Skip to content

Commit 0fe56d5

Browse files
ameba23ameba23
committed
Error handling
1 parent 69cf7dc commit 0fe56d5

File tree

1 file changed

+40
-32
lines changed

1 file changed

+40
-32
lines changed

src/lib.rs

Lines changed: 40 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -405,71 +405,79 @@ impl<L: QuoteGenerator, R: QuoteVerifier> ProxyClient<L, R> {
405405
Ok(())
406406
}
407407

408-
// Handle a request from the source client to the proxy server
409-
async fn handle_http_request(
410-
req: hyper::Request<hyper::body::Incoming>,
408+
async fn setup_connection(
411409
connector: TlsConnector,
412410
target: String,
413411
cert_chain: Option<Vec<CertificateDer<'static>>>,
414412
local_attestation_platform: L,
415413
remote_attestation_platform: R,
416-
) -> Result<Response<BoxBody<bytes::Bytes, hyper::Error>>, hyper::Error> {
417-
let out = TcpStream::connect(&target).await.unwrap();
414+
) -> Result<tokio_rustls::client::TlsStream<TcpStream>, ProxyError> {
415+
let out = TcpStream::connect(&target).await?;
418416
let mut tls_stream = connector
419-
.connect(server_name_from_host(&target).unwrap(), out)
420-
.await
421-
.unwrap();
417+
.connect(server_name_from_host(&target)?, out)
418+
.await?;
422419

423420
let (_io, server_connection) = tls_stream.get_ref();
424421

425422
let mut exporter = [0u8; 32];
426-
server_connection
427-
.export_keying_material(
428-
&mut exporter,
429-
EXPORTER_LABEL,
430-
None, // context
431-
)
432-
.unwrap();
423+
server_connection.export_keying_material(
424+
&mut exporter,
425+
EXPORTER_LABEL,
426+
None, // context
427+
)?;
433428

434429
let remote_cert_chain = server_connection
435430
.peer_certificates()
436-
.ok_or(ProxyError::NoCertificate)
437-
.unwrap()
431+
.ok_or(ProxyError::NoCertificate)?
438432
.to_owned();
439433

440434
let mut length_bytes = [0; 4];
441-
tls_stream.read_exact(&mut length_bytes).await.unwrap();
442-
let length: usize = u32::from_be_bytes(length_bytes).try_into().unwrap();
435+
tls_stream.read_exact(&mut length_bytes).await?;
436+
let length: usize = u32::from_be_bytes(length_bytes).try_into()?;
443437

444438
let mut buf = vec![0; length];
445-
tls_stream.read_exact(&mut buf).await.unwrap();
439+
tls_stream.read_exact(&mut buf).await?;
446440

447441
if remote_attestation_platform.is_cvm() {
448442
remote_attestation_platform
449443
.verify_attestation(buf, &remote_cert_chain, exporter)
450-
.await
451-
.unwrap();
444+
.await?;
452445
}
453446

454447
let attestation = if local_attestation_platform.is_cvm() {
455448
local_attestation_platform
456-
.create_attestation(
457-
&cert_chain.ok_or(ProxyError::NoClientAuth).unwrap(),
458-
exporter,
459-
)
460-
.unwrap()
449+
.create_attestation(&cert_chain.ok_or(ProxyError::NoClientAuth)?, exporter)?
461450
} else {
462451
Vec::new()
463452
};
464453

465454
let attestation_length_prefix = length_prefix(&attestation);
466455

467-
tls_stream
468-
.write_all(&attestation_length_prefix)
469-
.await
470-
.unwrap();
456+
tls_stream.write_all(&attestation_length_prefix).await?;
457+
458+
tls_stream.write_all(&attestation).await?;
459+
460+
Ok(tls_stream)
461+
}
471462

472-
tls_stream.write_all(&attestation).await.unwrap();
463+
// Handle a request from the source client to the proxy server
464+
async fn handle_http_request(
465+
req: hyper::Request<hyper::body::Incoming>,
466+
connector: TlsConnector,
467+
target: String,
468+
cert_chain: Option<Vec<CertificateDer<'static>>>,
469+
local_attestation_platform: L,
470+
remote_attestation_platform: R,
471+
) -> Result<Response<BoxBody<bytes::Bytes, hyper::Error>>, hyper::Error> {
472+
let tls_stream = Self::setup_connection(
473+
connector,
474+
target,
475+
cert_chain,
476+
local_attestation_platform,
477+
remote_attestation_platform,
478+
)
479+
.await
480+
.unwrap();
473481

474482
// Now the attestation is done, forward the request to the proxy server
475483
let outbound_io = TokioIo::new(tls_stream);

0 commit comments

Comments
 (0)