diff --git a/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs b/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs index af72236479d3d07e8348d72a470e633b493fd017..00c61a22a03cec55a88b45a775efa80bdef3d01c 100644 --- a/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs +++ b/service/attestation/attestation-agent/agent/src/bin/aa-test/main.rs @@ -170,6 +170,7 @@ async fn aa_proc(i: i64) { } status => { log::error!("thread {} case6 verify token failed response: {:?}", i, status); + log::error!("thread case6 verify token failed response:{}", res.text().await.unwrap()); } } } diff --git a/service/attestation/attestation-agent/agent/src/lib.rs b/service/attestation/attestation-agent/agent/src/lib.rs index f6e03c6c5f2be4c1a66353b8515d39334d881a71..f1c4510bdb087e1a57dfa602d636319bbf0d89cc 100644 --- a/service/attestation/attestation-agent/agent/src/lib.rs +++ b/service/attestation/attestation-agent/agent/src/lib.rs @@ -22,6 +22,7 @@ use async_trait::async_trait; use std::fs::File; use std::path::Path; use rand::RngCore; +use thiserror; use attester::{Attester, AttesterAPIs}; use token_verifier::{TokenVerifyConfig, TokenVerifier, TokenRawData}; @@ -30,6 +31,22 @@ pub mod result; use result::Error; pub type TeeClaim = serde_json::Value; +#[derive(Debug, thiserror::Error)] +pub enum AgentError { + #[error("challenge error: {0}")] + ChallengeError(String), + #[error("get evidence error: {0}")] + DecodeError(String), + #[error("get evidence error: {0}")] + GetEvidenceError(String), + #[error("verify evidence error: {0}")] + VerifyEvidenceError(String), + #[error("get token error: {0}")] + GetTokenError(String), + #[error("verify token error: {0}")] + VerifyTokenError(String), +} + #[cfg(feature = "no_as")] use verifier::{Verifier, VerifierAPIs}; @@ -136,11 +153,8 @@ impl AttestationAgentAPIs for AttestationAgent { async fn verify_token(&self, token: String) -> Result { let verifier = TokenVerifier::new(self.config.token_cfg.clone())?; - let result = verifier.verify(&token); - match result { - Ok(raw_token) => Ok(raw_token as AsTokenClaim), - Err(e) => bail!("verify token failed {:?}", e), - } + let result = verifier.verify(&token)?; + Ok(result) } } diff --git a/service/attestation/attestation-agent/agent/src/restapi/mod.rs b/service/attestation/attestation-agent/agent/src/restapi/mod.rs index 490242aa9449727fa1f487647fd2dc00a075fe74..0570060bc7117cea9259b8a3a187e2c0ceafaa47 100644 --- a/service/attestation/attestation-agent/agent/src/restapi/mod.rs +++ b/service/attestation/attestation-agent/agent/src/restapi/mod.rs @@ -9,7 +9,7 @@ * PURPOSE. * See the Mulan PSL v2 for more details. */ -use attestation_agent::{AttestationAgent, AttestationAgentAPIs, TokenRequest}; +use attestation_agent::{AttestationAgent, AttestationAgentAPIs, TokenRequest, AgentError}; use attestation_agent::result::Result; use actix_web::{ post, get, web, HttpResponse}; @@ -18,7 +18,6 @@ use serde::{Deserialize, Serialize}; use std::sync::Arc; use tokio::sync::RwLock; use log; -use base64_url; #[derive(Deserialize, Serialize, Debug)] struct GetChallengeRequest {} @@ -30,7 +29,8 @@ pub async fn get_challenge( ) -> Result { //let request = request.0; log::debug!("get challenge request"); - let challenge = agent.read().await.get_challenge().await?; + let challenge = agent.read().await.get_challenge().await + .map_err(|err| AgentError::ChallengeError(err.to_string()))?; Ok(HttpResponse::Ok().body(challenge)) } @@ -49,7 +49,8 @@ pub async fn get_evidence( ) -> Result { let request = request.0; log::debug!("get evidence request: {:?