verifyDecryptedSecret performs the HTTP POST request to the `/secret` endpoint of the Attestation CA.
(ctx context.Context, secret []byte)
| 645 | // verifyDecryptedSecret performs the HTTP POST request to the `/secret` |
| 646 | // endpoint of the Attestation CA. |
| 647 | func (ac *attestationClient) verifyDecryptedSecret(ctx context.Context, secret []byte) (*secretResponse, error) { |
| 648 | sr := secretRequest{ |
| 649 | DecryptedSecret: secret, |
| 650 | } |
| 651 | |
| 652 | body, err := json.Marshal(sr) // #nosec G117 -- the decrypted secret is intentionally sent back to attestation CA (via HTTPS) |
| 653 | if err != nil { |
| 654 | return nil, fmt.Errorf("failed marshaling secret request: %w", err) |
| 655 | } |
| 656 | |
| 657 | secretURL := ac.baseURL.JoinPath("secret").String() |
| 658 | req, err := http.NewRequestWithContext(ctx, http.MethodPost, secretURL, bytes.NewReader(body)) |
| 659 | if err != nil { |
| 660 | return nil, fmt.Errorf("failed creating POST http request for %q: %w", secretURL, err) |
| 661 | } |
| 662 | |
| 663 | resp, err := ac.client.Do(req) // #nosec G704 -- request intentionally relies on user configuration |
| 664 | if err != nil { |
| 665 | return nil, fmt.Errorf("failed performing secret request with attestation CA %q: %w", secretURL, err) |
| 666 | } |
| 667 | defer resp.Body.Close() |
| 668 | |
| 669 | if resp.StatusCode >= 300 { |
| 670 | return nil, fmt.Errorf("POST %q failed with HTTP status %q", secretURL, resp.Status) |
| 671 | } |
| 672 | |
| 673 | var secretResp secretResponse |
| 674 | if err := json.NewDecoder(resp.Body).Decode(&secretResp); err != nil { |
| 675 | return nil, fmt.Errorf("failed decoding secret response: %w", err) |
| 676 | } |
| 677 | |
| 678 | return &secretResp, nil |
| 679 | } |
no test coverage detected