Skip to content

CLI tool for attested HTTP GET requests #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Nov 19, 2024
Merged

CLI tool for attested HTTP GET requests #25

merged 5 commits into from
Nov 19, 2024

Conversation

metachris
Copy link
Contributor

@metachris metachris commented Nov 15, 2024
edited
Loading

CLI tool for attested HTTP GET requests:

  1. Point to any aTLS server
  2. Send a HTTP GET request over an attested TLS connection
  3. Verify and show/save the measurements
  4. Show/save the response body

This tool does that!

$ go run cmd/attested-get/main.go --addr https:/redacted_instance_ip:7936 --out-measurements=measurements.json --out-response=response.txt
time=2024-11-15T22:56:33.806+01:00 level=INFO msg="Getting verified measurements from https://redacted_instance_ip:7936 ..." service=get-measurements version=dev
time=2024-11-15T22:56:33.969+01:00 level=INFO msg="Validating attestation document" service=get-measurements version=dev
time=2024-11-15T22:56:34.896+01:00 level=INFO msg="Successfully validated attestation document" service=get-measurements version=dev
time=2024-11-15T22:56:34.923+01:00 level=INFO msg="Variant: azure-tdx" service=get-measurements version=dev
time=2024-11-15T22:56:34.923+01:00 level=INFO msg="Measurements with 24 entries:" service=get-measurements version=dev
{
    "0": "2ade8023eeec241d83eff996830fd33b6b26811a79e8e809def01296337abced",
    "1": "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969",
    "10": "0000000000000000000000000000000000000000000000000000000000000000",
    "11": "3b1ca0c5457fd2a3c652ee845c1ed9e2afc731dafbe33038617cce673d7df390",
    "12": "0000000000000000000000000000000000000000000000000000000000000000",
    "13": "0000000000000000000000000000000000000000000000000000000000000000",
    "14": "0000000000000000000000000000000000000000000000000000000000000000",
    "15": "0000000000000000000000000000000000000000000000000000000000000000",
    "16": "0000000000000000000000000000000000000000000000000000000000000000",
    "17": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
    "18": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
    "19": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
    "2": "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969",
    "20": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
    "21": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
    "22": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
    "23": "0000000000000000000000000000000000000000000000000000000000000000",
    "3": "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969",
    "4": "1b8cd655f5ebdf50bedabfb5db6b896a0a7c56de54f318103a2de1e7cea57b6b",
    "5": "b67363afb7450151825263c6676e05b1f2f58a22f75e252a657ef6bf66083ad3",
    "6": "65d5c1b7049b69925610a8eb89747863945771429715929a3115fa4d4aae56fa",
    "7": "124daf47b4d67179a77dc3c1bcca198ae1ee1d094a2a879974842e44ab98bb06",
    "8": "0000000000000000000000000000000000000000000000000000000000000000",
    "9": "992465f922102234c196f596fdaba86ea16eaa4c264dc425ec26bc2d1c364472"
}
time=2024-11-15T22:56:34.924+01:00 level=INFO msg="Response body with 611 bytes:" service=get-measurements version=dev
-----BEGIN CERTIFICATE-----
MIIBljCCATygAwIBAgIRAL62YM81IiDBCPWo43n9u4UwCgYIKoZIzj0EAwIwDzEN
MAsGA1UEChMEQWNtZTAeFw0yNDExMTIxMzQwMDNaFw0yNTExMTIxMzQwMDNaMA8x
DTALBgNVBAoTBEFjbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR15QosCSNd
mlKyM2QMRInaQdvWxxdbS3Qi/Jx85o4a5J8wzY4Mg9iFFb8fEFSQm2DpCsf41Lkt
VJbI2RwQcg/Zo3kwdzAOBgNVHQ8BAf8EBAMCAoQwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUwioIkwd59j3zg1I/0QvOQB5O
l0MwIAYDVR0RBBkwF4IJbG9jYWxob3N0hwQ0rgRshwR/AAABMAoGCCqGSM49BAMC
A0gAMEUCIA7s3jJ7w5i5icdbNqVEbcIr05X689cwlevuToISaHpzAiEA/hZm7J2J
jWjzIJqk3XiqzX9+8ucvPJAsIHBwbdqIIls=
-----END CERTIFICATE-----

Note: not sure get-measurements is the best name for this tool (since it changed and evolved in scope a little). suggestions?

@metachris metachris force-pushed the get-measurements branch 2 times, most recently from c3273a1 to e982121 Compare November 15, 2024 22:03
@metachris metachris changed the title CLI tool to print verified measurements from an aTLS server CLI tool for attested HTTP GET requests Nov 15, 2024
@metachris metachris mentioned this pull request Nov 18, 2024
Merged
Base automatically changed from debuglog to main November 18, 2024 11:30
MoeMahhouk
MoeMahhouk reviewed Nov 18, 2024
View reviewed changes
@MoeMahhouk
Copy link
Member

Suggestion: the name of the tool is ok but if it also attests the fetched measurements before storing them, then you can also use the name, fetch-attested-measurements or get-attested-measurements, or pull-attested-measurements.

@metachris
Copy link
Contributor Author

good point on name. it does indeed attest the fetched measurements. the other key part is that it does a GET request to receive data over this attested channel.

another possible good name could be attested-get 🤔

Ruteri
Ruteri approved these changes Nov 19, 2024
View reviewed changes
@metachris metachris force-pushed the get-measurements branch 2 times, most recently from 356c8f6 to 1c36ebb Compare November 19, 2024 16:57
@metachris metachris merged commit 816dcde into main Nov 19, 2024
2 checks passed
@metachris metachris deleted the get-measurements branch November 19, 2024 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MoeMahhouk MoeMahhouk MoeMahhouk left review comments

@Ruteri Ruteri Ruteri approved these changes

@sukoneck sukoneck sukoneck approved these changes

@fnerdman fnerdman Awaiting requested review from fnerdman

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@metachris @MoeMahhouk @Ruteri @sukoneck