verifier-cli: Add command to get PlatformId from attestation cert chain

flihp · flihp · commit 8aa17ec23c14 · 2025-04-29T00:04:58.000Z
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/verifier-cli/Cargo.toml b/verifier-cli/Cargo.toml
@@ -9,7 +9,7 @@ license = "MPL-2.0"
 anyhow = { workspace = true, features = ["std"] }
 attest-data = { path = "../attest-data", features = ["std"] }
 clap.workspace = true
-const-oid = { workspace = true, features = ["db"] }
+dice-mfg-msgs = { path = "../dice-mfg-msgs", features = ["std"] }
 ed25519-dalek = { workspace = true, features = ["std"] }
 env_logger.workspace = true
 hubpack.workspace = true
diff --git a/verifier-cli/src/main.rs b/verifier-cli/src/main.rs
@@ -5,6 +5,7 @@
 use anyhow::{anyhow, Context, Result};
 use attest_data::{Attestation, Log, Nonce};
 use clap::{Parser, Subcommand, ValueEnum};
+use dice_mfg_msgs::PlatformId;
 use dice_verifier::PkiPathSignatureVerifier;
 use env_logger::Builder;
 use hubpack::SerializedSize;
@@ -76,6 +77,12 @@ enum AttestCommand {
     Log,
     /// Get the length in bytes of the Log.
     LogLen,
+    /// Get the PlatformId string from the provided PkiPath
+    PlatformId {
+        /// Path to file holding the certificate chain / PkiPath
+        #[clap(env)]
+        cert_chain: PathBuf,
+    },
     /// Report a measurement to the `Attest` task for recording in the
     /// measurement log.
     Record {
@@ -498,7 +505,6 @@ fn main() -> Result<()> {
         AttestCommand::CertChainLen => println!("{}", attest.cert_chain_len()?),
         AttestCommand::CertLen { index } => {
             println!("{}", attest.cert_len(index)?)
-        }
         AttestCommand::Log => {
             let mut log = vec![0u8; attest.log_len()? as usize];
             attest.log(&mut log)?;
@@ -512,6 +518,18 @@ fn main() -> Result<()> {
             io::stdout().flush()?;
         }
         AttestCommand::LogLen => println!("{}", attest.log_len()?),
+        AttestCommand::PlatformId { cert_chain } => {
+            let cert_chain = fs::read(cert_chain)?;
+            let cert_chain: PkiPath = Certificate::load_pem_chain(&cert_chain)?;
+
+            let platform_id = PlatformId::try_from(&cert_chain)
+                .context("PlatformId from attestation cert chain")?;
+            let platform_id = platform_id
+                .as_str()
+                .map_err(|_| anyhow!("Invalid PlatformId"))?;
+
+            println!("{platform_id}");
+        }
         AttestCommand::Record { digest } => {
             let digest = fs::read(digest)?;
             attest.record(&digest)?;
