(
app_key: &KeyPair,
disk_key: &KeyPair,
k256_key: &SigningKey,
ca_level: u8,
key_provider: KeyProvider,
)
| 403 | } |
| 404 | |
| 405 | fn make_app_keys( |
| 406 | app_key: &KeyPair, |
| 407 | disk_key: &KeyPair, |
| 408 | k256_key: &SigningKey, |
| 409 | ca_level: u8, |
| 410 | key_provider: KeyProvider, |
| 411 | ) -> Result<AppKeys> { |
| 412 | use ra_tls::cert::CertRequest; |
| 413 | let pubkey = app_key.public_key_der(); |
| 414 | let report_data = QuoteContentType::RaTlsCert.to_report_data(&pubkey); |
| 415 | let attestation = Attestation::quote(&report_data) |
| 416 | .context("Failed to get attestation")? |
| 417 | .into_versioned(); |
| 418 | let req = CertRequest::builder() |
| 419 | .subject("App Root Cert") |
| 420 | .attestation(&attestation) |
| 421 | .key(app_key) |
| 422 | .ca_level(ca_level) |
| 423 | .build(); |
| 424 | let cert = req |
| 425 | .self_signed() |
| 426 | .context("Failed to self-sign certificate")?; |
| 427 | |
| 428 | Ok(AppKeys { |
| 429 | disk_crypt_key: sha256(&disk_key.serialize_der()).to_vec(), |
| 430 | env_crypt_key: vec![], |
| 431 | k256_key: k256_key.to_bytes().to_vec(), |
| 432 | k256_signature: vec![], |
| 433 | gateway_app_id: "".to_string(), |
| 434 | ca_cert: cert.pem(), |
| 435 | key_provider, |
| 436 | }) |
| 437 | } |
| 438 | |
| 439 | async fn cmd_notify_host(args: HostNotifyArgs) -> Result<()> { |
| 440 | let client = HostApi::load_or_default(args.url)?; |
no test coverage detected