From f049a12a50b923c7b2a24243d362bccd66d425eb Mon Sep 17 00:00:00 2001 From: Steph Sinyakov Date: Thu, 2 Apr 2026 19:12:20 +0200 Subject: [PATCH] chore: remove attestation-provider-server crate --- Cargo.lock | 17 ---- Cargo.toml | 2 +- attestation-provider-server/Cargo.toml | 21 ---- attestation-provider-server/build.rs | 60 ----------- attestation-provider-server/src/lib.rs | 129 ------------------------ attestation-provider-server/src/main.rs | 112 -------------------- 6 files changed, 1 insertion(+), 340 deletions(-) delete mode 100644 attestation-provider-server/Cargo.toml delete mode 100644 attestation-provider-server/build.rs delete mode 100644 attestation-provider-server/src/lib.rs delete mode 100644 attestation-provider-server/src/main.rs diff --git a/Cargo.lock b/Cargo.lock index 69ca2db..cb9db68 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -535,23 +535,6 @@ dependencies = [ "x509-parser", ] -[[package]] -name = "attestation-provider-server" -version = "0.1.0" -dependencies = [ - "anyhow", - "attested-tls-proxy", - "axum", - "clap", - "hex", - "parity-scale-codec", - "reqwest", - "thiserror 2.0.17", - "tokio", - "tracing", - "tracing-subscriber", -] - [[package]] name = "attested-tls" version = "0.0.1" diff --git a/Cargo.toml b/Cargo.toml index 40a3ab3..97ddec1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,5 +1,5 @@ [workspace] -members = [".", "attestation-provider-server", "attested-tls"] +members = [".", "attested-tls"] [package] name = "attested-tls-proxy" diff --git a/attestation-provider-server/Cargo.toml b/attestation-provider-server/Cargo.toml deleted file mode 100644 index 18db9b3..0000000 --- a/attestation-provider-server/Cargo.toml +++ /dev/null @@ -1,21 +0,0 @@ -[package] -name = "attestation-provider-server" -description = "An HTTP server which provides attestations" -version = "0.1.0" -edition = "2024" -license = "MIT" -publish = false -repository = "https://github.com/flashbots/attested-tls-proxy" - -[dependencies] -attested-tls-proxy = { path = ".." } -tokio = { version = "1.48.0", features = ["full"] } -axum = "0.8.6" -clap = { version = "4.5.51", features = ["derive", "env"] } -anyhow = "1.0.100" -hex = "0.4.3" -tracing = "0.1.41" -tracing-subscriber = { version = "0.3.20", features = ["env-filter", "json"] } -parity-scale-codec = "3.7.5" -reqwest = { version = "0.12.23", default-features = false } -thiserror = "2.0.17" \ No newline at end of file diff --git a/attestation-provider-server/build.rs b/attestation-provider-server/build.rs deleted file mode 100644 index beba533..0000000 --- a/attestation-provider-server/build.rs +++ /dev/null @@ -1,60 +0,0 @@ -use std::{env, path::PathBuf, process::Command}; - -/// Run a git command and return trimmed stdout -fn git_output(args: &[&str]) -> Option { - let output = Command::new("git").args(args).output().ok()?; - if !output.status.success() { - return None; - } - - let value = String::from_utf8(output.stdout).ok()?; - let value = value.trim(); - if value.is_empty() { - None - } else { - Some(value.to_owned()) - } -} - -/// Resolve version as tag then branch-sha then sha then unknown -fn compute_git_rev() -> String { - if let Some(tag) = git_output(&["describe", "--tags", "--exact-match"]) { - return tag; - } - - let Some(sha) = git_output(&["rev-parse", "--short=12", "HEAD"]) else { - return "unknown".to_owned(); - }; - - match git_output(&["rev-parse", "--abbrev-ref", "HEAD"]) { - Some(branch) if branch != "HEAD" => format!("{branch}@{sha}"), - _ => sha, - } -} - -/// Emit build rerun hints for git metadata changes -fn emit_git_rerun_hints() { - let manifest_dir = - PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap_or_else(|_| ".".to_owned())); - - for git_dir in [ - manifest_dir.join(".git"), - manifest_dir.join("..").join(".git"), - ] { - if git_dir.exists() { - println!