From bc98b41d9cf8fb247d2c9502b775f03935a9f0dc Mon Sep 17 00:00:00 2001 From: houmingyong Date: Tue, 3 Sep 2024 10:57:51 +0800 Subject: [PATCH] fix concurrent request error to aa or as Signed-off-by: houmingyong --- .../agent/src/bin/aa-test/main.rs | 34 ++++--------------- .../attestation-agent/agent/src/lib.rs | 13 ++----- .../attestation-service/service/src/main.rs | 3 -- .../service/src/restapi/mod.rs | 30 ++-------------- .../service/src/session.rs | 3 -- .../verifier/src/itrustee/mod.rs | 4 +-- 6 files changed, 14 insertions(+), 73 deletions(-) diff --git a/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs b/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs index 89a301bf..48e3e68e 100644 --- a/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs +++ b/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs @@ -69,6 +69,7 @@ async fn aa_proc(i: i64) { }); log::info!("thread {} case2 get evidence, request body: {}", i, request_body); let attest_endpoint = "http://127.0.0.1:8081/evidence"; + let client = reqwest::Client::new(); let res = client .get(attest_endpoint) .header("Content-Type", "application/json") @@ -89,38 +90,14 @@ async fn aa_proc(i: i64) { return; } }; - // verify evidence with no challenge - #[cfg(not(feature = "no_as"))] - { - let request_body = json!({ - "challenge": "", - "evidence": evidence, - }); - log::info!("thread {} case3 verify evidence with no challenge", i); - let res = client - .post(attest_endpoint) - .header("Content-Type", "application/json") - .json(&request_body) - .send() - .await - .unwrap(); - - match res.status() { - reqwest::StatusCode::OK => { - let respone = res.text().await.unwrap(); - log::info!("thread {} case3 verify evidence with no challenge success response: {:?}", i, respone); - } - status => { - log::error!("thread {} case3 verify evidence with no challenge failed response: {:?}", i, status); - } - } - } + // case3 verify evidence with no challenge // verify evidence with challenge let request_body = json!({ "challenge": challenge, "evidence": evidence, }); log::info!("thread {} case4 verify evidence with challenge", i); + let client = reqwest::Client::new(); let res = client .post(attest_endpoint) .header("Content-Type", "application/json") @@ -148,7 +125,7 @@ async fn aa_proc(i: i64) { "uuid": String::from("f68fd704-6eb1-4d14-b218-722850eb3ef0"), }); log::info!("thread {} case5 get token, request body: {}", i, request_body); - + let client = reqwest::Client::new(); let res = client .get(token_endpoint) .header("Content-Type", "application/json") @@ -165,7 +142,7 @@ async fn aa_proc(i: i64) { respone } status => { - log::error!("thread {} case5 get token failed response: {:?}", i, status); + log::error!("thread {} case5 get token failed status: {:?} response: {:?}", i, status, res.text().await.unwrap()); return; } }; @@ -176,6 +153,7 @@ async fn aa_proc(i: i64) { }); log::info!("thread {} case6 verify token", i); + let client = reqwest::Client::new(); let res = client .post(token_endpoint) .header("Content-Type", "application/json") diff --git a/service/attestation/attestation-agent/agent/src/lib.rs b/service/attestation/attestation-agent/agent/src/lib.rs index c4d913b6..393914d6 100644 --- a/service/attestation/attestation-agent/agent/src/lib.rs +++ b/service/attestation/attestation-agent/agent/src/lib.rs @@ -171,7 +171,6 @@ impl TryFrom<&Path> for AAConfig { #[derive(Debug)] pub struct AttestationAgent { config: AAConfig, - client: reqwest::Client, } #[allow(dead_code)] @@ -187,14 +186,8 @@ impl AttestationAgent { AAConfig::default() } }; - let client = reqwest::ClientBuilder::new() - .cookie_store(true) - .user_agent("attestation-agent-client") - .build() - .map_err(|e| result::Error::AttestationAgentError(format!("build http client {e}")))?; Ok(AttestationAgent { config, - client, }) } @@ -211,7 +204,7 @@ impl AttestationAgent { }); let attest_endpoint = format!("{}/attestation", self.config.svr_url); - let res = self.client + let res = reqwest::Client::new() .post(attest_endpoint) .header("Content-Type", "application/json") .json(&request_body) @@ -256,7 +249,7 @@ impl AttestationAgent { } async fn get_challenge_from_as(&self) -> Result { let challenge_endpoint = format!("{}/challenge", self.config.svr_url); - let res = self.client + let res = reqwest::Client::new() .get(challenge_endpoint) .header("Content-Type", "application/json") .header("content-length", 0) @@ -265,7 +258,7 @@ impl AttestationAgent { .await?; let challenge = match res.status() { reqwest::StatusCode::OK => { - let respone = res.json().await.unwrap(); + let respone = res.text().await?; log::debug!("get challenge success, AS Response: {:?