Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Agent-Driven Attestation #103

Open
stringlytyped opened this issue Sep 18, 2023 · 0 comments
Open

Agent-Driven Attestation #103

stringlytyped opened this issue Sep 18, 2023 · 0 comments

Comments

@stringlytyped
Copy link
Contributor

stringlytyped commented Sep 18, 2023
edited
Loading

Enhancement Description

Enable an alternative operational model in which attestations are sent on an agent-driven basis instead of being requested by the verifier

Please to keep this description up to date.
stringlytyped added a commit to stringlytyped/keylime-enhancements that referenced this issue Sep 18, 2023
@stringlytyped
Add written proposal for enhancement keylime#103
0d821eb
@stringlytyped stringlytyped mentioned this issue Sep 18, 2023
Merged
stringlytyped added a commit to stringlytyped/keylime-enhancements that referenced this issue Sep 18, 2023
@stringlytyped
Add written proposal for enhancement keylime#103
b1791b8 
Signed-off-by: Jean Snyman <[email protected]>
This was referenced Sep 20, 2023
Closed
Closed
stringlytyped added a commit to stringlytyped/keylime-enhancements that referenced this issue Sep 20, 2023
@stringlytyped
Add written proposal for enhancement keylime#103
0d20ee9 
Signed-off-by: Jean Snyman <[email protected]>
stringlytyped added a commit to stringlytyped/keylime-enhancements that referenced this issue Sep 20, 2023
@stringlytyped
Add written proposal for enhancement keylime#103
0a7c78b 
Signed-off-by: Jean Snyman <[email protected]>
maugustosilva added a commit that referenced this issue Sep 21, 2023
@maugustosilva
Merge pull request #104 from stringlytyped/master
9578111 
Add written proposal for enhancement #103
@stringlytyped stringlytyped mentioned this issue Feb 1, 2024
Merged
stringlytyped added a commit to hse-aurora/keylime-oss that referenced this issue Jun 28, 2024
@stringlytyped
Introduce new REST API framework and refactor registrar implementation
901bf18 
This commit consolidates the work completed as part of pull request
keylime#1523 and contributes a new way of architecting REST APIs based loosely
on the model-view-controller (MVC) pattern. The class library in
`keylime.web.base` and `keylime.models.base` provides a number of
building blocks for structuring web service code in a consistent and
ordered fashion. These include:

- Routes: parameterised URI patterns for declaring API endpoints
- Servers: direct requests to a controller based on a list of routes
- Controllers: handle requests and produce an appropriate response
- Models: data structures which can be mutated, validated and persisted
  according to a set pattern

Additionally, this commit re-implements the registrar APIs in the new
paradigm. `keylime.registrar_common` is no longer invoked and is
effectively replaced by `keylime.web.registrar_server` and
`keylime.web.registrar.agents_controller`. The `registrarmain` database
table is now represented in memory using the `RegistrarAgent` model.
The model defines a schema for agent records and encapsulates the
functionality for mutating these records instead of overloading request
handlers with this responsibility. Certificate and key verification
checks are broken into several small methods each with a clear, minimal
purpose in an effort to ensure readability, traceability and
composability (even when the registrar is extended in the future).

The refactor of the registrar therefore acts as a good demonstration of
how the new web framework facilitates writing modular code with clear
separation of concerns. Future contributions to implement agent-driven
attestation (keylime/enhancements#103) will be done in a similar way.

Some minor features have been added or changed, e.g., request logging is
now more detailed and log messages try to be more helpful where
possible. The user now has the option of suppressing a portion of the
warnings generated when a certificate is not strictly ASN.1 DER
compliant, or even rejecting such certificates when received from an
agent. This partially fixes issue keylime#1559 (which will be further addressed
in subsequent PRs).

Other than that, this commit should be functionally equivalent to
earlier Keylime versions.

Squashes commits: 3b8119c, 796417d, a0d3cf7, 1b42ee2, c52b005, f5869aa,
3cd4c2a, 75facbd, e6ec507, 45a1362, 3c8f202, 30eb7dc, 2b9de05, b4a2df1,
1c2db6b, 705d9d4, e28baf6, 282071c, 2f7095d, f254a78, a249d28, 9fe4042,
b3eaa3e, ca3782a, 0ae1249, 9696a39, 33b7184, 7d8a4ee, 55eacb9, 2496836,
0d8a232, 4690017, ce9315a, 9c79359, 5055dc1, 9387a0b, 0db1fb8, 42fa62d,
89474ee, 7527175, fc1217e, de282c4, a28078f.
For context, refer to PR keylime#1523.

Signed-off-by: Jean Snyman <[email protected]>
maugustosilva pushed a commit to keylime/keylime that referenced this issue Jun 28, 2024
@stringlytyped @maugustosilva
Introduce new REST API framework and refactor registrar implementation
f88f2cc 
This commit consolidates the work completed as part of pull request
#1523 and contributes a new way of architecting REST APIs based loosely
on the model-view-controller (MVC) pattern. The class library in
`keylime.web.base` and `keylime.models.base` provides a number of
building blocks for structuring web service code in a consistent and
ordered fashion. These include:

- Routes: parameterised URI patterns for declaring API endpoints
- Servers: direct requests to a controller based on a list of routes
- Controllers: handle requests and produce an appropriate response
- Models: data structures which can be mutated, validated and persisted
  according to a set pattern

Additionally, this commit re-implements the registrar APIs in the new
paradigm. `keylime.registrar_common` is no longer invoked and is
effectively replaced by `keylime.web.registrar_server` and
`keylime.web.registrar.agents_controller`. The `registrarmain` database
table is now represented in memory using the `RegistrarAgent` model.
The model defines a schema for agent records and encapsulates the
functionality for mutating these records instead of overloading request
handlers with this responsibility. Certificate and key verification
checks are broken into several small methods each with a clear, minimal
purpose in an effort to ensure readability, traceability and
composability (even when the registrar is extended in the future).

The refactor of the registrar therefore acts as a good demonstration of
how the new web framework facilitates writing modular code with clear
separation of concerns. Future contributions to implement agent-driven
attestation (keylime/enhancements#103) will be done in a similar way.

Some minor features have been added or changed, e.g., request logging is
now more detailed and log messages try to be more helpful where
possible. The user now has the option of suppressing a portion of the
warnings generated when a certificate is not strictly ASN.1 DER
compliant, or even rejecting such certificates when received from an
agent. This partially fixes issue #1559 (which will be further addressed
in subsequent PRs).

Other than that, this commit should be functionally equivalent to
earlier Keylime versions.

Squashes commits: 3b8119c, 796417d, a0d3cf7, 1b42ee2, c52b005, f5869aa,
3cd4c2a, 75facbd, e6ec507, 45a1362, 3c8f202, 30eb7dc, 2b9de05, b4a2df1,
1c2db6b, 705d9d4, e28baf6, 282071c, 2f7095d, f254a78, a249d28, 9fe4042,
b3eaa3e, ca3782a, 0ae1249, 9696a39, 33b7184, 7d8a4ee, 55eacb9, 2496836,
0d8a232, 4690017, ce9315a, 9c79359, 5055dc1, 9387a0b, 0db1fb8, 42fa62d,
89474ee, 7527175, fc1217e, de282c4, a28078f.
For context, refer to PR #1523.

Signed-off-by: Jean Snyman <[email protected]>
@stringlytyped stringlytyped mentioned this issue Oct 24, 2024
Draft
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@stringlytyped