Merge pull request #62 from akakou/feature/release-before-check

Feature/release before check
akakou · May 12, 2024 · a331331 · a331331
2 parents 273498f + 7bb519f
commit a331331
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 14 deletions.
diff --git a/ta/acme.go b/ta/acme.go
@@ -2,18 +2,19 @@ package ta
 
 import (
 	"crypto"
-	"crypto/ecdsa"
-	"crypto/elliptic"
+	"crypto/rsa"
 	"crypto/rand"
 	"log"
 
-	"github.com/go-acme/lego/v4/certcrypto"
 	"github.com/go-acme/lego/v4/certificate"
 	"github.com/go-acme/lego/v4/challenge/tlsalpn01"
 	"github.com/go-acme/lego/v4/lego"
 	"github.com/go-acme/lego/v4/registration"
 )
 
+//var acmeURL = lego.LEDirectoryProduction
+var acmeURL = lego.LEDirectoryStaging
+
 type MyUser struct {
 	Email        string
 	Registration *registration.Resource
@@ -32,7 +33,7 @@ func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
 
 func IssueCertificate(key crypto.PrivateKey, domain, email string) *certificate.Resource {
 	// Create a user. New accounts need an email and private key to start.
-	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -45,8 +46,8 @@ func IssueCertificate(key crypto.PrivateKey, domain, email string) *certificate.
 	config := lego.NewConfig(&myUser)
 
 	// This CA URL is configured for a local dev instance of Boulder running in Docker in a VM.
-	config.CADirURL = lego.LEDirectoryStaging
-	config.Certificate.KeyType = certcrypto.RSA2048
+	config.CADirURL = acmeURL
+	// config.Certificate.KeyType = certcrypto.RSA2048
 
 	// A client facilitates communication with the CA server.
 	client, err := lego.NewClient(config)

diff --git a/ta/example/enclave.json b/ta/example/enclave.json
@@ -2,7 +2,7 @@
     "exe": "example",
     "key": "private.pem",
     "debug": true,
-    "heapSize": 512,
+    "heapSize": 2048,
     "executableHeap": false,
     "productID": 1,
     "securityVersion": 1,
@@ -40,4 +40,4 @@
             "target": "/etc/ssl/certs/ca-certificates.crt"
         }
     ]
-}
+}
diff --git a/ta/example/main.go b/ta/example/main.go
@@ -31,6 +31,8 @@ func main() {
 
 			fmt.Fprintf(w, "<script>location.href = '%v'</script>", config.TTP+REDIRECT_PATH)
 		}
+
+		fmt.Fprintln(w, "Hello from TA running on TEE :)")
 	}
 
 	tlsConfig, err := ta.TLSConfig()
@@ -47,3 +49,4 @@ func main() {
 	http.HandleFunc("/", handler)
 	server.ListenAndServeTLS("", "")
 }
+
diff --git a/ta/tls.go b/ta/tls.go
@@ -1,20 +1,50 @@
 package ta
 
 import (
+	"crypto/rsa"
 	"crypto/tls"
+	"encoding/pem"
+	"fmt"
 )
 
 const CERT_DIER_CACHE = "./tmp/ra-webs.cache"
 
+func parsePemCertiifcate(raw []byte, privateKey *rsa.PrivateKey) (*tls.Certificate, error) {
+	certs := make([][]byte, 0)
+
+	for block, rest := pem.Decode(raw); block != nil; block, rest = pem.Decode(rest) {
+		if block.Type != "CERTIFICATE" {
+			return nil, fmt.Errorf("unexpected block type %s", block.Type)
+		}
+
+		certs = append(certs, block.Bytes)
+	}
+
+	return &tls.Certificate{
+		Certificate: certs,
+		PrivateKey:  privateKey,
+	}, nil
+}
+
 func (ap *TA) TLSConfig() (*tls.Config, error) {
-	cert := IssueCertificate(ap.privateKey, ap.config.Domain, ap.config.Email)
+	res, err := ap.Register()
+	if err != nil {
+		return nil, err
+	}
+	fmt.Print(res)
+
+	resouce := IssueCertificate(ap.privateKey, ap.config.Domain, ap.config.Email)
+
+	cert, err := parsePemCertiifcate(resouce.Certificate, ap.privateKey)
+
+	if err != nil {
+		return nil, err
+	}
 
 	return &tls.Config{
-		GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
-			return &tls.Certificate{
-				Certificate: [][]byte{cert.Certificate},
-				PrivateKey:  ap.privateKey,
-			}, nil
+		Certificates: []tls.Certificate{
+			*cert,
 		},
 	}, nil
 }
+