add brain channel creation for tonic

src/config.rs

@@ -83,6 +83,10 @@ pub enum Error {
     SshKeyNoDefined,
     #[error{"RSA Error: {0}"}]
     RSAError(#[from] openssl::error::ErrorStack),
+    #[error{"Internal CLI error: {0}"}]
+    InternalError(String),
+    #[error(transparent)]
+    BrainConnection(#[from] tonic::transport::Error),
 }
 
 impl Config {
@@ -310,6 +314,46 @@ impl Config {
         }
     }
 
+    pub async fn get_brain_channel() -> Result<tonic::transport::Channel, Error> {
+        let (brain_url, brain_san) = Self::get_brain_info();
+
+        use hyper_rustls::HttpsConnectorBuilder;
+        use rustls::pki_types::pem::PemObject;
+        use rustls::pki_types::CertificateDer;
+        use rustls::{ClientConfig, RootCertStore};
+
+        let mut detee_root_ca_store = RootCertStore::empty();
+        detee_root_ca_store
+            .add(CertificateDer::from_pem_file(Config::get_root_ca_path()?).map_err(|e| {
+                Error::InternalError(format!("Could not parse PEM certificate: {e}"))
+            })?)
+            .unwrap();
+
+        let client_tls_config = ClientConfig::builder()
+            .with_root_certificates(detee_root_ca_store)
+            .with_no_client_auth();
+        let connector = HttpsConnectorBuilder::new()
+            .with_tls_config(client_tls_config)
+            .https_only()
+            .with_server_name_resolver(hyper_rustls::FixedServerNameResolver::new(
+                brain_san.clone().try_into().map_err(|e| {
+                    Error::InternalError(format!(
+                        "Could not parse {brain_san} into domain resolver: {e}"
+                    ))
+                })?,
+            ))
+            .enable_http2()
+            .build();
+        Ok(tonic::transport::Channel::from_shared(brain_url.to_string())
+            .map_err(|e| {
+                Error::InternalError(format!(
+                    "Could not parse {brain_san} into domain resolver: {e}"
+                ))
+            })?
+            .connect_with_connector(connector)
+            .await?)
+    }
+
     pub fn set_network(mut network: &str) {
         if network != "staging" {
             log::error!(

src/general/grpc.rs

@@ -3,9 +3,7 @@ use crate::snp::grpc::proto::VmContract;
 use crate::utils::sign_request;
 use detee_shared::general_proto::ReportNodeReq;
 use log::{debug, info, warn};
-use rustls::pki_types::pem::PemObject;
 use tokio_stream::StreamExt;
-// use tonic::transport::{Certificate, Channel, ClientTlsConfig};
 use tonic::transport::Channel;
 
 pub mod proto {
@@ -37,47 +35,7 @@ pub enum Error {
 }
 
 async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> {
-    let (brain_url, brain_san) = Config::get_brain_info();
+    Ok(BrainGeneralCliClient::new(Config::get_brain_channel().await?))
-
-    use hyper_rustls::HttpsConnectorBuilder;
-    use rustls::pki_types::CertificateDer;
-    use rustls::{ClientConfig, RootCertStore};
-
-    let mut detee_root_ca_store = RootCertStore::empty();
-    detee_root_ca_store
-        .add(CertificateDer::from_pem_file(Config::get_root_ca_path()?).unwrap())
-        .unwrap();
-
-    let client_tls_config =
-        ClientConfig::builder().with_root_certificates(detee_root_ca_store).with_no_client_auth();
-    let connector = HttpsConnectorBuilder::new()
-        .with_tls_config(client_tls_config)
-        .https_only()
-        .enable_http2()
-        .build();
-
-    // let channel = Channel::from_shared(brain_url.to_string())
-    //     .map_err(|_| Error::CorruptedBrainUrl)?
-    //     .connect_with_connector(connector)
-    //     .await
-    //     .unwrap();
-
-    Ok(BrainGeneralCliClient::new(
-        Channel::from_shared(brain_url.to_string())
-            .map_err(|_| Error::CorruptedBrainUrl)?
-            /*
-            .tls_config(
-                ClientTlsConfig::new()
-                    .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
-                        Config::get_root_ca_path()?,
-                    )?))
-                    .domain_name(brain_san),
-            )?
-             */
-            .connect_with_connector(connector)
-            .await
-            .unwrap(),
-    ))
 }
 
 pub async fn get_balance(account: &str) -> Result<AccountBalance, Error> {

src/sgx/grpc_brain.rs

@@ -67,22 +67,7 @@ impl crate::HumanOutput for AppContract {
 }
 
 async fn client() -> Result<BrainAppCliClient<Channel>> {
-    let (brain_url, brain_san) = Config::get_brain_info();
+    Ok(BrainAppCliClient::new(Config::get_brain_channel().await?))
-    Ok(BrainAppCliClient::new(
-        Channel::from_shared(brain_url.to_string())
-            .map_err(|_| Error::CorruptedBrainUrl)?
-            /*
-            .tls_config(
-                ClientTlsConfig::new()
-                    .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
-                        Config::get_root_ca_path()?,
-                    )?))
-                    .domain_name(brain_san),
-            )?
-             */
-            .connect()
-            .await?,
-    ))
 }
 
 pub async fn new_app(app_deploy_config: AppDeployConfig) -> Result<NewAppRes> {

src/sgx/grpc_dtpm.rs

@@ -78,12 +78,7 @@ pub async fn attest_and_send_config(loaded_config: DtpmConfig, uuid: &str) -> Re
 
     log::trace!("Decoded the configuration... {:?}", req_data);
 
-    // let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
+    let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
-    // let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
-    // dbg!(&hratls_uri, mr_enclave);
-
-    let hratls_uri = "https://212.95.45.139:33950".to_string();
-    let mr_enclave = None;
 
     log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave);
 

src/snp/grpc.rs

@@ -85,22 +85,7 @@ impl crate::HumanOutput for VmNodeListResp {
 }
 
 async fn client() -> Result<BrainVmCliClient<Channel>, Error> {
-    let (brain_url, brain_san) = Config::get_brain_info();
+    Ok(BrainVmCliClient::new(Config::get_brain_channel().await?))
-    Ok(BrainVmCliClient::new(
-        Channel::from_shared(brain_url.to_string())
-            .map_err(|_| Error::CorruptedBrainUrl)?
-            /*
-            .tls_config(
-                ClientTlsConfig::new()
-                    .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
-                        Config::get_root_ca_path()?,
-                    )?))
-                    .domain_name(brain_san),
-            )?
-             */
-            .connect()
-            .await?,
-    ))
 }
 
 fn sign_request<T: std::fmt::Debug>(req: T) -> Result<Request<T>, Error> {