authority API.

import "github.com/arvind5/trustauthority-client/go-connector"

cfg := connector.Config{
        // Replace TRUSTAUTHORITY_URL with real Intel Trust Authority URL
        BaseUrl: "TRUSTAUTHORITY_URL",
        // Replace TRUSTAUTHORITY_API_URL with real Intel Trust Authority API URL
        ApiUrl: "TRUSTAUTHORITY_API_URL",
        // Provide TLS config
        TlsCfg: &tls.Config{},
        // Replace TRUSTAUTHORITY_API_KEY with real API key
        ApiKey: "TRUSTAUTHORITY_API_KEY",
        // Provide Retry config
        RClient: &connector.RetryConfig{},
}

retryCfg := connector.RetryConfig{
        // Minimum time to wait between retries, default is 2s
        RetryWaitMin:
        // Maximum time to wait between retries, default is 10s
        RetryWaitMax:
        // Maximum number of retries, default is 2
        RetryMax:
        // CheckRetry specifies the policy for handling retries, and is called
        // after each request. Default retries when http status code is one among 500, 503 and 504
        // and when there is client timeout or if a service is unavailable
        CheckRetry:
        // Backoff specifies the policy for how long to wait between retries, default is DefaultBackoff, which 
        // provides a default callback for Backoff which will perform exponential backoff based on the attempt
        // number and limited by the provided minimum and maximum durations.
        BackOff:
}

connector, err := connector.New(&cfg)
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To get Intel Trust Authority signed nonce

req := connector.GetNonceArgs{
    RequestId: reqId,
}
resp, err := connector.GetNonce(req)
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To get Intel Trust Authority signed token with Nonce and Evidence

req := connector.GetTokenArgs{
    Nonce:     nonce,
    Evidence:  evidence,
    PolicyIds: policyIds,
    RequestId: reqId,
}
resp, err := connector.GetToken(req)
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To verify Intel Trust Authority signed token

parsedToken, err := connector.VerifyToken(string(token))
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To download Intel Trust Authority token signing certificates

jwks, err := connector.GetTokenSigningCertificates()
if err != nil {
    fmt.Printf("Something bad happened: %s\n\n", err)
    return err
}

To attest TEE with Intel Trust Authority using TEE Adapter

To create adapter refer go-sgx or go-tdx:

req := connector.AttestArgs{
    Adapter:   adapter,
    PolicyIds: policyIds,
    RequestId: reqId,
}
resp, err := connector.Attest(req)
if err != nil {
    return err
}

License

This source is distributed under the BSD-style license found in the LICENSE file.

# Functions

New returns a new Connector instance.

# Constants

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Structs

AttestArgs holds the request parameters needed for attestation with Intel Trust Authority.
AttestationTokenResponse holds the token recieved from Intel Trust Authority.
AttestResponse holds the response parameters recieved during attestation flow.
Config holds the Intel Trust Authority configuration for Connector.
Evidence is used to store Quote to be sent for Attestation.
GetNonceArgs holds the request parameters needed for getting nonce from Intel Trust Authority.
GetNonceResponse holds the response parameters recieved from nonce endpoint.
GetTokenArgs holds the request parameters needed for getting token from Intel Trust Authority.
GetTokenResponse holds the response parameters recieved from attest endpoint.
RetryConfig holds the configuration for automatic retries to tolerate minor outages.
VerifierNonce holds the signed nonce issued from Intel Trust Authority.

# Interfaces

Connector is an interface which exposes methods for calling Intel Trust Authority REST APIs.
EvidenceAdapter is an interface which exposes methods for collecting Quote from Platform.