func()

in client/securesession/securesession.go [503:551]

• 37 lines of code
• 11 McCabe index (conditional complexity)

func (c *SecureSessionClient) finalize(ctx context.Context) error {
	req := &pb.FinalizeRequest{
		SessionContext: c.ctx,
	}

	evidence := &aepb.AttestationEvidence{}

	includeTpm2Quote := false
	includeEventLog := false
	for _, attestationType := range c.attestationTypes.GetTypes() {
		switch attestationType {
		case aepb.AttestationEvidenceType_TPM2_QUOTE:
			includeTpm2Quote = true
		case aepb.AttestationEvidenceType_TCG_EVENT_LOG:
			includeEventLog = true
		}
	}

	if includeTpm2Quote != includeEventLog {
		return errors.New("if requesting a vTPM attestation, should request both the Tpm2Quote and the EventLog")
	}

	// TPM Evidence, if added, should always include the TPM2 Quote.
	if includeTpm2Quote && includeEventLog {
		if err := c.addTpmEvidence(evidence); err != nil {
			return err
		}

		marshaledEvidence, err := proto.Marshal(evidence)
		if err != nil {
			return fmt.Errorf("error marshalling evidence to a proto: %v", err)
		}

		// Pass the buffer through TLS.
		if _, err := c.tls.Write(marshaledEvidence); err != nil {
			return fmt.Errorf("error writing records to TLS: %v", err)
		}

		// Wait for TLS session to process, then add session-protected records to request.
		req.AttestationEvidenceRecords = c.shim.DrainSendBuf()
	}

	if _, err := c.client.Finalize(ctx, req); err != nil {
		return fmt.Errorf("error finalizing secure session with client: %v", err)
	}

	c.state = clientStateAttestationAccepted
	return nil
}