MCPcopy
hub / github.com/smallstep/cli / verifyDecryptedSecret

Method verifyDecryptedSecret

utils/cautils/tpm.go:647–679  ·  view source on GitHub ↗

verifyDecryptedSecret performs the HTTP POST request to the `/secret` endpoint of the Attestation CA.

(ctx context.Context, secret []byte)

Source from the content-addressed store, hash-verified

645// verifyDecryptedSecret performs the HTTP POST request to the `/secret`
646// endpoint of the Attestation CA.
647func (ac *attestationClient) verifyDecryptedSecret(ctx context.Context, secret []byte) (*secretResponse, error) {
648 sr := secretRequest{
649 DecryptedSecret: secret,
650 }
651
652 body, err := json.Marshal(sr) // #nosec G117 -- the decrypted secret is intentionally sent back to attestation CA (via HTTPS)
653 if err != nil {
654 return nil, fmt.Errorf("failed marshaling secret request: %w", err)
655 }
656
657 secretURL := ac.baseURL.JoinPath("secret").String()
658 req, err := http.NewRequestWithContext(ctx, http.MethodPost, secretURL, bytes.NewReader(body))
659 if err != nil {
660 return nil, fmt.Errorf("failed creating POST http request for %q: %w", secretURL, err)
661 }
662
663 resp, err := ac.client.Do(req) // #nosec G704 -- request intentionally relies on user configuration
664 if err != nil {
665 return nil, fmt.Errorf("failed performing secret request with attestation CA %q: %w", secretURL, err)
666 }
667 defer resp.Body.Close()
668
669 if resp.StatusCode >= 300 {
670 return nil, fmt.Errorf("POST %q failed with HTTP status %q", secretURL, resp.Status)
671 }
672
673 var secretResp secretResponse
674 if err := json.NewDecoder(resp.Body).Decode(&secretResp); err != nil {
675 return nil, fmt.Errorf("failed decoding secret response: %w", err)
676 }
677
678 return &secretResp, nil
679}

Callers 1

performAttestationMethod · 0.95

Calls 2

StringMethod · 0.65
CloseMethod · 0.45

Tested by

no test coverage detected