Skip to content

Commit

Permalink
add explicit profile handling for platform
Browse files Browse the repository at this point in the history
Signed-off-by: Thomas Fossati <[email protected]>
  • Loading branch information
thomas-fossati committed Sep 10, 2024
1 parent f8d052d commit dc007e7
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 10 deletions.
32 changes: 27 additions & 5 deletions platform/claims.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
"github.com/veraison/psatoken"
)

const ProfileNameLegacy = "http://arm.com/CCA-SSD/1.0.0"
const LegacyProfileName = "http://arm.com/CCA-SSD/1.0.0"
const ProfileName = "tag:arm.com,2023:cca_platform#1.0.0"

// Profile is the psatoken.IProfile implementation for CCA claims. It is
Expand All @@ -27,6 +27,16 @@ func (o Profile) GetClaims() psatoken.IClaims {
return NewClaims()
}

type LegacyProfile struct{}

func (o LegacyProfile) GetName() string {
return LegacyProfileName
}

func (o LegacyProfile) GetClaims() psatoken.IClaims {
return NewLegacyClaims()
}

// Claims contains the CCA platform claims. It implements IClaims, which is an
// extension of psatoken.IClaims.
type Claims struct {
Expand All @@ -46,16 +56,24 @@ type Claims struct {

// NewClaims claims returns a new instance of Claims.
func NewClaims() IClaims {
return newClaims(ProfileName)
}

func NewLegacyClaims() IClaims {
return newClaims(LegacyProfileName)
}

func newClaims(profileName string) IClaims {
p := eat.Profile{}
if err := p.Set(ProfileName); err != nil {
if err := p.Set(profileName); err != nil {
// should never get here as using known good constant as input
panic(err)
}

return &Claims{
Profile: &p,
SwComponents: &psatoken.SwComponents[*psatoken.SwComponent]{},
CanonicalProfile: ProfileName,
CanonicalProfile: profileName,
}
}

Expand Down Expand Up @@ -213,12 +231,12 @@ func (c *Claims) GetProfile() (string, error) {
return "", err
}

if profileString != c.CanonicalProfile && profileString != ProfileNameLegacy {
if profileString != c.CanonicalProfile {
return "", fmt.Errorf("%w: expecting %q, got %q",
psatoken.ErrWrongProfile, c.CanonicalProfile, profileString)
}

return c.Profile.Get()
return profileString, nil
}

func (c *Claims) GetClientID() (int32, error) {
Expand Down Expand Up @@ -337,4 +355,8 @@ func init() {
if err := psatoken.RegisterProfile(Profile{}); err != nil {
panic(err)
}

if err := psatoken.RegisterProfile(LegacyProfile{}); err != nil {
panic(err)
}
}
2 changes: 1 addition & 1 deletion platform/claims_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,7 @@ func Test_DecodeJSONClaims_CcaPlatform(t *testing.T) {
assert.NoError(t, err)
actualProfile, err := c.GetProfile()
assert.NoError(t, err)
assert.Equal(t, ProfileNameLegacy, actualProfile)
assert.Equal(t, LegacyProfileName, actualProfile)
}

func Test_DecodeUnvalidatedJSONCCAClaims(t *testing.T) {
Expand Down
7 changes: 3 additions & 4 deletions platform/iclaims.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,12 @@ func DecodeAndValidateClaimsFromCBOR(buf []byte) (IClaims, error) {

// DecodeClaimsFromCBOR unmarshals CCA platform claims from provided CBOR buf.
func DecodeClaimsFromCBOR(buf []byte) (IClaims, error) {
cl := NewClaims()

if err := dm.Unmarshal(buf, cl); err != nil {
i, err := psatoken.DecodeClaimsFromCBOR(buf)
if err != nil {
return nil, err
}

return cl, nil
return i.(IClaims), nil
}

// DecodeAndValidateClaimsFromJSON unmarshals and validates CCA platform claims
Expand Down

0 comments on commit dc007e7

Please sign in to comment.