Separate scripts and data

24b2d824 · svetaro · 27185d43 · 24b2d824 · 24b2d824 · 24b2d824
Unverified Commit 24b2d824 authored Jan 21, 2020 by svetaro
10 changed files
--- a/Dockerfile
+++ b/Dockerfile
--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -78,7 +78,7 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
    }

    if (auto_sign) {
-      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
+      std::string csr_name = "cert/" + hash + ".csr";
      std::ofstream outfile(csr_name);
      outfile << csr << std::endl;
      outfile.close();
@@ -86,7 +86,7 @@ Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }

-      std::string genCert = "cd sgx_data/cert && ./create_client_cert " + hash;
+      std::string genCert = "cd cert && ./create_client_cert " + hash;

      if (system(genCert.c_str()) == 0){
          spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -130,7 +130,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
    int status = std::atoi(status_str_ptr->c_str());

    if ( status == 0){
-      std::string crt_name = "sgx_data/cert/" + hash + ".crt";
+      std::string crt_name = "cert/" + hash + ".crt";
      //if (access(crt_name.c_str(), F_OK) == 0){
        std::ifstream infile(crt_name);
        if (!infile.is_open()) {
@@ -144,7 +144,7 @@ Json::Value GetSertificateImpl(const std::string& hash){
          cert = ss.str();

          infile.close();
-          std::string remove_crt = "cd sgx_data/cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
+          std::string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
          if(system(remove_crt.c_str()) == 0){
              //std::cerr << "cert removed" << std::endl;
              spdlog::info(" cert removed ");

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -82,14 +82,14 @@ void debug_print(){

 int init_https_server(bool check_certs) {

-  std::string rootCAPath = "sgx_data/cert/rootCA.pem";
-  std::string keyCAPath = "sgx_data/cert/rootCA.key";
+  std::string rootCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
+  std::string keyCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.key";

  if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
    spdlog::info("YOU DO NOT HAVE ROOT CA CERTIFICATE");
    spdlog::info("ROOT CA CERTIFICATE IS GOING TO BE CREATED");

-    std::string genRootCACert = "cd sgx_data/cert && ./create_CA";
+    std::string genRootCACert = "cd cert && ./create_CA";

    if (system(genRootCACert.c_str()) == 0){
      spdlog::info("ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED");
@@ -100,14 +100,14 @@ int init_https_server(bool check_certs) {
    }
  }

-  std::string certPath = "sgx_data/cert/SGXServerCert.crt";
-  std::string keyPath = "sgx_data/cert/SGXServerCert.key";
+  std::string certPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.crt";
+  std::string keyPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.key";

  if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
    spdlog::info("YOU DO NOT HAVE SERVER CERTIFICATE");
    spdlog::info("SERVER CERTIFICATE IS GOING TO BE CREATED");

-    std::string genCert = "cd sgx_data/cert && ./create_server_cert";
+    std::string genCert = "cd cert && ./create_server_cert";

    if (system(genCert.c_str()) == 0){
      spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY GENERATED");

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -64,26 +64,33 @@ void init_daemon() {

    libff::init_alt_bn128_params();

+    std::string sgx_data_folder = SGXDATA_FOLDER;
    struct stat info;
-    if (stat("sgx_data", &info) !=0 ){
-        spdlog::info("there is no sgx_data folder");
+    if (stat(sgx_data_folder.c_str(), &info) !=0 ){
+      spdlog::info("going to create sgx_data folder");
+      std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
+      if (system(make_sgx_data_folder.c_str()) == 0){
+        spdlog::info("sgx_data folder was created");
+      }
+      else{
+        spdlog::info("creating sgx_data folder failed");
        exit(-1);
      }
+    }

-    static std::string dbName("./" WALLETDB_NAME);
+    static std::string dbName = sgx_data_folder +  WALLETDB_NAME;
    levelDb = new LevelDB(dbName);

-    static std::string csr_dbname = "sgx_data/CSR_DB";
+    static std::string csr_dbname = sgx_data_folder + "CSR_DB";
    csrDb = new LevelDB(csr_dbname);

-    static std::string csr_status_dbname = "sgx_data/CSR_STATUS_DB";
+    static std::string csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
    csrStatusDb = new LevelDB(csr_status_dbname);

    std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");
    if (encr_SEK_ptr == nullptr){
      spdlog::info("SEK was not created yet");
    }
-
 }



