packages/secGear
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secGear/0086-add-error-type-for-api.patch

681 lines
26 KiB
Diff
Raw Permalink Normal View History

add error type for api (cherry picked from commit f2fa9b7fc624189a8714f23c8a5dd66f099dc402)
2024-11-26 11:42:52 +08:00
From fae0b444629f5cd20a544d5513870d9435f72ef0 Mon Sep 17 00:00:00 2001
From: xuraoqing <xuraoqing@huawei.com>
Date: Mon, 9 Sep 2024 19:23:48 +0800
Subject: [PATCH] add error type for api
Signed-off-by: houmingyong <houmingyong@huawei.com>
---
.../agent/src/bin/aa-test/main.rs | 1 +
.../attestation-agent/agent/src/lib.rs | 24 +++++++--
.../agent/src/restapi/mod.rs | 31 +++++++-----
.../attestation-agent/agent/src/result/mod.rs | 8 +++
.../attestation-agent/token/Cargo.toml | 3 +-
.../attestation-agent/token/src/lib.rs | 49 +++++++++----------
.../policy/src/policy_engine.rs | 3 ++
.../attestation-service/reference/Cargo.toml | 3 +-
.../reference/src/reference/mod.rs | 39 ++++-----------
.../reference/src/store/mod.rs | 9 ++++
.../attestation-service/service/src/lib.rs | 9 ++--
.../service/src/restapi/mod.rs | 25 +++-------
.../service/src/result/mod.rs | 20 ++++++++
.../attestation-service/token/Cargo.toml | 3 +-
.../attestation-service/token/src/lib.rs | 33 +++++++++----
15 files changed, 153 insertions(+), 107 deletions(-)
diff --git a/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs b/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs
index 48e3e68e..4867a234 100644
--- a/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs
+++ b/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs
@@ -169,6 +169,7 @@ async fn aa_proc(i: i64) {
}
status => {
log::error!("thread {} case6 verify token failed response: {:?}", i, status);
+ log::error!("thread case6 verify token failed response:{}", res.text().await.unwrap());
}
}
}
diff --git a/service/attestation/attestation-agent/agent/src/lib.rs b/service/attestation/attestation-agent/agent/src/lib.rs
index f6e03c6c..f1c4510b 100644
--- a/service/attestation/attestation-agent/agent/src/lib.rs
+++ b/service/attestation/attestation-agent/agent/src/lib.rs
@@ -22,6 +22,7 @@ use async_trait::async_trait;
use std::fs::File;
use std::path::Path;
use rand::RngCore;
+use thiserror;
use attester::{Attester, AttesterAPIs};
use token_verifier::{TokenVerifyConfig, TokenVerifier, TokenRawData};
@@ -30,6 +31,22 @@ pub mod result;
use result::Error;
pub type TeeClaim = serde_json::Value;
+#[derive(Debug, thiserror::Error)]
+pub enum AgentError {
+ #[error("challenge error: {0}")]
+ ChallengeError(String),
+ #[error("get evidence error: {0}")]
+ DecodeError(String),
+ #[error("get evidence error: {0}")]
+ GetEvidenceError(String),
+ #[error("verify evidence error: {0}")]
+ VerifyEvidenceError(String),
+ #[error("get token error: {0}")]
+ GetTokenError(String),
+ #[error("verify token error: {0}")]
+ VerifyTokenError(String),
+}
+
#[cfg(feature = "no_as")]
use verifier::{Verifier, VerifierAPIs};
@@ -136,11 +153,8 @@ impl AttestationAgentAPIs for AttestationAgent {
async fn verify_token(&self, token: String) -> Result<AsTokenClaim> {
let verifier = TokenVerifier::new(self.config.token_cfg.clone())?;
- let result = verifier.verify(&token);
- match result {
- Ok(raw_token) => Ok(raw_token as AsTokenClaim),
