Merge pull request #23 from skalenetwork/enhancement/SKALE-1762-Add-SSL-to-SGX-server-and-client

Enhancement/skale 1762 add ssl to sgx server and client

CSRManagerServer.cpp

+//
+// Created by kladko on 12/24/19.
+//
+
+#include "CSRManagerServer.h"
+#include "RPCException.h"
+#include "sgxwallet_common.h"
+
+#include <iostream>
+#include <fstream>
+
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
+
+CSRManagerServer *cs = nullptr;
+jsonrpc::HttpServer *hs3 = nullptr;
+
+
+CSRManagerServer::CSRManagerServer(AbstractServerConnector &connector,
+    serverVersion_t type):abstractCSRManagerServer(connector, type){}
+
+
+Json::Value GetUnsignedCSRsImpl(){
+  std::cerr << "Enter GetUnsignedCSRsImpl" << std::endl;
+  Json::Value result;
+  result["status"] = 0;
+  result["errorMessage"] = "";
+  //result["hashes"] =;
+
+  try{
+    std::vector<std::string> hashes_vect = csrDb->writeKeysToVector1(MAX_CSR_NUM);
+    for (int i = 0; i < hashes_vect.size(); i++){
+      result["hashes"][i] = hashes_vect.at(i);
+    }
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+
+  }
+
+  return result;
+}
+
+Json::Value SignByHashImpl(const std::string& hash, int status){
+  Json::Value result;
+  result["errorMessage"] = "";
+
+  try{
+    if ( !(status == 0 || status == 2)){
+      throw RPCException(-111, "Invalid csr status");
+    }
+
+    std::string csr_db_key = "CSR:HASH:" + hash;
+    std::shared_ptr<std::string> csr_ptr = csrDb->readString(csr_db_key);
+    if (csr_ptr == nullptr){
+      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "HASH DOES NOT EXIST IN DB");
+    }
+
+    if (status == 0) {
+      std::string csr_name = "cert/" + hash + ".csr";
+      std::ofstream outfile(csr_name);
+      outfile << *csr_ptr << std::endl;
+      outfile.close();
+      if (access(csr_name.c_str(), F_OK) != 0) {
+        csrDb->deleteKey(csr_db_key);
+        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
+      }
+
+      std::string signClientCert = "cd cert && ./create_client_cert " + hash;
+
+      if (system(signClientCert.c_str()) == 0) {
+        std::cerr << "CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+      } else {
+        std::cerr << "CLIENT CERTIFICATE GENERATION FAILED" << std::endl;
+        csrDb->deleteKey(csr_db_key);
+        std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+        csrStatusDb->deleteKey(status_db_key);
+        csrStatusDb->writeDataUnique(status_db_key, "-1");
+        throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
+        //exit(-1);
+      }
+    }
+
+    csrDb->deleteKey(csr_db_key);
+    std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+    csrStatusDb->deleteKey(status_db_key);
+    csrStatusDb->writeDataUnique(status_db_key, std::to_string(status));
+
+    result["status"] = status;
+
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+  }
+
+  return result;
+}
+
+
+Json::Value CSRManagerServer::GetUnsignedCSRs(){
+  std::lock_guard<std::recursive_mutex> lock(m);
+  return GetUnsignedCSRsImpl();
+}
+
+Json::Value CSRManagerServer::SignByHash(const std::string& hash, int status){
+   std::lock_guard<std::recursive_mutex> lock(m);
+   return SignByHashImpl(hash, status);
+}
+
+int init_csrmanager_server(){
+  hs3 = new jsonrpc::HttpServer(BASE_PORT + 2);
+  hs3 -> BindLocalhost();
+  cs = new CSRManagerServer(*hs3, JSONRPC_SERVER_V2); // server (json-rpc 2.0)
+
+  if (!cs->StartListening()) {
+    std::cerr << "CSR manager server could not start listening" << std::endl;
+    exit(-1);
+  }
+  else {
+    std::cerr << "CSR manager server started on port " << BASE_PORT + 2 << std::endl;
+  }
+  std::cerr << "CSR manager inited" << std::endl;
+  return 0;
+};
\ No newline at end of file

