Skip to content
/ tee-mock-server Public

A mock server written in Go that generates signed JWT tokens for simulating Google Cloud Confidential Space authentication

License

Apache-2.0 license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thibauult/tee-mock-server

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
pki
pki
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
compose.yaml
compose.yaml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Contributors Forks Stargazers Issues


TEE Mock Server

A mock server written in Go that generates signed JWT tokens for simulating Google Cloud Confidential Space authentication.

About the ProjectFeatures️SetupLicense

About the Project

The tee-mock-server is a Golang-based project designed to simulate a server that generates JWT tokens, specifically tailored for Google Cloud's Confidential Space. It listens on a Unix domain socket and responds with a newly signed JWT that includes custom claims related to Confidential Space.

The server uses an RSA private key to sign the token and handles graceful shutdown with automatic cleanup of the socket file on termination.

This mock server is useful for testing and simulating token-based authentication workflows in Confidential Space environments.

Features

  1. JWT Token Generation: The server generates signed JWT tokens using a predefined RSA private key, including custom claims related to Google Cloud Confidential Space.
  2. Unix Domain Socket: It listens for incoming requests on a Unix domain socket, providing a simple and efficient way to interact with the server, with automatic cleanup of the socket file upon termination.

️Setup

Prerequisites

Before starting the mock server, you must make sure that the /run/container_launcher folder exists and you have the right to write in it:

sudo mkdir /run/container_launcher
sudo chmod -R 777 /run/container_launcher

Installation

To install this project using Docker, you can simply run the following command:

docker compose up

Usage

You can easily generate a new token using the following cURL command:

sudo curl -s -N --unix-socket /run/container_launcher/teeserver.sock --data '{ "audience": "foobar", "token_type": "PKI"  }' http://localhost/v1/token

Configuration

The TEE Mock Server allows some level of configuration so that the token it generates can vary depending on your needs. Here's a list of the different environment variables that can be set when starting the server:

Name Default Description
TEE_GOOGLE_SERVICE_ACCOUNT tee-mock-server@localhost.gserviceaccount.com The GCP SA that is set in the "google_service_accounts"
claims of the generated token
TEE_TOKEN_EXPIRATION_IN_MINUTES 5 The token expiration time in minutes

License

GitHub License file

This project is distributed under the Apache License 2.0, making it open and free for anyone to use and contribute to. See the license file for detailed terms.

(Back to top)

About

A mock server written in Go that generates signed JWT tokens for simulating Google Cloud Confidential Space authentication

Topics

mock-server google-cloud google-cloud-platform tee trusted-execution-environment confidential-computing attestation-service

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages