Extract method and simplify "if" logic

Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
2025-05-08 08:27:14 +00:00 · 2023-01-19 15:46:35 +02:00 · 2023-01-19 15:46:35 +02:00 · eefd5f2c2c
commit eefd5f2c2c
parent 83f529b53d
1 changed files with 28 additions and 23 deletions
--- a/cmd/discovery/client/client.go
+++ b/cmd/discovery/client/client.go
@ -89,11 +89,27 @@ func (c *Client) waitPass(p *block.Partition, attempts int) (pass string, err er
 			return rand, err
 		}
 	}
+
 	for tries := 0; tries < attempts; tries++ {
 		var generated bool
 		pass, generated, err = getPass(challengeEndpoint, p)
-		if generated {
-			// Decode what the challenger server gave us
+		if generated { // passphrase is encrypted
+			return c.decryptPassphrase(pass)
+		}
+
+		if err == nil || err == errPartNotFound { // passphrase not encrypted or not available
+			return
+		}
+
+		time.Sleep(1 * time.Second) // network errors? retry
+	}
+
+	return
+}
+
+// decryptPassphrase decodes (base64) and decrypts the passphrase returned
+// by the challenger server.
+func (c *Client) decryptPassphrase(pass string) (string, error) {
 	blob, err := base64.RawURLEncoding.DecodeString(pass)
 	if err != nil {
 		return "", err
@ -107,18 +123,7 @@ func (c *Client) waitPass(p *block.Partition, attempts int) (pass string, err er
 	if c.Config.Kcrypt.Challenger.TPMDevice != "" {
 		opts = append(opts, tpm.WithDevice(c.Config.Kcrypt.Challenger.TPMDevice))
 	}
-			pass, err := tpm.DecodeBlob(blob, opts...)
-			return string(pass), err
-		}
+	passBytes, err := tpm.DecodeBlob(blob, opts...)

-		if pass != "" || err == nil {
-			return
-		}
-		if err == errPartNotFound {
-			return
-		}
-		// Otherwise, we might have a generic network error and we retry
-		time.Sleep(1 * time.Second)
-	}
-	return
+	return string(passBytes), err
 }