CSRManagerServer.h

+//
+// Created by kladko on 12/24/19.
+//
+
+#ifndef SGXD_CSRMANAGERSERVER_H
+#define SGXD_CSRMANAGERSERVER_H
+
+#include "abstractCSRManagerServer.h"
+#include "LevelDB.h"
+
+#include <mutex>
+
+using namespace jsonrpc;
+
+class CSRManagerServer : public abstractCSRManagerServer {
+
+  std::recursive_mutex m;
+
+  public:
+
+  CSRManagerServer(AbstractServerConnector &connector, serverVersion_t type);
+
+  virtual Json::Value GetUnsignedCSRs();
+  virtual Json::Value SignByHash(const std::string& hash, int status);
+};
+
+extern int init_csrmanager_server();
+
+
+
+
+#endif //SGXD_CSRMANAGERSERVER_H

LevelDB.cpp

@@ -42,6 +42,9 @@ static ReadOptions readOptions;
 
 
 LevelDB* levelDb = nullptr;
+LevelDB* csrDb = nullptr;
+LevelDB* csrStatusDb = nullptr;
+
 
 std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
 
@@ -55,6 +58,10 @@ std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {
 
     auto status = db->Get(readOptions, _key, &*result);
 
+//    if (result == nullptr) {
+//      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist");
+//    }
+
     std::cerr << "key to read from db: " << _key <<std::endl;
 
     throwExceptionOnError(status);
@@ -166,8 +173,6 @@ void LevelDB::throwExceptionOnError(Status _status) {
 
 uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVisit) {
 
-    std::lock_guard<std::recursive_mutex> lock(mutex);
-
     uint64_t readCounter = 0;
 
     leveldb::Iterator *it = db->NewIterator(readOptions);
@@ -184,6 +189,40 @@ uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVi
     return readCounter;
 }
 
+std::vector<std::string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
+  uint64_t readCounter = 0;
+  std::vector<std::string> keys;
+
+  leveldb::Iterator *it = db->NewIterator(readOptions);
+  for (it->SeekToFirst(); it->Valid(); it->Next()) {
+    std::string cur_key(it->key().data(), it->key().size());
+    keys.push_back(cur_key);
+   // keys.push_back(it->key().data());
+    readCounter++;
+    if (readCounter >= _maxKeysToVisit) {
+      break;
+    }
+  }
+
+  delete it;
+
+  return keys;
+}
+
+void LevelDB::writeDataUnique(const std::string & Name, const std::string &value) {
+
+  auto key = Name;
+
+  if (readString(Name) != nullptr) {
+    std::cerr << "name " << Name << " already exists" << std::endl;
+    throw RPCException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists");
+  }
+
+  writeString(key, value);
+  std::cerr << Name << " is written to db " << std::endl;
+}
+
+
 LevelDB::LevelDB(std::string &filename) {
 
 

LevelDB.h

@@ -28,6 +28,7 @@
 #include <memory>
 #include <string>
 #include <mutex>
+#include <vector>
 
 namespace leveldb {
     class DB;
@@ -49,7 +50,7 @@ public:
 
     void writeString(const std::string &key1, const std::string &value1);
 
-
+    void writeDataUnique(const std::string & Name, const std::string &value);
 
     void writeByteArray(const char *_key, size_t _keyLen, const char *value,
                         size_t _valueLen);
@@ -80,10 +81,13 @@ public:
     class KeyVisitor {
     public:
         virtual void visitDBKey(const char* _data) = 0;
+        virtual void writeDBKeysToVector(const char* _data, std::vector<const char*> & keys_vect) {}
     };
 
     uint64_t visitKeys(KeyVisitor* _visitor, uint64_t _maxKeysToVisit);
 
+    std::vector<std::string> writeKeysToVector1(uint64_t _maxKeysToVisit);
+
     virtual ~LevelDB();
 
 
@@ -92,4 +96,8 @@ public:
 
 extern LevelDB* levelDb;
 