}", request); - let challenge = base64_url::decode(&request.challenge).expect("base64 decode challenge"); + let challenge = base64_url::decode(&request.challenge) + .map_err(|err|AgentError::DecodeError(err.to_string()))?; let uuid = request.uuid; let ima = request.ima; let input = EvidenceRequest { @@ -57,7 +58,8 @@ pub async fn get_evidence( challenge: challenge, ima: ima, }; - let evidence = agent.read().await.get_evidence(input).await?; + let evidence = agent.read().await.get_evidence(input).await + .map_err(|err|AgentError::GetEvidenceError(err.to_string()))?; Ok(HttpResponse::Ok().body(evidence)) @@ -76,11 +78,13 @@ pub async fn verify_evidence( ) -> Result { let request = request.0; log::debug!("verify evidence request: {:?}", request); - let challenge = base64_url::decode(&request.challenge).expect("base64 decode challenge"); + let challenge = base64_url::decode(&"request.challenge".to_string()) + .map_err(|err|AgentError::DecodeError(err.to_string()))?; let evidence = request.evidence; let policy_id = request.policy_id; - let claim = agent.read().await.verify_evidence(&challenge, evidence.as_bytes(), policy_id).await?; + let claim = agent.read().await.verify_evidence(&challenge, evidence.as_bytes(), policy_id).await + .map_err(|err|AgentError::VerifyEvidenceError(err.to_string()))?; let string_claim = serde_json::to_string(&claim)?; Ok(HttpResponse::Ok().body(string_claim)) @@ -101,7 +105,8 @@ pub async fn get_token( ) -> Result { let request = request.0; log::debug!("get token request: {:?}", request); - let challenge = base64_url::decode(&request.challenge).expect("base64 decode challenge"); + let challenge = base64_url::decode(&request.challenge) + .map_err(|err|AgentError::DecodeError(err.to_string()))?; let uuid = request.uuid; let ima = request.ima; let policy_id = request.policy_id; @@ -115,8 +120,8 @@ pub async fn get_token( policy_id: policy_id, }; - let token = agent.read().await.get_token(input).await?; - + let token = agent.read().await.get_token(input).await + .map_err(|err|AgentError::GetTokenError(err.to_string()))?; Ok(HttpResponse::Ok().body(token)) } @@ -133,8 +138,10 @@ pub async fn verify_token( let request = request.0; log::debug!("verify token request: {:?}", request); - let claim = agent.read().await.verify_token(request.token).await?; - let string_claim = serde_json::to_string(&claim)?; + let claim = agent.read().await.verify_token(request.token).await + .map_err(|err|AgentError::VerifyTokenError(err.to_string()))?; + let string_claim = serde_json::to_string(&claim) + .map_err(|err|AgentError::VerifyTokenError(err.to_string()))?; Ok(HttpResponse::Ok().body(string_claim)) } \ No newline at end of file diff --git a/service/attestation/attestation-agent/agent/src/result/mod.rs b/service/attestation/attestation-agent/agent/src/result/mod.rs index f06f064b7e9ca38fe3dbdd9c2c324fdb68bf7c7b..a33be0cbf88d08955a13b23b4c0e2bf41b60a5d5 100644 --- a/service/attestation/attestation-agent/agent/src/result/mod.rs +++ b/service/attestation/attestation-agent/agent/src/result/mod.rs @@ -11,6 +11,8 @@ */ use actix_web::{body::BoxBody, HttpResponse, ResponseError}; +use crate::AgentError; + pub type Result = std::result::Result; /// libdevice error @@ -30,6 +32,12 @@ pub enum Error { source: actix_web::error::Error, }, + #[error("Agent error: {source:?}")] + Agent { + #[from] + source: AgentError, + }, + #[error("Deserialize error: {source:?}")] Deserialize { #[from] diff --git a/service/attestation/attestation-agent/token/Cargo.toml b/service/attestation/attestation-agent/token/Cargo.toml index aa5cafcf5f717c31d3a5338c19b7d8c91d865543..916f2a2eb5af7833dbd2b545731d76abff5e8a19 100644 --- a/service/attestation/attestation-agent/token/Cargo.toml +++ b/service/attestation/attestation-agent/token/Cargo.toml @@ -10,4 +10,5 @@ jsonwebtoken.workspace = true serde.workspace = true serde_json.workspace = true anyhow.workspace = true -attestation-types.workspace = true \ No newline at end of file +attestation-types.workspace = true +thiserror.workspace = true \ No newline at end of file diff --git a/service/attestation/attestation-agent/token/src/lib.rs