Cleanup uneeded read/write interfaces, rename remote http to remote TLS

Author: r-n-o

src/integration/src/bin/pivot_remote_http.rs renamed to src/integration/src/bin/pivot_remote_tls.rs

@@ -1,8 +1,11 @@
 use core::panic;
-use std::{io::{Read, Write}, sync::Arc};
+use std::{
+	io::{Read, Write},
+	sync::Arc,
+};
 
 use borsh::{BorshDeserialize, BorshSerialize};
-use integration::PivotRemoteHttpMsg;
+use integration::PivotRemoteTlsMsg;
 use qos_core::{
 	io::{SocketAddress, TimeVal},
 	server::{RequestProcessor, SocketServer},
@@ -16,19 +19,17 @@ struct Processor {
 
 impl Processor {
 	fn new(proxy_address: String) -> Self {
-		Processor {
-			net_proxy: SocketAddress::new_unix(&proxy_address)
-		}
+		Processor { net_proxy: SocketAddress::new_unix(&proxy_address) }
 	}
 }
 
 impl RequestProcessor for Processor {
 	fn process(&mut self, request: Vec<u8>) -> Vec<u8> {
-		let msg = PivotRemoteHttpMsg::try_from_slice(&request)
+		let msg = PivotRemoteTlsMsg::try_from_slice(&request)
 			.expect("Received invalid message - test is broken!");
 
 		match msg {
-			PivotRemoteHttpMsg::RemoteHttpRequest{ host, path } => {
+			PivotRemoteTlsMsg::RemoteTlsRequest { host, path } => {
 				let timeout = TimeVal::new(1, 0);
 				let mut stream = RemoteStream::new_by_name(
 					&self.net_proxy,
@@ -37,19 +38,24 @@ impl RequestProcessor for Processor {
 					443,
 					vec!["8.8.8.8".to_string()],
 					53,
-				).unwrap();
+				)
+				.unwrap();
 
-				let root_store =
-					RootCertStore { roots: webpki_roots::TLS_SERVER_ROOTS.into() };
+				let root_store = RootCertStore {
+					roots: webpki_roots::TLS_SERVER_ROOTS.into(),
+				};
 
 				let server_name: rustls::pki_types::ServerName<'_> =
 					host.clone().try_into().unwrap();
-				let config: rustls::ClientConfig = rustls::ClientConfig::builder()
-					.with_root_certificates(root_store)
-					.with_no_client_auth();
-				let mut conn =
-					rustls::ClientConnection::new(Arc::new(config), server_name)
-						.unwrap();
+				let config: rustls::ClientConfig =
+					rustls::ClientConfig::builder()
+						.with_root_certificates(root_store)
+						.with_no_client_auth();
+				let mut conn = rustls::ClientConnection::new(
+					Arc::new(config),
+					server_name,
+				)
+				.unwrap();
 				let mut tls = rustls::Stream::new(&mut conn, &mut stream);
 
 				let http_request = format!(
@@ -62,19 +68,21 @@ impl RequestProcessor for Processor {
 
 				println!("=== current ciphersuite: {:?}", ciphersuite.suite());
 				let mut response_bytes = Vec::new();
-				let read_to_end_result: usize = tls.read_to_end(&mut response_bytes).unwrap();
+				let read_to_end_result: usize =
+					tls.read_to_end(&mut response_bytes).unwrap();
 
 				// Ignore eof errors: https://docs.rs/rustls/latest/rustls/manual/_03_howto/index.html#unexpected-eof
 
-				let fetched_content = std::str::from_utf8(&response_bytes).unwrap();
-				PivotRemoteHttpMsg::RemoteHttpResponse(format!(
+				let fetched_content =
+					std::str::from_utf8(&response_bytes).unwrap();
+				PivotRemoteTlsMsg::RemoteTlsResponse(format!(
 					"Content fetched successfully ({read_to_end_result} bytes): {fetched_content}"
 				))
 				.try_to_vec()
-				.expect("RemoteHttpResponse is valid borsh")
+				.expect("RemoteTlsResponse is valid borsh")
 			}
-			PivotRemoteHttpMsg::RemoteHttpResponse(_) => {
-				panic!("Unexpected RemoteHttpResponse - test is broken")
+			PivotRemoteTlsMsg::RemoteTlsResponse(_) => {
+				panic!("Unexpected RemoteTlsResponse - test is broken")
 			}
 		}
 	}
@@ -85,12 +93,13 @@ fn main() {
 	// - first argument is the socket to bind to (server)
 	// - second argument is the socket to query (net proxy)
 	let args: Vec<String> = std::env::args().collect();
-	
+
 	let socket_path: &String = &args[1];
 	let proxy_path: &String = &args[2];
-	
+
 	SocketServer::listen(
 		SocketAddress::new_unix(socket_path),
 		Processor::new(proxy_path.to_string()),
-	).unwrap();
+	)
+	.unwrap();
 }

src/integration/src/lib.rs

@@ -26,7 +26,7 @@ pub const PIVOT_ABORT_PATH: &str = "../target/debug/pivot_abort";
 /// Path to pivot panic for tests.
 pub const PIVOT_PANIC_PATH: &str = "../target/debug/pivot_panic";
 /// Path to an enclave app that has routes to test remote connection features.
-pub const PIVOT_REMOTE_HTTP_PATH: &str = "../target/debug/pivot_remote_http";
+pub const PIVOT_REMOTE_TLS_PATH: &str = "../target/debug/pivot_remote_tls";
 /// Path to an enclave app that has routes to test remote connection features.
 pub const QOS_NET_PATH: &str = "../target/debug/qos_net";
 /// Path to an enclave app that has routes to stress our socket.
@@ -59,18 +59,19 @@ pub enum PivotSocketStressMsg {
 
 /// Request/Response messages for "socket stress" pivot app.
 #[derive(BorshDeserialize, BorshSerialize, Debug, PartialEq, Eq)]
-pub enum PivotRemoteHttpMsg {
+pub enum PivotRemoteTlsMsg {
 	/// Request a remote host / port to be fetched over the socket.
-	/// We assume the port to be 443, and we use Google's servers to perform DNS resolution (8.8.8.8)
-	RemoteHttpRequest {
+	/// We assume the port to be 443, and we use Google's servers to perform
+	/// DNS resolution (8.8.8.8)
+	RemoteTlsRequest {
 		/// Hostname (e.g. "api.turnkey.com")
 		host: String,
 		/// Path to fetch (e.g. "/health")
 		path: String,
 	},
-	/// A successful response to [`Self::RemoteHttpRequest`] with the contents
+	/// A successful response to [`Self::RemoteTlsRequest`] with the contents
 	/// of the response.
-	RemoteHttpResponse(String),
+	RemoteTlsResponse(String),
 }
 
 struct PivotParser;

src/integration/tests/remote_http.rs

@@ -0,0 +1,50 @@
+use std::{process::Command, str};
+
+use borsh::BorshSerialize;
+use integration::{PivotRemoteTlsMsg, PIVOT_REMOTE_TLS_PATH, QOS_NET_PATH};
+use qos_core::{
+	client::Client,
+	io::{SocketAddress, TimeVal, TimeValLike},
+	protocol::ENCLAVE_APP_SOCKET_CLIENT_TIMEOUT_SECS,
+};
+use qos_test_primitives::ChildWrapper;
+
+const REMOTE_TLS_TEST_NET_PROXY_SOCKET: &str = "/tmp/remote_tls_test.net.sock";
+const REMOTE_TLS_TEST_ENCLAVE_SOCKET: &str =
+	"/tmp/remote_tls_test.enclave.sock";
+
+#[test]
+fn fetch_remote_tls_content() {
+	let _net_proxy: ChildWrapper = Command::new(QOS_NET_PATH)
+		.arg("--usock")
+		.arg(REMOTE_TLS_TEST_NET_PROXY_SOCKET)
+		.spawn()
+		.unwrap()
+		.into();
+
+	let _enclave_app: ChildWrapper = Command::new(PIVOT_REMOTE_TLS_PATH)
+		.arg(REMOTE_TLS_TEST_ENCLAVE_SOCKET)
+		.arg(REMOTE_TLS_TEST_NET_PROXY_SOCKET)
+		.spawn()
+		.unwrap()
+		.into();
+
+	let enclave_client = Client::new(
+		SocketAddress::new_unix(REMOTE_TLS_TEST_ENCLAVE_SOCKET),
+		TimeVal::seconds(ENCLAVE_APP_SOCKET_CLIENT_TIMEOUT_SECS),
+	);
+
+	let app_request = PivotRemoteTlsMsg::RemoteTlsRequest {
+		host: "api.turnkey.com".to_string(),
+		path: "/health".to_string(),
+	}
+	.try_to_vec()
+	.unwrap();
+
+	let response = enclave_client.send(&app_request).unwrap();
+	let response_text = str::from_utf8(&response).unwrap();
+
+	assert!(response_text.contains("Content fetched successfully"));
+	assert!(response_text.contains("HTTP/1.1 200 OK"));
+	assert!(response_text.contains("currentTime"));
+}

src/integration/tests/remote_tls.rs

@@ -6,8 +6,8 @@
 mod stream;
 
 pub use stream::{
-	Listener, Stream,
-	SocketAddress, TimeVal, TimeValLike, VMADDR_FLAG_TO_HOST, VMADDR_NO_FLAGS,
+	Listener, SocketAddress, Stream, TimeVal, TimeValLike, VMADDR_FLAG_TO_HOST,
+	VMADDR_NO_FLAGS,
 };
 
 /// QOS I/O error

src/qos_core/src/io/mod.rs

@@ -90,6 +90,7 @@ impl SocketAddress {
 	}
 
 	/// Get the `AddressFamily` of the socket.
+	#[must_use]
 	pub fn family(&self) -> AddressFamily {
 		match *self {
 			#[cfg(feature = "vm")]
@@ -99,6 +100,7 @@ impl SocketAddress {
 	}
 
 	/// Convenience method for accessing the wrapped address
+	#[must_use]
 	pub fn addr(&self) -> Box<dyn SockaddrLike> {
 		match *self {
 			#[cfg(feature = "vm")]
@@ -114,7 +116,7 @@ pub struct Stream {
 }
 
 impl Stream {
-	/// Create a new `Stream` from a SocketAddress and a timeout
+	/// Create a new `Stream` from a `SocketAddress` and a timeout
 	pub fn connect(
 		addr: &SocketAddress,
 		timeout: TimeVal,

src/qos_core/src/io/stream.rs

@@ -31,8 +31,9 @@ pub enum ProtocolError {
 	RemoteConnectionClosed,
 	/// Happens if a RemoteRead response has empty data
 	RemoteReadEmpty,
-	/// Happens if a RemoteRead returns too much data for the provided buffer and the data doesn't fit.
-	/// The first `usize` is the size of the received data, the second `usize` is the size of the buffer.
+	/// Happens if a RemoteRead returns too much data for the provided buffer
+	/// and the data doesn't fit. The first `usize` is the size of the received
+	/// data, the second `usize` is the size of the buffer.
 	RemoteReadOverflow(usize, usize),
 }