Skip to content

S
sgxwallet
Unverified Commit 781867e0 authored by Oleh Nikolaiev's avatar Oleh Nikolaiev
Browse files
Options

SKALE-4005 throw exceptions during init process

parent 4f7a8449
Hide whitespace changes
Inline Side-by-side
Showing with 71 additions and 97 deletions
CSRManagerServer.cpp
View file @ 781867e0
......@@ -27,7 +27,6 @@
#include <jsonrpccpp/server/connectors/httpserver.h>
#include "CSRManagerServer.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "sgxwallet_common.h"
......@@ -111,7 +110,7 @@ Json::Value CSRManagerServer::signByHash(const string &hash, int status) {
return signByHashImpl(hash, status);
}
int CSRManagerServer::initCSRManagerServer() {
void CSRManagerServer::initCSRManagerServer() {
hs3 = make_shared<jsonrpc::HttpServer>(BASE_PORT + 2);
hs3->BindLocalhost();
cs = make_shared<CSRManagerServer>(*hs3, JSONRPC_SERVER_V2); // server (json-rpc 2.0)
......@@ -120,20 +119,17 @@ int CSRManagerServer::initCSRManagerServer() {
if (!cs->StartListening()) {
spdlog::info("CSR manager server could not start listening");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_starting_server);
return 1;
throw SGXException(CSR_MANAGER_SERVER_FAILED_TO_START, "CSRManager server could not start listening.");
} else {
spdlog::info("CSR manager server started on port {}", BASE_PORT + 2);
}
return 0;
};
int CSRManagerServer::exitServer() {
spdlog::info("Stoping CSRManager server");
if (cs && !cs->StopListening()) {
spdlog::error("CSRManager server could not be stopped");
exit(-104);
spdlog::error("CSRManager server could not be stopped. Will forcefully terminate the app");
} else {
spdlog::info("CSRManager server stopped");
}
......
CSRManagerServer.h
View file @ 781867e0
......@@ -49,7 +49,7 @@ class CSRManagerServer : public abstractCSRManagerServer {
virtual Json::Value getUnsignedCSRs();
virtual Json::Value signByHash(const string& hash, int status);
static int initCSRManagerServer();
static void initCSRManagerServer();
static int exitServer();
};
......
ExitHandler.cpp
View file @ 781867e0
......@@ -13,8 +13,6 @@ void ExitHandler::exitHandler( int s, ExitHandler::exit_code_t ec ) {
g_ec = ec;
}
s_shouldExit = true;
// HACK wait for loop in main to recieve exit call
std::this_thread::sleep_for( std::chrono::seconds( 20 ) );
}
volatile bool ExitHandler::s_shouldExit = false;
......
ExitHandler.h
View file @ 781867e0
......@@ -9,16 +9,7 @@ public:
enum exit_code_t {
ec_success = 0,
ec_failure = 1, // same as EXIT_FAILURE in stdlib.h, generic failure in main()
ec_termninated_by_signal = 196,
ec_error_starting_server = 197, // error starting one of the http(s) servers
ec_rotation_complete = 0, // must be zero, exit requested after rotation complete
ec_error_creating_database = 198, // error initing LevelDB
ec_error_initing_sek = 199, // error while initing or validating SEK
ec_creating_certificate = 200, // error creating SSL certificate to initialize server
ec_initing_enclave = 201, // error starting secure enclave
ec_initing_user_space = 202, // error or exception while initializing user space
ec_cannot_start_zeromq = 203, // error starting ZMQ server
};
private:
......
LevelDB.cpp
View file @ 781867e0
......@@ -30,7 +30,6 @@
#include <jsonrpccpp/client.h>
#include "sgxwallet_common.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "LevelDB.h"
......@@ -275,8 +274,8 @@ void LevelDB::initDataFolderAndDBs() {
char cwd[PATH_MAX];
if (getcwd(cwd, sizeof(cwd)) == NULL) {
spdlog::error("could not get current workin directory");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_creating_database);
spdlog::error("Could not get current working directory.");
throw SGXException(COULD_NOT_GET_WORKING_DIRECTORY, "Could not get current working directory.");
}
sgx_data_folder = string(cwd) + "/" + SGXDATA_FOLDER;
......@@ -289,8 +288,8 @@ void LevelDB::initDataFolderAndDBs() {
spdlog::info("Successfully created sgx_data folder");
}
else{
spdlog::error("Couldnt create creating sgx_data folder");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_creating_database);
spdlog::error("Could not create sgx_data folder.");
throw SGXException(ERROR_CREATING_SGX_DATA_FOLDER, "Could not create sgx_data folder.");
}
}
......