+extern LevelDB* csrDb;
+
+extern LevelDB* csrStatusDb;
+
 #endif
\ No newline at end of file

Makefile.am

@@ -57,7 +57,7 @@ CLEANFILES = $(COMMON_ENCLAVE_SRC) secure_enclave.edl \
 
 ## The build target
 
-bin_PROGRAMS =  sgxwallet testw
+bin_PROGRAMS =  sgxwallet testw cert_util
 
 
 ## You can't use $(wildcard ...) with automake so all source files
@@ -66,7 +66,7 @@ bin_PROGRAMS =  sgxwallet testw
 COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
 COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h
 
-sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp SGXRegistrationServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
+sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
 DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp $(COMMON_SRC)
 
 
@@ -102,7 +102,13 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Llevel
 
 
 testw_SOURCES=testw.cpp stubclient.cpp SGXWalletServer.cpp  RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp \
- DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SGXRegistrationServer.cpp $(COMMON_SRC)
+ DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SGXRegistrationServer.cpp CSRManagerServer.cpp $(COMMON_SRC)
 nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
 EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
 testw_LDADD= ${sgxwallet_LDADD}
+
+cert_util_SOURCES=cert_util.cpp stubclient.cpp RPCException.cpp LevelDB.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp
+cert_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
+                   -LlibBLS/build/libff/libff \
+                   -l:libbls.a -l:libleveldb.a \
+                   -l:libff.a -lgmp  -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl

SGXRegistrationServer.cpp

@@ -41,8 +41,9 @@
 #include <functional>
 
 #include "SGXRegistrationServer.h"
+#include "LevelDB.h"
 
-SGXRegistrationServer *sr = nullptr;
+SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;
 
 bool cert_created = false;
@@ -52,49 +53,55 @@ void set_cert_created1(bool b){
   cert_created = b;
 }
 
-
 SGXRegistrationServer::SGXRegistrationServer(AbstractServerConnector &connector,
                                  serverVersion_t type, bool auto_sign)
     : AbstractRegServer(connector, type), is_cert_created(false), cert_auto_sign(auto_sign) {}
 
 
-Json::Value SignSertificateImpl(const std::string& cert, bool auto_sign = false){
+Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
   Json::Value result;
   result["status"] = 0;
   result["errorMessage"] = "";
   try{
-    //std::hash = cryptlite::sha256::hash_hex(cert);
-
-    std::cerr << " going to create csr" << std::endl;
-
+    std::cerr << " enter SignCertificateImpl " << std::endl;
 
+    std::string status = "1";
+    std::string hash = cryptlite::sha256::hash_hex(csr);
+    if ( !auto_sign) {
+      std::string db_key = "CSR:HASH:" + hash;
+      csrDb->writeDataUnique(db_key, csr);
+    }
 
-  std::ofstream outfile ("cert/client.csr");
-  outfile << cert << std::endl;
-  outfile.close();
-  std::string csrPath = "cert/client.csr";
-  if (access(csrPath.c_str(), F_OK) != 0){
-    throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
-  }
-  result["result"] = true;
-  std::thread thr(set_cert_created1, true);
-  thr.detach();
+    if (auto_sign) {
+      std::string csr_name = "cert/" + hash + ".csr";
+      std::ofstream outfile(csr_name);
+      outfile << csr << std::endl;
+      outfile.close();
+      if (access(csr_name.c_str(), F_OK) != 0) {
+        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
+      }
 
+      std::string genCert = "cd cert && ./create_client_cert " + hash;
 
+      if (system(genCert.c_str()) == 0){
+          std::cerr << "CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+          status = "0";
+      }
+      else{
+          std::cerr << "CLIENT CERTIFICATE GENERATION FAILED" << std::endl;
+          std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+          csrStatusDb->writeDataUnique(status_db_key, std::to_string(FAIL_TO_CREATE_CERTIFICATE));
+          throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
+          //exit(-1);
+      }
+    }
 
- // std::thread timeout_thr (std::bind(&SGXRegistrationServer::set_cert_created, this, true));
+    result["result"] = true;
+    result["hash"] = hash;
 
