Merge branch 'develop' into enhancement/SKALE-2003-Create-backup-key

3fb4836a · svetaro · 1a0d5457 · 018b590c · 3fb4836a · 3fb4836a
Unverified Commit 3fb4836a authored Jan 22, 2020 by svetaro
10 changed files
--- a/CSRManagerServer.cpp
+++ b/CSRManagerServer.cpp
@@ -60,7 +60,7 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
    }
    if (status == 0) {
-      std::string csr_name = "cert/" + hash + ".csr";
+      std::string csr_name = "sgx_data/cert/" + hash + ".csr";
      std::ofstream outfile(csr_name);
      outfile << *csr_ptr << std::endl;
      outfile.close();
@@ -69,7 +69,7 @@ Json::Value SignByHashImpl(const std::string& hash, int status){
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }
-      std::string signClientCert = "cd cert && ./create_client_cert " + hash;
+      std::string signClientCert = "cd sgx_data/cert && ./create_client_cert " + hash;
      if (system(signClientCert.c_str()) == 0) {
        spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");

--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -82,8 +82,8 @@ void debug_print(){
 int init_https_server(bool check_certs) {
-  std::string rootCAPath = "cert/rootCA.pem";
+  std::string rootCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
-  std::string keyCAPath = "cert/rootCA.key";
+  std::string keyCAPath = std::string(SGXDATA_FOLDER) + "cert_data/rootCA.key";
  if (access(rootCAPath.c_str(), F_OK) != 0 || access(keyCAPath.c_str(), F_OK) != 0){
    spdlog::info("YOU DO NOT HAVE ROOT CA CERTIFICATE");
@@ -100,8 +100,8 @@ int init_https_server(bool check_certs) {
    }
  }
-  std::string certPath = "cert/SGXServerCert.crt";
+  std::string certPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.crt";
-  std::string keyPath = "cert/SGXServerCert.key";
+  std::string keyPath = std::string(SGXDATA_FOLDER) + "cert_data/SGXServerCert.key";
  if (access(certPath.c_str(), F_OK) != 0 || access(certPath.c_str(), F_OK) != 0){
    spdlog::info("YOU DO NOT HAVE SERVER CERTIFICATE");

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -66,25 +66,27 @@ void init_daemon() {
    libff::init_alt_bn128_params();
+    std::string sgx_data_folder = SGXDATA_FOLDER;
    struct stat info;
-    if (stat("SGXData", &info) !=0 ){
+    if (stat(sgx_data_folder.c_str(), &info) !=0 ){
-      spdlog::info("going to create SGXData folder");
+      spdlog::info("going to create sgx_data folder");
-      if (system("mkdir SGXData") == 0){
+      std::string make_sgx_data_folder = "mkdir " + sgx_data_folder;
-        spdlog::info("SGXData folder was created");
+      if (system(make_sgx_data_folder.c_str()) == 0){
+        spdlog::info("sgx_data folder was created");
      }
      else{
-        spdlog::info("creating SGXData folder failed");
+        spdlog::info("creating sgx_data folder failed");
        exit(-1);
      }
    }
-    static std::string dbName("./" WALLETDB_NAME);
+    static std::string dbName = sgx_data_folder +  WALLETDB_NAME;
    levelDb = new LevelDB(dbName);
-    static std::string csr_dbname = "SGXData/CSR_DB";
+    static std::string csr_dbname = sgx_data_folder + "CSR_DB";
    csrDb = new LevelDB(csr_dbname);
-    static std::string csr_status_dbname = "SGXData/CSR_STATUS_DB";
+    static std::string csr_status_dbname = sgx_data_folder + "CSR_STATUS_DB";
    csrStatusDb = new LevelDB(csr_status_dbname);
    std::shared_ptr<std::string> encr_SEK_ptr = levelDb->readString("SEK");
@@ -92,7 +94,6 @@ void init_daemon() {
      spdlog::info("SEK was not created yet");
      generate_SEK();
    }
 }

