MCPcopy Create free account
hub / github.com/Dstack-TEE/dstack / cmd_gen_ca_cert

Function cmd_gen_ca_cert

dstack-util/src/main.rs:336–360  ·  view source on GitHub ↗
(args: GenCaCertArgs)

Source from the content-addressed store, hash-verified

334}
335
336fn cmd_gen_ca_cert(args: GenCaCertArgs) -> Result<()> {
337 use ra_tls::cert::CertRequest;
338 use ra_tls::rcgen::{KeyPair, PKCS_ECDSA_P256_SHA256};
339
340 let key = KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256)?;
341 let pubkey = key.public_key_der();
342 let report_data = QuoteContentType::KmsRootCa.to_report_data(&pubkey);
343 let attestation = Attestation::quote(&report_data)
344 .context("Failed to get attestation")?
345 .into_versioned();
346
347 let req = CertRequest::builder()
348 .subject("App Root CA")
349 .attestation(&attestation)
350 .key(&key)
351 .ca_level(args.ca_level)
352 .build();
353
354 let cert = req
355 .self_signed()
356 .context("Failed to self-sign certificate")?;
357 fs::write(&args.cert, cert.pem()).context("Failed to write certificate")?;
358 fs::write(&args.key, key.serialize_pem()).context("Failed to write private key")?;
359 Ok(())
360}
361
362fn cmd_gen_app_keys(args: GenAppKeysArgs) -> Result<()> {
363 use ra_tls::rcgen::{KeyPair, PKCS_ECDSA_P256_SHA256};

Callers 1

mainFunction · 0.85

Calls 4

to_report_dataMethod · 0.80
into_versionedMethod · 0.80
self_signedMethod · 0.80
buildMethod · 0.45

Tested by

no test coverage detected