dcap_artifact_retrieval/
lib.rs

1/* Copyright (c) Fortanix, Inc.
2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 */
7
8//! DCAP attestations require access to Intel-signed artifacts. This library provides clients to
9//! access these artifacts both from Intel directly, and from Microsoft Azure.
10
11#[cfg(all(not(target_env = "sgx"), feature = "reqwest"))]
12pub mod cli;
13pub mod provisioning_client;
14
15pub use self::provisioning_client::*;
16
17use std::borrow::Cow;
18use std::io::Error as IoError;
19use std::str::Utf8Error;
20
21use pcs::Error as OAError;
22use pkix::ASN1Error;
23use quick_error::quick_error;
24#[cfg(feature = "reqwest")]
25pub use reqwest::blocking::Client as ReqwestClient;
26
27quick_error! {
28    #[derive(Debug)]
29    pub enum Error {
30        PckIdParseError(msg: &'static str) {
31            description("Error during parsing PCKID file")
32            display("Error parsing PCKID file: {}", msg)
33        }
34        ReadResponseError(msg: Cow<'static, str>) {
35            from()
36            display("{}", msg)
37        }
38        FetcherFailure(err: String) {
39            from()
40            display("{}", err)
41        }
42        IoError(err: IoError) {
43            from()
44        }
45        PCSError(status_code: StatusCode, msg : &'static str ) {
46            description("Certification services returned an unexpected response")
47            display("{}", msg)
48        }
49        PCSParseError(err: serde_json::error::Error) {
50            description("Intel PCS response failed to parse correctly")
51            display("json parse error: {}", err)
52        }
53        PCSDecodeError(error: Cow<'static, str>) {
54            description("Intel PCS response could not be decoded")
55            display("percent decoding failed: {}", error)
56        }
57        HeaderMissing(msg : &'static str) {
58            description("Expected header was not present")
59            display("Expected header \"{}\" missing", msg)
60        }
61        HeaderDecodeError(err : Utf8Error) {
62            description("Intel certification services returned a header that could not be decoded")
63            display("Failed to decode header")
64        }
65        HeaderParseError(msg : &'static str) {
66            description("Header could not be parsed")
67            display("Failed to parse header {}", msg)
68        }
69        CertificateParseError(msg: &'static str) {
70            description("Certificate could not be parsed")
71            display("Failed to parse certificate {}", msg)
72        }
73        CertificateEncodingError(err: ASN1Error) {
74            from()
75        }
76        NoEncPPID {
77            description("Enc_ppid is required, but not provided")
78            display("No enc_ppid was provided")
79        }
80        NoCPUSVN {
81            description("CPU_svn is required, but not provided")
82            display("No cpu_svn was provided")
83        }
84        NoPCEISVSVN {
85            description("PCE ISVSVN is required, but not provided")
86            display("No pce_isvsvn was provided")
87        }
88        NoPCEID {
89            description("PCEID is required, but not provided")
90            display("No pce_id was provided")
91        }
92        NoQeID {
93            description("QEID is required, but not provided")
94            display("No QE ID was provided")
95        }
96        NoAPIKey {
97            description("PCS key is required, but not provided")
98            display("No api_key was provided")
99        }
100        OfflineAttestationError(err: OAError) {
101            from()
102        }
103        BadRequest(err: &'static str) {
104            description("Bad Request")
105            display("{}", err)
106        }
107        RequestNotSupported {
108            description("Client does not support this request")
109            display("Client does not support this request")
110        }
111    }
112}
113
114pub type Result<T> = std::result::Result<T, Error>;
115
116/// Create a reqwest client using native tls(by default) or rustls if feature
117/// "rustls-tls" is enabled.
118#[cfg(feature = "reqwest")]
119pub fn reqwest_client() -> ReqwestClient {
120    #[cfg(not(feature = "rustls-tls"))]
121    {
122        reqwest_client_native_tls()
123    }
124    #[cfg(feature = "rustls-tls")]
125    {
126        reqwest_client_rustls()
127    }
128}
129
130/// Create a reqwest client using rustls tls.
131#[cfg(all(feature = "reqwest", feature = "rustls-tls"))]
132pub fn reqwest_client_rustls() -> ReqwestClient {
133    ReqwestClient::builder()
134        .use_rustls_tls()
135        .build()
136        .expect("Failed to build reqwest client")
137}
138
139/// Create a reqwest client using native tls.
140#[cfg(all(feature = "reqwest"))]
141pub fn reqwest_client_native_tls() -> ReqwestClient {
142    ReqwestClient::builder()
143        .use_native_tls()
144        .build()
145        .expect("Failed to build reqwest client")
146}
147
148#[cfg(feature = "reqwest")]
149#[doc(hidden)]
150pub fn reqwest_client_insecure_tls() -> ReqwestClient {
151    let client_builder;
152    #[cfg(not(feature = "rustls-tls"))]
153    {
154        client_builder = ReqwestClient::builder().use_native_tls();
155    }
156    #[cfg(feature = "rustls-tls")]
157    {
158        client_builder = ReqwestClient::builder().use_rustls_tls();
159    }
160    client_builder
161        .danger_accept_invalid_certs(true)
162        .danger_accept_invalid_hostnames(true)
163        .build()
164        .expect("Failed to build reqwest client")
165}