intel_dcap_api/client/
mod.rs

1// SPDX-License-Identifier: Apache-2.0
2// Copyright (c) 2025 Matter Labs
3
4mod enclave_identity;
5mod fmspc;
6mod helpers;
7mod pck_cert;
8mod pck_crl;
9mod registration;
10mod tcb_info;
11
12use crate::{error::IntelApiError, types::ApiVersion};
13use reqwest::Client;
14use url::Url;
15
16// Base URL for the Intel Trusted Services API
17const BASE_URL: &str = "https://api.trustedservices.intel.com";
18
19/// Client for interacting with Intel Trusted Services API.
20///
21/// Provides methods to access both SGX and TDX certification services,
22/// supporting API versions V3 and V4. This client offers functionality
23/// to register platforms, retrieve PCK certificates and CRLs, fetch TCB
24/// information, enclave identities, as well as TCB evaluation data numbers.
25///
26/// # Examples
27///
28/// ```rust,no_run
29/// use intel_dcap_api::ApiClient;
30///
31/// #[tokio::main]
32/// async fn main() -> Result<(), Box<dyn std::error::Error>> {
33///     // Create a client with default settings (V4 API)
34///     let client = ApiClient::new()?;
35///
36///     // Retrieve TCB info for a specific FMSPC
37///     let tcb_info = client.get_sgx_tcb_info("00606A000000", None, None).await?;
38///     println!("TCB Info: {}", tcb_info.tcb_info_json);
39///
40///     Ok(())
41/// }
42/// ```
43#[derive(Clone)]
44pub struct ApiClient {
45    client: Client,
46    base_url: Url,
47    api_version: ApiVersion,
48    /// Maximum number of automatic retries for rate-limited requests (429 responses)
49    max_retries: u32,
50}
51
52impl ApiClient {
53    /// Creates a new client targeting the latest supported API version (V4).
54    ///
55    /// # Returns
56    ///
57    /// A result containing the newly created `ApiClient` or an `IntelApiError` if there
58    /// was an issue building the underlying HTTP client.
59    ///
60    /// # Errors
61    ///
62    /// This function may fail if the provided TLS version or base URL
63    /// cannot be used to build a `reqwest` client.
64    pub fn new() -> Result<Self, IntelApiError> {
65        // Default to V4
66        Self::new_with_options(BASE_URL, ApiVersion::V4)
67    }
68
69    /// Creates a new client targeting a specific API version.
70    ///
71    /// # Arguments
72    ///
73    /// * `api_version` - The desired API version to use (V3 or V4).
74    ///
75    /// # Errors
76    ///
77    /// Returns an `IntelApiError` if the `reqwest` client cannot be built
78    /// with the specified options.
79    pub fn new_with_version(api_version: ApiVersion) -> Result<Self, IntelApiError> {
80        Self::new_with_options(BASE_URL, api_version)
81    }
82
83    /// Creates a new client with a custom base URL, targeting the latest supported API version (V4).
84    ///
85    /// # Arguments
86    ///
87    /// * `base_url` - The custom base URL for the Intel Trusted Services API.
88    ///
89    /// # Errors
90    ///
91    /// Returns an `IntelApiError` if the `reqwest` client cannot be built
92    /// or if the provided base URL is invalid.
93    pub fn new_with_base_url(base_url: impl reqwest::IntoUrl) -> Result<Self, IntelApiError> {
94        // Default to V4
95        Self::new_with_options(base_url, ApiVersion::V4)
96    }
97
98    /// Creates a new client with a custom base URL and specific API version.
99    ///
100    /// # Arguments
101    ///
102    /// * `base_url` - The custom base URL for the Intel Trusted Services API.
103    /// * `api_version` - The desired API version (V3 or V4).
104    ///
105    /// # Errors
106    ///
107    /// Returns an `IntelApiError` if the `reqwest` client cannot be built
108    /// or if the provided base URL is invalid.
109    pub fn new_with_options(
110        base_url: impl reqwest::IntoUrl,
111        api_version: ApiVersion,
112    ) -> Result<Self, IntelApiError> {
113        Ok(ApiClient {
114            client: Client::builder()
115                .min_tls_version(reqwest::tls::Version::TLS_1_2)
116                .build()?,
117            base_url: base_url.into_url()?,
118            api_version,
119            max_retries: 3, // Default to 3 retries
120        })
121    }
122
123    /// Sets the maximum number of automatic retries for rate-limited requests.
124    ///
125    /// When the API returns a 429 (Too Many Requests) response, the client will
126    /// automatically wait for the duration specified in the Retry-After header
127    /// and retry the request up to this many times.
128    ///
129    /// # Arguments
130    ///
131    /// * `max_retries` - Maximum number of retries (0 disables automatic retries)
132    pub fn set_max_retries(&mut self, max_retries: u32) {
133        self.max_retries = max_retries;
134    }
135}