("cargo:rerun-if-changed={}", git_dir.join("HEAD").display()); - println!( - "cargo:rerun-if-changed={}", - git_dir.join("packed-refs").display() - ); - break; - } - } - - println!("cargo:rerun-if-env-changed=GIT_DIR"); -} - -fn main() { - println!("cargo:rustc-env=GIT_REV={}", compute_git_rev()); - emit_git_rerun_hints(); -} diff --git a/attestation-provider-server/src/lib.rs b/attestation-provider-server/src/lib.rs deleted file mode 100644 index 80bcf60..0000000 --- a/attestation-provider-server/src/lib.rs +++ /dev/null @@ -1,129 +0,0 @@ -pub use attested_tls_proxy::attestation::AttestationGenerator; -use std::net::SocketAddr; - -use attested_tls_proxy::attestation::{ - AttestationError, AttestationExchangeMessage, AttestationVerifier, -}; -use axum::{ - extract::{Path, State}, - http::StatusCode, - response::{IntoResponse, Response}, -}; -use parity_scale_codec::{Decode, Encode}; -use tokio::net::TcpListener; - -#[derive(Clone)] -struct SharedState { - attestation_generator: AttestationGenerator, -} - -/// An HTTP server which provides attestations -pub async fn attestation_provider_server( - listener: TcpListener, - attestation_generator: AttestationGenerator, -) -> anyhow::Result<()> { - let app = axum::Router::new() - .route("/attest/{input_data}", axum::routing::get(get_attest)) - .with_state(SharedState { - attestation_generator, - }); - - axum::serve(listener, app).await?; - - Ok(()) -} - -/// Handler for the GET `/attest/{input_data}` route -/// Input data should be 64 bytes hex -async fn get_attest( - State(shared_state): State, - Path(input_data): Path, -) -> Result<(StatusCode, Vec), ServerError> { - let input_data: [u8; 64] = hex::decode(input_data)? - .try_into() - .map_err(|_| ServerError::InvalidLength)?; - - let attestation = shared_state - .attestation_generator - .generate_attestation(input_data) - .await? - .encode(); - - Ok((StatusCode::OK, attestation)) -} - -/// A client helper which makes a request to `/attest` -pub async fn attestation_provider_client( - server_addr: SocketAddr, - attestation_verifier: AttestationVerifier, -) -> anyhow::Result { - let input_data = [0; 64]; - let response = reqwest::get(format!( - "http://{server_addr}/attest/{}", - hex::encode(input_data) - )) - .await? - .bytes() - .await?; - - let remote_attestation_message = AttestationExchangeMessage::decode(&mut &response[..])?; - let remote_attestation_type = remote_attestation_message.attestation_type; - - println!("Remote attestation type: {remote_attestation_type}"); - - attestation_verifier - .verify_attestation(remote_attestation_message.clone(), input_data) - .await?; - - Ok(remote_attestation_message) -} - -#[derive(Debug, thiserror::Error)] -enum ServerError { - #[error(transparent)] - InvalidHex(#[from] hex::FromHexError), - #[error("Input data must be 64 bytes")] - InvalidLength, - #[error(transparent)] - AttestationFailed(#[from] AttestationError), -} - -impl IntoResponse for ServerError { - fn into_response(self) -> Response { - let (status, message) = match &self { - ServerError::InvalidHex(_) | ServerError::InvalidLength => { - (StatusCode::BAD_REQUEST, self.to_string()) - } - ServerError::AttestationFailed(_) => { - tracing::error!("{self:?