- Err(e) => bail!("verify token failed {:?}", e),
- }
+ let result = verifier.verify(&token)?;
+ Ok(result)
}
}
diff --git a/service/attestation/attestation-agent/agent/src/restapi/mod.rs b/service/attestation/attestation-agent/agent/src/restapi/mod.rs
index 490242aa..0570060b 100644
--- a/service/attestation/attestation-agent/agent/src/restapi/mod.rs
+++ b/service/attestation/attestation-agent/agent/src/restapi/mod.rs
@@ -9,7 +9,7 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
-use attestation_agent::{AttestationAgent, AttestationAgentAPIs, TokenRequest};
+use attestation_agent::{AttestationAgent, AttestationAgentAPIs, TokenRequest, AgentError};
use attestation_agent::result::Result;
use actix_web::{ post, get, web, HttpResponse};
@@ -18,7 +18,6 @@ use serde::{Deserialize, Serialize};
use std::sync::Arc;
use tokio::sync::RwLock;
use log;
-use base64_url;
#[derive(Deserialize, Serialize, Debug)]
struct GetChallengeRequest {}
@@ -30,7 +29,8 @@ pub async fn get_challenge(
) -> Result<HttpResponse> {
//let request = request.0;
log::debug!("get challenge request");
- let challenge = agent.read().await.get_challenge().await?;
+ let challenge = agent.read().await.get_challenge().await
+ .map_err(|err| AgentError::ChallengeError(err.to_string()))?;
Ok(HttpResponse::Ok().body(challenge))
}
@@ -49,7 +49,8 @@ pub async fn get_evidence(
) -> Result<HttpResponse> {
let request = request.0;
log::debug!("get evidence request: {:?}", request);
- let challenge = base64_url::decode(&request.challenge).expect("base64 decode challenge");
+ let challenge = base64_url::decode(&request.challenge)
+ .map_err(|err|AgentError::DecodeError(err.to_string()))?;
let uuid = request.uuid;
let ima = request.ima;
let input = EvidenceRequest {
@@ -57,7 +58,8 @@ pub async fn get_evidence(
challenge: challenge,
ima: ima,
};
- let evidence = agent.read().await.get_evidence(input).await?;
+ let evidence = agent.read().await.get_evidence(input).await
+ .map_err(|err|AgentError::GetEvidenceError(err.to_string()))?;
Ok(HttpResponse::Ok().body(evidence))
@@ -76,11 +78,13 @@ pub async fn verify_evidence(
) -> Result<HttpResponse> {
let request = request.0;
log::debug!("verify evidence request: {:?}", request);
- let challenge = base64_url::decode(&request.challenge).expect("base64 decode challenge");
+ let challenge = base64_url::decode(&"request.challenge".to_string())
+ .map_err(|err|AgentError::DecodeError(err.to_string()))?;
let evidence = request.evidence;
let policy_id = request.policy_id;
- let claim = agent.read().await.verify_evidence(&challenge, evidence.as_bytes(), policy_id).await?;
+ let claim = agent.read().await.verify_evidence(&challenge, evidence.as_bytes(), policy_id).await
+ .map_err(|err|AgentError::VerifyEvidenceError(err.to_string()))?;
let string_claim = serde_json::to_string(&claim)?;
Ok(HttpResponse::Ok().body(string_claim))
@@ -101,7 +105,8 @@ pub async fn get_token(
) -> Result<HttpResponse> {
let request = request.0;
log::debug!("get token request: {:?}", request);
- let challenge = base64_url::decode(&request.challenge).expect("base64 decode challenge");
+ let challenge = base64_url::decode(&request.challenge)
+ .map_err(|err|AgentError::DecodeError(err.to_string()))?;
let uuid = request.uuid;
let ima = request.ima;
let policy_id = request.policy_id;