-  if (auto_sign) {
-    std::string genCert = "cd cert && ./create_client_cert";
+    std::string db_key = "CSR:HASH:" + hash + "STATUS:";
+    csrStatusDb->writeDataUnique(db_key, status);
 
-        if (system(genCert.c_str()) == 0){
-          std::cerr << "CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
-        }
-        else{
-          std::cerr << "CLIENT CERTIFICATE GENERATION FAILED" << std::endl;
-          exit(-1);
-        }
-  }
   } catch (RPCException &_e) {
     std::cerr << " err str " << _e.errString << std::endl;
     result["status"] = _e.status;
@@ -107,46 +114,54 @@ Json::Value SignSertificateImpl(const std::string& cert, bool auto_sign = false)
 
 Json::Value GetSertificateImpl(const std::string& hash){
   Json::Value result;
-  result["status"] = 0;
-  result["errorMessage"] = "";
+
   std::string cert;
   try{
-    if (!cert_created){
-      result["status"] = 1;
-      result["cert"] = "";
+    std::string db_key = "CSR:HASH:" + hash + "STATUS:";
+    std::shared_ptr<string> status_str_ptr = csrStatusDb->readString(db_key);
+    if (status_str_ptr == nullptr){
+       throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
     }
-    else {
-      std::ifstream infile("cert/client.crt");
-      if (!infile.is_open()) {
-        throw RPCException(FILE_NOT_FOUND, "Certificate does not exist");
-      } else {
-        ostringstream ss;
-        ss << infile.rdbuf();
-        cert = ss.str();
+    int status = std::atoi(status_str_ptr->c_str());
+
+    if ( status == 0){
+      std::string crt_name = "cert/" + hash + ".crt";
+      //if (access(crt_name.c_str(), F_OK) == 0){
+        std::ifstream infile(crt_name);
+        if (!infile.is_open()) {
+          std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+          csrStatusDb->deleteKey(status_db_key);
+          csrStatusDb->writeDataUnique(status_db_key, std::to_string(FILE_NOT_FOUND));
+          throw RPCException(FILE_NOT_FOUND, "Certificate does not exist");
+        } else {
+          ostringstream ss;
+          ss << infile.rdbuf();
+          cert = ss.str();
+
+          infile.close();
+          std::string remove_crt = "cd cert && rm -rf" + hash + ".crt && rm -rf " + hash + ".csr";
+          system(remove_crt.c_str());
 
-        infile.close();
-
-        system("cd cert && rm -rf client.crt");
-
-        result["cert"] = cert;
-        result["status"] = 0;
       }
     }
+
+    result["status"] = status;
+    result["cert"] = cert;
+
   } catch (RPCException &_e) {
     std::cerr << " err str " << _e.errString << std::endl;
     result["status"] = _e.status;
     result["errorMessage"] = _e.errString;
-    result["status"] = 1;
   }
 
   return result;
 }
 
 
-Json::Value SGXRegistrationServer::SignCertificate(const std::string& cert){
+Json::Value SGXRegistrationServer::SignCertificate(const std::string& csr){
   std::cerr << "Enter SignCertificate " << std::endl;
   lock_guard<recursive_mutex> lock(m);
-  return SignSertificateImpl(cert, cert_auto_sign);
+  return SignCertificateImpl(csr, cert_auto_sign);
 }
 
 Json::Value SGXRegistrationServer::GetCertificate(const std::string& hash){
@@ -180,13 +195,20 @@ int init_registration_server(bool sign_automatically) {
 //    }
 //  }
 
-  hs2 = new HttpServer( 1027 );
-  sr = new SGXRegistrationServer(*hs2,
+  hs2 = new HttpServer(BASE_PORT + 1);
+  regs = new SGXRegistrationServer(*hs2,
                                  JSONRPC_SERVER_V2, sign_automatically); // hybrid server (json-rpc 1.0 & 2.0)
 
