// This function packages a host attestation into a DomainServiceRequest of the type
// DOMAIN_CERT_REQUEST, sends it to the domain service and deserializes the response
// into an attestation that contains the domain program certificate.
func RequestProgramCert(hostAtt *tao.Attestation, verifier *tao.Verifier,
network string, addr string) (*x509.Certificate, error) {
serAtt, err := proto.Marshal(hostAtt)
if err != nil {
return nil, err
}
reqType := DomainServiceRequest_DOMAIN_CERT_REQUEST
request := &DomainServiceRequest{
Type: &reqType,
SerializedHostAttestation: serAtt,
ProgramKey: verifier.MarshalKey(),
}
conn, err := net.Dial(network, addr)
if err != nil {
return nil, err
}
ms := util.NewMessageStream(conn)
_, err = ms.WriteMessage(request)
if err != nil {
return nil, err
}
log.Printf("Sent Program cert request to Domain Service using network %s at address %s.",
network, addr)
var response DomainServiceResponse
err = ms.ReadMessage(&response)
if err != nil {
return nil, err
}
log.Println("Got response from Domain Service.")
if errStr := response.GetErrorMessage(); errStr != "" {
return nil, errors.New(errStr)
}
cert, err := x509.ParseCertificate(response.GetDerProgramCert())
if err != nil {
return nil, err
}
return cert, nil
}