@@ -115,8 +120,8 @@ pub async fn get_token(
policy_id: policy_id,
};
- let token = agent.read().await.get_token(input).await?;
-
+ let token = agent.read().await.get_token(input).await
+ .map_err(|err|AgentError::GetTokenError(err.to_string()))?;
Ok(HttpResponse::Ok().body(token))
}
@@ -133,8 +138,10 @@ pub async fn verify_token(
let request = request.0;
log::debug!("verify token request: {:?}", request);
- let claim = agent.read().await.verify_token(request.token).await?;
- let string_claim = serde_json::to_string(&claim)?;
+ let claim = agent.read().await.verify_token(request.token).await
+ .map_err(|err|AgentError::VerifyTokenError(err.to_string()))?;
+ let string_claim = serde_json::to_string(&claim)
+ .map_err(|err|AgentError::VerifyTokenError(err.to_string()))?;
Ok(HttpResponse::Ok().body(string_claim))
}
\ No newline at end of file
diff --git a/service/attestation/attestation-agent/agent/src/result/mod.rs b/service/attestation/attestation-agent/agent/src/result/mod.rs
index f06f064b..a33be0cb 100644
--- a/service/attestation/attestation-agent/agent/src/result/mod.rs
+++ b/service/attestation/attestation-agent/agent/src/result/mod.rs
@@ -11,6 +11,8 @@
*/
use actix_web::{body::BoxBody, HttpResponse, ResponseError};
+use crate::AgentError;
+
pub type Result<T, E = Error> = std::result::Result<T, E>;
/// libdevice error
@@ -30,6 +32,12 @@ pub enum Error {
source: actix_web::error::Error,
},
+ #[error("Agent error: {source:?}")]
+ Agent {
+ #[from]
+ source: AgentError,
+ },
+
#[error("Deserialize error: {source:?}")]
Deserialize {
#[from]
diff --git a/service/attestation/attestation-agent/token/Cargo.toml b/service/attestation/attestation-agent/token/Cargo.toml
index aa5cafcf..916f2a2e 100644
--- a/service/attestation/attestation-agent/token/Cargo.toml
+++ b/service/attestation/attestation-agent/token/Cargo.toml
@@ -10,4 +10,5 @@ jsonwebtoken.workspace = true
serde.workspace = true
serde_json.workspace = true
anyhow.workspace = true
-attestation-types.workspace = true
\ No newline at end of file
+attestation-types.workspace = true
+thiserror.workspace = true
\ No newline at end of file
diff --git a/service/attestation/attestation-agent/token/src/lib.rs b/service/attestation/attestation-agent/token/src/lib.rs
index 50a7a7a0..37aab9eb 100644
--- a/service/attestation/attestation-agent/token/src/lib.rs
+++ b/service/attestation/attestation-agent/token/src/lib.rs
@@ -9,12 +9,23 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
-use anyhow::{Result, bail};
use std::path::Path;
use serde::{Deserialize, Serialize};
use jsonwebtoken::{decode, decode_header, Algorithm, DecodingKey, Validation };
use attestation_types::Claims;
+#[derive(thiserror::Error, Debug)]
+pub enum VerifyError {
+ #[error("parse fail:{0:?}")]
+ CommError(#[from] jsonwebtoken::errors::Error),
+ #[error("unknown algorithm:{0}")]
+ UnknownAlg(String),
+ #[error("certificate not exist:{0}")]
+ CertNotExist(String),
+ #[error("serialize fail:{0}")]
+ SerializeFail(#[from] serde_json::error::Error),
+}
+
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct TokenVerifyConfig {
pub cert: String, // Attestation Service cert to verify jwt token signature
@@ -52,7 +63,7 @@ pub struct TokenRawData {
}
impl TokenVerifier {
- pub fn new(config: TokenVerifyConfig) -> Result<Self> {