-  if (!sr->StartListening()) {
+  if (!regs->StartListening()) {
     cerr << "Registration server could not start listening" << endl;
     exit(-1);
   }
+  else {
+    cerr << "Registration Server started on port " << BASE_PORT + 1 << endl;
+  }
+
+
+
   return 0;
-}
\ No newline at end of file
+}
+

SGXRegistrationServer.h

@@ -44,7 +44,7 @@ public:
 
   void set_cert_created(bool b);
 
-  virtual Json::Value SignCertificate(const std::string& cert);
+  virtual Json::Value SignCertificate(const std::string& csr);
   virtual Json::Value GetCertificate(const std::string& hash);
 
 };
@@ -53,4 +53,5 @@ public:
 extern int init_registration_server(bool sign_automatically = false);
 
 
+
 #endif // SGXD_SGXREGISTRATIONSERVER_H
\ No newline at end of file

SGXWalletServer.cpp

@@ -112,7 +112,7 @@ int init_server(bool check_certs) {
     }
   }
 
-  hs = new HttpServer( 1026, certPath, keyPath, rootCAPath, check_certs, 10);
+  hs = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, check_certs, 10);
   s = new SGXWalletServer(*hs,
                       JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 
@@ -120,13 +120,16 @@ int init_server(bool check_certs) {
     cerr << "SGX Server could not start listening" << endl;
     exit(-1);
   }
+  else{
+    cerr << "SGX Server started on port " << BASE_PORT << endl;
+  }
   return 0;
 }
 
 
-//int init_server() { //without ssl
+//int init_server(bool check_certs) { //without ssl
 //
-//  hs = new HttpServer(1028);
+//  hs = new HttpServer(1026);
 //  s = new SGXWalletServer(*hs,
 //                          JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 //  if (!s->StartListening()) {
@@ -673,7 +676,7 @@ Json::Value MultG2Impl(const std::string& x){
 }
 
 Json::Value getServerStatusImpl() {
-  
+
   Json::Value result;
   result["status"] = 0;
   result["errorMessage"] = "";
@@ -681,6 +684,7 @@ Json::Value getServerStatusImpl() {
   return result;
 }
 
+
 Json::Value SGXWalletServer::generateDKGPoly(const std::string& polyName, int t){
   std::cerr << "entered generateDKGPoly" << std::endl;
   lock_guard<recursive_mutex> lock(m);
@@ -762,8 +766,8 @@ Json::Value SGXWalletServer::ComplaintResponse(const std::string& polyName, int
 }
 
 Json::Value SGXWalletServer::MultG2(const std::string& x){
-  lock_guard<recursive_mutex> lock(m);
-  return MultG2Impl(x);
+    lock_guard<recursive_mutex> lock(m);
+    return MultG2Impl(x);
 }
 
 Json::Value SGXWalletServer::getServerStatus() {

ServerInit.cpp

@@ -46,8 +46,8 @@
 #include "LevelDB.h"
 
 #include "SGXWalletServer.h"
-
 #include "SGXRegistrationServer.h"
+#include "CSRManagerServer.h"
 
 #include "BLSCrypto.h"
 #include "ServerInit.h"
@@ -63,9 +63,13 @@ void init_daemon() {
     libff::init_alt_bn128_params();
 
     static std::string dbName("./" WALLETDB_NAME);
+    levelDb = new LevelDB(dbName);
 
+    static std::string csr_dbname = "CSR_DB";
+    csrDb = new LevelDB(csr_dbname);
 
-    levelDb = new LevelDB(dbName);
+    static std::string csr_status_dbname = "CSR_STATUS_DB";
+    csrStatusDb = new LevelDB(csr_status_dbname);
 
 }
 
@@ -117,8 +121,6 @@ int sgxServerInited = 0;
 
 void init_all(bool check_cert, bool sign_automatically) {
 
-
-
     if (sgxServerInited == 1)
         return;
 
