attestation: refactor certificate caching into separate package

The TDX validator will also require a mechanism to store certificates, and as we have such code already present for SNP, just use it for both.
edgelesssys · Aug 20, 2024 · d0de4f8 · d0de4f8
1 parent a88660e
commit d0de4f8
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 5 deletions.
diff --git a/cli/cmd/common.go b/cli/cmd/common.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/edgelesssys/contrast/cli/telemetry"
 	"github.com/edgelesssys/contrast/internal/atls"
+	"github.com/edgelesssys/contrast/internal/attestation/certcache"
 	"github.com/edgelesssys/contrast/internal/attestation/snp"
 	"github.com/edgelesssys/contrast/internal/fsstore"
 	"github.com/edgelesssys/contrast/internal/logger"
@@ -88,7 +89,7 @@ func validatorsFromManifest(m *manifest.Manifest, log *slog.Logger, hostData []b
 	}
 	log.Debug("Using KDS cache dir", "dir", kdsDir)
 	kdsCache := fsstore.New(kdsDir, log.WithGroup("kds-cache"))
-	kdsGetter := snp.NewCachedHTTPSGetter(kdsCache, snp.NeverGCTicker, log.WithGroup("kds-getter"))
+	kdsGetter := certcache.NewCachedHTTPSGetter(kdsCache, certcache.NeverGCTicker, log.WithGroup("kds-getter"))
 
 	opts, err := m.SNPValidateOpts(kdsGetter)
 	if err != nil {

diff --git a/coordinator/internal/authority/credentials.go b/coordinator/internal/authority/credentials.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"github.com/edgelesssys/contrast/internal/atls"
+	"github.com/edgelesssys/contrast/internal/attestation/certcache"
 	"github.com/edgelesssys/contrast/internal/attestation/snp"
 	"github.com/edgelesssys/contrast/internal/logger"
 	"github.com/edgelesssys/contrast/internal/manifest"
@@ -31,13 +32,13 @@ type Credentials struct {
 
 	logger                     *slog.Logger
 	attestationFailuresCounter prometheus.Counter
-	kdsGetter                  *snp.CachedHTTPSGetter
+	kdsGetter                  *certcache.CachedHTTPSGetter
 }
 
 // Credentials creates new transport credentials that validate peers according to the latest manifest.
 func (a *Authority) Credentials(reg *prometheus.Registry, issuer atls.Issuer) (*Credentials, func()) {
 	ticker := clock.RealClock{}.NewTicker(24 * time.Hour)
-	kdsGetter := snp.NewCachedHTTPSGetter(memstore.New[string, []byte](), ticker, logger.NewNamed(a.logger, "kds-getter"))
+	kdsGetter := certcache.NewCachedHTTPSGetter(memstore.New[string, []byte](), ticker, logger.NewNamed(a.logger, "kds-getter"))
 	attestationFailuresCounter := promauto.With(reg).NewCounter(prometheus.CounterOpts{
 		Subsystem: "contrast_meshapi",
 		Name:      "attestation_failures_total",

diff --git a/internal/attestation/snp/cached_client.go → ...al/attestation/certcache/cached_client.go b/internal/attestation/snp/cached_client.go → ...al/attestation/certcache/cached_client.go
@@ -1,7 +1,7 @@
 // Copyright 2024 Edgeless Systems GmbH
 // SPDX-License-Identifier: AGPL-3.0-only
 
-package snp
+package certcache
 
 import (
 	"log/slog"

diff --git a/...nal/attestation/snp/cached_client_test.go → ...testation/certcache/cached_client_test.go b/...nal/attestation/snp/cached_client_test.go → ...testation/certcache/cached_client_test.go
@@ -1,7 +1,7 @@
 // Copyright 2024 Edgeless Systems GmbH
 // SPDX-License-Identifier: AGPL-3.0-only
 
-package snp
+package certcache
 
 import (
 	"log/slog"