From 5fd2eb3bba3d60015da5d33c10689c9b6f249621 Mon Sep 17 00:00:00 2001
From: setrofim <setrofim@gmail.com>
Date: Wed, 7 May 2025 12:32:36 +0100
Subject: [PATCH 1/2] fix: build and clippy warnings

- Move imports that are only used  by tests into the tests' modules.
- Add missing #[cfg(test)] to tests modules.
- allow(unexpected_cfgs) for modules that use bitmask! macro. This
  suppress a warning that originates from the bitmask crate.
- Elide unused lifetime inside Visitor implementation.
- Remove unused function.

Signed-off-by: setrofim <setrofim@gmail.com>
---
 src/main.rs                        | 15 +--------------
 src/store/memo_trustanchorstore.rs |  5 +++--
 src/token/base64.rs                |  3 +--
 src/token/evidence.rs              |  3 ++-
 src/token/platform.rs              |  5 +++--
 src/token/realm.rs                 |  4 +++-
 6 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index a018dcf..101956c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -5,7 +5,7 @@ use ccatoken::store::{
 use ccatoken::token;
 use clap::Parser;
 use ear::claim::TRUSTWORTHY_INSTANCE;
-use ear::{TrustTier, TrustVector};
+use ear::TrustVector;
 use serde_json::value::RawValue;
 use std::error::Error;
 use std::fs;
@@ -128,19 +128,6 @@ fn verify(args: &VerifyArgs) -> Result<(TrustVector, TrustVector), Box<dyn Error
     Ok(e.get_trust_vectors())
 }
 
-fn trust_vector_status(tv: TrustVector) -> TrustTier {
-    let mut status = TrustTier::None;
-
-    for claim in tv {
-        let claim_tier = claim.tier();
-        if status < claim_tier {
-            status = claim_tier
-        }
-    }
-
-    status
-}
-
 fn golden(args: &GoldenArgs) -> Result<(), Box<dyn Error>> {
     let c: Vec<u8> = fs::read(&args.evidence)?;
 
diff --git a/src/store/memo_trustanchorstore.rs b/src/store/memo_trustanchorstore.rs
index 9c8adf8..221f4cd 100644
--- a/src/store/memo_trustanchorstore.rs
+++ b/src/store/memo_trustanchorstore.rs
@@ -1,10 +1,9 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2023-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 use super::cpak::Cpak;
 use super::errors::Error;
 use super::ITrustAnchorStore;
-use jsonwebtoken::jwk;
 use std::collections::HashMap;
 use std::sync::RwLock;
 
@@ -54,6 +53,8 @@ impl ITrustAnchorStore for MemoTrustAnchorStore {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use jsonwebtoken::jwk;
+
     const TEST_JSON_TA_OK_0: &str = include_str!("../../testdata/ta.json");
     const TEST_INST_ID_0: &[u8; 33] = include_bytes!("../../testdata/inst-id.bin");
     const TEST_IMPL_ID_0: &[u8; 32] = include_bytes!("../../testdata/impl-id.bin");
diff --git a/src/token/base64.rs b/src/token/base64.rs
index 9242b8f..360bfe0 100644
--- a/src/token/base64.rs
+++ b/src/token/base64.rs
@@ -75,8 +75,7 @@ impl<'de> Deserialize<'de> for Bytes {
 
 struct BytesVisitor;
 
-#[allow(clippy::needless_lifetimes)]
-impl<'de> Visitor<'de> for BytesVisitor {
+impl Visitor<'_> for BytesVisitor {
     type Value = Bytes;
 
     fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
diff --git a/src/token/evidence.rs b/src/token/evidence.rs
index f0e41eb..8ca8f13 100644
--- a/src/token/evidence.rs
+++ b/src/token/evidence.rs
@@ -1,4 +1,4 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2023-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 use super::base64;
@@ -615,6 +615,7 @@ fn make_cose_key(cose_message: &CoseMessage, pkey: jwk::Jwk) -> Result<CoseKey,
     Ok(cose_key)
 }
 