+ pub fn new(config: TokenVerifyConfig) -> Result<Self, VerifyError> {
Ok(TokenVerifier { config })
}
fn support_rs(alg: &Algorithm) -> bool
@@ -72,43 +83,29 @@ impl TokenVerifier {
pub fn verify(
&self,
token: &String
- ) -> Result<TokenRawData> {
- let header = match decode_header(&token) {
- Ok(h) => h,
- Err(e) => bail!("decode jwt header error {:?}", e),
- };
+ ) -> Result<TokenRawData, VerifyError> {
+ let header = decode_header(&token)?;
let alg: Algorithm = header.alg;
if !Self::support_rs(&alg) && !Self::support_ps(&alg) {
- bail!("unknown algrithm {:?}", alg);
+ return Err(VerifyError::UnknownAlg(format!("unknown algrithm {:?}", alg)));
}
if !Path::new(&self.config.cert).exists() {
- bail!("token verfify failed, {:?} cert not exist", self.config.cert);
+ return Err(VerifyError::CertNotExist(format!("{:?} not exist", self.config.cert)));
}
let cert = std::fs::read(&self.config.cert).unwrap();
/* 使用配置的公钥 */
- let key_value: DecodingKey = match DecodingKey::from_rsa_pem(&cert)
- {
- Ok(key) => key,
- Err(e) => bail!("get key from pem error {:?}", e),
- };
+ let key_value: DecodingKey = DecodingKey::from_rsa_pem(&cert)?;
let mut validation = Validation::new(alg);
validation.set_issuer(&[self.config.iss.clone()]);
validation.validate_exp = true;
- let data = decode::<Claims>(&token, &key_value, &validation);
- match data {
- Ok(d) => {
- let header = d.header.clone();
- let claims = d.claims.clone();
- Ok(TokenRawData {
- header: serde_json::to_string(&header).unwrap(),
- claim: serde_json::to_string(&claims).unwrap(),
- })
- }
- Err(e) => bail!("verfiy jwt failed {:?}", e),
- }
+ let data = decode::<Claims>(&token, &key_value, &validation)?;
+ Ok(TokenRawData {
+ header: serde_json::to_string(&data.header)?,
+ claim: serde_json::to_string(&data.claims)?,
+ })
}
}
diff --git a/service/attestation/attestation-service/policy/src/policy_engine.rs b/service/attestation/attestation-service/policy/src/policy_engine.rs
index a03a8cc8..7a8508ef 100644
--- a/service/attestation/attestation-service/policy/src/policy_engine.rs
+++ b/service/attestation/attestation-service/policy/src/policy_engine.rs
@@ -10,6 +10,7 @@
* See the Mulan PSL v2 for more details.
*/
use std::{collections::HashMap, fmt::Display};
+
#[derive(Debug)]
pub enum PolicyEngineError {
InvalidPolicy(String),
@@ -50,6 +51,8 @@ impl Display for PolicyEngineError {
}
}
+impl std::error::Error for PolicyEngineError {}
+
pub trait PolicyEngine {
fn evaluate(
&self,
diff --git a/service/attestation/attestation-service/reference/Cargo.toml b/service/attestation/attestation-service/reference/Cargo.toml
index b36991e7..fb0a4bbb 100644
--- a/service/attestation/attestation-service/reference/Cargo.toml
+++ b/service/attestation/attestation-service/reference/Cargo.toml
@@ -13,4 +13,5 @@ base64.workspace = true
sled.workspace = true
openssl.workspace = true
hex.workspace = true
-lazy_static.workspace = true
\ No newline at end of file
+lazy_static.workspace = true
+thiserror.workspace = true
\ No newline at end of file
diff --git a/service/attestation/attestation-service/reference/src/reference/mod.rs b/service/attestation/attestation-service/reference/src/reference/mod.rs
index bf56c854..6ec43714 100644
--- a/service/attestation/attestation-service/reference/src/reference/mod.rs