--- a/cert/ca.config
+++ b/cert/ca.config
@@ -5,16 +5,16 @@
        [ CA_CLIENT ]
        dir                    = .            # Каталог для служебных файлов
        certs                  = $dir/certs      # Каталог для сертификатов
-        new_certs_dir          = $dir/new_certs   # Каталог для новых сертификатов
+        new_certs_dir          = ../sgx_data/cert_data/new_certs   # Каталог для новых сертификатов
-        database               = $dir/index.txt  # Файл с базой данных
+        database               = ../sgx_data/cert_data/index.txt  # Файл с базой данных
        # подписанных сертификатов
-        serial                 = $dir/serial     # Файл содержащий серийный номер
+        serial                 = ../sgx_data/cert_data/serial     # Файл содержащий серийный номер
        RANDFILE               = $dir/.rnd
        # сертификата
        # (в шестнадцатиричном формате)
-        certificate            = ./rootCA.pem        # Файл сертификата CA
+        certificate            = ../sgx_data/cert_data/rootCA.pem        # Файл сертификата CA
-        private_key            = ./rootCA.key        # Файл закрытого ключа CA
+        private_key            = ../sgx_data/cert_data/rootCA.key        # Файл закрытого ключа CA
        default_days           = 3650             # Срок действия подписываемого
        # сертификата

--- a/cert/create_CA
+++ b/cert/create_CA
 #!/bin/bash
+cd ../sgx_data
+mkdir cert_data
+cd cert_data
+mkdir new_certs
+touch index.txt
+touch index.txt.attr
+echo "01" > serial
 # Generate root CA key
 openssl genrsa -out rootCA.key 2048
 # Create an X.509 cert from the CA key
 openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -out rootCA.pem -subj "/CN=SGXCACertificate"
-mkdir new_certs
-touch index.txt
-touch index.txt.attr
-echo "01" > serial
--- a/cert/create_server_cert
+++ b/cert/create_server_cert
 #!/bin/bash
 # Generate server key
-openssl genrsa -out "SGXServerCert.key" 2048
+openssl genrsa -out ../sgx_data/cert_data/SGXServerCert.key 2048
 # Create server certificate request
 #openssl req -new -key "SGXServer.key" -out "SGXServer.csr" -subj "/CN=SGXCACertificate"
-openssl req -new -sha256 -nodes -out "SGXServerCert.csr" -newkey rsa:2048 -keyout "SGXServerCert.key" -subj /CN=SGXServer
+openssl req -new -sha256 -nodes -out ../sgx_data/cert_data/SGXServerCert.csr -newkey rsa:2048 -keyout ../sgx_data/cert_data/SGXServerCert.key -subj /CN=SGXServer
 # Sign and generate the user certificate from the
 #openssl x509 -req -in "SGXServer.csr" -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out "SGXServerCertificate.crt" -days 3650
-yes | openssl ca -config ca.config -in "SGXServerCert.csr" -out "SGXServerCert.crt"
+yes | openssl ca -config ca.config -in ../sgx_data/cert_data/SGXServerCert.csr -out ../sgx_data/cert_data/SGXServerCert.crt
--- a/docker-compose-sim.yml
+++ b/docker-compose-sim.yml
@@ -9,4 +9,5 @@ services:
    volumes:
      - ./sgx_data:/sgx_data
    restart: unless-stopped
+    command: -s
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,5 +12,6 @@ services:
    volumes:
      - ./sgx_data:/sgx_data
    restart: unless-stopped
+    command: -s
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -588,7 +588,6 @@ void get_public_shares(int *err_status, char* err_string, uint8_t* encrypted_dkg
 }
 void set_encrypted_dkg_poly(int *err_status, char *err_string, uint8_t* encrypted_poly){
  uint32_t decr_len;

--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -92,9 +92,9 @@ extern int is_sgx_https;
 #define BASE_PORT 1026
-#define WALLETDB_NAME  "SGXData/sgxwallet.db"//"test_sgxwallet.db"//
+#define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"
+#define SGXDATA_FOLDER "sgx_data/"