From 7997f00467fc0e2617b49a89d3325ea90f34e2cf Mon Sep 17 00:00:00 2001
From: Nate Sales <nate@natesales.net>
Date: Mon, 20 Jan 2025 21:36:27 -0500
Subject: [PATCH] chore: cleanup

---
 README.md              |  9 -----
 cmd/httpclient/main.go | 38 ------------------
 cmd/manual/main.go     | 87 ------------------------------------------
 docs/manual.md         | 34 -----------------
 4 files changed, 168 deletions(-)
 delete mode 100644 cmd/httpclient/main.go
 delete mode 100644 cmd/manual/main.go
 delete mode 100644 docs/manual.md

diff --git a/README.md b/README.md
index 49e30d9..ac0f7c8 100644
--- a/README.md
+++ b/README.md
@@ -3,12 +3,3 @@
 Tinfoil's client-side portable remote attestation verifier.
 
 [![Build Status](https://github.com/tinfoilanalytics/verifier/workflows/Run%20tests/badge.svg)](https://github.com/tinfoilanalytics/verifier/actions)
-[![License](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-
-## CLI
-
-```bash
-go run cmd/manual/main.go \
-  -e inference-enclave.tinfoil.sh \
-  -r tinfoilanalytics/nitro-enclave-build-demo
-```
diff --git a/cmd/httpclient/main.go b/cmd/httpclient/main.go
deleted file mode 100644
index c58921d..0000000
--- a/cmd/httpclient/main.go
+++ /dev/null
@@ -1,38 +0,0 @@
-package main
-
-import (
-	"log"
-
-	"github.com/tinfoilanalytics/verifier/pkg/client"
-)
-
-func main() {
-	client := client.NewSecureClient(
-		"inference-enclave.tinfoil.sh",
-		"tinfoilanalytics/nitro-enclave-build-demo",
-	)
-
-	vs, err := client.Verify()
-	if err != nil {
-		log.Fatal(err)
-	}
-	log.Printf("Cert fingerprint: %x\n", vs.CertFingerprint)
-	log.Printf("EIF hash: %s\n", vs.EIFHash)
-
-	log.Println("Sending prompt to enclave...")
-	resp, err := client.Post(
-		"https://inference-enclave.tinfoil.sh/api/chat",
-		map[string]string{"Content-Type": "application/json"},
-		[]byte(`{
-	"model": "llama3.2:1b",
-	"stream": false,
-	"messages": [
-		{"role": "user","content": "What is 1+1?"}
-	]
-}`))
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	log.Println(string(resp.Body))
-}
diff --git a/cmd/manual/main.go b/cmd/manual/main.go
deleted file mode 100644
index 1cbc75b..0000000
--- a/cmd/manual/main.go
+++ /dev/null
@@ -1,87 +0,0 @@
-package main
-
-import (
-	"bytes"
-	_ "embed"
-	"flag"
-	"log"
-
-	"github.com/tinfoilanalytics/verifier/pkg/attestation"
-	"github.com/tinfoilanalytics/verifier/pkg/github"
-	"github.com/tinfoilanalytics/verifier/pkg/sigstore"
-)
-
-var (
-	enclaveHost = flag.String("e", "inference-enclave.tinfoil.sh", "Enclave hostname")
-	repo        = flag.String("r", "tinfoilanalytics/nitro-enclave-build-demo", "Source repo (e.g. tinfoilanalytics/nitro-private-inference-image)")
-)
-
-func main() {
-	flag.Parse()
-
-	if *repo == "" || *enclaveHost == "" {
-		log.Fatal("Missing required arguments")
-	}
-
-	var codeMeasurements, enclaveMeasurements *attestation.Measurement
-
-	log.Printf("Fetching latest release for %s", *repo)
-	latestTag, eifHash, err := github.FetchLatestRelease(*repo)
-	if err != nil {
-		log.Fatalf("Failed to fetch latest release: %v", err)
-	}
-
-	log.Printf("Fetching sigstore bundle from %s for latest version %s EIF %s", latestTag, *repo, eifHash)
-	bundleBytes, err := github.FetchAttestationBundle(*repo, eifHash)
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	sigstoreRootBytes, err := sigstore.FetchTrustRoot()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	log.Println("Verifying code measurements")
-	codeMeasurements, err = sigstore.VerifyMeasurementAttestation(
-		sigstoreRootBytes,
-		bundleBytes,
-		eifHash,
-		*repo,
-	)
-	if err != nil {
-		log.Fatalf("Failed to verify source measurements: %v", err)
-	}
-
-	log.Printf("Fetching attestation doc from %s", *enclaveHost)
-	remoteAttestation, enclaveCertFP, err := attestation.Fetch(*enclaveHost)
-	if err != nil {
-		log.Fatal(err)
-	}
-	log.Printf("Enclave TLS public key fingerprint: %x", enclaveCertFP)
-
-	log.Println("Verifying enclave measurements")
-	var attestedCertFP []byte
-	enclaveMeasurements, attestedCertFP, err = remoteAttestation.Verify()
-	if err != nil {
-		log.Fatalf("Failed to parse enclave attestation doc: %v", err)
-	}
-
-	log.Printf("TLS certificate fingerprint: %x", attestedCertFP)
-
-	if !bytes.Equal(enclaveCertFP, attestedCertFP) {
-		log.Fatalf("Certificate fingerprint mismatch")
-	} else {
-		log.Println("Certificate fingerprint match")
-	}
-
-	if codeMeasurements != nil && enclaveMeasurements != nil {
-		if err := codeMeasurements.Equals(enclaveMeasurements); err != nil {
-			log.Printf("PCR register mismatch. Verification failed: %v", err)
-			log.Printf("Code: %s", codeMeasurements.Fingerprint())
-			log.Printf("Enclave: %s", enclaveMeasurements.Fingerprint())
-		} else {
-			log.Println("Verification successful, measurements match")
-		}
-	}
-}
diff --git a/docs/manual.md b/docs/manual.md
deleted file mode 100644
index aa34101..0000000
--- a/docs/manual.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# Source Code Attestation Verification
-
-### 1. Download enclave image
-
-```bash
-export REPO=tinfoilanalytics/nitro-enclave-build-demo
-oras pull "ghcr.io/$REPO:v0.0.12"
-```
-
-### 2. Verify Attestation
-
-#### 2.1. Download Attestation Document
-
-```bash
-DIGEST="sha256:$(sha256sum enclave.eif | cut -d ' ' -f 1)"
-curl -sL "https://api.github.com/repos/$REPO/attestations/$DIGEST" | jq -r ".attestations[0].bundle" > attestation.jsonl
-```
-
-#### 2.2. Verify Attestation with [cosign](https://github.com/sigstore/cosign)
-
-```bash
-cosign verify-blob-attestation \
-  --new-bundle-format \
-  --bundle attestation.jsonl \
-  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
-  --certificate-identity-regexp="^https://github.com/$REPO/.github/workflows/release.yml.?" \
-  enclave.eif
-```
-
-### 3. Extract PCR measurement predicate
-
-```bash
-jq -r ".dsseEnvelope.payload" attestation.jsonl | base64 -d | jq -r ".predicate"
-```