func newTempCAGuard(v *tao.Verifier) (tao.Guard, error) {
	g := tao.NewTemporaryDatalogGuard()
	vprin := v.ToPrincipal()
	rule := fmt.Sprintf(subprinRule, vprin)

	if err := g.AddRule(rule); err != nil {
		return nil, err
	}
	return g, nil
}

// This function packages a host attestation into a DomainServiceRequest of the type
// DOMAIN_CERT_REQUEST, sends it to the domain service and deserializes the response
// into an attestation that contains the domain program certificate.
func RequestProgramCert(hostAtt *tao.Attestation, verifier *tao.Verifier,
	network string, addr string) (*x509.Certificate, error) {
	serAtt, err := proto.Marshal(hostAtt)
	if err != nil {
		return nil, err
	}
	reqType := DomainServiceRequest_DOMAIN_CERT_REQUEST
	request := &DomainServiceRequest{
		Type: &reqType,
		SerializedHostAttestation: serAtt,
		ProgramKey:                verifier.MarshalKey(),
	}

	conn, err := net.Dial(network, addr)
	if err != nil {
		return nil, err
	}
	ms := util.NewMessageStream(conn)
	_, err = ms.WriteMessage(request)
	if err != nil {
		return nil, err
	}
	log.Printf("Sent Program cert request to Domain Service using network %s at address %s.",
		network, addr)
	var response DomainServiceResponse
	err = ms.ReadMessage(&response)
	if err != nil {
		return nil, err
	}
	log.Println("Got response from Domain Service.")

	if errStr := response.GetErrorMessage(); errStr != "" {
		return nil, errors.New(errStr)
	}
	cert, err := x509.ParseCertificate(response.GetDerProgramCert())
	if err != nil {
		return nil, err
	}
	return cert, nil
}

func printRequest(req *taoca.Request, subjectKey *tao.Verifier, serial int64, peer string) {
	t := "Server (can't sign certificates)"
	if *req.CSR.IsCa {
		t = "Certificate Authority (can sign certificates)"
	}
	name := req.CSR.Name
	fmt.Printf("\n"+
		"A new Certificate Signing Request has been received:\n"+
		"  Country: %s\n"+
		"  Province: %s\n"+
		"  Locality: %s\n"+
		"  Organization: %s\n"+
		"  Organizational Unit: %s\n"+
		"  Common Name: %s\n"+
		"  Validity Period: %d years\n"+
		"  Type: %s\n"+
		"  Serial: %d\n"+
		"  Public Key Principal: %s\n"+
		"  Requesting Principal: %s\n"+
		"\n",
		*name.Country, *name.State, *name.City,
		*name.Organization, *name.OrganizationalUnit, *name.CommonName,
		*req.CSR.Years, t, serial, subjectKey.ToPrincipal(), peer)
}

// This function performs the following checks on a secret disclosure directive.
// (1) the directive signature is valid with respect to signerKey of directive
// (2) Either
//       - policyKey matches the signerKey of directive
//       - directive cert is a valid program cert (signed by policyKey) certifying the signerKey
//         of directive as belonging to 'delegator'
// (3) the directive message is a statement of the form:
//         'policyKey/'delegator' says delegate can read protectedObjectId'
//     where delegate is a Tao Principal and protectedObjectId is a (serialized) protected
//     object message id.
func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin,
	*auth.Prin, *string, *po.ObjectIdMessage, error) {

	// Check type of directive
	if directive.Type == nil || *(directive.Type) != DirectiveMessage_SECRET_DISCLOSURE {
		return nil, nil, nil, nil, errors.New(
			"secret_disclosure: directive not of secret disclosure type.")
	}

	var verifier *tao.Verifier
	var delegatorStr string
	// Check directive signer matches policy key.
	if bytes.Compare(
		auth.Marshal(policyKey.SigningKey.ToPrincipal()), directive.GetSigner()) == 0 {
		verifier = policyKey.SigningKey.GetVerifier()
		delegatorStr = verifier.ToPrincipal().String()

	} else {
		// Check if program cert is valid, signed by policy key,
		// cert public key matches signer and cert name matches speaker
		// of says statement.
		cert, err := x509.ParseCertificate(directive.Cert)
		if err != nil {
			return nil, nil, nil, nil, errors.New(
				"error parsing directive program cert")
		}
		rootCert := x509.NewCertPool()
		rootCert.AddCert(policyKey.Cert)
		verifyOptions := x509.VerifyOptions{Roots: rootCert}
		_, err = cert.Verify(verifyOptions)
		if err != nil {
			return nil, nil, nil, nil, errors.New(
				"program cert not valid")
		}
		verifier, err = tao.FromX509(cert)
		delegatorStr = cert.Subject.CommonName
		if err != nil {
			return nil, nil, nil, nil, err
		}
		if bytes.Compare(auth.Marshal(verifier.ToPrincipal()), directive.GetSigner()) != 0 {
			return nil, nil, nil, nil, errors.New(
				"secret_disclosure: directive signer doesn't match program key.")
		}
	}

	// Verify signature.
	ok, err := verifier.Verify(directive.GetSerializedStatement(), SigningContext,
		directive.GetSignature())
	if err != nil {
		return nil, nil, nil, nil, err
	}
	if !ok {
		return nil, nil, nil, nil,
			errors.New("secret_disclosure: directive signature check failed.")
	}

	// Validate and return statement.
	statement, err := auth.UnmarshalForm(directive.GetSerializedStatement())
	if err != nil {
		return nil, nil, nil, nil, err
	}
	var saysStatement *auth.Says
	if ptr, ok := statement.(*auth.Says); ok {
		saysStatement = ptr
	} else if val, ok := statement.(auth.Says); ok {
		saysStatement = &val
	} else {
		return nil, nil, nil, nil,
			errors.New("secret_disclosure: directive statement not a 'Says'")
	}
	stmtSpeaker, ok := saysStatement.Speaker.(auth.Prin)
	if !ok {
		return nil, nil, nil, nil,
			errors.New("secret_disclosure: directive speaker not a 'Prin'")
	}
	if stmtSpeaker.String() != delegatorStr {
		return nil, nil, nil, nil, errors.New(
			"secret_disclosure: directive statement speaker does not match signer")
	}
	pred, ok := saysStatement.Message.(auth.Pred)
	if !ok {
		return nil, nil, nil, nil,
			errors.New("secret_disclosure: directive message not a 'Pred'")
	}
	predName := pred.Name
	if predName == "" {
		return nil, nil, nil, nil,
			errors.New("secret_disclosure: directive predicate name is empty")
	}
	if len(pred.Arg) != 2 {
//.........这里部分代码省略.........