Reverting changes in QEID API

gilanghamidy · gilanghamidy · commit 6ec7fbd6c852 · 2026-01-16T00:34:52.000+01:00
diff --git a/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/azure.rs b/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/azure.rs
@@ -45,13 +45,12 @@ impl AzureProvisioningClientBuilder {
         let pck_certs = PckCertsApiNotSupported;
         let pck_cert = PckCertApi::new(self.api_version.clone());
         let pck_crl = PckCrlApi::new(self.api_version.clone());
-        let qeid = QeIdApi::new(self.api_version.clone(), pcs::EnclaveIdentity::QE);
-        let tdqeid = QeIdApi::new(self.api_version.clone(), pcs::EnclaveIdentity::TDQE);
+        let qeid = QeIdApi::new(self.api_version.clone());
         let tcbinfo = TcbInfoApi::<platform::SGX>::new(self.api_version.clone());
         let tcbinfotdx = TcbInfoApi::<platform::TDX>::new(self.api_version.clone());
         let evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(INTEL_BASE_URL.into());
         self.client_builder
-            .build(pck_certs, pck_cert, pck_crl, qeid, tdqeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)
+            .build(pck_certs, pck_cert, pck_crl, qeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)
     }
 }
 
@@ -267,14 +266,6 @@ mod tests {
         }
     }
 
-    #[test]
-    pub fn td_qe_identity() {
-        let client = AzureProvisioningClientBuilder::new(PcsVersion::V4)
-            .set_retry_timeout(TIME_RETRY_TIMEOUT)
-            .build(reqwest_client());
-        assert!(client.tdqe_identity(None).is_ok());
-    }
-
     #[test]
     pub fn test_pckcerts_with_fallback() {
         for api_version in [PcsVersion::V3, PcsVersion::V4] {
diff --git a/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/intel.rs b/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/intel.rs
@@ -60,13 +60,12 @@ impl IntelProvisioningClientBuilder {
         let pck_certs = PckCertsApi::new(self.api_version.clone(), self.api_key.clone());
         let pck_cert = PckCertApi::new(self.api_version.clone(), self.api_key.clone());
         let pck_crl = PckCrlApi::new(self.api_version.clone());
-        let qeid = QeIdApi::new(self.api_version.clone(), EnclaveIdentity::QE);
-        let tdqeid = QeIdApi::new(self.api_version.clone(), EnclaveIdentity::TDQE);
+        let qeid = QeIdApi::new(self.api_version.clone());
         let tcbinfo = TcbInfoApi::<platform::SGX>::new(self.api_version.clone());
         let tcbinfotdx = TcbInfoApi::<platform::TDX>::new(self.api_version.clone());
         let evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(INTEL_BASE_URL.into());
         self.client_builder
-            .build(pck_certs, pck_cert, pck_crl, qeid, tdqeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)
+            .build(pck_certs, pck_cert, pck_crl, qeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)
     }
 }
 
@@ -429,13 +428,12 @@ impl<'inp, T: PlatformTypeForTcbInfo<T>> ProvisioningServiceApi<'inp> for TcbInf
 }
 
 pub struct QeIdApi {
-    api_version: PcsVersion,
-    enclave_identity_to_request: EnclaveIdentity
+    api_version: PcsVersion
 }
 
 impl QeIdApi {
-    pub fn new(api_version: PcsVersion, enclave_identity_to_request: EnclaveIdentity) -> Self {
-        QeIdApi { api_version, enclave_identity_to_request }
+    pub fn new(api_version: PcsVersion) -> Self {
+        QeIdApi { api_version }
     }
 }
 
