Return meaningful EAT in chares

Endpoint chares now gathers the output of GetEvidence() from each
sub-attesters, combines them into a CMW collection, and wrap it as an
EAT in its response. If there are multiple supported format available
from a sub-attesters, ratsd core picks the first available format from
GetSupportedFormats()

Signed-off-by: Ian Chin Wang <[email protected]>

Author: cowbon

.github/workflows/ci.yml

@@ -33,6 +33,9 @@ jobs:
     - name: Install protoc-gen-go-grpc
       run: go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
 
+    - name: Install mockgen
+      run: go install github.com/golang/mock/[email protected]
+
     - name: Generate protobufs and ratsd server
       run: go generate ./...
 

api/mocks/imanager.go

@@ -3,12 +3,16 @@
 package api
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
 
 	"github.com/moogar0880/problems"
+	"github.com/veraison/cmw"
+	"github.com/veraison/ratsd/plugin"
+	"github.com/veraison/ratsd/proto/compositor"
 	"go.uber.org/zap"
 )
 
@@ -19,12 +23,14 @@ const (
 )
 
 type Server struct {
-	logger *zap.SugaredLogger
+	logger  *zap.SugaredLogger
+	manager plugin.IManager
 }
 
-func NewServer(logger *zap.SugaredLogger) *Server {
+func NewServer(logger *zap.SugaredLogger, manager plugin.IManager) *Server {
 	return &Server{
-		logger: logger,
+		logger:  logger,
+		manager: manager,
 	}
 }
 
@@ -90,8 +96,76 @@ func (s *Server) RatsdChares(w http.ResponseWriter, r *http.Request, param Ratsd
 		return
 	}
 
+	nonce, err := base64.RawURLEncoding.DecodeString(requestData.Nonce)
+	if err != nil {
+		errMsg := fmt.Sprintf("fail to decode nonce from the request: %s", err.Error())
+		p := &problems.DefaultProblem{
+			Type:   string(TagGithubCom2024VeraisonratsdErrorInvalidrequest),
+			Title:  string(InvalidRequest),
+			Detail: errMsg,
+			Status: http.StatusBadRequest,
+		}
+		s.reportProblem(w, p)
+		return
+	}
 	s.logger.Info("request nonce: ", requestData.Nonce)
+	s.logger.Info("request media type: ", *(param.Accept))
+
+	// Use a map until we finalize ratsd output format
+	eat := make(map[string]interface{})
+	collection := make(map[string]string)
+	eat["eat_profile"] = TagGithubCom2024Veraisonratsd
+	eat["eat_nonce"] = requestData.Nonce
+	eat["cmw"] = collection
+
+	for _, pn := range s.manager.GetPluginList() {
+		attester, err := s.manager.LookupByName(pn)
+		if err != nil {
+			errMsg := fmt.Sprintf(
+				"failed to get handle from %s: %s", pn, err.Error())
+			p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
+			s.reportProblem(w, p)
+			return
+		}
+
+		formatOut := attester.GetSupportedFormats()
+		if !formatOut.Status.Result || len(formatOut.Formats) == 0 {
+			errMsg := fmt.Sprintf("no supported formats from attester %s: %s ",
+				pn, formatOut.Status.Error)
+			s.logger.Info(errMsg)
+			continue
+		}
+
+		s.logger.Info("output content type: ", formatOut.Formats[0].ContentType)
+		in := &compositor.EvidenceIn{
+			ContentType: formatOut.Formats[0].ContentType,
+			Nonce:       nonce,
+		}
+
+		out := attester.GetEvidence(in)
+		if !out.Status.Result {
+			errMsg := fmt.Sprintf(
+				"failed to get attestation report from %s: %s ", pn, out.Status.Error)
+			p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
+			s.reportProblem(w, p)
+			return
+		}
+
+		c := &cmw.CMW{}
+		c.SetMediaType(in.ContentType)
+		c.SetValue(out.Evidence)
+		serialized, err := c.Serialize(cmw.JSONArray)
+		if err != nil {
+			errMsg := fmt.Sprintf(
+				"failed to serialize CMW for %s: %s ", pn, err.Error())
+			p := problems.NewDetailedProblem(http.StatusInternalServerError, errMsg)
+			s.reportProblem(w, p)
+			return
+		}
+		collection[pn] = string(serialized)
+	}
+
 	w.Header().Set("Content-Type", respCt)
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte("hello from ratsd!"))
+	json.NewEncoder(w).Encode(eat)
 }