}", respone); respone } diff --git a/service/attestation/attestation-service/service/src/main.rs b/service/attestation/attestation-service/service/src/main.rs index 1ccb1521..3ced10b9 100644 --- a/service/attestation/attestation-service/service/src/main.rs +++ b/service/attestation/attestation-service/service/src/main.rs @@ -15,7 +15,6 @@ use attestation_service::AttestationService; mod restapi; use restapi::{get_challenge, attestation, reference, get_policy, set_policy}; mod session; -use session::SessionMap; use anyhow::Result; use env_logger; @@ -55,13 +54,11 @@ async fn main() -> Result<()> { let cli = Cli::parse(); let server:AttestationService = AttestationService::new(Some(cli.config)).unwrap(); - let session_map = web::Data::new(SessionMap::new()); let service = web::Data::new(Arc::new(RwLock::new(server))); HttpServer::new(move || { App::new() .app_data(web::Data::clone(&service)) - .app_data(web::Data::clone(&session_map)) .service(get_challenge) .service(attestation) .service(reference) diff --git a/service/attestation/attestation-service/service/src/restapi/mod.rs b/service/attestation/attestation-service/service/src/restapi/mod.rs index ab2ccbfd..291b8657 100644 --- a/service/attestation/attestation-service/service/src/restapi/mod.rs +++ b/service/attestation/attestation-service/service/src/restapi/mod.rs @@ -10,8 +10,7 @@ * See the Mulan PSL v2 for more details. */ use attestation_service::AttestationService; -use attestation_service::result::{Result, Error}; -use crate::session::{Session, SessionMap}; +use attestation_service::result::{Result}; use actix_web::{ post, get, web, HttpResponse, HttpRequest}; use serde::{Deserialize, Serialize}; @@ -26,20 +25,12 @@ pub struct ChallengeRequest {} #[get("/challenge")] pub async fn get_challenge( - map: web::Data, service: web::Data>>, ) -> Result { log::debug!("challenge request"); let challenge = service.read().await.generate_challenge().await; - let timeout = service.read().await.config.token_cfg.valid_duration; - let session = Session::new(challenge, timeout.try_into().unwrap()); - let response = HttpResponse::Ok() - .cookie(session.cookie()) - .json(session.challenge.clone()); - map.insert(session); - - Ok(response) + Ok(HttpResponse::Ok().body(challenge)) } #[derive(Deserialize, Serialize, Debug)] @@ -52,26 +43,11 @@ pub struct AttestationRequest { #[post("/attestation")] pub async fn attestation( request: web::Json, - http_req: HttpRequest, - map: web::Data, service: web::Data>>, ) -> Result { log::debug!("attestation request is coming"); let request = request.0; - let mut challenge = request.challenge; - if challenge == "" { - let cookie = http_req.cookie("oeas-session-id").ok_or(Error::CookieMissing)?; - let session = map - .session_map - .get_async(cookie.value()) - .await - .ok_or(Error::CookieNotFound)?; - if session.is_expired() { - return Err(Error::SessionExpired); - } - log::debug!("session challenge:{}", session.challenge); - challenge = session.challenge.clone(); - } + let challenge = request.challenge; let nonce = base64_url::decode(&challenge).expect("base64 decode nonce"); let evidence = base64_url::decode(&request.evidence).expect("base64 decode evidence"); diff --git a/service/attestation/attestation-service/service/src/session.rs b/service/attestation/attestation-service/service/src/session.rs index 5f191a77..2aee35a3 100644 --- a/service/attestation/attestation-service/service/src/session.rs +++ b/service/attestation/attestation-service/service/src/session.rs @@ -52,7 +52,4 @@ impl SessionMap { pub fn insert(&self, session: Session) { let _ = self.session_map.insert(session.id.clone(), session); } - pub fn delete(&self, session: Session) { - let _ = self.session_map.remove(&session.id); - } } \ No newline at end of file diff --git a/service/attestation/attestation-service/verifier/src/itrustee/mod.rs b/service/attestation/attestation-service/verifier/src/itrustee/mod.rs index 67c857ac..8ce4d24b 100644 --- a/service/attestation/attestation-service/verifier/src/itrustee/mod.rs +++ b/service/attestation/attestation-service/verifier/src/itrustee/mod.rs @@ -42,8 +42,8 @@ fn evalute_wrapper(user_data: &[u8], evidence: &[u8]) -> Result { size: in_data.len() as ::std::os::raw::c_uint, buf: in_data.as_mut_ptr() as *mut ::std::os::raw::c_uchar, }; - log::info!("input nonce:{:?}", nonce); - let policy: std::os::raw::c_int = 1; + + let policy: std::os::raw::c_int = 1; // 1: verify ta_imag; 2: verfiy ta_mem; 3: verify ta_img and ta_mem hash; if !Path::new(ITRUSTEE_REF_VALUE_FILE).exists() { log::error!("itrustee verify report {} not exists", ITRUSTEE_REF_VALUE_FILE); bail!("itrustee verify report {} not exists", ITRUSTEE_REF_VALUE_FILE); -- 2.46.0