diff --git a/attestation-agent/attestation-agent/src/config/kbs.rs b/attestation-agent/attestation-agent/src/config/kbs.rs index fd88bbac1..3b790c431 100644 --- a/attestation-agent/attestation-agent/src/config/kbs.rs +++ b/attestation-agent/attestation-agent/src/config/kbs.rs @@ -11,6 +11,9 @@ use super::aa_kbc_params; pub struct KbsConfig { /// URL Address of KBS. pub url: String, + + /// Cert of KBS + pub cert: Option, } impl Default for KbsConfig { @@ -19,6 +22,7 @@ impl Default for KbsConfig { aa_kbc_params::get_params().expect("No aa_kbc_params specified in kernel cmdline"); Self { url: aa_kbc_params.uri().into(), + cert: None, } } } diff --git a/attestation-agent/attestation-agent/src/token/kbs.rs b/attestation-agent/attestation-agent/src/token/kbs.rs index e61643aa4..eca0ea217 100644 --- a/attestation-agent/attestation-agent/src/token/kbs.rs +++ b/attestation-agent/attestation-agent/src/token/kbs.rs @@ -20,6 +20,7 @@ struct Message { #[derive(Default)] pub struct KbsTokenGetter { kbs_host_url: String, + cert: Option, } #[async_trait] @@ -27,9 +28,14 @@ impl GetToken for KbsTokenGetter { async fn get_token(&self) -> Result> { let evidence_provider = Box::new(NativeEvidenceProvider::new()?); - let mut client = - KbsClientBuilder::with_evidence_provider(evidence_provider, &self.kbs_host_url) - .build()?; + let mut builder = + KbsClientBuilder::with_evidence_provider(evidence_provider, &self.kbs_host_url); + + if let Some(cert) = &self.cert { + builder.add_kbs_cert(cert); + } + + let client = builder.build()?; let (token, tee_keypair) = client.get_token().await?; let message = Message { @@ -46,6 +52,7 @@ impl KbsTokenGetter { pub fn new(config: &KbsConfig) -> Self { Self { kbs_host_url: config.url.clone(), + cert: config.cert.clone(), } } }