(
&self,
gateway_url: &str,
key_store: &GatewayKeyStore,
)
| 443 | } |
| 444 | |
| 445 | async fn register_cvm( |
| 446 | &self, |
| 447 | gateway_url: &str, |
| 448 | key_store: &GatewayKeyStore, |
| 449 | ) -> Result<RegisterCvmResponse> { |
| 450 | let port_policy = RpcPortPolicy { |
| 451 | ports: self |
| 452 | .shared |
| 453 | .app_compose |
| 454 | .port_policy |
| 455 | .ports |
| 456 | .iter() |
| 457 | .map(|p| RpcPortAttrs { |
| 458 | port: p.port as u32, |
| 459 | pp: p.pp, |
| 460 | }) |
| 461 | .collect(), |
| 462 | restrict_mode: self.shared.app_compose.port_policy.restrict_mode, |
| 463 | }; |
| 464 | let client = |
| 465 | self.create_gateway_client(gateway_url, &key_store.client_key, &key_store.client_cert)?; |
| 466 | let result = client |
| 467 | .register_cvm(RegisterCvmRequest { |
| 468 | client_public_key: key_store.wg_pk.clone(), |
| 469 | port_policy: Some(port_policy.clone()), |
| 470 | }) |
| 471 | .await |
| 472 | .context("Failed to register CVM"); |
| 473 | let Err(err) = &result else { |
| 474 | return result; |
| 475 | }; |
| 476 | // If the error contains "no attestation provided", it's likely an older gateway version |
| 477 | let is_legacy_gateway = format!("{err:#}").contains("no attestation provided"); |
| 478 | if !is_legacy_gateway { |
| 479 | return result; |
| 480 | } |
| 481 | info!("Seems like the gateway is an older version, retrying with quote cert"); |
| 482 | let client = self.create_gateway_client( |
| 483 | gateway_url, |
| 484 | &key_store.client_key, |
| 485 | &key_store.client_cert_with_quote, |
| 486 | )?; |
| 487 | client |
| 488 | .register_cvm(RegisterCvmRequest { |
| 489 | client_public_key: key_store.wg_pk.clone(), |
| 490 | port_policy: Some(port_policy), |
| 491 | }) |
| 492 | .await |
| 493 | .context("Failed to register CVM") |
| 494 | } |
| 495 | |
| 496 | async fn get_or_generate_key_store(&self) -> Result<GatewayKeyStore> { |
| 497 | // Try to load existing cache |
no test coverage detected