kbs: let the attestation-service to define token tee-pubkey path

Attestation service provided tokens carry tee-pubkey under a different claims structure. Piggyback the existing cargo features to let each AS implementation define their own search paths compile time. Signed-off-by: Mikko Ylinen <[email protected]>
confidential-containers · Jun 17, 2024 · b7cf5f3 · b7cf5f3
1 parent 432f3d7
commit b7cf5f3
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/kbs/src/api/src/attestation/mod.rs b/kbs/src/api/src/attestation/mod.rs
@@ -14,6 +14,11 @@ use intel_trust_authority::*;
 use kbs_types::{Challenge, Tee};
 use rand::{thread_rng, Rng};
 
+#[cfg(any(feature = "coco-as-builtin", feature = "coco-as-grpc"))]
+pub const AS_TOKEN_TEE_PUBKEY_PATH: &str = "/customized_claims/runtime_data/tee-pubkey";
+#[cfg(feature = "intel-trust-authority-as")]
+pub const AS_TOKEN_TEE_PUBKEY_PATH: &str = "/attester_runtime_data/tee-pubkey";
+
 #[cfg(feature = "coco-as")]
 #[allow(missing_docs)]
 pub mod coco;

diff --git a/kbs/src/api/src/http/mod.rs b/kbs/src/api/src/http/mod.rs
@@ -3,7 +3,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 #[cfg(feature = "as")]
-use crate::attestation::AttestationService;
+use crate::attestation::{AttestationService, AS_TOKEN_TEE_PUBKEY_PATH};
 use crate::auth::validate_auth;
 #[cfg(feature = "policy")]
 use crate::policy_engine::PolicyEngine;

diff --git a/kbs/src/api/src/http/resource.rs b/kbs/src/api/src/http/resource.rs
@@ -19,6 +19,9 @@ use crate::raise_error;
 
 use super::*;
 
+#[cfg(feature = "as")]
+const TOKEN_TEE_PUBKEY_PATH: &str = AS_TOKEN_TEE_PUBKEY_PATH;
+#[cfg(not(feature = "as"))]
 const TOKEN_TEE_PUBKEY_PATH: &str = "/customized_claims/runtime_data/tee-pubkey";
 
 #[allow(unused_assignments)]