func EstablishSecureSession()

in client/securesession/securesession.go [181:225]

• 31 lines of code
• 10 McCabe index (conditional complexity)

func EstablishSecureSession(ctx context.Context, addr, authToken string, opts ...SecureSessionOption) (*SecureSessionClient, error) {
	// Process variadic options.
	var options secureSessionOptions
	for _, opt := range DefaultSecureSessionOptions {
		opt(&options)
	}

	for _, opt := range opts {
		opt(&options)
	}

	client, err := newSecureSessionClient(addr, authToken, options.httpCertPool, options.skipTLSVerify)

	if err != nil {
		return nil, fmt.Errorf("error creating a secure session client: %v", err)
	}

	// Begin secure session establishment with a BeginSession call.
	if err := client.beginSession(ctx); err != nil {
		return nil, fmt.Errorf("error beginning session establishment: %v", err)
	}

	// Continue making Handshake requests until the TLS handshake is complete.
	for client.state != clientStateHandshakeCompleted {
		if client.handshakeState.Load() == clientStateFailed {
			return nil, fmt.Errorf("error on handshake: handshake in failure state")
		}

		if err := client.handshake(ctx); err != nil {
			return nil, fmt.Errorf("error on handshake: %v", err)
		}
	}

	// Ask server for what attestation evidence is acceptable.
	if err := client.negotiateAttestation(ctx); err != nil {
		return nil, fmt.Errorf("error negotiating attestation: %v", err)
	}

	// Present negotiated attestation evidence to finalize the secure session.
	if err := client.finalize(ctx); err != nil {
		return nil, fmt.Errorf("error finalizing attestation: %v", err)
	}

	return client, nil
}