verifier: Add option to select encoding (der or pem) for cert command.

oxidecomputer · Dec 4, 2023 · ab4acdf · ab4acdf
1 parent 8f4cd75
commit ab4acdf
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 1 deletion.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/verifier/Cargo.toml b/verifier/Cargo.toml
@@ -10,5 +10,6 @@ anyhow = { workspace = true, features = ["std"] }
 clap.workspace = true
 env_logger.workspace = true
 log.workspace = true
+pem-rfc7468 = { workspace = true, features = ["alloc", "std"] }
 sha3.workspace = true
 tempfile.workspace = true
diff --git a/verifier/src/main.rs b/verifier/src/main.rs
@@ -6,6 +6,7 @@ use anyhow::{anyhow, Context, Result};
 use clap::{Parser, Subcommand, ValueEnum};
 use env_logger::Builder;
 use log::{debug, info, LevelFilter};
+use pem_rfc7468::LineEnding;
 use sha3::{Digest, Sha3_256};
 use std::{
     fmt::{self, Debug, Formatter},
@@ -38,6 +39,10 @@ struct Args {
 enum AttestCommand {
     /// Get a certificate from the Attest task.
     Cert {
+        /// Target encoding for certificate.
+        #[clap(long, env, default_value_t = Encoding::Der)]
+        encoding: Encoding,
+
         /// Index of certificate in certificate chain.
         #[clap(long, env)]
         index: u32,
@@ -91,6 +96,22 @@ impl fmt::Display for Interface {
     }
 }
 
+/// An enum of the possible certificate encodings.
+#[derive(Clone, Debug, ValueEnum)]
+enum Encoding {
+    Der,
+    Pem,
+}
+
+impl fmt::Display for Encoding {
+    fn fmt(&self, f: &mut Formatter) -> fmt::Result {
+        match self {
+            Encoding::Der => write!(f, "der"),
+            Encoding::Pem => write!(f, "pem"),
+        }
+    }
+}
+
 /// Nonce is a newtype around an appropriately sized byte array. The newtype
 /// is convenient way to encapsulate the required conversion functions.
 struct Nonce([u8; 32]);
@@ -376,11 +397,23 @@ fn main() -> Result<()> {
     let attest = AttestHiffy::new(args.interface);
 
     match args.command {
-        AttestCommand::Cert { index } => {
+        AttestCommand::Cert { encoding, index } => {
             let cert_len = attest.cert_len(index)?;
             let mut out = vec![0u8; cert_len as usize];
             attest.cert(index, &mut out)?;
 
+            let out = match encoding {
+                Encoding::Der => out,
+                Encoding::Pem => {
+                    let pem = pem_rfc7468::encode_string(
+                        "CERTIFICATE",
+                        LineEnding::default(),
+                        &out,
+                    )?;
+                    pem.as_bytes().to_vec()
+                }
+            };
+
             io::stdout().write_all(&out)?;
             io::stdout().flush()?;
         }