+#[cfg(test)]
 mod tests {
     use super::*;
     use crate::store::{MemoRefValueStore, MemoTrustAnchorStore};
diff --git a/src/token/platform.rs b/src/token/platform.rs
index 203265d..1bc872c 100644
--- a/src/token/platform.rs
+++ b/src/token/platform.rs
@@ -1,12 +1,12 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2023-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
+#![allow(unexpected_cfgs)] // fixes warning from bitmask! macro
 
 use super::common::*;
 use super::errors::Error;
 use bitmask::*;
 use ciborium::de::from_reader;
 use ciborium::Value;
-use hex_literal::hex;
 
 const SW_COMPONENT_MTYP: i128 = 1;
 const SW_COMPONENT_MVAL: i128 = 2;
@@ -497,6 +497,7 @@ impl Platform {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use hex_literal::hex;
 
     #[test]
     fn platform_ok() {
diff --git a/src/token/realm.rs b/src/token/realm.rs
index b341642..bcfb671 100644
--- a/src/token/realm.rs
+++ b/src/token/realm.rs
@@ -1,5 +1,6 @@
-// Copyright 2023 Contributors to the Veraison project.
+// Copyright 2023-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
+#![allow(unexpected_cfgs)] // fixes warning from bitmask! macro
 
 use super::common::*;
 use super::errors::Error;
@@ -356,6 +357,7 @@ impl Realm {
     }
 }
 
+#[cfg(test)]
 mod tests {
     use super::*;
     use hex_literal::hex;

From 5e8a5484463b1025dbc752f10bde882b0cd3e537 Mon Sep 17 00:00:00 2001
From: setrofim <setrofim@gmail.com>
Date: Wed, 7 May 2025 14:17:33 +0100
Subject: [PATCH 2/2] feat!: decode Evidence from Read

Change Evidence::decode to accept a generic type that is Read. This
allows for more flexibility in how this API is used, removing the need
for additional conversions, and in some cases (e.g. when reading from
a file), removing the need to created an intermediate buffer entirely.

BREAKING_CHANGE: Signature of Evidence::decode is changed.

Signed-off-by: setrofim <setrofim@gmail.com>
---
 src/main.rs           | 12 +++---------
 src/token/evidence.rs | 18 +++++++++---------
 src/token/mod.rs      |  2 +-
 3 files changed, 13 insertions(+), 19 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 101956c..6c505e2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -104,9 +104,7 @@ fn appraise(args: &AppraiseArgs) -> Result<(TrustVector, TrustVector), Box<dyn E
     let mut rvs: MemoRefValueStore = Default::default();
     rvs.load_json(&j)?;
 
-    let c: Vec<u8> = fs::read(&args.evidence)?;
-
-    let mut e: token::Evidence = token::Evidence::decode(&c)?;
+    let mut e: token::Evidence = token::Evidence::decode(fs::File::open(&args.evidence)?)?;
 
     e.appraise(&rvs)?;
 
@@ -119,9 +117,7 @@ fn verify(args: &VerifyArgs) -> Result<(TrustVector, TrustVector), Box<dyn Error
     let mut tas: MemoTrustAnchorStore = Default::default();
     tas.load_json(&j)?;
 
-    let c: Vec<u8> = fs::read(&args.evidence)?;
-
-    let mut e: token::Evidence = token::Evidence::decode(&c)?;
+    let mut e: token::Evidence = token::Evidence::decode(fs::File::open(&args.evidence)?)?;
 
     e.verify(&tas)?;
 
@@ -129,9 +125,7 @@ fn verify(args: &VerifyArgs) -> Result<(TrustVector, TrustVector), Box<dyn Error
 }
 
 fn golden(args: &GoldenArgs) -> Result<(), Box<dyn Error>> {
-    let c: Vec<u8> = fs::read(&args.evidence)?;
-
-    let mut e: token::Evidence = token::Evidence::decode(&c)?;
+    let mut e: token::Evidence = token::Evidence::decode(fs::File::open(&args.evidence)?)?;
 
     let j = fs::read_to_string(&args.cpak)?;
 
diff --git a/src/token/evidence.rs b/src/token/evidence.rs
index 8ca8f13..c64e60d 100644
--- a/src/token/evidence.rs
+++ b/src/token/evidence.rs
@@ -69,8 +69,8 @@ impl CBORCollection {
         Ok(())
     }
 
-    fn decode(buf: &Vec<u8>) -> Result<CBORCollection, Error> {
-        let v: Value = from_reader(buf.as_slice()).map_err(|e| Error::Syntax(e.to_string()))?;
+    fn decode<R: std::io::Read>(buf: R) -> Result<CBORCollection, Error> {
+        let v: Value = from_reader(buf).map_err(|e| Error::Syntax(e.to_string()))?;
 
         let mut collection = CBORCollection::new();
 