@@ -126,6 +128,7 @@ void init_all(bool check_cert, bool sign_automatically) {
 
     init_server(check_cert);
     init_registration_server(sign_automatically);
+    init_csrmanager_server();
     init_enclave();
     std::cerr << "enclave inited" << std::endl;
     init_daemon();

abstractCSRManagerServer.h

+//
+// Created by kladko on 12/24/19.
+//
+
+#ifndef SGXD_ABSTRACTCSRMANAGERSERVER_H
+#define SGXD_ABSTRACTCSRMANAGERSERVER_H
+
+#include <jsonrpccpp/server.h>
+#include <iostream>
+
+class abstractCSRManagerServer : public jsonrpc::AbstractServer<abstractCSRManagerServer> {
+public:
+    abstractCSRManagerServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<abstractCSRManagerServer>(conn, type)
+    {
+        this->bindAndAddMethod(jsonrpc::Procedure("GetUnsignedCSRs", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &abstractCSRManagerServer::GetUnsignedCSRsI);
+        this->bindAndAddMethod(jsonrpc::Procedure("SignByHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, "status", jsonrpc::JSON_INTEGER, NULL), &abstractCSRManagerServer::SignByHashI);
+    }
+
+    inline virtual void GetUnsignedCSRsI(const Json::Value &request, Json::Value &response)
+    {
+    (void)request;
+    response = this->GetUnsignedCSRs();
+    }
+    inline virtual void SignByHashI(const Json::Value &request, Json::Value &response)
+    {
+        response = this->SignByHash( request["hash"].asString(), request["status"].asInt());
+    }
+
+    virtual Json::Value GetUnsignedCSRs() = 0;
+    virtual Json::Value SignByHash(const std::string& hash, int status) = 0;
+
+};
+
+
+
+
+
+#endif //SGXD_ABSTRACTCSRMANAGERSERVER_H

cert/create_CA

@@ -8,6 +8,7 @@ openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -ou
 
 mkdir new_certs
 touch index.txt
+touch index.txt.attr
 echo "01" > serial
 
 

cert/create_client_cert

 #!/bin/bash
 
 #sign csr
-yes | openssl ca -config ca.config -in "client.csr" -out "client.crt"
+CSREXT=".csr"
+CRTEXT=".crt"
+CSRFILE="$1$CSREXT"
+CRTFILE="$1$CRTEXT" 
+yes | openssl ca -config ca.config -in $CSRFILE -out $CRTFILE

cert_util.cpp

+//
+// Created by kladko on 12/27/19.
+//
+
+#include <iostream>
+#include <cstring>
+#include <jsonrpccpp/client/connectors/httpclient.h>
+#include "stubclient.h"
+
+#include <unistd.h>
+
+int print_hashes(){
+  jsonrpc::HttpClient client("http://localhost:1028");
+  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+  std::cout << "Client inited" << std::endl;
+  std::cout << c.GetUnsignedCSRs() << std::endl;
+  exit(0);
+}
+
+void sign_by_hash(std::string & hash, int status){
+  jsonrpc::HttpClient client("http://localhost:1028");
+  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+  std::cout << "Client inited" << std::endl;
+  std::cout << c.SignByHash(hash, status) << std::endl;
+  exit(0);
+}
+
+int main(int argc, char *argv[]) {
+
+  int opt;
+
+  if (argc > 1 && strlen(argv[1]) == 1) {
+    fprintf(stderr, "option is too short %s\n", argv[1]);
+    exit(1);
+  }
+
+  if (argc == 1) {
+    std::cout << "You may use following flags:" << std::endl;
+    std::cout << " -p  print all unsigned csr hashes " << std::endl;
+    std::cout << " -s [hash] sign csr by hash" << std::endl;
+    std::cout << " -r [hash] reject csr by hash" << std::endl;
+    exit(0);
+  }
+     std::string hash;
+      while ((opt = getopt(argc, argv, "ps:r:")) != -1) {
+          switch (opt) {
+
+              case 'p': print_hashes();
+                        break;
+              case 's': hash = optarg;
+                        sign_by_hash(hash, 0);
+                        break;
+              case 'r': hash = optarg;
+                        sign_by_hash(hash, 2);
+                        break;
+              case '?': // fprintf(stderr, "unknown flag\n");
+                        exit(1);
+
+          }
+      }
+
+  return 0;
+}
+

compile

-/usr/share/automake-1.15/compile
\ No newline at end of file
+/usr/share/automake-1.16/compile
\ No newline at end of file

depcomp

-/usr/share/automake-1.15/depcomp
\ No newline at end of file
+/usr/share/automake-1.16/depcomp
\ No newline at end of file

docker/Dockerfile

@@ -20,8 +20,8 @@ RUN git clone -b sgx_2.5 --depth 1 https://github.com/intel/linux-sgx && \
 # For debug purposes
 # COPY jhi.conf /etc/jhi/jhi.conf
 
