Tidy

ameba23 · ameba23 · commit 98bf7bdfeadd · 2025-11-19T16:06:47.000+01:00
diff --git a/src/attestation/mod.rs b/src/attestation/mod.rs
@@ -40,6 +40,13 @@ impl AttesationPayload {
             attestation: attesation_generator.create_attestation(cert_chain, exporter)?,
         })
     }
+
+    pub fn without_attestation() -> Self {
+        Self {
+            attestation_type: AttestationType::None,
+            attestation: Vec::new(),
+        }
+    }
 }
 
 /// Type of attestaion used
diff --git a/src/lib.rs b/src/lib.rs
@@ -4,13 +4,10 @@ use attestation::{measurements::Measurements, AttestationError, AttestationType}
 pub use attestation::{DcapTdxQuoteGenerator, NoQuoteGenerator, QuoteGenerator};
 use bytes::Bytes;
 use http::HeaderValue;
-use http_body_util::combinators::BoxBody;
-use http_body_util::BodyExt;
-use hyper::service::service_fn;
-use hyper::Response;
+use http_body_util::{combinators::BoxBody, BodyExt};
+use hyper::{service::service_fn, Response};
 use hyper_util::rt::TokioIo;
-use parity_scale_codec::Decode;
-use parity_scale_codec::Encode;
+use parity_scale_codec::{Decode, Encode};
 use thiserror::Error;
 use tokio::sync::{mpsc, oneshot};
 use tokio_rustls::rustls::server::{VerifierBuilderError, WebPkiClientVerifier};
@@ -193,16 +190,12 @@ impl ProxyServer {
         let remote_cert_chain = connection.peer_certificates().map(|c| c.to_owned());
 
         // If we are in a CVM, generate an attestation
-        let attestation = if local_quote_generator.attestation_type() != AttestationType::None {
-            AttesationPayload::from_attestation_generator(
-                &cert_chain,
-                exporter,
-                local_quote_generator,
-            )?
-            .encode()
-        } else {
-            Vec::new()
-        };
+        let attestation = AttesationPayload::from_attestation_generator(
+            &cert_chain,
+            exporter,
+            local_quote_generator,
+        )?
+        .encode();
 
         // Write our attestation to the channel, with length prefix
         let attestation_length_prefix = length_prefix(&attestation);
@@ -218,24 +211,20 @@ impl ProxyServer {
         let mut buf = vec![0; length];
         tls_stream.read_exact(&mut buf).await?;
 
+        let remote_attestation_payload = AttesationPayload::decode(&mut &buf[..])?;
+        let remote_attestation_type = remote_attestation_payload.attestation_type;
+
         // If we expect an attestaion from the client, verify it and get measurements
-        let (measurements, remote_attestation_type) = if attestation_verifier.has_remote_attestion()
-        {
-            let remote_attestation_payload = AttesationPayload::decode(&mut &buf[..])?;
-
-            let remote_attestation_type = remote_attestation_payload.attestation_type;
-            (
-                attestation_verifier
-                    .verify_attestation(
-                        remote_attestation_payload,
-                        &remote_cert_chain.ok_or(ProxyError::NoClientAuth)?,
-                        exporter,
-                    )
-                    .await?,
-                remote_attestation_type,
-            )
+        let measurements = if attestation_verifier.has_remote_attestion() {
+            attestation_verifier
+                .verify_attestation(
+                    remote_attestation_payload,
+                    &remote_cert_chain.ok_or(ProxyError::NoClientAuth)?,
+                    exporter,
+                )
+                .await?
         } else {
-            (None, AttestationType::None)
+            None
         };
 
         // Setup an HTTP server
@@ -627,7 +616,7 @@ impl ProxyClient {
             )?
             .encode()
         } else {
-            Vec::new()
+            AttesationPayload::without_attestation().encode()
         };
 
         // Send our attestation (or zero bytes) prefixed with length
diff --git a/src/main.rs b/src/main.rs
@@ -243,11 +243,13 @@ fn load_tls_cert_and_key(
     Ok(TlsCertAndKey { key, cert_chain })
 }
 
+/// load certificates from a PEM-encoded file
 fn load_certs_pem(path: PathBuf) -> std::io::Result<Vec<CertificateDer<'static>>> {
     rustls_pemfile::certs(&mut std::io::BufReader::new(File::open(path)?))
         .collect::<Result<Vec<_>, _>>()
 }
 
+/// load TLS private key from a PEM-encoded file
 fn load_private_key_pem(path: PathBuf) -> anyhow::Result<PrivateKeyDer<'static>> {
     let mut reader = std::io::BufReader::new(File::open(path)?);
 

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,13 @@ impl AttesationPayload {`
`40`	`40`	`attestation: attesation_generator.create_attestation(cert_chain, exporter)?,`
`41`	`41`	`})`
`42`	`42`	`}`
	`43`	`+`
	`44`	`+ pub fn without_attestation() -> Self {`
	`45`	`+ Self {`
	`46`	`+ attestation_type: AttestationType::None,`
	`47`	`+ attestation: Vec::new(),`
	`48`	`+ }`
	`49`	`+ }`
`43`	`50`	`}`
`44`	`51`
`45`	`52`	`/// Type of attestaion used`
Original file line number	Diff line number	Diff line change
`@@ -243,11 +243,13 @@ fn load_tls_cert_and_key(`
`243`	`243`	`Ok(TlsCertAndKey { key, cert_chain })`
`244`	`244`	`}`
`245`	`245`
	`246`	`+/// load certificates from a PEM-encoded file`
`246`	`247`	`fn load_certs_pem(path: PathBuf) -> std::io::Result<Vec<CertificateDer<'static>>> {`
`247`	`248`	`rustls_pemfile::certs(&mut std::io::BufReader::new(File::open(path)?))`
`248`	`249`	`.collect::<Result<Vec<_>, _>>()`
`249`	`250`	`}`
`250`	`251`
	`252`	`+/// load TLS private key from a PEM-encoded file`
`251`	`253`	`fn load_private_key_pem(path: PathBuf) -> anyhow::Result<PrivateKeyDer<'static>> {`
`252`	`254`	`let mut reader = std::io::BufReader::new(File::open(path)?);`
`253`	`255`