@@ -152,7 +152,7 @@ impl Evidence {
     }
 
     /// Decode a CBOR-encoded CCA Token and instantiate an Evidence object.
-    pub fn decode(buf: &Vec<u8>) -> Result<Evidence, Error> {
+    pub fn decode<R: std::io::Read>(buf: R) -> Result<Evidence, Error> {
         let collection = CBORCollection::decode(buf)?;
 
         let mut t = Evidence::new();
@@ -632,7 +632,7 @@ mod tests {
 
     #[test]
     fn decode_good_token() {
-        let r = Evidence::decode(&TEST_CCA_TOKEN_1_OK.to_vec());
+        let r = Evidence::decode(TEST_CCA_TOKEN_1_OK.as_slice());
 
         assert!(r.is_ok());
     }
@@ -644,7 +644,7 @@ mod tests {
             .expect("loading TEST_CCA_RVS_OK");
 
         let mut e =
-            Evidence::decode(&TEST_CCA_TOKEN_1_OK.to_vec()).expect("decoding TEST_CCA_TOKEN_1_OK");
+            Evidence::decode(TEST_CCA_TOKEN_1_OK.as_slice()).expect("decoding TEST_CCA_TOKEN_1_OK");
 
         e.appraise(&rvs)
             .expect("validation successful for both platform and realm");
@@ -672,7 +672,7 @@ mod tests {
     #[test]
     fn verify_legacy_token_ok() {
         let mut evidence =
-            Evidence::decode(&TEST_CCA_TOKEN_2_OK.to_vec()).expect("decoding TEST_CCA_TOKEN_2_OK");
+            Evidence::decode(TEST_CCA_TOKEN_2_OK.as_slice()).expect("decoding TEST_CCA_TOKEN_2_OK");
 
         let mut tas = MemoTrustAnchorStore::new();
         tas.load_json(TEST_TA_2_OK).expect("loading trust anchors");
@@ -694,7 +694,7 @@ mod tests {
     #[test]
     fn verify_legacy_token_error() {
         let mut evidence =
-            Evidence::decode(&TEST_CCA_TOKEN_2_OK.to_vec()).expect("decoding TEST_CCA_TOKEN_2_OK");
+            Evidence::decode(TEST_CCA_TOKEN_2_OK.as_slice()).expect("decoding TEST_CCA_TOKEN_2_OK");
 
         let mut tas = MemoTrustAnchorStore::new();
         tas.load_json(TEST_TA_2_BAD).expect("loading trust anchors");
@@ -722,7 +722,7 @@ mod tests {
 
     #[test]
     fn bug_33_regression() {
-        let mut evidence = Evidence::decode(&TEST_CCA_TOKEN_BUG_33.to_vec())
+        let mut evidence = Evidence::decode(TEST_CCA_TOKEN_BUG_33.as_slice())
             .expect("decoding TEST_CCA_TOKEN_BUG_33");
 
         let mut tas = MemoTrustAnchorStore::new();
@@ -738,7 +738,7 @@ mod tests {
 
     #[test]
     fn verify_draft_ffm_00_token_ok() {
-        let mut evidence = Evidence::decode(&TEST_CCA_TOKEN_DRAFT_FFM_00.to_vec())
+        let mut evidence = Evidence::decode(TEST_CCA_TOKEN_DRAFT_FFM_00.as_slice())
             .expect("decoding TEST_CCA_TOKEN_DRAFT_FFM_00");
 
         let mut tas = MemoTrustAnchorStore::new();
diff --git a/src/token/mod.rs b/src/token/mod.rs
index b07b502..2bad32f 100644
--- a/src/token/mod.rs
+++ b/src/token/mod.rs
@@ -18,7 +18,7 @@
 //!
 //! const token: &[u8; 1222] = include_bytes!("../../testdata/cca-token-01.cbor");
 //!
-//! let mut e = Evidence::decode(&token.to_vec()).expect("decoding CCA token");
+//! let mut e = Evidence::decode(token.as_slice()).expect("decoding CCA token");
 //!
 //! const jta: &str = include_str!("../../testdata/ta.json");
 //! let mut tas = MemoTrustAnchorStore::new();