Separate scripts and data

Dockerfile

@@ -15,7 +15,7 @@ COPY *.ac ./
 COPY *.json ./
 COPY docker ./docker
 COPY build-aux ./build-aux
-COPY  cert ./cert
+COPY cert ./cert
 COPY intel-sgx-ssl ./intel-sgx-ssl
 COPY jsonrpc ./jsonrpc
 COPY leveldb ./leveldb

SGXRegistrationServer.cpp

@@ -78,7 +78,7 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
     }
 
     if (auto_sign) {
-      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
+      std::string csr_name = "cert/" + hash + ".csr";
       std::ofstream outfile(csr_name);
       outfile << csr << std::endl;
       outfile.close();
@@ -86,7 +86,7 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
         throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
       }
 
-      std::string genCert = "cd sgx_data/cert && ./create_client_cert " + hash;
+      std::string genCert = "cd cert && ./create_client_cert " + hash;
 
       if (system(genCert.c_str()) == 0){
           spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -130,7 +130,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
     int status = std::atoi(status_str_ptr->c_str());
 
     if ( status == 0){
-      std::string crt_name = "sgx_data/cert/" + hash + ".crt";
+      std::string crt_name = "cert/" + hash + ".crt";
       //if (access(crt_name.c_str(), F_OK) == 0){
         std::ifstream infile(crt_name);
         if (!infile.is_open()) {
@@ -144,7 +144,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
           cert = ss.str();
 
           infile.close();
-          std::string remove_crt = "cd sgx_data/cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
+          std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
           if(system(remove_crt.c_str()) == 0){
               //std::cerr << "cert removed" << std::endl;
               spdlog::info(" cert removed ");

SGXWalletServer.cpp

@@ -82,14 +82,14 @@ void debug_print(){
 
 int init_https_server(bool check_certs) {
 
-  std::string rootCAPath = "sgx_data/cert/rootCA.pem";
-  std::string keyCAPath = "sgx_data/cert/rootCA.key";
+  std::string rootCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
+  std::string keyCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.key";
 
   if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
     spdlog::info("YOU DO NOT HAVE ROOT CA CERTIFICATE");
     spdlog::info("ROOT CA CERTIFICATE IS GOING TO BE CREATED");
 
-    std::string genRootCACert = "cd sgx_data/cert && ./create_CA";
+    std::string genRootCACert = "cd cert && ./create_CA";
 
     if (system(genRootCACert.c_str()) == 0){
       spdlog::info("ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -100,14 +100,14 @@ int init_https_server(bool check_certs) {
     }
   }
 
-  std::string certPath = "sgx_data/cert/SGXServerCert.crt";
-  std::string keyPath = "sgx_data/cert/SGXServerCert.key";
+  std::string certPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.crt";
+  std::string keyPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.key";
 
   if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
     spdlog::info("YOU DO NOT HAVE SERVER CERTIFICATE");
     spdlog::info("SERVER CERTIFICATE IS GOING TO BE CREATED");
 
-    std::string genCert = "cd sgx_data/cert && ./create_server_cert";
+    std::string genCert = "cd cert && ./create_server_cert";
 
     if (system(genCert.c_str()) == 0){
       spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY GENERATED");

ServerInit.cpp

@@ -64,26 +64,33 @@ void init_daemon() {
 
     libff::init_alt_bn128_params();
 
+    std::string sgx_data_folder = SGXDATA_FOLDER;
     struct stat info;
-    if (stat("sgx_data", &info) !=0 ){
-        spdlog::info("there is no sgx_data folder");
+    if (stat(sgx_data_folder.c_str(), &info) !=0 ){
+      spdlog::info("going to create sgx_data folder");
+      std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
+      if (system(make_sgx_data_folder.c_str()) == 0){
+        spdlog::info("sgx_data folder was created");
+      }
+      else{
+        spdlog::info("creating sgx_data folder failed");
         exit(-1);
+      }
     }
 
-    static std::string dbName("./" WALLETDB_NAME);
+    static std::string dbName = sgx_data_folder +  WALLETDB_NAME;
     levelDb = new LevelDB(dbName);
 
-    static std::string csr_dbname = "sgx_data/CSR_DB";
+    static std::string csr_dbname = sgx_data_folder + "CSR_DB";
     csrDb = new LevelDB(csr_dbname);
 
-    static std::string csr_status_dbname = "sgx_data/CSR_STATUS_DB";
+    static std::string csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
     csrStatusDb = new LevelDB(csr_status_dbname);
 
     std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");
     if (encr_SEK_ptr == nullptr){
       spdlog::info("SEK was not created yet");
     }
-
 }
 
