pub fn validate_attestation_doc_in_cert(
given_cert: &X509Certificate<'_>
) -> Result<AttestationDoc>Expand description
Attests a connection to a Cage by:
- Validating the cert structure
- Extracting the attestation doc from the Subject Alt Names
- Decoding and validating the attestation doc
- Validating the signature on the attestation doc
- Validating that the PCRs of the attestation doc are as expected
Errors
Will return an error if:
- The cose1 encoded attestation doc fails to parse, or its signature is invalid
- The attestation document is not signed by the nitro cert chain
- The public key from the certificate is not present in the attestation document’s challenge
- Any of the certificates are malformed