SEKManager.cpp
View file @ 781867e0
......@@ -33,7 +33,6 @@
#include "common.h"
#include "sgxwallet.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "BLSCrypto.h"
#include "LevelDB.h"
......@@ -91,7 +90,7 @@ void validate_SEK() {
if (!hex2carray(test_key_ptr->c_str(), &len, encr_test_key.data(),
BUF_LEN)) {
spdlog::error("Corrupt test key is LevelDB");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_initing_sek);
throw SGXException(CORRUPT_DATABASE, "Corrupt test key is LevelDB");
}
sgx_status_t status = SGX_SUCCESS;
......@@ -109,7 +108,7 @@ void validate_SEK() {
spdlog::error("Invalid storage key. You need to recover using backup key");
spdlog::error("Set the correct backup key into sgx_datasgxwallet_backup_key.txt");
spdlog::error("Then run sgxwallet using backup flag");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_initing_sek);
throw SGXException(INVALID_SEK, "Invalid storage key. Recover using backup key");
}
}
......@@ -182,6 +181,7 @@ void gen_SEK() {
if (!autoconfirm) {
sleep(10);
string confirm_str = "I confirm";
string buffer;
do {
......@@ -202,8 +202,6 @@ void gen_SEK() {
setSEK(encrypted_SEK_ptr);
validate_SEK();
}
void setSEK(shared_ptr <string> hex_encrypted_SEK) {
......@@ -229,10 +227,7 @@ void setSEK(shared_ptr <string> hex_encrypted_SEK) {
HANDLE_TRUSTED_FUNCTION_ERROR(status, err_status, errMsg.data());
validate_SEK();
}
#include "experimental/filesystem"
......@@ -244,13 +239,13 @@ void enter_SEK() {
shared_ptr <string> test_key_ptr = LevelDB::getLevelDb()->readString("TEST_KEY");
if (test_key_ptr == nullptr) {
spdlog::error("Error: corrupt or empty LevelDB database");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_initing_sek);
throw SGXException(CORRUPT_DATABASE, "Could not find TEST_KEY in database.");
}
if (!experimental::filesystem::is_regular_file(BACKUP_PATH)) {
spdlog::error("File does not exist: " BACKUP_PATH);
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_initing_sek);
spdlog::error("File does not exist: " BACKUP_PATH);
throw SGXException(FILE_NOT_FOUND, "File does not exist: " BACKUP_PATH);
}
ifstream sek_file(BACKUP_PATH);
......@@ -266,7 +261,7 @@ void enter_SEK() {
while (!checkHex(sek, 16)) {
spdlog::error("Invalid hex in key");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_initing_sek);
throw SGXException(SET_SEK_INVALID_SEK_HEX, "Invalid hex in key");
}
auto encrypted_SEK = check_and_set_SEK(sek);
......@@ -286,10 +281,10 @@ void enter_SEK() {
}
void initSEK() {
shared_ptr <string> encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (enterBackupKey) {
enter_SEK();
} else {
shared_ptr <string> encrypted_SEK_ptr = LevelDB::getLevelDb()->readString("SEK");
if (encrypted_SEK_ptr == nullptr) {
spdlog::warn("SEK was not created yet. Going to create SEK");
gen_SEK();
......