b/service/attestation/attestation-agent/token/src/lib.rs index 50a7a7a0a365f4020a72b8136696780d1407eeba..37aab9eb96d66f51173836a7ceb1ed02c7eb925d 100644 --- a/service/attestation/attestation-agent/token/src/lib.rs +++ b/service/attestation/attestation-agent/token/src/lib.rs @@ -9,12 +9,23 @@ * PURPOSE. * See the Mulan PSL v2 for more details. */ -use anyhow::{Result, bail}; use std::path::Path; use serde::{Deserialize, Serialize}; use jsonwebtoken::{decode, decode_header, Algorithm, DecodingKey, Validation }; use attestation_types::Claims; +#[derive(thiserror::Error, Debug)] +pub enum VerifyError { + #[error("parse fail:{0:?}")] + CommError(#[from] jsonwebtoken::errors::Error), + #[error("unknown algorithm:{0}")] + UnknownAlg(String), + #[error("certificate not exist:{0}")] + CertNotExist(String), + #[error("serialize fail:{0}")] + SerializeFail(#[from] serde_json::error::Error), +} + #[derive(Clone, Debug, Serialize, Deserialize)] pub struct TokenVerifyConfig { pub cert: String, // Attestation Service cert to verify jwt token signature @@ -52,7 +63,7 @@ pub struct TokenRawData { } impl TokenVerifier { - pub fn new(config: TokenVerifyConfig) -> Result { + pub fn new(config: TokenVerifyConfig) -> Result { Ok(TokenVerifier { config }) } fn support_rs(alg: &Algorithm) -> bool @@ -72,43 +83,29 @@ impl TokenVerifier { pub fn verify( &self, token: &String - ) -> Result { - let header = match decode_header(&token) { - Ok(h) => h, - Err(e) => bail!("decode jwt header error {:?}", e), - }; + ) -> Result { + let header = decode_header(&token)?; let alg: Algorithm = header.alg; if !Self::support_rs(&alg) && !Self::support_ps(&alg) { - bail!("unknown algrithm {:?}", alg); + return Err(VerifyError::UnknownAlg(format!("unknown algrithm {:?}", alg))); } if !Path::new(&self.config.cert).exists() { - bail!("token verfify failed, {:?} cert not exist", self.config.cert); + return Err(VerifyError::CertNotExist(format!("{:?} not exist", self.config.cert))); } let cert = std::fs::read(&self.config.cert).unwrap(); /* 使用配置的公钥 */ - let key_value: DecodingKey = match DecodingKey::from_rsa_pem(&cert) - { - Ok(key) => key, - Err(e) => bail!("get key from pem error {:?}", e), - }; + let key_value: DecodingKey = DecodingKey::from_rsa_pem(&cert)?; let mut validation = Validation::new(alg); validation.set_issuer(&[self.config.iss.clone()]); validation.validate_exp = true; - let data = decode::(&token, &key_value, &validation); - match data { - Ok(d) => { - let header = d.header.clone(); - let claims = d.claims.clone(); - Ok(TokenRawData { - header: serde_json::to_string(&header).unwrap(), - claim: serde_json::to_string(&claims).unwrap(), - }) - } - Err(e) => bail!("verfiy jwt failed {:?}", e), - } + let data = decode::(&token, &key_value, &validation)?; + Ok(TokenRawData { + header: serde_json::to_string(&data.header)?, + claim: serde_json::to_string(&data.claims)?, + }) } } diff --git a/service/attestation/attestation-service/policy/src/policy_engine.rs b/service/attestation/attestation-service/policy/src/policy_engine.rs index a03a8cc87eabbcd620aae756efa035f1d5fba5d1..7a8508ef302acb39facd461aa403174800304857 100644 --- a/service/attestation/attestation-service/policy/src/policy_engine.rs +++ b/service/attestation/attestation-service/policy/src/policy_engine.rs @@ -10,6 +10,7 @@ * See the Mulan PSL v2 for more details. */ use std::{collections::HashMap, fmt::Display}; + #[derive(Debug)] pub enum PolicyEngineError { InvalidPolicy(String), @@ -50,6 +51,8 @@ impl Display for PolicyEngineError { } } +impl std::error::Error for PolicyEngineError {} + pub trait PolicyEngine { fn evaluate( &self, diff --git a/service/attestation/attestation-service/reference/Cargo.toml b/service/attestation/attestation-service/reference/Cargo.toml index b36991e7978c15826aff8ccd28e6e2e664644155..fb0a4bbb8759fad469c213bd002529637b82df87 