--- a/cert/042b18a31b77c13d9aa2972aded1935e98920dfc854b86abae1e986bf13574ef.csr
+++ b/cert/042b18a31b77c13d9aa2972aded1935e98920dfc854b86abae1e986bf13574ef.csr
+-----BEGIN CERTIFICATE REQUEST-----
+MIICkDCCAXgCAQAwSzFJMEcGA1UEAwxAMDFlNWQ0OGY4N2E3ZDBlYTA0OTM0ZDFl
+NDE4MDYxNjFjZTRjMDRhNGFjMTg3ZTZkMWM0YWM3MDUxMjIxZjE3NjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL26xPSctnyHebtKy4ahn609WgWSTyM0
+9peytK7AWiC7CBpKJ4KlWdIS26NiC4eW8WkQxEDI/vClRwa/JE1QMZQQiIS8gB7G
+yQUnn9HIgFZEhVZiImX2GK0BuHbcSgrA/bG3/tfjeDp6GLt/Fi5fDeer/rawf5G2
+tshae/XZK3MrSnNXjUM8O1oDJDsddnbVWUwzyAy+jHxlko4Zrs07doq7MsBI2GRS
+Ip4H1i12UcqgPxY8Gh4q74Z6sZeiAbkraQUWI2qzpfFYrGHEgXjjCXG6WmUrg7u/
+D53/mvtSZyi/4CcLRpIGIFC09WCld9R8fRJ4jIN0uVi5iVeph8prZ/kCAwEAAaAA
+MA0GCSqGSIb3DQEBCwUAA4IBAQBYK5yjRdsG//w8lr297kfAzU9M9Zd/s0cxsAfK
+8rEq8hGinnP0uOnE4QY00mon/C0JbBAyfaE3tnhWgJxWFM2Uq0bBomKuMfQB3KmF
+R/5HCkiEVpzgMA6ev0iBK4BexMY0TwTyPJ5IledjQY2qXodDOqZuOCmt0hf+1ypa
+34zVBws/jeQ5Gl89QPpnbtR+6NNQ6auB77E97U8tz1grrPC7un0xNYxtx5lvZGi0
+uweEQlkbq92rUiADm9o5lpUVYk/mtESjF4Gw6s5McObANFc3nPDL2YLZmnJSNJRS
+VnxbYhdDIt+22uOviRS17hCkaoCdncBrIEQqmeD9OoPMvA2R
+-----END CERTIFICATE REQUEST-----
+
--- a/sgx_data/cert/ca.config
+++ b/sgx_data/cert/ca.config
@@ -5,16 +5,16 @@
        [ CA_CLIENT ]
        dir                    = .            # Каталог для служебных файлов
        certs                  = $dir/certs      # Каталог для сертификатов
-        new_certs_dir          = $dir/new_certs   # Каталог для новых сертификатов
+        new_certs_dir          = ../sgx_data/cert_data/new_certs   # Каталог для новых сертификатов

-        database               = $dir/index.txt  # Файл с базой данных
+        database               = ../sgx_data/cert_data/index.txt  # Файл с базой данных
        # подписанных сертификатов
-        serial                 = $dir/serial     # Файл содержащий серийный номер
+        serial                 = ../sgx_data/cert_data/serial     # Файл содержащий серийный номер
        RANDFILE               = $dir/.rnd
        # сертификата
        # (в шестнадцатиричном формате)
-        certificate            = ./rootCA.pem        # Файл сертификата CA
-        private_key            = ./rootCA.key        # Файл закрытого ключа CA
+        certificate            = ../sgx_data/cert_data/rootCA.pem        # Файл сертификата CA
+        private_key            = ../sgx_data/cert_data/rootCA.key        # Файл закрытого ключа CA

        default_days           = 3650             # Срок действия подписываемого
        # сертификата

--- a/sgx_data/cert/create_CA
+++ b/sgx_data/cert/create_CA
 #!/bin/bash

+cd ../sgx_data
+mkdir cert_data
+cd cert_data
+mkdir new_certs
+touch index.txt
+touch index.txt.attr
+echo "01" > serial
+
 # Generate root CA key
 openssl genrsa -out rootCA.key 2048

 # Create an X.509 cert from the CA key
 openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -out rootCA.pem -subj "/CN=SGXCACertificate"

-mkdir new_certs
-touch index.txt
-touch index.txt.attr
-echo "01" > serial
+



--- a/sgx_data/cert/create_client_cert
+++ b/sgx_data/cert/create_client_cert
--- a/sgx_data/cert/create_server_cert
+++ b/sgx_data/cert/create_server_cert
 #!/bin/bash

 # Generate server key
-openssl genrsa -out "SGXServerCert.key" 2048
+openssl genrsa -out ../sgx_data/cert_data/SGXServerCert.key 2048

 # Create server certificate request
 #openssl req -new -key "SGXServer.key" -out "SGXServer.csr" -subj "/CN=SGXCACertificate"

-openssl req -new -sha256 -nodes -out "SGXServerCert.csr" -newkey rsa:2048 -keyout "SGXServerCert.key" -subj /CN=SGXServer
+openssl req -new -sha256 -nodes -out ../sgx_data/cert_data/SGXServerCert.csr -newkey rsa:2048 -keyout ../sgx_data/cert_data/SGXServerCert.key -subj /CN=SGXServer

 # Sign and generate the user certificate from the
 #openssl x509 -req -in "SGXServer.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "SGXServerCertificate.crt" -days 3650

-yes | openssl ca -config ca.config -in "SGXServerCert.csr" -out "SGXServerCert.crt"
+yes | openssl ca -config ca.config -in ../sgx_data/cert_data/SGXServerCert.csr -out ../sgx_data/cert_data/SGXServerCert.crt
--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -92,9 +92,9 @@ extern int is_sgx_https;

 #define BASE_PORT 1026

-#define WALLETDB_NAME  "sgx_data/sgxwallet.db"//"test_sgxwallet.db"//
+#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"
-
+#define SGXDATA_FOLDER "sgx_data/"