remove deprecated attestation function

evervault · Jan 22, 2024 · 670d361 · 670d361
1 parent 21946b1
commit 670d361
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 53 deletions.
diff --git a/node-attestation-bindings/index.d.ts b/node-attestation-bindings/index.d.ts
@@ -10,11 +10,6 @@ export interface NodePcRs {
   pcr2?: string
   pcr8?: string
 }
-/**
- * Deprecated legacy attestation method
- * Supports attesting connections where the attestation doc is embedded in the certs SANs
- */
-export function attestConnection(cert: Buffer, expectedPcrsList: Array<NodePcRs>): boolean
 /**
  * a client can call out to `<enclave-url>/.well-known/attestation` to fetch the attestation doc from the Enclave
  * The fetched attestation doc will have the public key of the domain's cert embedded inside it along with an expiry

diff --git a/node-attestation-bindings/index.js b/node-attestation-bindings/index.js
@@ -246,7 +246,6 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { attestConnection, attestEnclave } = nativeBinding
+const { attestEnclave } = nativeBinding
 
-module.exports.attestConnection = attestConnection
 module.exports.attestEnclave = attestEnclave
diff --git a/node-attestation-bindings/src/lib.rs b/node-attestation-bindings/src/lib.rs
@@ -1,6 +1,6 @@
 use attestation_doc_validation::attestation_doc::{validate_expected_pcrs, PCRProvider};
 use attestation_doc_validation::{
-  parse_cert, validate_attestation_doc_against_cert, validate_attestation_doc_in_cert,
+  parse_cert, validate_attestation_doc_against_cert,
 };
 
 use napi::JsBuffer;
@@ -33,51 +33,6 @@ impl PCRProvider for NodePCRs {
   }
 }
 
-/// Deprecated legacy attestation method
-/// Supports attesting connections where the attestation doc is embedded in the certs SANs
-#[napi]
-fn attest_connection(cert: JsBuffer, expected_pcrs_list: Vec<NodePCRs>) -> bool {
-  let cert_val = match cert.into_value() {
-    Ok(cert_value) => cert_value,
-    Err(e) => {
-      eprintln!("Failed to access cert value passed from node to rust: {e}");
-      return false;
-    }
-  };
-
-  let parsed_cert = match parse_cert(cert_val.as_ref()) {
-    Ok(parsed_cert) => parsed_cert,
-    Err(e) => {
-      eprintln!("Failed to parse provided cert: {e}");
-      return false;
-    }
-  };
-
-  let validated_attestation_doc = match validate_attestation_doc_in_cert(&parsed_cert) {
-    Ok(attestation_doc) => attestation_doc,
-    Err(e) => {
-      eprintln!("An error occurred while validating the connection to this Enclave: {e}");
-      return false;
-    }
-  };
-
-  let mut result = Ok(true);
-  for expected_pcrs in expected_pcrs_list {
-    match validate_expected_pcrs(&validated_attestation_doc, &expected_pcrs) {
-      Ok(_) => return true,
-      Err(err) => result = Err(err),
-    }
-  }
-
-  match result {
-    Ok(_) => true,
-    Err(e) => {
-      eprintln!("Failed to validate that PCRs are as expected: {e}");
-      false
-    }
-  }
-}
-
 /// a client can call out to `<enclave-url>/.well-known/attestation` to fetch the attestation doc from the Enclave
 /// The fetched attestation doc will have the public key of the domain's cert embedded inside it along with an expiry
 #[napi]