100644 --- a/service/attestation/attestation-service/reference/Cargo.toml +++ b/service/attestation/attestation-service/reference/Cargo.toml @@ -13,4 +13,5 @@ base64.workspace = true sled.workspace = true openssl.workspace = true hex.workspace = true -lazy_static.workspace = true \ No newline at end of file +lazy_static.workspace = true +thiserror.workspace = true \ No newline at end of file diff --git a/service/attestation/attestation-service/reference/src/reference/mod.rs b/service/attestation/attestation-service/reference/src/reference/mod.rs index bf56c85496b9a11cff33b184a6594d4ab0d3ccea..6ec43714ba50954817bb0cbdef596f19b9201b05 100644 --- a/service/attestation/attestation-service/reference/src/reference/mod.rs +++ b/service/attestation/attestation-service/reference/src/reference/mod.rs @@ -15,6 +15,7 @@ use crate::store::{KvError, KvStore}; use openssl::sha::sha256; use serde::{Deserialize, Serialize}; use serde_json::{json, Value}; +use thiserror::{self, Error}; pub struct ReferenceOps { store: Box, @@ -40,16 +41,12 @@ pub struct Ref { pub value: Value, } -#[derive(Debug, PartialEq)] +#[derive(Error, Debug, PartialEq)] pub enum RefOpError { + #[error("reference operation error {0}")] Err(String), -} -impl From for RefOpError { - fn from(value: KvError) -> Self { - match value { - KvError::Err(v) => RefOpError::Err(v), - } - } + #[error("reference store error: {0:?}")] + StoreErr(#[from] KvError) } impl ReferenceOps { @@ -68,36 +65,20 @@ impl ReferenceOps { fn register_reference(&mut self, reference: &Ref) -> Result<(), RefOpError> { // generate reference key let key = Self::generate_reference_key(reference); - match self.store.write( + self.store.write( &key, serde_json::to_string(&reference) .unwrap() .as_bytes() .as_ref(), - ) { - Ok(_) => { - return Ok(()); - } - Err(err) => match err { - KvError::Err(err) => { - return Err(RefOpError::Err(err)); - } - }, - } + )?; + Ok(()) } fn unregister_reference(&mut self, reference: &Ref) -> Result<(), RefOpError> { let key = Self::generate_reference_key(reference); - match self.store.delete(&key) { - Ok(_) => { - return Ok(()); - } - Err(err) => match err { - KvError::Err(err) => { - return Err(RefOpError::Err(err)); - } - }, - } + self.store.delete(&key)?; + Ok(()) } fn query_reference(&mut self, reference: &Ref) -> Option> { diff --git a/service/attestation/attestation-service/reference/src/store/mod.rs b/service/attestation/attestation-service/reference/src/store/mod.rs index c8c8260741bef11f99eb2a38aacada5f6891ec3b..c9597f6a5c8cd7e7b3f5a5315d5ead5c36644070 100644 --- a/service/attestation/attestation-service/reference/src/store/mod.rs +++ b/service/attestation/attestation-service/reference/src/store/mod.rs @@ -9,9 +9,18 @@ * PURPOSE. * See the Mulan PSL v2 for more details. */ +#[derive(Debug, PartialEq)] pub enum KvError { Err(String), } +impl std::fmt::Display for KvError { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + KvError::Err(msg) => write!(f, "kv store error:{}", msg) + } + } +} +impl std::error::Error for KvError {} pub trait KvStore { fn write(&mut self, key: &str, value: &[u8]) -> Result<(), KvError>; fn read(&mut self, key: &str) -> Option>; diff --git a/service/attestation/attestation-service/service/src/lib.rs b/service/attestation/attestation-service/service/src/lib.rs index 3ec73d3d9bc34dda717bf281e57260c60e080fbd..31e6305d47e860d013719c1bbd90e0f475ce5470 100644 --- a/service/attestation/attestation-service/service/src/lib.rs +++ b/service/attestation/attestation-service/service/src/lib.rs @@ -134,7 +134,7 @@ impl AttestationService { Ok(eval) => { for id in eval.keys() { let val = Value::from_str(&eval[id].clone())?; - let refs = match val.as_object().ok_or(Err(anyhow!(""))) { + let refs = match val.as_object().ok_or(Err(anyhow!