From 9c04006b8f5281bd5b436f81ec855f78a719dff7 Mon Sep 17 00:00:00 2001 From: houmingyong Date: Wed, 18 Dec 2024 09:34:57 +0800 Subject: [PATCH] add detailed log of file opening failures --- .../attestation-service/verifier/src/virtcca/ima.rs | 8 ++++---- .../attestation-service/verifier/src/virtcca/mod.rs | 9 ++++++--- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/service/attestation/attestation-service/verifier/src/virtcca/ima.rs b/service/attestation/attestation-service/verifier/src/virtcca/ima.rs index 7af55e8..e25e55e 100644 --- a/service/attestation/attestation-service/verifier/src/virtcca/ima.rs +++ b/service/attestation/attestation-service/verifier/src/virtcca/ima.rs @@ -9,7 +9,7 @@ * PURPOSE. * See the Mulan PSL v2 for more details. */ -use anyhow::{Result, bail}; +use anyhow::{anyhow, Result, bail}; use ima_measurements::{Event, EventData, Parser}; use fallible_iterator::FallibleIterator; use serde_json::{Value, Map, json}; @@ -47,7 +47,8 @@ impl ImaVerify { bail!("ima log hash verify failed"); } - let ima_refs: Vec<_> = file_reader(IMA_REFERENCE_FILE)? + let ima_refs: Vec<_> = file_reader(IMA_REFERENCE_FILE) + .map_err(|_err| anyhow!("{} is not found", IMA_REFERENCE_FILE))? .into_iter() .map(String::from) .collect(); @@ -80,8 +81,7 @@ impl ImaVerify { use std::io::BufRead; use std::io::BufReader; fn file_reader(file_path: &str) -> ::std::io::Result> { - let file = std::fs::File::open(file_path) - .expect("open ima reference file failed"); + let file = std::fs::File::open(file_path)?; let mut strings = Vec::::new(); let mut reader = BufReader::new(file); let mut buf = String::new(); diff --git a/service/attestation/attestation-service/verifier/src/virtcca/mod.rs b/service/attestation/attestation-service/verifier/src/virtcca/mod.rs index 97f5b6b..42f263a 100644 --- a/service/attestation/attestation-service/verifier/src/virtcca/mod.rs +++ b/service/attestation/attestation-service/verifier/src/virtcca/mod.rs @@ -161,9 +161,11 @@ impl Evidence { // todo verify cert chain, now only verify signature fn verify_dev_cert_chain(dev_cert: &[u8]) -> Result<()> { let dev_cert = x509::X509::from_der(dev_cert)?; - let sub_cert_file = std::fs::read(VIRTCCA_SUB_CERT)?; + let sub_cert_file = std::fs::read(VIRTCCA_SUB_CERT) + .map_err(|_err| anyhow!("{} is not found", VIRTCCA_SUB_CERT))?; let sub_cert = x509::X509::from_pem(&sub_cert_file)?; - let root_cert_file = std::fs::read(VIRTCCA_ROOT_CERT)?; + let root_cert_file = std::fs::read(VIRTCCA_ROOT_CERT) + .map_err(|_err| anyhow!("{} is not found", VIRTCCA_ROOT_CERT))?; let root_cert = x509::X509::from_pem(&root_cert_file)?; // verify dev_cert by sub_cert @@ -229,7 +231,8 @@ impl Evidence { } #[cfg(feature = "no_as")] fn compare_with_ref(&mut self) -> Result<()> { - let ref_file = std::fs::read(VIRTCCA_REF_VALUE_FILE)?; + let ref_file = std::fs::read(VIRTCCA_REF_VALUE_FILE) + .map_err(|_err| anyhow!("{} is not found", VIRTCCA_REF_VALUE_FILE))?; let js_ref = serde_json::from_slice(&ref_file)?; match js_ref { serde_json::Value::Object(obj) => { -- 2.43.0