-
-RUN git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git
+###RUN git clone --recurse-submodules https://76b7983ebf14269178b99eff5b2be4b4b56fe7a5:@github.com/skalenetwork/sgxwallet.git
+RUN git clone --recurse-submodules https://76b7983ebf14269178b99eff5b2be4b4b56fe7a5:@github.com/skalenetwork/sgxwallet.git
 WORKDIR  sgxwallet
 #RUN cd sgx-software-enable && make && ./sgx_enable
 RUN cd scripts; ./build.py

install-sh

-/usr/share/automake-1.15/install-sh
\ No newline at end of file
+/usr/share/automake-1.16/install-sh
\ No newline at end of file

missing

-/usr/share/automake-1.15/missing
\ No newline at end of file
+/usr/share/automake-1.16/missing
\ No newline at end of file

secure_enclave/Makefile.in

-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -137,7 +137,15 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/BLSEnclave.Po ./$(DEPDIR)/DH_dkg.Po \
+	./$(DEPDIR)/DKGUtils.Po ./$(DEPDIR)/alt_bn128_g1.Po \
+	./$(DEPDIR)/alt_bn128_g2.Po ./$(DEPDIR)/alt_bn128_init.Po \
+	./$(DEPDIR)/curves.Po ./$(DEPDIR)/domain_parameters.Po \
+	./$(DEPDIR)/numbertheory.Po ./$(DEPDIR)/point.Po \
+	./$(DEPDIR)/secure_enclave.Po ./$(DEPDIR)/secure_enclave_t.Po \
+	./$(DEPDIR)/signature.Po ./$(DEPDIR)/signed_enclave_debug.Po \
+	./$(DEPDIR)/signed_enclave_rel.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -365,8 +373,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 $(top_srcdir)/build-aux/sgx_enclave.am $(am__empty):
 
@@ -431,21 +439,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BLSEnclave.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DH_dkg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DKGUtils.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g1.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g2.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_init.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curves.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/domain_parameters.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numbertheory.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/point.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave_t.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signature.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_debug.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_rel.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BLSEnclave.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DH_dkg.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DKGUtils.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g1.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g2.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_init.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curves.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/domain_parameters.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numbertheory.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/point.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave_t.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signature.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_debug.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_rel.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -569,7 +583,10 @@ cscopelist-am: $(am__tagged_files)
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
 
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -642,7 +659,21 @@ clean: clean-am
 clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
 
 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/BLSEnclave.Po
+	-rm -f ./$(DEPDIR)/DH_dkg.Po
+	-rm -f ./$(DEPDIR)/DKGUtils.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g1.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g2.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_init.Po
+	-rm -f ./$(DEPDIR)/curves.Po
+	-rm -f ./$(DEPDIR)/domain_parameters.Po
+	-rm -f ./$(DEPDIR)/numbertheory.Po
+	-rm -f ./$(DEPDIR)/point.Po
+	-rm -f ./$(DEPDIR)/secure_enclave.Po
+	-rm -f ./$(DEPDIR)/secure_enclave_t.Po
+	-rm -f ./$(DEPDIR)/signature.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_debug.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_rel.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -688,7 +719,21 @@ install-ps-am:
 installcheck-am:
 
