Skip to content

Commit

Permalink
add log replay in fake cloud logging server
Browse files Browse the repository at this point in the history
  • Loading branch information
Ruide committed Mar 13, 2024
1 parent b658847 commit 3e511b8
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 6 deletions.
13 changes: 7 additions & 6 deletions cmd/fake_attestation_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,14 @@ import (
"net/http"
"net/http/httptest"
"os"
"time"

"github.com/golang-jwt/jwt/v4"
"golang.org/x/net/http2"
)

const fakeAsHostEnv = "GOOGLE_APPLICATION_CREDENTIALS"
const fakeChallengeUUID = "947b4f7b-e6d4-4cfe-971c-39ffe00268ba"
const fakeTpmNonce = "R29vZ0F0dGVzdFYxeGtJUGlRejFPOFRfTzg4QTRjdjRpQQ=="

// attestationServer provides fake implementation for the GCE attestation server.
type attestationServer struct {
Expand All @@ -38,23 +39,23 @@ func newMockAttestationServer() (*attestationServer, error) {
}
challengePath := locationPath + "-1/challenges"
if r.URL.Path == challengePath {
challenge := "{\n \"name\": \"projects/test-project/locations/us-central-1/challenges/947b4f7b-e6d4-4cfe-971c-39ffe00268ba\",\n \"createTime\": \"2023-09-21T01:04:48.230111757Z\",\n \"expireTime\": \"2023-09-21T02:04:48.230111757Z\",\n \"tpmNonce\": \"R29vZ0F0dGVzdFYxeGtJUGlRejFPOFRfTzg4QTRjdjRpQQ==\"\n}\n"
challenge := "{\n \"name\": \"projects/test-project/locations/us-central-1/challenges/947b4f7b-e6d4-4cfe-971c-39ffe00268ba\",\n \"createTime\": \"2023-09-21T01:04:48.230111757Z\",\n \"expireTime\": \"2023-09-21T02:04:48.230111757Z\",\n \"tpmNonce\": \"" + fakeTpmNonce + "\"\n}\n"
w.Write([]byte(challenge))
}
challengeNonce := "/947b4f7b-e6d4-4cfe-971c-39ffe00268ba"
verifyAttestationPath := challengePath + challengeNonce + ":verifyAttestation"
if r.URL.Path == verifyAttestationPath {
payload := &fakeOidcTokenPayload{
Audience: "test",
IssuedAt: time.Now().Unix(),
ExpiredAt: time.Now().Add(time.Minute).Unix(),
IssuedAt: 1709752525,
ExpiredAt: 1919752525,
}
jwtTokenUnsigned := jwt.NewWithClaims(jwt.SigningMethodHS256, payload)
jwtToken, err := jwtTokenUnsigned.SignedString([]byte("kcxjxnalpraetgccnnwhpnfwocxscaih"))
fakeJwtToken, err := jwtTokenUnsigned.SignedString([]byte("kcxjxnalpraetgccnnwhpnfwocxscaih"))
if err != nil {
fmt.Print("error creating test OIDC token")
}
w.Write([]byte("{\n \"oidcClaimsToken\": \"" + jwtToken + "\"\n}\n"))
w.Write([]byte("{\n \"oidcClaimsToken\": \"" + fakeJwtToken + "\"\n}\n"))
}
})
httpServer := httptest.NewUnstartedServer(handler)
Expand Down
23 changes: 23 additions & 0 deletions cmd/fake_cloudlogging_server.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"fmt"
"log"
"net"
"reflect"
"regexp"
"strconv"
"strings"
Expand Down Expand Up @@ -120,6 +121,28 @@ func (h *loggingHandler) WriteLogEntries(_ context.Context, req *logpb.WriteLogE
// Store by log name.
h.logs[e.LogName] = append(h.logs[e.LogName], e)
}

var logEntryPayload []map[string]interface{}
logEntryPayload = append(logEntryPayload, map[string]interface{}{"aud": "test", "iat": float64(1709752525), "exp": float64(1919752525)})
logEntryPayload = append(logEntryPayload, map[string]interface{}{"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0IiwiaWF0IjoxNzA5NzUyNTI1LCJleHAiOjE5MTk3NTI1MjV9.EBLA2zX3c-Fu0l--J9Gey6LIXMO1TFRCoe3bzuPGc1k"})
logEntryPayload = append(logEntryPayload, map[string]interface{}{"Name": "projects/test-project/locations/us-central-1/challenges/" + fakeChallengeUUID, "Nonce": fakeTpmNonce, "ConnID": ""})
attestationMapFields := []string{"TeeAttestation", "ak_pub", "quotes", "event_log", "ak_cert"}
for _, entry := range h.logs["projects/"+TestProjectID+"/logs/"+toolName] {
payload := entry.GetJsonPayload().AsMap()
foundMatch := false
for _, m := range logEntryPayload {
if reflect.DeepEqual(m, payload) {
foundMatch = true
}
}
if !foundMatch {
for _, field := range attestationMapFields {
if _, keyFound := payload[field]; !keyFound {
return nil, fmt.Errorf("wrong log: %q", entry.GetJsonPayload().String())
}
}
}
}
return &logpb.WriteLogEntriesResponse{}, nil
}

Expand Down

0 comments on commit 3e511b8

Please sign in to comment.