SGXInfoServer.cpp
View file @ 781867e0
......@@ -31,7 +31,6 @@
#include "sgxwallet_common.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "LevelDB.h"
......@@ -108,7 +107,7 @@ Json::Value SGXInfoServer::isKeyExist(const string& key) {
RETURN_SUCCESS(result)
}
int SGXInfoServer::initInfoServer(uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys) {
void SGXInfoServer::initInfoServer(uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys) {
httpServer = make_shared<HttpServer>(BASE_PORT + 4);
server = make_shared<SGXInfoServer>(*httpServer, JSONRPC_SERVER_V2, _logLevel, _autoSign, _checkCerts, _generateTestKeys); // hybrid server (json-rpc 1.0 & 2.0)
......@@ -116,21 +115,17 @@ int SGXInfoServer::initInfoServer(uint32_t _logLevel, bool _autoSign, bool _chec
if (!server->StartListening()) {
spdlog::error("Info server could not start listening on port {}", BASE_PORT + 4);
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_starting_server);
return 1;
throw SGXException(SGX_INFO_SERVER_FAILED_TO_START, "Info server could not start listening.");
} else {
spdlog::info("Info server started on port {}", BASE_PORT + 4);
}
return 0;
}
int SGXInfoServer::exitServer() {
spdlog::info("Stoping SGXInfo server");
if (server && !server->StopListening()) {
spdlog::error("SGXInfo server could not be stopped");
exit(-105);
spdlog::error("SGXInfo server could not be stopped. Will forcefully terminate the app");
} else {
spdlog::info("SGXInfo server stopped");
}
......
SGXInfoServer.h
View file @ 781867e0
......@@ -59,7 +59,7 @@ public:
virtual Json::Value isKeyExist(const string& key);
static int initInfoServer(uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys);
static void initInfoServer(uint32_t _logLevel, bool _autoSign, bool _checkCerts, bool _generateTestKeys);
static int exitServer();
......
SGXRegistrationServer.cpp
View file @ 781867e0
......@@ -32,7 +32,6 @@
#include "sgxwallet_common.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "LevelDB.h"
......@@ -163,7 +162,7 @@ Json::Value SGXRegistrationServer::GetCertificate(const string &hash) {
}
int SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
void SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
httpServer = make_shared<HttpServer>(BASE_PORT + 1);
server = make_shared<SGXRegistrationServer>(*httpServer,
JSONRPC_SERVER_V2,
......@@ -173,21 +172,17 @@ int SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
if (!server->StartListening()) {
spdlog::error("Registration server could not start listening on port {}", BASE_PORT + 1);
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_starting_server);
return 1;
throw SGXException(REGISTRATION_SERVER_FAILED_TO_START, "Registration server could not start listening.");
} else {
spdlog::info("Registration server started on port {}", BASE_PORT + 1);
}
return 0;
}
int SGXRegistrationServer::exitServer() {
spdlog::info("Stoping registration server");
if (server && !server->StopListening()) {
spdlog::error("Registration server could not be stopped");
exit(-102);
spdlog::error("Registration server could not be stopped. Will forcefully terminate the app");
} else {
spdlog::info("Registration server stopped");
}
......
SGXRegistrationServer.h
View file @ 781867e0
......@@ -60,7 +60,7 @@ public:
virtual Json::Value GetCertificate(const string &hash);
static int initRegistrationServer(bool _autoSign = false);
static void initRegistrationServer(bool _autoSign = false);
static int exitServer();
};
......
SGXWalletServer.cpp
View file @ 781867e0
......@@ -32,12 +32,9 @@
#include <stdlib.h>
#include <unistd.h>
#include "sgxwallet_common.h"
#include "sgxwallet.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "LevelDB.h"
#include "BLSCrypto.h"
......@@ -142,7 +139,7 @@ void SGXWalletServer::createCertsIfNeeded() {
spdlog::info("ROOT CA CERTIFICATE IS SUCCESSFULLY GENERATED");
} else {
spdlog::error("ROOT CA CERTIFICATE GENERATION FAILED");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_creating_certificate);
throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "ROOT CA CERTIFICATE GENERATION FAILED");
}
}
......@@ -159,7 +156,7 @@ void SGXWalletServer::createCertsIfNeeded() {
spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY GENERATED");
} else {
spdlog::info("SERVER CERTIFICATE GENERATION FAILED");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_creating_certificate);
throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "SERVER CERTIFICATE GENERATION FAILED");
}
}
......@@ -169,12 +166,12 @@ void SGXWalletServer::createCertsIfNeeded() {
spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY VERIFIED");
} else {
spdlog::info("SERVER CERTIFICATE VERIFICATION FAILED");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_creating_certificate);
throw SGXException(FAIL_TO_VERIFY_CERTIFICATE, "SERVER CERTIFICATE VERIFICATION FAILED");
}
}
int SGXWalletServer::initHttpsServer(bool _checkCerts) {
void SGXWalletServer::initHttpsServer(bool _checkCerts) {
COUNT_STATISTICS
spdlog::info("Entering {}", __FUNCTION__);
spdlog::info("Initing server, number of threads: {}", NUM_THREADS);
......@@ -194,14 +191,13 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
if (!server->StartListening()) {
spdlog::error("SGX Server could not start listening");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_starting_server);
throw SGXException(SGX_SERVER_FAILED_TO_START, "Https server could not start listening.");
} else {
spdlog::info("SGX Server started on port {}", BASE_PORT);
}
return 0;
}
int SGXWalletServer::initHttpServer() { //without ssl
void SGXWalletServer::initHttpServer() { //without ssl
COUNT_STATISTICS
spdlog::info("Entering {}", __FUNCTION__);
......@@ -213,18 +209,15 @@ int SGXWalletServer::initHttpServer() { //without ssl
JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
if (!server->StartListening()) {
spdlog::error("Server could not start listening");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_error_starting_server);
throw SGXException(SGX_SERVER_FAILED_TO_START, "Http server could not start listening.");
}
return 0;
}
int SGXWalletServer::exitServer() {
spdlog::info("Stoping sgx server");
if (server && !server->StopListening()) {
spdlog::error("Sgx server could not be stopped");
exit(-103);
spdlog::error("Sgx server could not be stopped. Will forcefully terminate the app");
} else {
spdlog::info("Sgx server stopped");
}
......