}"); - ( - StatusCode::INTERNAL_SERVER_ERROR, - "Internal server error".to_string(), - ) - } - }; - (status, message).into_response() - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[tokio::test] - async fn test_attestation_provider_server() { - let attestation_generator = AttestationGenerator::with_no_attestation(); - - let listener = TcpListener::bind("127.0.0.1:0").await.unwrap(); - let server_addr = listener.local_addr().unwrap(); - - tokio::spawn(async move { - attestation_provider_server(listener, attestation_generator) - .await - .unwrap(); - }); - attestation_provider_client(server_addr, AttestationVerifier::expect_none()) - .await - .unwrap(); - } -} diff --git a/attestation-provider-server/src/main.rs b/attestation-provider-server/src/main.rs deleted file mode 100644 index b7c5c13..0000000 --- a/attestation-provider-server/src/main.rs +++ /dev/null @@ -1,112 +0,0 @@ -use attestation_provider_server::{attestation_provider_client, attestation_provider_server}; -use attested_tls_proxy::attestation::{ - AttestationGenerator, AttestationVerifier, measurements::MeasurementPolicy, -}; -use clap::{Parser, Subcommand}; -use std::{net::SocketAddr, path::PathBuf}; -use tokio::net::TcpListener; -use tracing::level_filters::LevelFilter; - -const GIT_REV: &str = match option_env!("GIT_REV") { - Some(rev) => rev, - None => "unknown", -}; - -#[derive(Parser, Debug, Clone)] -#[command(version = GIT_REV, about, long_about = None)] -struct Cli { - #[clap(subcommand)] - command: CliCommand, - /// Log debug messages - #[arg(long, global = true)] - log_debug: bool, - /// Log in JSON format - #[arg(long, global = true)] - log_json: bool, - /// Log DCAP quotes to folder `quotes/` - #[arg(long, global = true)] - log_dcap_quote: bool, -} -#[derive(Subcommand, Debug, Clone)] -enum CliCommand { - Server { - /// Socket address to listen on - #[arg(short, long, default_value = "0.0.0.0:0", env = "LISTEN_ADDR")] - listen_addr: SocketAddr, - /// Type of attestation to present (will attempt to detect if not given) - #[arg(long)] - server_attestation_type: Option, - }, - Client { - /// Socket address of a attestation provider server - server_addr: SocketAddr, - /// Optional path to file containing JSON measurements to be enforced on the remote party - #[arg(long, global = true, env = "MEASUREMENTS_FILE")] - measurements_file: Option, - }, -} - -#[tokio::main] -async fn main() -> anyhow::Result<()> { - let cli = Cli::parse(); - - let level_filter = if cli.log_debug { - LevelFilter::DEBUG - } else { - LevelFilter::WARN - }; - - let env_filter = tracing_subscriber::EnvFilter::builder() - .with_default_directive(level_filter.into()) - .from_env_lossy(); - - let subscriber = tracing_subscriber::fmt::Subscriber::builder().with_env_filter(env_filter); - - if cli.log_json { - subscriber.json().init(); - } else { - subscriber.pretty().init(); - } - - if cli.log_dcap_quote { - tokio::fs::create_dir_all("quotes").await?; - } - - match cli.command { - CliCommand::Server { - listen_addr, - server_attestation_type, - } => { - let attestation_generator = - AttestationGenerator::new_with_detection(server_attestation_type, None).await?; - - let listener = TcpListener::bind(listen_addr).await?; - - println!("Listening on {}", listener.local_addr()?); - attestation_provider_server(listener, attestation_generator).await?; - } - CliCommand::Client { - server_addr, - measurements_file, - } => { - let measurement_policy = match measurements_file { - Some(measurements_file) => MeasurementPolicy::from_file(measurements_file).await?, - None => MeasurementPolicy::accept_anything(), - }; - - let attestation_verifier = AttestationVerifier { - measurement_policy, - pccs_url: None, - log_dcap_quote: cli.log_dcap_quote, - override_azure_outdated_tcb: false, - }; - - let attestation_message = - attestation_provider_client(server_addr, attestation_verifier).await?; - - println!("{attestation_message:?}") - } - } - - Ok(()) -}