 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/BLSEnclave.Po
+	-rm -f ./$(DEPDIR)/DH_dkg.Po
+	-rm -f ./$(DEPDIR)/DKGUtils.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g1.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g2.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_init.Po
+	-rm -f ./$(DEPDIR)/curves.Po
+	-rm -f ./$(DEPDIR)/domain_parameters.Po
+	-rm -f ./$(DEPDIR)/numbertheory.Po
+	-rm -f ./$(DEPDIR)/point.Po
+	-rm -f ./$(DEPDIR)/secure_enclave.Po
+	-rm -f ./$(DEPDIR)/secure_enclave_t.Po
+	-rm -f ./$(DEPDIR)/signature.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_debug.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_rel.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
@@ -708,19 +753,19 @@ uninstall-am: uninstall-libexecPROGRAMS
 
 .MAKE: install-am install-strip
 
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
-	clean-libexecPROGRAMS cscopelist-am ctags ctags-am distclean \
-	distclean-compile distclean-generic distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
-	ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-libexecPROGRAMS
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+	clean-generic clean-libexecPROGRAMS cscopelist-am ctags \
+	ctags-am distclean distclean-compile distclean-generic \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
+	uninstall-am uninstall-libexecPROGRAMS
 
 .PRECIOUS: Makefile
 

sgxwallet.c

@@ -63,16 +63,15 @@ int main(int argc, char *argv[]) {
 
   while ((opt = getopt(argc, argv, "csh")) != -1) {
     switch (opt) {
-//    case 'h':
-//      if (strlen(argv[1]) == 2 ) {
-//        fprintf(stderr, "-c  client certificate will not be checked\n");
-//        fprintf(stderr, "-s  client certificate will be signed automatically\n");
-//        exit(0);
-//      } else {
-//        fprintf(stderr, "unknown flag %s\n", argv[1]);
-//        exit(1);
-//      }
-
+    case 'h':
+      if (strlen(argv[1]) == 2 ) {
+        fprintf(stderr, "-c  client certificate will not be checked\n");
+        fprintf(stderr, "-s  client certificate will be signed automatically\n");
+        exit(0);
+      } else {
+        fprintf(stderr, "unknown flag %s\n", argv[1]);
+        exit(1);
+      }
     case 'c':
       check_client_cert = false;
       break;

sgxwallet_common.h

@@ -78,7 +78,13 @@
 
 #define FILE_NOT_FOUND -44
 
-#define SGX_ENCLAVE_ERROR -666;
+#define FAIL_TO_CREATE_CERTIFICATE -55
+
+#define SGX_ENCLAVE_ERROR -666
+
+#define MAX_CSR_NUM 1000
+
+#define BASE_PORT 1026
 
 #define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"

stubclient.h

@@ -208,6 +208,35 @@ class StubClient : public jsonrpc::Client
                 throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
         }
 
+
+    ////CSRManagerServer
+
+  Json::Value GetUnsignedCSRs() throw (jsonrpc::JsonRpcException)
+  {
+    Json::Value p;
+    p = Json::nullValue;
+    Json::Value result = this->CallMethod("GetUnsignedCSRs",p);
+    if (result.isObject())
+      return result;
+    else
+      throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+  }
+
+
+
+    Json::Value SignByHash(const std::string& hash, int status) throw (jsonrpc::JsonRpcException)
+    {
+        Json::Value p;
+        p["hash"] = hash;
+        p["status"] = status;
+        Json::Value result = this->CallMethod("SignByHash",p);
+        if (result.isObject())
+            return result;
+        else
+            throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+    }
+
+
         Json::Value getServerStatus() throw (jsonrpc::JsonRpcException)
         {
             Json::Value p;
@@ -218,6 +247,7 @@ class StubClient : public jsonrpc::Client
             else
                 throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
         }
+
 };
 
 #endif //JSONRPC_CPP_STUB_STUBCLIENT_H_

testw.cpp

@@ -958,9 +958,8 @@ TEST_CASE("API test", "[api_test]") {
 
 TEST_CASE("getServerStatus test", "[getServerStatus_test]") {
   init_all( false, false );
-  HttpClient client("http://localhost:1028");
+  HttpClient client("http://localhost:1026");
   StubClient c(client, JSONRPC_CLIENT_V2);
-
   REQUIRE(c.getServerStatus()["status"] == 0);
   sgx_destroy_enclave(eid);
 }