+++ b/service/attestation/attestation-service/reference/src/reference/mod.rs
@@ -15,6 +15,7 @@ use crate::store::{KvError, KvStore};
use openssl::sha::sha256;
use serde::{Deserialize, Serialize};
use serde_json::{json, Value};
+use thiserror::{self, Error};
pub struct ReferenceOps {
store: Box<dyn KvStore>,
@@ -40,16 +41,12 @@ pub struct Ref {
pub value: Value,
}
-#[derive(Debug, PartialEq)]
+#[derive(Error, Debug, PartialEq)]
pub enum RefOpError {
+ #[error("reference operation error {0}")]
Err(String),
-}
-impl From<KvError> for RefOpError {
- fn from(value: KvError) -> Self {
- match value {
- KvError::Err(v) => RefOpError::Err(v),
- }
- }
+ #[error("reference store error: {0:?}")]
+ StoreErr(#[from] KvError)
}
impl ReferenceOps {
@@ -68,36 +65,20 @@ impl ReferenceOps {
fn register_reference(&mut self, reference: &Ref) -> Result<(), RefOpError> {
// generate reference key
let key = Self::generate_reference_key(reference);
- match self.store.write(
+ self.store.write(
&key,
serde_json::to_string(&reference)
.unwrap()
.as_bytes()
.as_ref(),
- ) {
- Ok(_) => {
- return Ok(());
- }
- Err(err) => match err {
- KvError::Err(err) => {
- return Err(RefOpError::Err(err));
- }
- },
- }
+ )?;
+ Ok(())
}
fn unregister_reference(&mut self, reference: &Ref) -> Result<(), RefOpError> {
let key = Self::generate_reference_key(reference);
- match self.store.delete(&key) {
- Ok(_) => {
- return Ok(());
- }
- Err(err) => match err {
- KvError::Err(err) => {
- return Err(RefOpError::Err(err));
- }
- },
- }
+ self.store.delete(&key)?;
+ Ok(())
}
fn query_reference(&mut self, reference: &Ref) -> Option<Vec<u8>> {
diff --git a/service/attestation/attestation-service/reference/src/store/mod.rs b/service/attestation/attestation-service/reference/src/store/mod.rs
index c8c82607..c9597f6a 100644
--- a/service/attestation/attestation-service/reference/src/store/mod.rs
+++ b/service/attestation/attestation-service/reference/src/store/mod.rs
@@ -9,9 +9,18 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
+#[derive(Debug, PartialEq)]
pub enum KvError {
Err(String),
}
+impl std::fmt::Display for KvError {
+ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+ match self {
+ KvError::Err(msg) => write!(f, "kv store error:{}", msg)
+ }
+ }
+}
+impl std::error::Error for KvError {}
pub trait KvStore {
fn write(&mut self, key: &str, value: &[u8]) -> Result<(), KvError>;
fn read(&mut self, key: &str) -> Option<Vec<u8>>;
diff --git a/service/attestation/attestation-service/service/src/lib.rs b/service/attestation/attestation-service/service/src/lib.rs
index 3ec73d3d..31e6305d 100644
--- a/service/attestation/attestation-service/service/src/lib.rs
+++ b/service/attestation/attestation-service/service/src/lib.rs
@@ -134,7 +134,7 @@ impl AttestationService {
Ok(eval) => {
for id in eval.keys() {
let val = Value::from_str(&eval[id].clone())?;
- let refs = match val.as_object().ok_or(Err(anyhow!(""))) {
+ let refs = match val.as_object().ok_or(Err(anyhow!("json value to map fail"))) {
Err(err) => { return Err(err.unwrap()); }
Ok(ret) => { ret }
};
@@ -165,7 +165,7 @@ impl AttestationService {
// demo get signer, todo default signer
let signer = TokenSigner::new(self.config.token_cfg.clone())?;
- signer.sign(&evl_report)
+ Ok(signer.sign(&evl_report)?)
