-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathserver.go
163 lines (145 loc) · 4.8 KB
/
server.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
// Copyright 2025 Contributors to the Veraison project.
// SPDX-License-Identifier: Apache-2.0
package api
import (
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"github.com/moogar0880/problems"
"github.com/veraison/cmw"
"github.com/veraison/ratsd/plugin"
"github.com/veraison/ratsd/proto/compositor"
"go.uber.org/zap"
)
// Defines missing consts in the API Spec
const (
ApplicationvndVeraisonCharesJson string = "application/vnd.veraison.chares+json"
)
type Server struct {
logger *zap.SugaredLogger
manager plugin.IManager
}
func NewServer(logger *zap.SugaredLogger, manager plugin.IManager) *Server {
return &Server{
logger: logger,
manager: manager,
}
}
func (s *Server) reportProblem(w http.ResponseWriter, prob *problems.DefaultProblem) {
s.logger.Error(prob.Detail)
w.Header().Set("Content-Type", problems.ProblemMediaType)
w.WriteHeader(prob.ProblemStatus())
json.NewEncoder(w).Encode(prob)
}
func (s *Server) RatsdChares(w http.ResponseWriter, r *http.Request, param RatsdCharesParams) {
var requestData ChaResRequest
// Check if content type matches the expectation
ct := r.Header.Get("Content-Type")
if ct != ApplicationvndVeraisonCharesJson {
errMsg := fmt.Sprintf("wrong content type, expect %s (got %s)", ApplicationvndVeraisonCharesJson, ct)
p := &problems.DefaultProblem{
Type: string(TagGithubCom2024VeraisonratsdErrorInvalidrequest),
Title: string(InvalidRequest),
Detail: errMsg,
Status: http.StatusBadRequest,
}
s.reportProblem(w, p)
return
}
respCt := fmt.Sprintf(`application/eat-ucs+json; eat_profile=%q`, TagGithubCom2024Veraisonratsd)
if param.Accept != nil {
s.logger.Info("request media type: ", *(param.Accept))
if *(param.Accept) != respCt && *(param.Accept) != "*/*" {
errMsg := fmt.Sprintf(
"wrong accept type, expect %s (got %s)", respCt, *(param.Accept))
p := problems.NewDetailedProblem(http.StatusNotAcceptable, errMsg)
s.reportProblem(w, p)
return
}
}
payload, _ := io.ReadAll(r.Body)
err := json.Unmarshal(payload, &requestData)
if err != nil || len(requestData.Nonce) < 1 {
errMsg := "fail to retrieve nonce from the request"
p := &problems.DefaultProblem{
Type: string(TagGithubCom2024VeraisonratsdErrorInvalidrequest),
Title: string(InvalidRequest),
Detail: errMsg,
Status: http.StatusBadRequest,
}
s.reportProblem(w, p)
return
}
nonce, err := base64.RawURLEncoding.DecodeString(requestData.Nonce)
if err != nil {
errMsg := fmt.Sprintf("fail to decode nonce from the request: %s", err.Error())
p := &problems.DefaultProblem{
Type: string(TagGithubCom2024VeraisonratsdErrorInvalidrequest),
Title: string(InvalidRequest),
Detail: errMsg,
Status: http.StatusBadRequest,
}
s.reportProblem(w, p)
return
}
s.logger.Info("request nonce: ", requestData.Nonce)
s.logger.Info("request media type: ", *(param.Accept))
// Use a map until we finalize ratsd output format
eat := make(map[string]interface{})
collection := cmw.NewCollection("tag:github.com,2025:veraison/ratsd/cmw")
eat["eat_profile"] = TagGithubCom2024Veraisonratsd
eat["eat_nonce"] = requestData.Nonce
pl := s.manager.GetPluginList()
if len(pl) == 0 {
errMsg := "no sub-attester available"
p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
s.reportProblem(w, p)
return
}
for _, pn := range pl {
attester, err := s.manager.LookupByName(pn)
if err != nil {
errMsg := fmt.Sprintf(
"failed to get handle from %s: %s", pn, err.Error())
p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
s.reportProblem(w, p)
return
}
formatOut := attester.GetSupportedFormats()
if !formatOut.Status.Result || len(formatOut.Formats) == 0 {
errMsg := fmt.Sprintf("no supported formats from attester %s: %s ",
pn, formatOut.Status.Error)
p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
s.reportProblem(w, p)
continue
}
s.logger.Info("output content type: ", formatOut.Formats[0].ContentType)
in := &compositor.EvidenceIn{
ContentType: formatOut.Formats[0].ContentType,
Nonce: nonce,
}
out := attester.GetEvidence(in)
if !out.Status.Result {
errMsg := fmt.Sprintf(
"failed to get attestation report from %s: %s ", pn, out.Status.Error)
p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
s.reportProblem(w, p)
return
}
c := cmw.NewMonad(in.ContentType, out.Evidence)
collection.AddCollectionItem(pn, c)
}
serialized, err := collection.MarshalJSON()
if err != nil {
errMsg := fmt.Sprintf("failed to serialize CMW collection: %s", err.Error())
p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
s.reportProblem(w, p)
return
}
eat["cmw"] = serialized
w.Header().Set("Content-Type", respCt)
w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(eat)
}