Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/thibauult/tee-mock-server
A mock server in Go that generates signed JWT tokens for simulating Google Cloud Confidential Space authentication
https://github.com/thibauult/tee-mock-server
attestation-service confidential-computing google-cloud google-cloud-platform mock-server tee trusted-execution-environment
Last synced: about 2 months ago
JSON representation
A mock server in Go that generates signed JWT tokens for simulating Google Cloud Confidential Space authentication
- Host: GitHub
- URL: https://github.com/thibauult/tee-mock-server
- Owner: thibauult
- License: apache-2.0
- Created: 2024-11-29T14:57:48.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-29T18:26:00.000Z (2 months ago)
- Last Synced: 2024-12-01T09:27:34.811Z (2 months ago)
- Topics: attestation-service, confidential-computing, google-cloud, google-cloud-platform, mock-server, tee, trusted-execution-environment
- Language: Go
- Homepage:
- Size: 8.79 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# TEE Mock Server
A mock server written in Go that generates signed JWT tokens for simulating Google Cloud Confidential Space authentication.
About the Project • Features • ️Setup • License
## About the Project
The `tee-mock-server` is a Golang-based project designed to simulate a server that generates JWT tokens,
specifically tailored for Google Cloud's Confidential Space.
It listens on a Unix domain socket and responds with a newly signed JWT that includes custom claims related
to [Confidential Space](https://cloud.google.com/confidential-computing/confidential-space/docs/reference/token-claims).
The server uses an RSA private key to sign the token and handles graceful shutdown with automatic cleanup of
the socket file on termination.
This mock server is useful for testing and simulating token-based authentication workflows in Confidential Space environments.
## Features
1. **JWT Token Generation**: The server generates signed JWT tokens using a predefined RSA private key, including custom claims related to Google Cloud Confidential Space.
2. **Unix Domain Socket**: It listens for incoming requests on a Unix domain socket, providing a simple and efficient way to interact with the server, with automatic cleanup of the socket file upon termination.
## ️Setup
### Prerequisites
Before starting the mock server, you must make sure that the `/run/container_launcher` folder exists and you have the
right to write in it:
```shell
sudo mkdir /run/container_launcher
sudo chmod -R 777 /run/container_launcher
```
### Installation
To install this project using Docker, you can simply run the following command:
```shell
docker compose up
```
### Usage
You can easily generate a new token using the following cURL command:
```shell
sudo curl -s -N --unix-socket /run/container_launcher/teeserver.sock --data '{ "audience": "foobar", "token_type": "PKI" }' http://localhost/v1/token
```
## Configuration
The TEE Mock Server allows some level of configuration so that the token it generates can vary depending on your needs.
Here's a list of the different environment variables that can be set when starting the server:
| Name | Default | Description |
|-----------------------------------|-----------------------------------------------|-------------------------------------------------------------------------------------------|
| `TEE_GOOGLE_SERVICE_ACCOUNT` | [email protected] | The GCP SA that is set in the "google_service_accounts"
claims of the generated token |
| `TEE_TOKEN_EXPIRATION_IN_MINUTES` | 5 | The token expiration time in minutes |
## License
[](https://github.com/thibauult/tee-mock-server/blob/main/LICENSE)
This project is distributed under the [Apache License 2.0](http://www.apache.org/licenses/),
making it open and free for anyone to use and contribute to.
See the [license](./LICENSE) file for detailed terms.