@@ -455,27 +453,16 @@ impl<'inp> ProvisioningServiceApi<'inp> for QeIdApi {
     type Output = QeIdentitySigned;
 
     fn build_request(&self, input: &Self::Input) -> Result<(String, Vec<(String, String)>), Error> {
-        let base_platform: &'static str = match self.enclave_identity_to_request {
-            EnclaveIdentity::QE | EnclaveIdentity::QVE | EnclaveIdentity::QAE => "sgx",
-            EnclaveIdentity::TDQE => "tdx",
-        };
-
-        let enclave_type = match self.enclave_identity_to_request {
-            EnclaveIdentity::QE | EnclaveIdentity::TDQE => "qe",
-            EnclaveIdentity::QVE => "qve",
-            EnclaveIdentity::QAE => "qae",
-        };
-
         let api_version = input.api_version as u8;
         let url = if let Some(tcb_evaluation_data_number) = input.tcb_evaluation_data_number {
             format!(
-                "{}/{}/certification/v{}/{}/identity?tcbEvaluationDataNumber={}",
-                INTEL_BASE_URL, base_platform, api_version, enclave_type, tcb_evaluation_data_number
+                "{}/sgx/certification/v{}/qe/identity?tcbEvaluationDataNumber={}",
+                INTEL_BASE_URL, api_version, tcb_evaluation_data_number
             )
         } else {
             format!(
-                "{}/{}/certification/v{}/{}/identity?update=early",
-                INTEL_BASE_URL, base_platform, api_version, enclave_type
+                "{}/sgx/certification/v{}/qe/identity?update=early",
+                INTEL_BASE_URL, api_version,
             )
         };
         Ok((url, Vec::new()))
@@ -1100,17 +1087,6 @@ mod tests {
         }
     }
 
-    #[test]
-    pub fn td_qe_identity() {
-        let mut intel_builder = IntelProvisioningClientBuilder::new(PcsVersion::V4)
-            .set_retry_timeout(TIME_RETRY_TIMEOUT);
-
-        let client = intel_builder.build(reqwest_client());
-        let qe_id = client.tdqe_identity(None).unwrap();
-        assert_eq!(qe_id.enclave_type(), EnclaveIdentity::TDQE);
-        assert!(qe_id.write_to_file(OUTPUT_TEST_DIR, WriteOptionsBuilder::new().build()).is_ok());
-    }
-
     #[test]
     pub fn qe_identity_cached() {
         for api_version in [PcsVersion::V3, PcsVersion::V4] {
diff --git a/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/mod.rs b/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/mod.rs
@@ -285,13 +285,12 @@ impl ClientBuilder {
         self
     }
 
-    pub(crate) fn build<PSS, PS, PC, QS, QDS, TS, TDS, ES, F>(
+    pub(crate) fn build<PSS, PS, PC, QS, TS, TDS, ES, F>(
         self,
         pckcerts_service: PSS,
         pckcert_service: PS,
         pckcrl_service: PC,
         qeid_service: QS,
-        tdqeid_service: QDS,
         tcbinfo_service: TS,
         tcbinfotdx_service: TDS,
         tcb_evaluation_data_numbers_service: ES,
@@ -302,7 +301,6 @@ impl ClientBuilder {
         PS: for<'a> PckCertService<'a> + Sync + Send + 'static,
         PC: for<'a> PckCrlService<'a> + Sync + Send + 'static,
         QS: for<'a> QeIdService<'a> + Sync + Send + 'static,
-        QDS: for<'a> QeIdService<'a> + Sync + Send + 'static,
         TS: for<'a> TcbInfoService<'a, platform::SGX> + Sync + Send + 'static,
         TDS: for<'a> TcbInfoService<'a, platform::TDX> + Sync + Send + 'static,
         ES: for<'a> TcbEvaluationDataNumbersService<'a> + Sync + Send + 'static,
@@ -313,7 +311,6 @@ impl ClientBuilder {
             pckcert_service,
             pckcrl_service,
             qeid_service,
-            tdqeid_service,
             tcbinfo_service,
             tcbinfotdx_service,
             tcb_evaluation_data_numbers_service,
@@ -475,20 +472,18 @@ pub struct Client<F: for<'a> Fetcher<'a>> {
         CachedService<PckCert<Unverified>, dyn for<'a> PckCertService<'a> + Sync + Send>,
     pckcrl_service: CachedService<PckCrl<Unverified>, dyn for<'a> PckCrlService<'a> + Sync + Send>,
     qeid_service: CachedService<QeIdentitySigned, dyn for<'a> QeIdService<'a> + Sync + Send>,
-    tdqeid_service: CachedService<QeIdentitySigned, dyn for<'a> QeIdService<'a> + Sync + Send>,
     tcbinfo_service: CachedService<TcbInfo<platform::SGX>, dyn for<'a> TcbInfoService<'a, platform::SGX> + Sync + Send>,
     tcbinfotdx_service: CachedService<TcbInfo<platform::TDX>, dyn for<'a> TcbInfoService<'a, platform::TDX> + Sync + Send>,
     tcb_evaluation_data_numbers_service: CachedService<RawTcbEvaluationDataNumbers, dyn for<'a> TcbEvaluationDataNumbersService<'a> + Sync + Send>,
     fetcher: F,
 }
 
