quotes_handler: Move the /quotes scope configuration to quotes_handler

Move the /quotes scope configuration from main to quotes_handler module.
This is a preparation to support multiple API versions.

Also, make the methods that are not required outside the module private.

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>

Author: ansasaki

keylime-agent/src/errors_handler.rs

@@ -96,37 +96,6 @@ pub(crate) async fn api_default(req: HttpRequest) -> impl Responder {
     response
 }
 
-pub(crate) async fn quotes_default(req: HttpRequest) -> impl Responder {
-    let error;
-    let response;
-    let message;
-
-    match req.head().method {
-        http::Method::GET => {
-            error = 400;
-            message = "URI not supported, only /identity and /integrity are supported for GET in /quotes/ interface";
-            response = HttpResponse::BadRequest()
-                .json(JsonWrapper::error(error, message));
-        }
-        _ => {
-            error = 405;
-            message = "Method is not supported in /quotes/ interface";
-            response = HttpResponse::MethodNotAllowed()
-                .insert_header(http::header::Allow(vec![http::Method::GET]))
-                .json(JsonWrapper::error(error, message));
-        }
-    };
-
-    warn!(
-        "{} returning {} response. {}",
-        req.head().method,
-        error,
-        message
-    );
-
-    response
-}
-
 pub(crate) async fn agent_default(req: HttpRequest) -> impl Responder {
     let error;
     let response;
@@ -319,11 +288,6 @@ mod tests {
         test_default(web::resource("/").to(api_default), "GET, POST").await
     }
 
-    #[actix_rt::test]
-    async fn test_quotes_default() {
-        test_default(web::resource("/").to(quotes_default), "GET").await
-    }
-
     #[actix_rt::test]
     async fn test_notifications_default() {
         test_default(web::resource("/").to(notifications_default), "POST")

keylime-agent/src/main.rs

@@ -920,18 +920,9 @@ async fn main() -> Result<()> {
                                     errors_handler::notifications_default,
                                 )),
                         )
-                        .service(
-                            web::scope("/quotes")
-                                .service(web::resource("/identity").route(
-                                    web::get().to(quotes_handler::identity),
-                                ))
-                                .service(web::resource("/integrity").route(
-                                    web::get().to(quotes_handler::integrity),
-                                ))
-                                .default_service(web::to(
-                                    errors_handler::quotes_default,
-                                )),
-                        )
+                        .service(web::scope("/quotes").configure(
+                            quotes_handler::configure_quotes_endpoints,
+                        ))
                         .default_service(web::to(
                             errors_handler::api_default,
                         )),

keylime-agent/src/quotes_handler.rs

@@ -5,7 +5,7 @@ use crate::common::JsonWrapper;
 use crate::crypto;
 use crate::serialization::serialize_maybe_base64;
 use crate::{tpm, Error as KeylimeError, QuoteData};
-use actix_web::{web, HttpRequest, HttpResponse, Responder};
+use actix_web::{http, web, HttpRequest, HttpResponse, Responder};
 use base64::{engine::general_purpose, Engine as _};
 use log::*;
 use serde::{Deserialize, Serialize};
@@ -47,7 +47,7 @@ pub(crate) struct KeylimeQuote {
 // This is a Quote request from the tenant, which does not check
 // integrity measurement. It should return this data:
 // { QuoteAIK(nonce, 16:H(NK_pub)), NK_pub }
-pub async fn identity(
+async fn identity(
     req: HttpRequest,
     param: web::Query<Ident>,
     data: web::Data<QuoteData>,
@@ -136,7 +136,7 @@ pub async fn identity(
 // by the mask. It should return this data:
 // { QuoteAIK(nonce, 16:H(NK_pub), xi:yi), NK_pub}
 // where xi:yi are additional PCRs to be included in the quote.
-pub async fn integrity(
+async fn integrity(
     req: HttpRequest,
     param: web::Query<Integ>,
     data: web::Data<QuoteData>,
@@ -336,13 +336,54 @@ pub async fn integrity(
     HttpResponse::Ok().json(response)
 }
 
+/// Handles the default case for the /quotes scope
+async fn quotes_default(req: HttpRequest) -> impl Responder {
+    let error;
+    let response;
+    let message;
+
+    match req.head().method {
+        http::Method::GET => {
+            error = 400;
+            message = "URI not supported, only /identity and /integrity are supported for GET in /quotes/ interface";
+            response = HttpResponse::BadRequest()
+                .json(JsonWrapper::error(error, message));
+        }
+        _ => {
+            error = 405;
+            message = "Method is not supported in /quotes/ interface";
+            response = HttpResponse::MethodNotAllowed()
+                .insert_header(http::header::Allow(vec![http::Method::GET]))
+                .json(JsonWrapper::error(error, message));
+        }
+    };
+
+    warn!(
+        "{} returning {} response. {}",
+        req.head().method,
+        error,
+        message
+    );
+
+    response
+}
+
+/// Configure the endpoints for the /quotes scope
+pub(crate) fn configure_quotes_endpoints(cfg: &mut web::ServiceConfig) {
+    _ = cfg
+        .service(web::resource("/identity").route(web::get().to(identity)))
+        .service(web::resource("/integrity").route(web::get().to(integrity)))
+        .default_service(web::to(quotes_default));
+}
+
 #[cfg(feature = "testing")]
 #[cfg(test)]
 mod tests {
     use super::*;
     use crate::common::API_VERSION;
     use actix_web::{test, web, App};
     use keylime::{crypto::testing::pkey_pub_from_pem, tpm};
+    use serde_json::{json, Value};
 
     #[actix_rt::test]
     async fn test_identity() {
@@ -523,4 +564,37 @@ mod tests {
         assert!(result.results.ima_measurement_list.is_none());
         assert!(result.results.ima_measurement_list_entry.is_none());
     }
+
+    #[actix_rt::test]
+    async fn test_keys_default() {
+        let mut app = test::init_service(
+            App::new().service(web::resource("/").to(quotes_default)),
+        )
+        .await;
+
+        let req = test::TestRequest::get().uri("/").to_request();
+
+        let resp = test::call_service(&app, req).await;
+        assert!(resp.status().is_client_error());
+
+        let result: JsonWrapper<Value> = test::read_body_json(resp).await;
+
+        assert_eq!(result.results, json!({}));
+        assert_eq!(result.code, 400);
+
+        let req = test::TestRequest::delete().uri("/").to_request();
+
+        let resp = test::call_service(&app, req).await;
+        assert!(resp.status().is_client_error());
+
+        let headers = resp.headers();
+
+        assert!(headers.contains_key("allow"));
+        assert_eq!(headers.get("allow").unwrap().to_str().unwrap(), "GET"); //#[allow_ci]
+
+        let result: JsonWrapper<Value> = test::read_body_json(resp).await;
+
+        assert_eq!(result.results, json!({}));
+        assert_eq!(result.code, 405);
+    }
 }