}
pub async fn generate_challenge(&self) -> String {
@@ -174,7 +174,6 @@ impl AttestationService {
base64_url::encode(&nonce)
}
- // todo pub fun set policy
pub async fn set_policy(&self,
id: &String,
policy: &String,
@@ -185,7 +184,7 @@ impl AttestationService {
.set_policy(id, policy)
.await
}
- // todo pub fun get policy
+
pub async fn get_policy(&self,
policy_dir: &String,
) -> Result<String, PolicyEngineError> {
@@ -203,7 +202,7 @@ impl AttestationService {
Err(err) => Err(err)
}
}
- // todo pub fun import reference value
+
pub async fn register_reference(&self,
ref_set: &String
) -> Result<(), RefOpError> {
diff --git a/service/attestation/attestation-service/service/src/restapi/mod.rs b/service/attestation/attestation-service/service/src/restapi/mod.rs
index a7e6012b..f49d1755 100644
--- a/service/attestation/attestation-service/service/src/restapi/mod.rs
+++ b/service/attestation/attestation-service/service/src/restapi/mod.rs
@@ -77,8 +77,8 @@ pub async fn attestation(
}
}
- let nonce = base64_url::decode(&challenge).expect("base64 decode nonce");
- let evidence = base64_url::decode(&request.evidence).expect("base64 decode evidence");
+ let nonce = base64_url::decode(&challenge)?;
+ let evidence = base64_url::decode(&request.evidence)?;
let ids = request.policy_id;
let token = service.read().await.evaluate(&nonce, &evidence, &ids).await?;
@@ -97,10 +97,8 @@ pub async fn reference(
) -> Result<HttpResponse> {
let request = request.0;
log::debug!("reference request: {:?}", request);
- match service.read().await.register_reference(&request.refs).await {
- Ok(_) => Ok(HttpResponse::Ok().body("set reference success")),
- Err(_err) => Ok(HttpResponse::Ok().body("set reference fail")),
- }
+ service.read().await.register_reference(&request.refs).await?;
+ Ok(HttpResponse::Ok().body("set reference success"))
}
#[derive(Deserialize, Serialize, Debug)]
@@ -120,13 +118,8 @@ pub async fn set_policy(
let policy_id = request.id.clone();
let policy = request.policy.clone();
let dir:String = String::from(DEFAULT_POLICY_DIR);
- match service.read().await.set_policy(&policy_id, &policy, &dir).await {
- Ok(_) => Ok(HttpResponse::Ok().body("set policy success")),
- Err(err) => {
- log::debug!("set policy error: {:?}", err);
- Ok(HttpResponse::Ok().body("set policy fail"))
- }
- }
+ service.read().await.set_policy(&policy_id, &policy, &dir).await?;
+ Ok(HttpResponse::Ok().body("set policy success"))
}
#[get("/policy")]
@@ -136,8 +129,6 @@ pub async fn get_policy(
) -> Result<HttpResponse> {
log::debug!("get policy request: {:?}", request);
let dir:String = String::from(DEFAULT_POLICY_DIR);
- match service.read().await.get_policy(&dir).await {
- Ok(ret) => Ok(HttpResponse::Ok().body(ret)),
- Err(_err) => Ok(HttpResponse::Ok().body("get policy fail")),
- }
+ let ret = service.read().await.get_policy(&dir).await?;
+ Ok(HttpResponse::Ok().body(ret))
}
diff --git a/service/attestation/attestation-service/service/src/result/mod.rs b/service/attestation/attestation-service/service/src/result/mod.rs
index fcb1c123..7261d19b 100644
--- a/service/attestation/attestation-service/service/src/result/mod.rs
+++ b/service/attestation/attestation-service/service/src/result/mod.rs
@@ -22,6 +22,26 @@ pub enum Error {
#[from]
source: std::io::Error,
},
+ #[error("attestation error: {source:?}")]
+ DecodeError {
+ #[from]
+ source: base64::DecodeError,
+ },
+ #[error("Policy Engine error: {source:?}")]
+ PolicyEngine {
+ #[from]
+ source: policy::policy_engine::PolicyEngineError,
+ },
+ #[error("Reference error: {source:?}")]
+ Reference {
+ #[from]
+ source: reference::reference::RefOpError,