 impl<F: for<'a> Fetcher<'a>> Client<F> {
-    fn new<PSS, PS, PC, QS, QDS, TS, TDS, ES>(
+    fn new<PSS, PS, PC, QS, TS, TDS, ES>(
         pckcerts_service: PSS,
         pckcert_service: PS,
         pckcrl_service: PC,
         qeid_service: QS,
-        tdqeid_service: QDS,
         tcbinfo_service: TS,
         tcbinfotdx_service: TDS,
         tcb_evaluation_data_numbers_service: ES,
@@ -502,7 +497,6 @@ impl<F: for<'a> Fetcher<'a>> Client<F> {
         PS: for<'a> PckCertService<'a> + Sync + Send + 'static,
         PC: for<'a> PckCrlService<'a> + Sync + Send + 'static,
         QS: for<'a> QeIdService<'a> + Sync + Send + 'static,
-        QDS: for<'a> QeIdService<'a> + Sync + Send + 'static,
         TS: for<'a> TcbInfoService<'a, platform::SGX> + Sync + Send + 'static,
         TDS: for<'a> TcbInfoService<'a, platform::TDX> + Sync + Send + 'static,
         ES: for<'a> TcbEvaluationDataNumbersService<'a> + Sync + Send + 'static
@@ -540,14 +534,6 @@ impl<F: for<'a> Fetcher<'a>> Client<F> {
                 cache_capacity,
                 cache_shelf_time,
             ),
-            tdqeid_service: CachedService::new(
-                BackoffService::new(
-                    PcsService::new(Box::new(tdqeid_service)),
-                    retry_timeout.clone(),
-                ),
-                cache_capacity,
-                cache_shelf_time,
-            ),
             tcbinfo_service: CachedService::new(
                 BackoffService::new(
                     PcsService::new(Box::new(tcbinfo_service)),
@@ -597,8 +583,6 @@ pub trait ProvisioningClient {
 
     fn qe_identity(&self, evaluation_data_number: Option<u16>) -> Result<QeIdentitySigned, Error>;
 
-    fn tdqe_identity(&self, evaluation_data_number: Option<u16>) -> Result<QeIdentitySigned, Error>;
-
     /// Retrieve PCK certificates using `pckcerts()` and fallback to the
     /// following method if that's not supported:
     /// 1. Call `pckcert()` with PCK ID to get best available PCK cert.
@@ -726,11 +710,6 @@ impl<F: for<'a> Fetcher<'a>> ProvisioningClient for Client<F> {
         self.qeid_service.call_service(&self.fetcher, &input)
     }
 
-    fn tdqe_identity(&self, tcb_evaluation_data_number: Option<u16>) -> Result<QeIdentitySigned, Error> {
-        let input = self.qeid_service.pcs_service().build_input(tcb_evaluation_data_number);
-        self.tdqeid_service.call_service(&self.fetcher, &input)
-    }
-
     fn tcb_evaluation_data_numbers(&self) -> Result<RawTcbEvaluationDataNumbers, Error> {
         let input = self.tcb_evaluation_data_numbers_service.pcs_service().build_input();
         self.tcb_evaluation_data_numbers_service.call_service(&self.fetcher, &input)
diff --git a/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/pccs.rs b/intel-sgx/dcap-artifact-retrieval/src/provisioning_client/pccs.rs
@@ -51,13 +51,12 @@ impl PccsProvisioningClientBuilder {
         let pck_certs = PckCertsApiNotSupported;
         let pck_cert = PckCertApi::new(self.base_url.clone(), self.api_version);
         let pck_crl = PckCrlApi::new(self.base_url.clone(), self.api_version);
-        let qeid = QeIdApi::new(self.base_url.clone(), self.api_version.clone(), EnclaveIdentity::QE);
-        let tdqeid = QeIdApi::new(self.base_url.clone(), self.api_version.clone(), EnclaveIdentity::TDQE);
+        let qeid = QeIdApi::new(self.base_url.clone(), self.api_version.clone());
         let tcbinfo = TcbInfoApi::<platform::SGX>::new(self.base_url.clone(), self.api_version);
         let tcbinfotdx = TcbInfoApi::<platform::TDX>::new(self.base_url.clone(), self.api_version);
         let evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(self.base_url.clone());
         self.client_builder
-            .build(pck_certs, pck_cert, pck_crl, qeid, tdqeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)
+            .build(pck_certs, pck_cert, pck_crl, qeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)
     }
 }
 