api/mocks/ipluggable.go

@@ -10,13 +10,16 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/golang/mock/gomock"
 	"github.com/moogar0880/problems"
 	"github.com/stretchr/testify/assert"
+	mock_deps "github.com/veraison/ratsd/api/mocks"
 	"github.com/veraison/services/log"
 )
 
 const (
-	jsonType = "application/json"
+	jsonType   = "application/json"
+	validNonce = "TUlEQk5IMjhpaW9pc2pQeXh4eHh4eHh4eHh4eHh4eHg"
 )
 
 func TestRatsdChares_missing_auth_header(t *testing.T) {
@@ -129,25 +132,39 @@ func TestRatsdChares_missing_nonce(t *testing.T) {
 	assert.Equal(t, expectedBody, &body)
 }
 
-func TestRatsdChares_valid_request(t *testing.T) {
+func TestRatsdChares_valid_request_no_available_attester(t *testing.T) {
+	ctrl := gomock.NewController(t)
+	defer ctrl.Finish()
+
 	var params RatsdCharesParams
 
 	param := fmt.Sprintf(`application/eat+jwt; eat_profile=%q`, TagGithubCom2024Veraisonratsd)
 	params.Accept = &param
 	logger := log.Named("test")
-	s := &Server{logger: logger}
+
+	pluginList := []string{}
+	dm := mock_deps.NewMockIManager(ctrl)
+	dm.EXPECT().GetPluginList().Return(pluginList)
+
+	s := NewServer(logger, dm)
 	w := httptest.NewRecorder()
-	rb := strings.NewReader("{\"nonce\": \"MIDBNH28iioisjPy\"}")
+	rs := fmt.Sprintf("{\"nonce\": \"%s\"}", validNonce)
+	rb := strings.NewReader(rs)
 	r, _ := http.NewRequest(http.MethodPost, "/ratsd/chares", rb)
 	r.Header.Add("Authorization", ExpectedAuth)
 	r.Header.Add("Content-Type", ApplicationvndVeraisonCharesJson)
 	s.RatsdChares(w, r, params)
 
 	expectedCode := http.StatusOK
 	expectedType := param
-	expectedBody := "hello from ratsd!"
 
 	assert.Equal(t, expectedCode, w.Code)
 	assert.Equal(t, expectedType, w.Result().Header.Get("Content-Type"))
-	assert.Equal(t, expectedBody, w.Body.String())
+
+	var out map[string]interface{}
+	json.Unmarshal(w.Body.Bytes(), &out)
+	assert.Equal(t, string(TagGithubCom2024Veraisonratsd), out["eat_profile"])
+	assert.Equal(t, validNonce, out["eat_nonce"])
+	assert.Contains(t, out, "cmw")
+	assert.Empty(t, out["cmw"])
 }

api/server.go

@@ -72,7 +72,7 @@ func main() {
 
 	log.Info("Loaded sub-attesters:", pluginManager.GetPluginList())
 
-	svr := api.NewServer(log.Named("api"))
+	svr := api.NewServer(log.Named("api"), pluginManager)
 	r := http.NewServeMux()
 	h := api.HandlerFromMux(svr, r)
 

api/server_test.go

@@ -5,11 +5,13 @@ go 1.24.1
 require (
 	github.com/fxamacker/cbor/v2 v2.5.0
 	github.com/getkin/kin-openapi v0.128.0
+	github.com/golang/mock v1.6.0
 	github.com/google/go-configfs-tsm v0.3.2
 	github.com/hashicorp/go-plugin v1.4.4
 	github.com/moogar0880/problems v0.1.1
 	github.com/oapi-codegen/runtime v1.1.1
 	github.com/stretchr/testify v1.9.0
+	github.com/veraison/cmw v0.1.1
 	github.com/veraison/services v0.0.2501
 	go.uber.org/zap v1.23.0
 	google.golang.org/grpc v1.64.0