mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 15:13:56 +02:00
ed84a424db
Introduced a new `intel-dcap-api` crate for interacting with Intel's DCAP APIs. - Implemented various API client functionalities for SGX/TDX attestation services. - Added support for registration, certification, enclave identity, and FMSPC retrieval. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
75 lines
2.9 KiB
Rust
75 lines
2.9 KiB
Rust
// SPDX-License-Identifier: Apache-2.0
|
|
// Copyright (c) 2025 Matter Labs
|
|
|
|
use intel_dcap_api::{ApiClient, CaType, CrlEncoding, IntelApiError, PckCrlResponse};
|
|
use x509_cert::{
|
|
der::{oid::AssociatedOid, Decode, SliceReader},
|
|
ext::pkix::{
|
|
crl::dp::DistributionPoint,
|
|
name::{DistributionPointName, GeneralName},
|
|
CrlDistributionPoints,
|
|
},
|
|
};
|
|
|
|
#[tokio::main]
|
|
async fn main() -> Result<(), IntelApiError> {
|
|
let client = ApiClient::new()?;
|
|
|
|
let PckCrlResponse {
|
|
crl_data,
|
|
issuer_chain,
|
|
} = client
|
|
.get_pck_crl(CaType::Platform, Some(CrlEncoding::Der))
|
|
.await?;
|
|
|
|
let certs = x509_cert::certificate::CertificateInner::<
|
|
x509_cert::certificate::Rfc5280
|
|
>::load_pem_chain(issuer_chain.as_bytes()).map_err(
|
|
|_| IntelApiError::InvalidParameter("Could not load a PEM chain")
|
|
)?;
|
|
|
|
for cert in certs {
|
|
println!("Issuer: {}", cert.tbs_certificate.issuer);
|
|
println!("Subject: {}", cert.tbs_certificate.subject);
|
|
println!("Serial Number: {}", cert.tbs_certificate.serial_number);
|
|
println!("Not Before: {}", cert.tbs_certificate.validity.not_before);
|
|
println!("Not After: {}", cert.tbs_certificate.validity.not_after);
|
|
|
|
// Extract and print CRL distribution points
|
|
if let Some(extensions) = &cert.tbs_certificate.extensions {
|
|
for ext in extensions.iter() {
|
|
if ext.extn_id == CrlDistributionPoints::OID {
|
|
// Create a SliceReader from the byte slice
|
|
let mut reader = SliceReader::new(ext.extn_value.as_bytes()).map_err(|_| {
|
|
IntelApiError::InvalidParameter(
|
|
"Could not create reader from extension value",
|
|
)
|
|
})?;
|
|
|
|
// Now pass the reader to decode_value
|
|
if let Ok(dist_points) = Vec::<DistributionPoint>::decode(&mut reader) {
|
|
for point in dist_points {
|
|
if let Some(DistributionPointName::FullName(names)) =
|
|
point.distribution_point
|
|
{
|
|
for name in names {
|
|
if let GeneralName::UniformResourceIdentifier(uri) = name {
|
|
let uri = uri.as_str();
|
|
let crl_bytes = reqwest::get(uri).await?.bytes().await?;
|
|
println!("CRL bytes (hex): {}", hex::encode(&crl_bytes));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
println!("Could not decode CRL distribution points");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
println!("CRL bytes (hex): {}", hex::encode(&crl_data));
|
|
|
|
Ok(())
|
|
}
|