Fixes attested-tls crate branch

ameba23 · ameba23 · commit 3e6140ed52be · 2026-03-17T12:26:14.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/attested-tls/Cargo.toml b/attested-tls/Cargo.toml
@@ -18,7 +18,7 @@ http = "1.3.1"
 serde_json = "1.0.145"
 tracing = "0.1.41"
 parity-scale-codec = "3.7.5"
-attestation = { git = "https://github.com/flashbots/attested-tls", branch = "peg/add-attestation-crate" }
+attestation = { git = "https://github.com/flashbots/attested-tls", branch = "peg/attested-tls-crate" }
 
 # Used for websocket support
 tokio-tungstenite = { version = "0.28.0", optional = true }
@@ -40,7 +40,7 @@ rcgen = { version = "0.14.5", optional = true }
 [dev-dependencies]
 rcgen = "0.14.5"
 tempfile = "3.23.0"
-attestation = { git = "https://github.com/flashbots/attested-tls", branch = "peg/add-attestation-crate", features = ["mock"] }
+attestation = { git = "https://github.com/flashbots/attested-tls", branch = "peg/attested-tls-crate", features = ["mock"] }
 
 [features]
 default = ["ws", "rpc"]
diff --git a/src/main.rs b/src/main.rs
@@ -316,7 +316,7 @@ async fn main() -> anyhow::Result<()> {
         CliCommand::GetTlsCert {
             server,
             tls_ca_certificate,
-            out_measurements,
+            out_measurements: _, // TODO
         } => {
             let remote_tls_cert = match tls_ca_certificate {
                 Some(remote_cert_filename) => Some(
@@ -416,12 +416,10 @@ fn load_tls_cert_and_key_server(
             cert_chain.ok_or(anyhow!("Private key given but no certificate chain"))?,
             private_key,
         )
+    } else if cert_chain.is_some() {
+        Err(anyhow!("Certificate chain provided but no private key"))
     } else {
-        if cert_chain.is_some() {
-            Err(anyhow!("Certificate chain provided but no private key"))
-        } else {
-            Err(anyhow!("No private key provided"))
-        }
+        Err(anyhow!("No private key provided"))
     }
 }
 
diff --git a/src/test_helpers.rs b/src/test_helpers.rs
@@ -1,8 +1,7 @@
 //! Helper functions used in tests
 use axum::response::IntoResponse;
 use std::{
-    collections::HashMap,
-    net::{IpAddr, SocketAddr},
+    net::SocketAddr,
     sync::{Arc, Once},
 };
 use tokio::net::TcpListener;
@@ -15,29 +14,6 @@ use tracing_subscriber::{EnvFilter, fmt};
 
 static INIT: Once = Once::new();
 
-use attestation::measurements::{DcapMeasurementRegister, MultiMeasurements};
-
-/// Helper to generate a self-signed certificate for testing
-pub fn generate_certificate_chain(
-    ip: IpAddr,
-) -> (Vec<CertificateDer<'static>>, PrivateKeyDer<'static>) {
-    let mut params = rcgen::CertificateParams::new(vec![]).unwrap();
-    params.subject_alt_names.push(rcgen::SanType::IpAddress(ip));
-    params
-        .subject_alt_names
-        .push(rcgen::SanType::DnsName(ip.to_string().try_into().unwrap()));
-    params
-        .distinguished_name
-        .push(rcgen::DnType::CommonName, ip.to_string());
-
-    let keypair = rcgen::KeyPair::generate().unwrap();
-    let cert = params.self_signed(&keypair).unwrap();
-
-    let certs = vec![CertificateDer::from(cert)];
-    let key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(keypair.serialize_der()));
-    (certs, key)
-}
-
 /// Helper to generate a self-signed certificate for testing with a DNS subject name
 pub fn generate_certificate_chain_for_host(
     host: &str,