SGXWalletServer.hpp
View file @ 781867e0
......@@ -176,9 +176,9 @@ public:
static void printDB();
static int initHttpServer();
static void initHttpServer();
static int initHttpsServer(bool _checkCerts);
static void initHttpsServer(bool _checkCerts);
static int exitServer();
......
ServerInit.cpp
View file @ 781867e0
......@@ -71,7 +71,7 @@ void systemHealthCheck() {
ulimit = exec("/bin/bash -c \"ulimit -n\"");
} catch (...) {
spdlog::error("Execution of '/bin/bash -c ulimit -n' failed");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_initing_user_space);
throw SGXException(EXECUTION_ULIMIT_FAILED, "Execution of '/bin/bash -c ulimit -n' failed.");
}
int noFiles = strtol(ulimit.c_str(), NULL, 10);
......@@ -85,7 +85,7 @@ void systemHealthCheck() {
"and setting 'DefaultLimitNOFILE=65535'\n"
"After that, restart sgxwallet";
spdlog::error(errStr);
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_initing_user_space);
throw SGXException(WRONG_ULIMIT, errStr);
}
}
......@@ -101,8 +101,6 @@ void initUserSpace() {
systemHealthCheck();
#endif
}
......@@ -114,7 +112,7 @@ uint64_t initEnclave() {
support = get_sgx_support();
if (!SGX_OK(support)) {
sgx_support_perror(support);
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_initing_enclave);
throw SGXException(COULD_NOT_INIT_ENCLAVE, "SGX is not supported or not enabled");
}
#endif
......@@ -145,7 +143,7 @@ uint64_t initEnclave() {
} else {
spdlog::error("sgx_create_enclave_search failed {} {}", ENCLAVE_NAME, status);
}
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_initing_enclave);
throw SGXException(COULD_NOT_INIT_ENCLAVE, "Error initing enclave. Please re-check your enviroment.");
}
spdlog::info("Enclave created and started successfully");
......@@ -212,15 +210,9 @@ void initAll(uint32_t _logLevel, bool _checkCert,
spdlog::info("Inited JSON-RPC server over HTTP");
}
if (SGXRegistrationServer::initRegistrationServer(_autoSign)) {
return;
}
if (CSRManagerServer::initCSRManagerServer()) {
return;
}
if (SGXInfoServer::initInfoServer(_logLevel, _checkCert, _autoSign, _generateTestKeys)) {
return;
}
SGXRegistrationServer::initRegistrationServer(_autoSign);
CSRManagerServer::initCSRManagerServer();
SGXInfoServer::initInfoServer(_logLevel, _checkCert, _autoSign, _generateTestKeys);
ZMQServer::initZMQServer(_checkZMQSig);
sgxServerInited = true;
......
