Conversation
ameba23
left a comment
ameba23
left a comment
There was a problem hiding this comment.
🥇 Great to have these fixes.
Re: passing in keypair - i would lean towards having its as an Option and generating if not given. But don't feel too strongly.
Re: blocking API for attestation generation - i agree this makes sense as things are right now. But as mentioned here i would consider actually switching to async quote generation via configfs-tsm. Happy to merge this as-is and have that discussion later.
0x416e746f6e
force-pushed
the
anton/misc-updates-and-improvements
branch
2 times, most recently
from
56281b9 to
530838f
Compare
0x416e746f6e
force-pushed
the
anton/misc-updates-and-improvements
branch
from
530838f to
56281b9
Compare
0x416e746f6e
force-pushed
the
anton/misc-updates-and-improvements
branch
2 times, most recently
from
12ad663 to
8799225
Compare
implemented builder patterns for cert resolver and verifier. using predefined key-pair is now optional (as well as bunch of other things) |
0x416e746f6e
force-pushed
the
anton/misc-updates-and-improvements
branch
4 times, most recently
from
eb6bc81 to
65b85eb
Compare
(if in the future we add a new attestation type, the catch-all case will backfire)
0x416e746f6e
force-pushed
the
anton/misc-updates-and-improvements
branch
2 times, most recently
from
d49510d to
ccf73a0
Compare
0x416e746f6e
force-pushed
the
anton/misc-updates-and-improvements
branch
from
ccf73a0 to
b513778
Compare
0x416e746f6e
changed the title
… anton/misc-updates-and-improvements
ameba23
left a comment
ameba23
left a comment
There was a problem hiding this comment.
💯 Great improvements.
The builder pattern especially is a big improvement.
We should document that if calling attestation generation from a tokio runtime users of the library should use spawn_blocking. But since that was already the case i consider it not directly relevant to this PR.
| let response = reqwest::get(url) | ||
| .await | ||
| let mut response = ureq::get(&url) | ||
| .timeout(Duration::from_millis(1000)) |
There was a problem hiding this comment.
Maybe put the duration in a constant at the top of the file
| /// Underlying verifier when used with a private CA rather than | ||
| /// self-signed | ||
| server_inner: Option<Arc<WebPkiServerVerifier>>, | ||
| server_verifier: Arc<WebPkiServerVerifier>, |
There was a problem hiding this comment.
+1 for better naming these fields
| /// Report data of pre-trusted certificates with cache expiry time | ||
| trusted_certificates: Arc<RwLock<HashMap<[u8; 64], UnixTime>>>, | ||
| trusted_certs: Arc<RwLock<HashMap<[u8; 64], UnixTime>>>, | ||
| /// Hashes of public keys allowed for self-signed certificates |
There was a problem hiding this comment.
Should we mention which that this is sha512 and what exactly is hashed? Does calling cert.public_key().raw give us der-encoded public key?
| }) | ||
| }) | ||
| })?; | ||
| self.attestation_verifier |
| @@ -862,15 +1041,15 @@ mod tests { | |||
| #[tokio::test(flavor = "multi_thread")] | |||
There was a problem hiding this comment.
Maybe not directly relevant to this PR but i think that since now we stopped using tokio's block_in_place, we no longer need the multi_thread flavor for tests.
| }; | ||
|
|
||
| if !response.status().is_success() { | ||
| if !resp.status() != 200 { |
There was a problem hiding this comment.
Can you check this line. I think that the first ! is left over from when we used reqwest, and actually the could be doing a bit-wise ! on resp.status() here which is not what we want
| let server_verifier = WebPkiServerVerifier::builder_with_provider( | ||
| self.root_cert_store.clone().unwrap_or_else(|| { | ||
| let mut root_certs = rustls::RootCertStore::empty(); | ||
| root_certs.extend(webpki_roots::TLS_SERVER_ROOTS.to_owned()); |
There was a problem hiding this comment.
I think this is a slight behavior change - the default path is to use public webpki roots as well as self-signed, whereas before it was only self-signed.
I don't think this is bad, but maybe worth mentioning in a doccomment somewhere.
2 participants
this PR:
detect()functions (that auto-determine platform) andAttestedCertificateResolver::new()non-async so that they could be used outside tokioverify_attestation_sync()in the context of blockingverify_attestation_binding()primary_nametosubjectin the context of TLS cert related functionsrcgento avoid version collisions when the downstream needs to accessrcgen