 

cert/042b18a31b77c13d9aa2972aded1935e98920dfc854b86abae1e986bf13574ef.csr

+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzFJMEcGA1UEAwxAMDFlNWQ0OGY4N2E3ZDBlYTA0OTM0ZDFl
+NDE4MDYxNjFjZTRjMDRhNGFjMTg3ZTZkMWM0YWM3MDUxMjIxZjE3NjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL26xPSctnyHebtKy4ahn609WgWSTyM0
+9peytK7AWiC7CBpKJ4KlWdIS26NiC4eW8WkQxEDI/vClRwa/JE1QMZQQiIS8gB7G
+yQUnn9HIgFZEhVZiImX2GK0BuHbcSgrA/bG3/tfjeDp6GLt/Fi5fDeer/rawf5G2
+tshae/XZK3MrSnNXjUM8O1oDJDsddnbVWUwzyAy+jHxlko4Zrs07doq7MsBI2GRS
+Ip4H1i12UcqgPxY8Gh4q74Z6sZeiAbkraQUWI2qzpfFYrGHEgXjjCXG6WmUrg7u/
+D53/mvtSZyi/4CcLRpIGIFC09WCld9R8fRJ4jIN0uVi5iVeph8prZ/kCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBYK5yjRdsG//w8lr297kfAzU9M9Zd/s0cxsAfK
+8rEq8hGinnP0uOnE4QY00mon/C0JbBAyfaE3tnhWgJxWFM2Uq0bBomKuMfQB3KmF
+R/5HCkiEVpzgMA6ev0iBK4BexMY0TwTyPJ5IledjQY2qXodDOqZuOCmt0hf+1ypa
+34zVBws/jeQ5Gl89QPpnbtR+6NNQ6auB77E97U8tz1grrPC7un0xNYxtx5lvZGi0
+uweEQlkbq92rUiADm9o5lpUVYk/mtESjF4Gw6s5McObANFc3nPDL2YLZmnJSNJRS
+VnxbYhdDIt+22uOviRS17hCkaoCdncBrIEQqmeD9OoPMvA2R
+-----END CERTIFICATE REQUEST-----
+

sgx_data/cert/ca.config → cert/ca.config

@@ -5,16 +5,16 @@
         [ CA_CLIENT ]
         dir                    = .            # Каталог для служебных файлов
         certs                  = $dir/certs      # Каталог для сертификатов
-        new_certs_dir          = $dir/new_certs   # Каталог для новых сертификатов
+        new_certs_dir          = ../sgx_data/cert_data/new_certs   # Каталог для новых сертификатов
 
-        database               = $dir/index.txt  # Файл с базой данных
+        database               = ../sgx_data/cert_data/index.txt  # Файл с базой данных
         # подписанных сертификатов
-        serial                 = $dir/serial     # Файл содержащий серийный номер
+        serial                 = ../sgx_data/cert_data/serial     # Файл содержащий серийный номер
         RANDFILE               = $dir/.rnd
         # сертификата
         # (в шестнадцатиричном формате)
-        certificate            = ./rootCA.pem        # Файл сертификата CA
-        private_key            = ./rootCA.key        # Файл закрытого ключа CA
+        certificate            = ../sgx_data/cert_data/rootCA.pem        # Файл сертификата CA
+        private_key            = ../sgx_data/cert_data/rootCA.key        # Файл закрытого ключа CA
 
         default_days           = 3650             # Срок действия подписываемого
         # сертификата

sgx_data/cert/create_CA → cert/create_CA

 #!/bin/bash
 
+cd ../sgx_data
+mkdir cert_data
+cd cert_data
+mkdir new_certs
+touch index.txt
+touch index.txt.attr
+echo "01" > serial
+
 # Generate root CA key
 openssl genrsa -out rootCA.key 2048
 
 # Create an X.509 cert from the CA key
 openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -out rootCA.pem -subj "/CN=SGXCACertificate"
 
-mkdir new_certs
-touch index.txt
-touch index.txt.attr
-echo "01" > serial
+
 
 
 

sgx_data/cert/create_server_cert → cert/create_server_cert

 #!/bin/bash
 
 # Generate server key
-openssl genrsa -out "SGXServerCert.key" 2048
+openssl genrsa -out ../sgx_data/cert_data/SGXServerCert.key 2048
 
 # Create server certificate request
 #openssl req -new -key "SGXServer.key" -out "SGXServer.csr" -subj "/CN=SGXCACertificate"
 
-openssl req -new -sha256 -nodes -out "SGXServerCert.csr" -newkey rsa:2048 -keyout "SGXServerCert.key" -subj /CN=SGXServer
+openssl req -new -sha256 -nodes -out ../sgx_data/cert_data/SGXServerCert.csr -newkey rsa:2048 -keyout ../sgx_data/cert_data/SGXServerCert.key -subj /CN=SGXServer
 
 # Sign and generate the user certificate from the
 #openssl x509 -req -in "SGXServer.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "SGXServerCertificate.crt" -days 3650
 
-yes | openssl ca -config ca.config -in "SGXServerCert.csr" -out "SGXServerCert.crt"
+yes | openssl ca -config ca.config -in ../sgx_data/cert_data/SGXServerCert.csr -out ../sgx_data/cert_data/SGXServerCert.crt

sgxwallet_common.h

@@ -92,9 +92,9 @@ extern int is_sgx_https;
 
 #define BASE_PORT 1026
 
-#define WALLETDB_NAME  "sgx_data/sgxwallet.db"//"test_sgxwallet.db"//
+#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"
-
+#define SGXDATA_FOLDER "sgx_data/"