+ },
+ #[error("Sign error: {source:?}")]
+ Sign {
+ #[from]
+ source: token_signer::SignError,
+ },
#[error("Web error: {source:?}")]
Web {
diff --git a/service/attestation/attestation-service/token/Cargo.toml b/service/attestation/attestation-service/token/Cargo.toml
index c4b885c0..029008a1 100644
--- a/service/attestation/attestation-service/token/Cargo.toml
+++ b/service/attestation/attestation-service/token/Cargo.toml
@@ -10,4 +10,5 @@ jsonwebtoken.workspace = true
serde.workspace = true
serde_json.workspace = true
anyhow.workspace = true
-attestation-types.workspace = true
\ No newline at end of file
+attestation-types.workspace = true
+thiserror.workspace = true
\ No newline at end of file
diff --git a/service/attestation/attestation-service/token/src/lib.rs b/service/attestation/attestation-service/token/src/lib.rs
index ed41a4ec..3ee785e5 100644
--- a/service/attestation/attestation-service/token/src/lib.rs
+++ b/service/attestation/attestation-service/token/src/lib.rs
@@ -9,7 +9,7 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
-use anyhow::{Result, bail};
+use anyhow::{Result};
use jsonwebtoken::{encode, get_current_timestamp,
Algorithm, EncodingKey, Header,
};
@@ -17,7 +17,21 @@ use std::path::Path;
use serde::{Deserialize, Serialize};
use serde_json::Value;
use attestation_types::{EvlResult, Claims};
+use thiserror;
+#[derive(thiserror::Error, Debug)]
+pub enum SignError {
+ #[error("get unix time fail:{0:?}")]
+ ToUnixTimeFail(#[from] std::num::TryFromIntError),
+ #[error("unsupport algorith:{0}")]
+ UnsupportAlg(String),
+ #[error("key not exist:{0}")]
+ KeyNotExist(String),
+ #[error("key content read fail:{0}")]
+ ReadKeyFail(String),
+ #[error("sign fail:{0:?}")]
+ SignFail(#[from] jsonwebtoken::errors::Error)
+}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct TokenSignConfig {
@@ -79,36 +93,35 @@ impl TokenSigner {
}
return false;
}
- pub fn sign(&self, report: &EvlReport) -> Result<String> {
+ pub fn sign(&self, report: &EvlReport) -> Result<String, SignError> {
let alg: Algorithm = self.config.alg;
let mut header = Header::new(alg);
header.typ = Some("JWT".to_string());
let unix_time = get_current_timestamp();
let claims: Claims = Claims {
iss: self.config.iss.clone(),
- iat: usize::try_from(unix_time).expect("unix time to usize error"),
- nbf: usize::try_from(unix_time).expect("unix time to usize error"),
- exp: usize::try_from(unix_time).expect("unix time to usize error")
- + self.config.valid_duration,
+ iat: usize::try_from(unix_time)?,
+ nbf: usize::try_from(unix_time)?,
+ exp: usize::try_from(unix_time)? + self.config.valid_duration,
evaluation_reports: report.result.clone(),
tee: report.tee.clone(),
tcb_status: report.tcb_status.clone(),
};
if !Self::support_rs(&alg) && !Self::support_ps(&alg) {
- bail!("unknown algrithm {:?}", alg);
+ return Err(SignError::UnsupportAlg(format!("unknown algrithm {:?}", alg)));
}
if !Path::new(&self.config.key).exists() {
- bail!("token verfify failed, {:?} cert not exist", self.config.key);
+ return Err(SignError::UnsupportAlg(format!("token verfify failed, {:?} cert not exist", self.config.key)));
}
let key = std::fs::read(&self.config.key).unwrap();
let key_value: EncodingKey = match EncodingKey::from_rsa_pem(&key) {
Ok(val) => val,
- _ => bail!("get key from input error"),
+ _ => {return Err(SignError::ReadKeyFail(format!("get key from input error")));}
};
let token = match encode(&header, &claims, &key_value) {
Ok(val) => val,
- Err(e) => bail!("sign jwt token error {:?}", e),
+ Err(e) => {return Err(SignError::SignFail(e));}
};
Ok(token)
}
--
2.46.0
Reference in New Issue Copy Permalink