@@ -352,15 +351,13 @@ impl<'inp, T: PlatformTypeForTcbInfo<T>> ProvisioningServiceApi<'inp> for TcbInf
 pub struct QeIdApi {
     base_url: Cow<'static, str>,
     api_version: PcsVersion,
-    enclave_identity_to_request: EnclaveIdentity
 }
 
 impl QeIdApi {
-    pub fn new(base_url: Cow<'static, str>, api_version: PcsVersion, enclave_identity_to_request: EnclaveIdentity) -> Self {
+    pub fn new(base_url: Cow<'static, str>, api_version: PcsVersion) -> Self {
         QeIdApi {
             base_url,
             api_version,
-            enclave_identity_to_request
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -51,13 +51,12 @@ impl PccsProvisioningClientBuilder {`
`51`	`51`	`let pck_certs = PckCertsApiNotSupported;`
`52`	`52`	`let pck_cert = PckCertApi::new(self.base_url.clone(), self.api_version);`
`53`	`53`	`let pck_crl = PckCrlApi::new(self.base_url.clone(), self.api_version);`
`54`		`- let qeid = QeIdApi::new(self.base_url.clone(), self.api_version.clone(), EnclaveIdentity::QE);`
`55`		`- let tdqeid = QeIdApi::new(self.base_url.clone(), self.api_version.clone(), EnclaveIdentity::TDQE);`
	`54`	`+ let qeid = QeIdApi::new(self.base_url.clone(), self.api_version.clone());`
`56`	`55`	`let tcbinfo = TcbInfoApi::<platform::SGX>::new(self.base_url.clone(), self.api_version);`
`57`	`56`	`let tcbinfotdx = TcbInfoApi::<platform::TDX>::new(self.base_url.clone(), self.api_version);`
`58`	`57`	`let evaluation_data_numbers = TcbEvaluationDataNumbersApi::new(self.base_url.clone());`
`59`	`58`	`self.client_builder`
`60`		`- .build(pck_certs, pck_cert, pck_crl, qeid, tdqeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)`
	`59`	`+ .build(pck_certs, pck_cert, pck_crl, qeid, tcbinfo, tcbinfotdx, evaluation_data_numbers, fetcher)`
`61`	`60`	`}`
`62`	`61`	`}`
`63`	`62`
`@@ -352,15 +351,13 @@ impl<'inp, T: PlatformTypeForTcbInfo<T>> ProvisioningServiceApi<'inp> for TcbInf`
`352`	`351`	`pub struct QeIdApi {`
`353`	`352`	`base_url: Cow<'static, str>,`
`354`	`353`	`api_version: PcsVersion,`
`355`		`- enclave_identity_to_request: EnclaveIdentity`
`356`	`354`	`}`
`357`	`355`
`358`	`356`	`impl QeIdApi {`
`359`		`- pub fn new(base_url: Cow<'static, str>, api_version: PcsVersion, enclave_identity_to_request: EnclaveIdentity) -> Self {`
	`357`	`+ pub fn new(base_url: Cow<'static, str>, api_version: PcsVersion) -> Self {`
`360`	`358`	`QeIdApi {`
`361`	`359`	`base_url,`
`362`	`360`	`api_version,`
`363`		`- enclave_identity_to_request`
`364`	`361`	`}`
`365`	`362`	`}`
`366`	`363`	`}`