("json value to map fail"))) { Err(err) => { return Err(err.unwrap()); } Ok(ret) => { ret } }; @@ -165,7 +165,7 @@ impl AttestationService { // demo get signer, todo default signer let signer = TokenSigner::new(self.config.token_cfg.clone())?; - signer.sign(&evl_report) + Ok(signer.sign(&evl_report)?) } pub async fn generate_challenge(&self) -> String { @@ -174,7 +174,6 @@ impl AttestationService { base64_url::encode(&nonce) } - // todo pub fun set policy pub async fn set_policy(&self, id: &String, policy: &String, @@ -185,7 +184,7 @@ impl AttestationService { .set_policy(id, policy) .await } - // todo pub fun get policy + pub async fn get_policy(&self, policy_dir: &String, ) -> Result { @@ -203,7 +202,7 @@ impl AttestationService { Err(err) => Err(err) } } - // todo pub fun import reference value + pub async fn register_reference(&self, ref_set: &String ) -> Result<(), RefOpError> { diff --git a/service/attestation/attestation-service/service/src/restapi/mod.rs b/service/attestation/attestation-service/service/src/restapi/mod.rs index a7e6012b1981e57bd311513c74765f5eea8cda59..f49d17557f47e19ffa86c8d25bdd3e1d4c52555d 100644 --- a/service/attestation/attestation-service/service/src/restapi/mod.rs +++ b/service/attestation/attestation-service/service/src/restapi/mod.rs @@ -77,8 +77,8 @@ pub async fn attestation( } } - let nonce = base64_url::decode(&challenge).expect("base64 decode nonce"); - let evidence = base64_url::decode(&request.evidence).expect("base64 decode evidence"); + let nonce = base64_url::decode(&challenge)?; + let evidence = base64_url::decode(&request.evidence)?; let ids = request.policy_id; let token = service.read().await.evaluate(&nonce, &evidence, &ids).await?; @@ -97,10 +97,8 @@ pub async fn reference( ) -> Result { let request = request.0; log::debug!("reference request: {:?}", request); - match service.read().await.register_reference(&request.refs).await { - Ok(_) => Ok(HttpResponse::Ok().body("set reference success")), - Err(_err) => Ok(HttpResponse::Ok().body("set reference fail")), - } + service.read().await.register_reference(&request.refs).await?; + Ok(HttpResponse::Ok().body("set reference success")) } #[derive(Deserialize, Serialize, Debug)] @@ -120,13 +118,8 @@ pub async fn set_policy( let policy_id = request.id.clone(); let policy = request.policy.clone(); let dir:String = String::from(DEFAULT_POLICY_DIR); - match service.read().await.set_policy(&policy_id, &policy, &dir).await { - Ok(_) => Ok(HttpResponse::Ok().body("set policy success")), - Err(err) => { - log::debug!("set policy error: {:?}", err); - Ok(HttpResponse::Ok().body("set policy fail")) - } - } + service.read().await.set_policy(&policy_id, &policy, &dir).await?; + Ok(HttpResponse::Ok().body("set policy success")) } #[get("/policy")] @@ -136,8 +129,6 @@ pub async fn get_policy( ) -> Result { log::debug!("get policy request: {:?}", request); let dir:String = String::from(DEFAULT_POLICY_DIR); - match service.read().await.get_policy(&dir).await { - Ok(ret) => Ok(HttpResponse::Ok().body(ret)), - Err(_err) => Ok(HttpResponse::Ok().body("get policy fail")), - } + let ret = service.read().await.get_policy(&dir).await?; + Ok(HttpResponse::Ok().body(ret)) } diff --git a/service/attestation/attestation-service/service/src/result/mod.rs b/service/attestation/attestation-service/service/src/result/mod.rs index fcb1c1237db2fac22dff414bf515866a288641a6..7261d19bc587ec2b79e3c24cc4dff363bb5ed9f9 100644 --- a/service/attestation/attestation-service/service/src/result/mod.rs +++ b/service/attestation/attestation-service/service/src/result/mod.rs @@ -22,6 +22,26 @@ pub enum Error { #[from] source: std::io::Error, }, + #[error("attestation error: {source:?}")] + DecodeError { + #[from] + source: base64::DecodeError, + }, + #[error("Policy Engine error: {source:?