// This function packages a host attestation into a DomainServiceRequest of the type // DOMAIN_CERT_REQUEST, sends it to the domain service and deserializes the response // into an attestation that contains the domain program certificate. func RequestProgramCert(hostAtt *tao.Attestation, verifier *tao.Verifier, network string, addr string) (*x509.Certificate, error) { serAtt, err := proto.Marshal(hostAtt) if err != nil { return nil, err } reqType := DomainServiceRequest_DOMAIN_CERT_REQUEST request := &DomainServiceRequest{ Type: &reqType, SerializedHostAttestation: serAtt, ProgramKey: verifier.MarshalKey(), } conn, err := net.Dial(network, addr) if err != nil { return nil, err } ms := util.NewMessageStream(conn) _, err = ms.WriteMessage(request) if err != nil { return nil, err } log.Printf("Sent Program cert request to Domain Service using network %s at address %s.", network, addr) var response DomainServiceResponse err = ms.ReadMessage(&response) if err != nil { return nil, err } log.Println("Got response from Domain Service.") if errStr := response.GetErrorMessage(); errStr != "" { return nil, errors.New(errStr) } cert, err := x509.ParseCertificate(response.GetDerProgramCert()) if err != nil { return nil, err } return cert, nil }