feat(verification): get trusted root material and allow rotation (cha…

…inloop-dev#1807) Signed-off-by: Jose I. Paris <[email protected]>
jiparis · Feb 12, 2025 · 54748d2 · 54748d2
1 parent 46b7eb0
commit 54748d2
Show file tree

Hide file tree

Showing 24 changed files with 1,067 additions and 363 deletions.
diff --git a/app/controlplane/api/controlplane/v1/signing.pb.go b/app/controlplane/api/controlplane/v1/signing.pb.go
diff --git a/app/controlplane/api/controlplane/v1/signing.proto b/app/controlplane/api/controlplane/v1/signing.proto
@@ -25,6 +25,7 @@ import "buf/validate/validate.proto";
 service SigningService {
   // GenerateSigningCert takes a certificate request and generates a new certificate for attestation signing
   rpc GenerateSigningCert (GenerateSigningCertRequest) returns (GenerateSigningCertResponse);
+  rpc GetTrustedRoot (GetTrustedRootRequest) returns (GetTrustedRootResponse);
 }
 
 message GenerateSigningCertRequest {
@@ -41,3 +42,9 @@ message CertificateChain {
    */
   repeated string certificates = 1;
 }
+
+message GetTrustedRootRequest {}
+message GetTrustedRootResponse {
+  // map keyID (cert SubjectKeyIdentifier) to PEM encoded chains
+  map<string, CertificateChain> keys = 1;
+}
diff --git a/app/controlplane/api/controlplane/v1/signing_grpc.pb.go b/app/controlplane/api/controlplane/v1/signing_grpc.pb.go