}")] + PolicyEngine { + #[from] + source: policy::policy_engine::PolicyEngineError, + }, + #[error("Reference error: {source:?}")] + Reference { + #[from] + source: reference::reference::RefOpError, + }, + #[error("Sign error: {source:?}")] + Sign { + #[from] + source: token_signer::SignError, + }, #[error("Web error: {source:?}")] Web { diff --git a/service/attestation/attestation-service/token/Cargo.toml b/service/attestation/attestation-service/token/Cargo.toml index c4b885c04e4df9bbb6a7a5ecf10b7ab6512e9d0f..029008a137d440dfb9488e7590839dae9e582567 100644 --- a/service/attestation/attestation-service/token/Cargo.toml +++ b/service/attestation/attestation-service/token/Cargo.toml @@ -10,4 +10,5 @@ jsonwebtoken.workspace = true serde.workspace = true serde_json.workspace = true anyhow.workspace = true -attestation-types.workspace = true \ No newline at end of file +attestation-types.workspace = true +thiserror.workspace = true \ No newline at end of file diff --git a/service/attestation/attestation-service/token/src/lib.rs b/service/attestation/attestation-service/token/src/lib.rs index ed41a4ec8846b2b88d4284eaccde2deb568f6a88..3ee785e53380021c2b76ce25a021de28fdd877ae 100644 --- a/service/attestation/attestation-service/token/src/lib.rs +++ b/service/attestation/attestation-service/token/src/lib.rs @@ -9,7 +9,7 @@ * PURPOSE. * See the Mulan PSL v2 for more details. */ -use anyhow::{Result, bail}; +use anyhow::{Result}; use jsonwebtoken::{encode, get_current_timestamp, Algorithm, EncodingKey, Header, }; @@ -17,7 +17,21 @@ use std::path::Path; use serde::{Deserialize, Serialize}; use serde_json::Value; use attestation_types::{EvlResult, Claims}; +use thiserror; +#[derive(thiserror::Error, Debug)] +pub enum SignError { + #[error("get unix time fail:{0:?}")] + ToUnixTimeFail(#[from] std::num::TryFromIntError), + #[error("unsupport algorith:{0}")] + UnsupportAlg(String), + #[error("key not exist:{0}")] + KeyNotExist(String), + #[error("key content read fail:{0}")] + ReadKeyFail(String), + #[error("sign fail:{0:?}")] + SignFail(#[from] jsonwebtoken::errors::Error) +} #[derive(Debug, Clone, Serialize, Deserialize)] pub struct TokenSignConfig { @@ -79,36 +93,35 @@ impl TokenSigner { } return false; } - pub fn sign(&self, report: &EvlReport) -> Result { + pub fn sign(&self, report: &EvlReport) -> Result { let alg: Algorithm = self.config.alg; let mut header = Header::new(alg); header.typ = Some("JWT".to_string()); let unix_time = get_current_timestamp(); let claims: Claims = Claims { iss: self.config.iss.clone(), - iat: usize::try_from(unix_time).expect("unix time to usize error"), - nbf: usize::try_from(unix_time).expect("unix time to usize error"), - exp: usize::try_from(unix_time).expect("unix time to usize error") - + self.config.valid_duration, + iat: usize::try_from(unix_time)?, + nbf: usize::try_from(unix_time)?, + exp: usize::try_from(unix_time)? + self.config.valid_duration, evaluation_reports: report.result.clone(), tee: report.tee.clone(), tcb_status: report.tcb_status.clone(), }; if !Self::support_rs(&alg) && !Self::support_ps(&alg) { - bail!("unknown algrithm {:?}", alg); + return Err(SignError::UnsupportAlg(format!("unknown algrithm {:?}", alg))); } if !Path::new(&self.config.key).exists() { - bail!("token verfify failed, {:?} cert not exist", self.config.key); + return Err(SignError::UnsupportAlg(format!("token verfify failed, {:?} cert not exist", self.config.key))); } let key = std::fs::read(&self.config.key).unwrap(); let key_value: EncodingKey = match EncodingKey::from_rsa_pem(&key) { Ok(val) => val, - _ => bail!("get key from input error"), + _ => {return Err(SignError::ReadKeyFail(format!("get key from input error")));} }; let token = match encode(&header, &claims, &key_value) { Ok(val) => val, - Err(e) => bail!("sign jwt token error {:?}", e), + Err(e) => {return Err(SignError::SignFail(e));} }; Ok(token) }