github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/support_infrastructure/domain_service/client.go

github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/support_infrastructure/domain_service/client.go (about)

     1  // Copyright (c) 2016, Google Inc. All rights reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //     http://www.apache.org/licenses/LICENSE-2.0
     7  // Unless required by applicable law or agreed to in writing, software
     8  // distributed under the License is distributed on an "AS IS" BASIS,
     9  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    10  // See the License for the specific language governing permissions and
    11  // limitations under the License.
    12  
    13  package domain_service
    14  
    15  // This provides the client stub for using the domain service.
    16  // This code is relatively dull, all it does is marshal/serialize the
    17  // domain service requests and responses.
    18  
    19  import (
    20  	"crypto/x509"
    21  	"crypto/x509/pkix"
    22  	"errors"
    23  	"log"
    24  	"net"
    25  
    26  	"github.com/golang/protobuf/proto"
    27  	"github.com/jlmucb/cloudproxy/go/tao"
    28  	"github.com/jlmucb/cloudproxy/go/util"
    29  )
    30  
    31  // This function packages a host attestation into a DomainServiceRequest of the type
    32  // DOMAIN_CERT_REQUEST, sends it to the domain service and deserializes the response
    33  // into an attestation that contains the domain program certificate.
    34  func RequestProgramCert(hostAtt *tao.Attestation, verifier *tao.Verifier,
    35  	network string, addr string) (*x509.Certificate, error) {
    36  	serAtt, err := proto.Marshal(hostAtt)
    37  	if err != nil {
    38  		return nil, err
    39  	}
    40  	reqType := DomainServiceRequest_DOMAIN_CERT_REQUEST
    41  	request := &DomainServiceRequest{
    42  		Type: &reqType,
    43  		SerializedHostAttestation: serAtt,
    44  		ProgramKey:                verifier.MarshalKey(),
    45  	}
    46  
    47  	conn, err := net.Dial(network, addr)
    48  	if err != nil {
    49  		return nil, err
    50  	}
    51  	ms := util.NewMessageStream(conn)
    52  	_, err = ms.WriteMessage(request)
    53  	if err != nil {
    54  		return nil, err
    55  	}
    56  	log.Printf("Sent Program cert request to Domain Service using network %s at address %s.",
    57  		network, addr)
    58  	var response DomainServiceResponse
    59  	err = ms.ReadMessage(&response)
    60  	if err != nil {
    61  		return nil, err
    62  	}
    63  	log.Println("Got response from Domain Service.")
    64  
    65  	if errStr := response.GetErrorMessage(); errStr != "" {
    66  		return nil, errors.New(errStr)
    67  	}
    68  	cert, err := x509.ParseCertificate(response.GetDerProgramCert())
    69  	if err != nil {
    70  		return nil, err
    71  	}
    72  	return cert, nil
    73  }
    74  
    75  // This function packages a certificate revoke request into a DomainServiceRequest of type
    76  // REVOKE_CERTIFICATE and sends it to the domain service. It expects att to be an attestation
    77  // signed by the domain policy key with a statement of the form:
    78  // policyKey says revoke certificateSerialNumber
    79  func RequestRevokeCertificate(att *tao.Attestation, network, addr string) error {
    80  	serAtt, err := proto.Marshal(att)
    81  	if err != nil {
    82  		return err
    83  	}
    84  	reqType := DomainServiceRequest_REVOKE_CERTIFICATE
    85  	request := &DomainServiceRequest{
    86  		Type: &reqType,
    87  		SerializedPolicyAttestation: serAtt}
    88  
    89  	conn, err := net.Dial(network, addr)
    90  	if err != nil {
    91  		return err
    92  	}
    93  	ms := util.NewMessageStream(conn)
    94  	_, err = ms.WriteMessage(request)
    95  	if err != nil {
    96  		return err
    97  	}
    98  	log.Printf("Sent cert revoke request to Domain Service using network %s at address %s.",
    99  		network, addr)
   100  
   101  	var response DomainServiceResponse
   102  	err = ms.ReadMessage(&response)
   103  	if err != nil {
   104  		return err
   105  	}
   106  	log.Println("Got response from Domain Service.")
   107  	if errStr := response.GetErrorMessage(); errStr != "" {
   108  		return errors.New(errStr)
   109  	}
   110  	return nil
   111  }
   112  
   113  // This function sends a DomainServiceRequest of the type GET_CRL to the domain service,
   114  // and deserializes the response into a pkix.CertificateList containing the revoked certificates.
   115  func RequestCrl(network, addr string) (*pkix.CertificateList, error) {
   116  	reqType := DomainServiceRequest_GET_CRL
   117  	request := &DomainServiceRequest{
   118  		Type: &reqType}
   119  
   120  	conn, err := net.Dial(network, addr)
   121  	if err != nil {
   122  		return nil, err
   123  	}
   124  	ms := util.NewMessageStream(conn)
   125  	_, err = ms.WriteMessage(request)
   126  	if err != nil {
   127  		return nil, err
   128  	}
   129  	log.Printf("Sent crl request to Domain Service using network %s at address %s.",
   130  		network, addr)
   131  	var response DomainServiceResponse
   132  	err = ms.ReadMessage(&response)
   133  	if err != nil {
   134  		return nil, err
   135  	}
   136  	log.Println("Got response from Domain Service.")
   137  	if errStr := response.GetErrorMessage(); errStr != "" {
   138  		return nil, errors.New(errStr)
   139  	}
   140  	parsedCrl, err := x509.ParseCRL(response.GetCrl())
   141  	return parsedCrl, err
   142  }