ZMQServer.cpp
View file @ 781867e0
......@@ -29,7 +29,7 @@
#include "common.h"
#include "ExitHandler.h"
#include "SGXException.h"
#include "ZMQServer.h"
#include "sgxwallet_common.h"
......@@ -79,7 +79,7 @@ void ZMQServer::run() {
frontend->bind("tcp://*:" + to_string(port));
} catch (...) {
spdlog::error("Server task could not bind to port:{}", port);
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_cannot_start_zeromq);
throw SGXException(ZMQ_COULD_NOT_BIND_FRONT_END, "Server task could not bind.");
}
spdlog::info("Bound port ...");
......@@ -89,7 +89,7 @@ void ZMQServer::run() {
backend->bind("inproc://backend");
} catch (exception &e) {
spdlog::error("Could not bind to zmq backend: {}", e.what());
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_cannot_start_zeromq);
throw SGXException(ZMQ_COULD_NOT_BIND_BACK_END, "Could not bind to zmq backend.");
}
......@@ -104,7 +104,7 @@ void ZMQServer::run() {
}
} catch (std::exception &e) {
spdlog::error("Could not create zmq server workers:{} ", e.what());
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_cannot_start_zeromq);
throw SGXException(ZMQ_COULD_NOT_CREATE_WORKERS, "Could not create zmq server workers.");
};
......@@ -124,7 +124,7 @@ void ZMQServer::run() {
return;
}
spdlog::info("Error, exiting zmq server ...");
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_cannot_start_zeromq);
throw SGXException(ZMQ_COULD_NOT_CREATE_PROXY, "Error, exiting zmq server.");
}
}
......
sgxwall.cpp
View file @ 781867e0
......@@ -21,6 +21,7 @@
@date 2020
*/
#include <csignal>
#include <stdbool.h>
#include "ExitHandler.h"
......@@ -84,6 +85,11 @@ void SGXWallet::serializeKeys(const vector<string>& _ecdsaKeyNames, const vector
fs.close();
}
void SGXWallet::signalHandler( int signalNo ) {
spdlog::info("Received exit signal {}.", signalNo);
ExitHandler::exitHandler( signalNo );
}
int main(int argc, char *argv[]) {
bool enterBackupKeyOption = false;
......@@ -95,18 +101,20 @@ int main(int argc, char *argv[]) {
bool autoSignClientCertOption = false;
bool generateTestKeys = false;
std::signal(SIGABRT, SGXWallet::signalHandler);
int opt;
if (argc > 1 && strlen(argv[1]) == 1) {
SGXWallet::printUsage();
exit(-22);
exit(-21);
}
while ((opt = getopt(argc, argv, "cshd0abyvVnT")) != -1) {
switch (opt) {
case 'h':
SGXWallet::printUsage();
ExitHandler::exitHandler(SIGTERM, ExitHandler::ec_failure);
exit(-22);
case 'c':
checkClientCertOption = false;
break;
......
sgxwall.h
View file @ 781867e0
......@@ -26,6 +26,8 @@ class SGXWallet {
public:
static void signalHandler( int signalNo );
static void printUsage();
static void serializeKeys( const vector<string>& _ecdsaKeyNames,
......
sgxwallet_common.h
View file @ 781867e0
......@@ -172,8 +172,18 @@ extern bool autoconfirm;
#define ZMQ_COULD_NOT_BIND_BACK_END -99
#define ZMQ_COULD_NOT_CREATE_WORKERS -100
#define ZMQ_COULD_NOT_CREATE_PROXY -101
#define REGISTRATION_SERVER_FAILED_TO_START -102
#define CSR_MANAGER_SERVER_FAILED_TO_START -103
#define SGX_INFO_SERVER_FAILED_TO_START -104
#define COULD_NOT_GET_WORKING_DIRECTORY -105
#define ERROR_CREATING_SGX_DATA_FOLDER -106
#define EXECUTION_ULIMIT_FAILED -107
#define WRONG_ULIMIT -107
#define COULD_NOT_INIT_ENCLAVE -108
#define FAIL_TO_VERIFY_CERTIFICATE -109
#define SGX_SERVER_FAILED_TO_START -110
#define CORRUPT_DATABASE -111
#define INVALID_SEK -112
#define SGX_ENCLAVE_ERROR -666
......@@ -181,7 +191,7 @@ extern bool autoconfirm;
#define BASE_PORT 1026
#define WALLETDB_NAME "sgxwallet.db"//"test_sgxwallet.db"
#define WALLETDB_NAME "sgxwallet.db"
#define ENCLAVE_NAME "secure_enclave.signed.so"
#define SGXDATA_FOLDER "sgx_data/"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment