Merge pull request #23 from skalenetwork/enhancement/SKALE-1762-Add-SSL-to-SGX-server-and-client

Enhancement/skale 1762 add ssl to sgx server and client

Merge pull request #23 from skalenetwork/enhancement/SKALE-1762-Add-SSL-to-SGX-server-and-client
Enhancement/skale 1762 add ssl to sgx server and client
da2dfd86 · Sveta Rogova · GitHub · 70b2aef9 · 1209a66f · da2dfd86
Unverified Commit da2dfd86 authored Jan 13, 2020 by Sveta Rogova Committed by GitHub Jan 13, 2020
24 changed files
--- a/CSRManagerServer.cpp
+++ b/CSRManagerServer.cpp
+//
+// Created by kladko on 12/24/19.
+//
+
+#include "CSRManagerServer.h"
+#include "RPCException.h"
+#include "sgxwallet_common.h"
+
+#include <iostream>
+#include <fstream>
+
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
+
+CSRManagerServer *cs = nullptr;
+jsonrpc::HttpServer *hs3 = nullptr;
+
+
+CSRManagerServer::CSRManagerServer(AbstractServerConnector &connector,
+    serverVersion_t type):abstractCSRManagerServer(connector, type){}
+
+
+Json::Value GetUnsignedCSRsImpl(){
+  std::cerr << "Enter GetUnsignedCSRsImpl" << std::endl;
+  Json::Value result;
+  result["status"] = 0;
+  result["errorMessage"] = "";
+  //result["hashes"] =;
+
+  try{
+    std::vector<std::string> hashes_vect = csrDb->writeKeysToVector1(MAX_CSR_NUM);
+    for (int i = 0; i < hashes_vect.size(); i++){
+      result["hashes"][i] = hashes_vect.at(i);
+    }
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+
+  }
+
+  return result;
+}
+
+Json::Value SignByHashImpl(const std::string& hash, int status){
+  Json::Value result;
+  result["errorMessage"] = "";
+
+  try{
+    if ( !(status == 0 || status == 2)){
+      throw RPCException(-111, "Invalid csr status");
+    }
+
+    std::string csr_db_key = "CSR:HASH:" + hash;
+    std::shared_ptr<std::string> csr_ptr = csrDb->readString(csr_db_key);
+    if (csr_ptr == nullptr){
+      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "HASH DOES NOT EXIST IN DB");
+    }
+
+    if (status == 0) {
+      std::string csr_name = "cert/" + hash + ".csr";
+      std::ofstream outfile(csr_name);
+      outfile << *csr_ptr << std::endl;
+      outfile.close();
+      if (access(csr_name.c_str(), F_OK) != 0) {
+        csrDb->deleteKey(csr_db_key);
+        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
+      }
+
+      std::string signClientCert = "cd cert && ./create_client_cert " + hash;
+
+      if (system(signClientCert.c_str()) == 0) {
+        std::cerr << "CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+      } else {
+        std::cerr << "CLIENT CERTIFICATE GENERATION FAILED" << std::endl;
+        csrDb->deleteKey(csr_db_key);
+        std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+        csrStatusDb->deleteKey(status_db_key);
+        csrStatusDb->writeDataUnique(status_db_key, "-1");
+        throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
+        //exit(-1);
+      }
+    }
+
+    csrDb->deleteKey(csr_db_key);
+    std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+    csrStatusDb->deleteKey(status_db_key);
+    csrStatusDb->writeDataUnique(status_db_key, std::to_string(status));
+
+    result["status"] = status;
+
+  } catch (RPCException &_e) {
+    std::cerr << " err str " << _e.errString << std::endl;
+    result["status"] = _e.status;
+    result["errorMessage"] = _e.errString;
+  }
+
+  return result;
+}
+
+
+Json::Value CSRManagerServer::GetUnsignedCSRs(){
+  std::lock_guard<std::recursive_mutex> lock(m);
+  return GetUnsignedCSRsImpl();
+}
+
+Json::Value CSRManagerServer::SignByHash(const std::string& hash, int status){
+   std::lock_guard<std::recursive_mutex> lock(m);
+   return SignByHashImpl(hash, status);
+}
+
+int init_csrmanager_server(){
+  hs3 = new jsonrpc::HttpServer(BASE_PORT + 2);
+  hs3 -> BindLocalhost();
+  cs = new CSRManagerServer(*hs3, JSONRPC_SERVER_V2); // server (json-rpc 2.0)
+
+  if (!cs->StartListening()) {
+    std::cerr << "CSR manager server could not start listening" << std::endl;
+    exit(-1);
+  }
+  else {
+    std::cerr << "CSR manager server started on port " << BASE_PORT + 2 << std::endl;
+  }
+  std::cerr << "CSR manager inited" << std::endl;
+  return 0;
+};
\ No newline at end of file
--- a/CSRManagerServer.h
+++ b/CSRManagerServer.h
+//
+// Created by kladko on 12/24/19.
+//
+
+#ifndef SGXD_CSRMANAGERSERVER_H
+#define SGXD_CSRMANAGERSERVER_H
+
+#include "abstractCSRManagerServer.h"
+#include "LevelDB.h"
+
+#include <mutex>
+
+using namespace jsonrpc;
+
+class CSRManagerServer : public abstractCSRManagerServer {
+
+  std::recursive_mutex m;
+
+  public:
+
+  CSRManagerServer(AbstractServerConnector &connector, serverVersion_t type);
+
+  virtual Json::Value GetUnsignedCSRs();
+  virtual Json::Value SignByHash(const std::string& hash, int status);
+};
+
+extern int init_csrmanager_server();
+
+
+
+
+#endif //SGXD_CSRMANAGERSERVER_H
--- a/LevelDB.cpp
+++ b/LevelDB.cpp
@@ -42,6 +42,9 @@ static ReadOptions readOptions;


 LevelDB* levelDb = nullptr;
+LevelDB* csrDb = nullptr;
+LevelDB* csrStatusDb = nullptr;
+

 std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {

@@ -55,6 +58,10 @@ std::shared_ptr<std::string> LevelDB::readString(const std::string &_key) {

    auto status = db->Get(readOptions, _key, &*result);

+//    if (result == nullptr) {
+//      throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist");
+//    }
+
    std::cerr << "key to read from db: " << _key <<std::endl;

    throwExceptionOnError(status);
@@ -166,8 +173,6 @@ void LevelDB::throwExceptionOnError(Status _status) {

 uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVisit) {

-    std::lock_guard<std::recursive_mutex> lock(mutex);
-
    uint64_t readCounter = 0;

    leveldb::Iterator *it = db->NewIterator(readOptions);
@@ -184,6 +189,40 @@ uint64_t LevelDB::visitKeys(LevelDB::KeyVisitor *_visitor, uint64_t _maxKeysToVi
    return readCounter;
 }

+std::vector<std::string> LevelDB::writeKeysToVector1(uint64_t _maxKeysToVisit){
+  uint64_t readCounter = 0;
+  std::vector<std::string> keys;
+
+  leveldb::Iterator *it = db->NewIterator(readOptions);
+  for (it->SeekToFirst(); it->Valid(); it->Next()) {
+    std::string cur_key(it->key().data(), it->key().size());
+    keys.push_back(cur_key);
+   // keys.push_back(it->key().data());
+    readCounter++;
+    if (readCounter >= _maxKeysToVisit) {
+      break;
+    }
+  }
+
+  delete it;
+
+  return keys;
+}
+
+void LevelDB::writeDataUnique(const std::string & Name, const std::string &value) {
+
+  auto key = Name;
+
+  if (readString(Name) != nullptr) {
+    std::cerr << "name " << Name << " already exists" << std::endl;
+    throw RPCException(KEY_SHARE_ALREADY_EXISTS, "Data with this name already exists");
+  }
+
+  writeString(key, value);
+  std::cerr << Name << " is written to db " << std::endl;
+}
+
+
 LevelDB::LevelDB(std::string &filename) {



--- a/LevelDB.h
+++ b/LevelDB.h
@@ -28,6 +28,7 @@
 #include <memory>
 #include <string>
 #include <mutex>
+#include <vector>

 namespace leveldb {
    class DB;
@@ -49,7 +50,7 @@ public:

    void writeString(const std::string &key1, const std::string &value1);

-
+    void writeDataUnique(const std::string & Name, const std::string &value);

    void writeByteArray(const char *_key, size_t _keyLen, const char *value,
                        size_t _valueLen);
@@ -80,10 +81,13 @@ public:
    class KeyVisitor {
    public:
        virtual void visitDBKey(const char* _data) = 0;
+        virtual void writeDBKeysToVector(const char* _data, std::vector<const char*> & keys_vect) {}
    };

    uint64_t visitKeys(KeyVisitor* _visitor, uint64_t _maxKeysToVisit);

+    std::vector<std::string> writeKeysToVector1(uint64_t _maxKeysToVisit);
+
    virtual ~LevelDB();


@@ -92,4 +96,8 @@ public:

 extern LevelDB* levelDb;

+extern LevelDB* csrDb;
+
+extern LevelDB* csrStatusDb;
+
 #endif
\ No newline at end of file
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,7 +57,7 @@ CLEANFILES = $(COMMON_ENCLAVE_SRC) secure_enclave.edl \

 ## The build target

-bin_PROGRAMS =  sgxwallet testw
+bin_PROGRAMS =  sgxwallet testw cert_util


 ## You can't use $(wildcard ...) with automake so all source files
@@ -66,7 +66,7 @@ bin_PROGRAMS =  sgxwallet testw
 COMMON_SRC = sgx_stub.c sgx_detect_linux.c create_enclave.c oc_alloc.c
 COMMON_ENCLAVE_SRC = secure_enclave_u.c secure_enclave_u.h

-sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp SGXRegistrationServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
+sgxwallet_SOURCES = sgxwallet.c SGXWalletServer.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp RPCException.cpp  BLSCrypto.cpp ECDSACrypto.cpp \
 DKGCrypto.cpp ServerInit.cpp BLSPrivateKeyShareSGX.cpp LevelDB.cpp ServerDataChecker.cpp $(COMMON_SRC)


@@ -102,7 +102,13 @@ sgxwallet_LDADD=-l$(SGX_URTS_LIB) -LlibBLS/deps/deps_inst/x86_or_x64/lib -Llevel


 testw_SOURCES=testw.cpp stubclient.cpp SGXWalletServer.cpp  RPCException.cpp BLSCrypto.cpp ServerInit.cpp LevelDB.cpp \
- DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SGXRegistrationServer.cpp $(COMMON_SRC)
+ DKGCrypto.cpp BLSPrivateKeyShareSGX.cpp ECDSACrypto.cpp ServerDataChecker.cpp  SGXRegistrationServer.cpp CSRManagerServer.cpp $(COMMON_SRC)
 nodist_testw_SOURCES=${nodist_sgxwallet_SOURCES}
 EXTRA_testw_DEPENDENCIES=${EXTRA_sgxwallet_DEPENDENCIES}
 testw_LDADD= ${sgxwallet_LDADD}
+
+cert_util_SOURCES=cert_util.cpp stubclient.cpp RPCException.cpp LevelDB.cpp SGXRegistrationServer.cpp CSRManagerServer.cpp
+cert_util_LDADD=-LlibBLS/deps/deps_inst/x86_or_x64/lib -Lleveldb/build -LlibBLS/build \
+                   -LlibBLS/build/libff/libff \
+                   -l:libbls.a -l:libleveldb.a \
+                   -l:libff.a -lgmp  -ljsonrpccpp-stub -ljsonrpccpp-server -ljsonrpccpp-client -ljsonrpccpp-common -ljsoncpp -lmicrohttpd -lgnutls -lgcrypt -lcurl -lssl -lcrypto -lz -lpthread -ldl
--- a/SGXRegistrationServer.cpp
+++ b/SGXRegistrationServer.cpp
@@ -41,8 +41,9 @@
 #include <functional>

 #include "SGXRegistrationServer.h"
+#include "LevelDB.h"

-SGXRegistrationServer *sr = nullptr;
+SGXRegistrationServer *regs = nullptr;
 HttpServer *hs2 = nullptr;

 bool cert_created = false;
@@ -52,49 +53,55 @@ void set_cert_created1(bool b){
  cert_created = b;
 }

-
 SGXRegistrationServer::SGXRegistrationServer(AbstractServerConnector &connector,
                                 serverVersion_t type, bool auto_sign)
    : AbstractRegServer(connector, type), is_cert_created(false), cert_auto_sign(auto_sign) {}


-Json::Value SignSertificateImpl(const std::string& cert, bool auto_sign = false){
+Json::Value SignCertificateImpl(const std::string& csr, bool auto_sign = false){
  Json::Value result;
  result["status"] = 0;
  result["errorMessage"] = "";
  try{
-    //std::hash = cryptlite::sha256::hash_hex(cert);
-
-    std::cerr << " going to create csr" << std::endl;
-
+    std::cerr << " enter SignCertificateImpl " << std::endl;

+    std::string status = "1";
+    std::string hash = cryptlite::sha256::hash_hex(csr);
+    if ( !auto_sign) {
+      std::string db_key = "CSR:HASH:" + hash;
+      csrDb->writeDataUnique(db_key, csr);
+    }

-  std::ofstream outfile ("cert/client.csr");
-  outfile << cert << std::endl;
+    if (auto_sign) {
+      std::string csr_name = "cert/" + hash + ".csr";
+      std::ofstream outfile(csr_name);
+      outfile << csr << std::endl;
      outfile.close();
-  std::string csrPath = "cert/client.csr";
-  if (access(csrPath.c_str(), F_OK) != 0){
+      if (access(csr_name.c_str(), F_OK) != 0) {
        throw RPCException(FILE_NOT_FOUND, "Csr does not exist");
      }
-  result["result"] = true;
-  std::thread thr(set_cert_created1, true);
-  thr.detach();
-
-

- // std::thread timeout_thr (std::bind(&SGXRegistrationServer::set_cert_created, this, true));
-
-  if (auto_sign) {
-    std::string genCert = "cd cert && ./create_client_cert";
+      std::string genCert = "cd cert && ./create_client_cert " + hash;

      if (system(genCert.c_str()) == 0){
          std::cerr << "CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED" << std::endl;
+          status = "0";
      }
      else{
          std::cerr << "CLIENT CERTIFICATE GENERATION FAILED" << std::endl;
-          exit(-1);
+          std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+          csrStatusDb->writeDataUnique(status_db_key, std::to_string(FAIL_TO_CREATE_CERTIFICATE));
+          throw RPCException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
+          //exit(-1);
      }
    }
+
+    result["result"] = true;
+    result["hash"] = hash;
+
+    std::string db_key = "CSR:HASH:" + hash + "STATUS:";
+    csrStatusDb->writeDataUnique(db_key, status);
+
  } catch (RPCException &_e) {
    std::cerr << " err str " << _e.errString << std::endl;
    result["status"] = _e.status;
@@ -107,17 +114,24 @@ Json::Value SignSertificateImpl(const std::string& cert, bool auto_sign = false)

 Json::Value GetSertificateImpl(const std::string& hash){
  Json::Value result;
-  result["status"] = 0;
-  result["errorMessage"] = "";
+
  std::string cert;
  try{
-    if (!cert_created){
-      result["status"] = 1;
-      result["cert"] = "";
+    std::string db_key = "CSR:HASH:" + hash + "STATUS:";
+    std::shared_ptr<string> status_str_ptr = csrStatusDb->readString(db_key);
+    if (status_str_ptr == nullptr){
+       throw RPCException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
    }
-    else {
-      std::ifstream infile("cert/client.crt");
+    int status = std::atoi(status_str_ptr->c_str());
+
+    if ( status == 0){
+      std::string crt_name = "cert/" + hash + ".crt";
+      //if (access(crt_name.c_str(), F_OK) == 0){
+        std::ifstream infile(crt_name);
        if (!infile.is_open()) {
+          std::string status_db_key = "CSR:HASH:" + hash + "STATUS:";
+          csrStatusDb->deleteKey(status_db_key);
+          csrStatusDb->writeDataUnique(status_db_key, std::to_string(FILE_NOT_FOUND));
          throw RPCException(FILE_NOT_FOUND, "Certificate does not exist");
        } else {
          ostringstream ss;
@@ -125,28 +139,29 @@ Json::Value GetSertificateImpl(const std::string& hash){
          cert = ss.str();

          infile.close();
+          std::string remove_crt = "cd cert && rm -rf" + hash + ".crt && rm -rf " + hash + ".csr";
+          system(remove_crt.c_str());

-        system("cd cert && rm -rf client.crt");
-
-        result["cert"] = cert;
-        result["status"] = 0;
      }
    }
+
+    result["status"] = status;
+    result["cert"] = cert;
+
  } catch (RPCException &_e) {
    std::cerr << " err str " << _e.errString << std::endl;
    result["status"] = _e.status;
    result["errorMessage"] = _e.errString;
-    result["status"] = 1;
  }

  return result;
 }


-Json::Value SGXRegistrationServer::SignCertificate(const std::string& cert){
+Json::Value SGXRegistrationServer::SignCertificate(const std::string& csr){
  std::cerr << "Enter SignCertificate " << std::endl;
  lock_guard<recursive_mutex> lock(m);
-  return SignSertificateImpl(cert, cert_auto_sign);
+  return SignCertificateImpl(csr, cert_auto_sign);
 }

 Json::Value SGXRegistrationServer::GetCertificate(const std::string& hash){
@@ -180,13 +195,20 @@ int init_registration_server(bool sign_automatically) {
 //    }
 //  }

-  hs2 = new HttpServer( 1027 );
-  sr = new SGXRegistrationServer(*hs2,
+  hs2 = new HttpServer(BASE_PORT + 1);
+  regs = new SGXRegistrationServer(*hs2,
                                 JSONRPC_SERVER_V2, sign_automatically); // hybrid server (json-rpc 1.0 & 2.0)

-  if (!sr->StartListening()) {
+  if (!regs->StartListening()) {
    cerr << "Registration server could not start listening" << endl;
    exit(-1);
  }
+  else {
+    cerr << "Registration Server started on port " << BASE_PORT + 1 << endl;
+  }
+
+
+
  return 0;
 }
+
--- a/SGXRegistrationServer.h
+++ b/SGXRegistrationServer.h
@@ -44,7 +44,7 @@ public:

  void set_cert_created(bool b);

-  virtual Json::Value SignCertificate(const std::string& cert);
+  virtual Json::Value SignCertificate(const std::string& csr);
  virtual Json::Value GetCertificate(const std::string& hash);

 };
@@ -53,4 +53,5 @@ public:
 extern int init_registration_server(bool sign_automatically = false);


+
 #endif // SGXD_SGXREGISTRATIONSERVER_H
\ No newline at end of file
--- a/SGXWalletServer.cpp
+++ b/SGXWalletServer.cpp
@@ -112,7 +112,7 @@ int init_server(bool check_certs) {
    }
  }

-  hs = new HttpServer( 1026, certPath, keyPath, rootCAPath, check_certs, 10);
+  hs = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, check_certs, 10);
  s = new SGXWalletServer(*hs,
                      JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)

@@ -120,13 +120,16 @@ int init_server(bool check_certs) {
    cerr << "SGX Server could not start listening" << endl;
    exit(-1);
  }
+  else{
+    cerr << "SGX Server started on port " << BASE_PORT << endl;
+  }
  return 0;
 }


-//int init_server() { //without ssl
+//int init_server(bool check_certs) { //without ssl
 //
-//  hs = new HttpServer(1028);
+//  hs = new HttpServer(1026);
 //  s = new SGXWalletServer(*hs,
 //                          JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 //  if (!s->StartListening()) {
@@ -681,6 +684,7 @@ Json::Value getServerStatusImpl() {
  return result;
 }

+
 Json::Value SGXWalletServer::generateDKGPoly(const std::string& polyName, int t){
  std::cerr << "entered generateDKGPoly" << std::endl;
  lock_guard<recursive_mutex> lock(m);

--- a/ServerInit.cpp
+++ b/ServerInit.cpp
@@ -46,8 +46,8 @@
 #include "LevelDB.h"

 #include "SGXWalletServer.h"
-
 #include "SGXRegistrationServer.h"
+#include "CSRManagerServer.h"

 #include "BLSCrypto.h"
 #include "ServerInit.h"
@@ -63,9 +63,13 @@ void init_daemon() {
    libff::init_alt_bn128_params();

    static std::string dbName("./" WALLETDB_NAME);
+    levelDb = new LevelDB(dbName);

+    static std::string csr_dbname = "CSR_DB";
+    csrDb = new LevelDB(csr_dbname);

-    levelDb = new LevelDB(dbName);
+    static std::string csr_status_dbname = "CSR_STATUS_DB";
+    csrStatusDb = new LevelDB(csr_status_dbname);

 }

@@ -117,8 +121,6 @@ int sgxServerInited = 0;

 void init_all(bool check_cert, bool sign_automatically) {

-
-
    if (sgxServerInited == 1)
        return;

@@ -126,6 +128,7 @@ void init_all(bool check_cert, bool sign_automatically) {

    init_server(check_cert);
    init_registration_server(sign_automatically);
+    init_csrmanager_server();
    init_enclave();
    std::cerr << "enclave inited" << std::endl;
    init_daemon();

--- a/abstractCSRManagerServer.h
+++ b/abstractCSRManagerServer.h
+//
+// Created by kladko on 12/24/19.
+//
+
+#ifndef SGXD_ABSTRACTCSRMANAGERSERVER_H
+#define SGXD_ABSTRACTCSRMANAGERSERVER_H
+
+#include <jsonrpccpp/server.h>
+#include <iostream>
+
+class abstractCSRManagerServer : public jsonrpc::AbstractServer<abstractCSRManagerServer> {
+public:
+    abstractCSRManagerServer(jsonrpc::AbstractServerConnector &conn, jsonrpc::serverVersion_t type = jsonrpc::JSONRPC_SERVER_V2) : jsonrpc::AbstractServer<abstractCSRManagerServer>(conn, type)
+    {
+        this->bindAndAddMethod(jsonrpc::Procedure("GetUnsignedCSRs", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT, NULL), &abstractCSRManagerServer::GetUnsignedCSRsI);
+        this->bindAndAddMethod(jsonrpc::Procedure("SignByHash", jsonrpc::PARAMS_BY_NAME, jsonrpc::JSON_OBJECT,"hash",jsonrpc::JSON_STRING, "status", jsonrpc::JSON_INTEGER, NULL), &abstractCSRManagerServer::SignByHashI);
+    }
+
+    inline virtual void GetUnsignedCSRsI(const Json::Value &request, Json::Value &response)
+    {
+    (void)request;
+    response = this->GetUnsignedCSRs();
+    }
+    inline virtual void SignByHashI(const Json::Value &request, Json::Value &response)
+    {
+        response = this->SignByHash( request["hash"].asString(), request["status"].asInt());
+    }
+
+    virtual Json::Value GetUnsignedCSRs() = 0;
+    virtual Json::Value SignByHash(const std::string& hash, int status) = 0;
+
+};
+
+
+
+
+
+#endif //SGXD_ABSTRACTCSRMANAGERSERVER_H
--- a/aclocal.m4
+++ b/aclocal.m4
-# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.1 -*- Autoconf -*-

-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.

 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,7 @@ You have another version of autoconf.  It may work, but is not guaranteed to.
 If you have problems, you may need to regenerate the build system entirely.
 To do so, use the procedure documented by the package, typically 'autoreconf'.])])

-# Copyright (C) 2002-2017 Free Software Foundation, Inc.
+# Copyright (C) 2002-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.])
 # generated from the m4 files accompanying Automake X.Y.
 # (This private macro should not be called outside this file.)
 AC_DEFUN([AM_AUTOMAKE_VERSION],
-[am__api_version='1.15'
+[am__api_version='1.16'
 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
 dnl require some minimum version.  Point them to the right macro.
-m4_if([$1], [1.15.1], [],
+m4_if([$1], [1.16.1], [],
      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
 ])

@@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.15.1])dnl
+[AM_AUTOMAKE_VERSION([1.16.1])dnl
 m4_ifndef([AC_AUTOCONF_VERSION],
  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])

 # AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-

-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`

 # AM_COND_IF                                            -*- Autoconf -*-

-# Copyright (C) 2008-2017 Free Software Foundation, Inc.
+# Copyright (C) 2008-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -147,7 +147,7 @@ fi[]dnl

 # AM_CONDITIONAL                                            -*- Autoconf -*-

-# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+# Copyright (C) 1997-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -178,7 +178,7 @@ AC_CONFIG_COMMANDS_PRE(
 Usually this means the macro was only invoked conditionally.]])
 fi])])

-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -369,13 +369,12 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl

 # Generate code to set up dependency tracking.              -*- Autoconf -*-

-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.

-
 # _AM_OUTPUT_DEPENDENCY_COMMANDS
 # ------------------------------
 AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
@@ -383,49 +382,41 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
  # Older Autoconf quotes --file arguments for eval, but not when files
  # are listed without --file.  Let's play safe and only enable the eval
  # if we detect the quoting.
-  case $CONFIG_FILES in
-  *\'*) eval set x "$CONFIG_FILES" ;;
-  *)   set x $CONFIG_FILES ;;
-  esac
+  # TODO: see whether this extra hack can be removed once we start
+  # requiring Autoconf 2.70 or later.
+  AS_CASE([$CONFIG_FILES],
+          [*\'*], [eval set x "$CONFIG_FILES"],
+          [*], [set x $CONFIG_FILES])
  shift
-  for mf
+  # Used to flag and report bootstrapping failures.
+  am_rc=0
+  for am_mf
  do
    # Strip MF so we end up with the name of the file.
-    mf=`echo "$mf" | sed -e 's/:.*$//'`
-    # Check whether this is an Automake generated Makefile or not.
-    # We used to match only the files named 'Makefile.in', but
-    # some people rename them; so instead we look at the file content.
-    # Grep'ing the first line is not enough: some people post-process
-    # each Makefile.in and add a new line on top of each file to say so.
-    # Grep'ing the whole file is not good either: AIX grep has a line
+    am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile which includes
+    # dependency-tracking related rules and includes.
+    # Grep'ing the whole file directly is not great: AIX grep has a line
    # limit of 2048, but all sed's we know have understand at least 4000.
-    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
-      dirpart=`AS_DIRNAME("$mf")`
-    else
-      continue
-    fi
-    # Extract the definition of DEPDIR, am__include, and am__quote
-    # from the Makefile without running 'make'.
-    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
-    test -z "$DEPDIR" && continue
-    am__include=`sed -n 's/^am__include = //p' < "$mf"`
-    test -z "$am__include" && continue
-    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
-    # Find all dependency output files, they are included files with
-    # $(DEPDIR) in their names.  We invoke sed twice because it is the
-    # simplest approach to changing $(DEPDIR) to its actual value in the
-    # expansion.
-    for file in `sed -n "
-      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
-	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g'`; do
-      # Make sure the directory exists.
-      test -f "$dirpart/$file" && continue
-      fdir=`AS_DIRNAME(["$file"])`
-      AS_MKDIR_P([$dirpart/$fdir])
-      # echo "creating $dirpart/$file"
-      echo '# dummy' > "$dirpart/$file"
-    done
+    sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \
+      || continue
+    am_dirpart=`AS_DIRNAME(["$am_mf"])`
+    am_filepart=`AS_BASENAME(["$am_mf"])`
+    AM_RUN_LOG([cd "$am_dirpart" \
+      && sed -e '/# am--include-marker/d' "$am_filepart" \
+        | $MAKE -f - am--depfiles]) || am_rc=$?
  done
+  if test $am_rc -ne 0; then
+    AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments
+    for automatic dependency tracking.  Try re-running configure with the
+    '--disable-dependency-tracking' option to at least be able to build
+    the package (albeit without support for automatic dependency tracking).])
+  fi
+  AS_UNSET([am_dirpart])
+  AS_UNSET([am_filepart])
+  AS_UNSET([am_mf])
+  AS_UNSET([am_rc])
+  rm -f conftest-deps.mk
 }
 ])# _AM_OUTPUT_DEPENDENCY_COMMANDS

@@ -434,18 +425,17 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
 # -----------------------------
 # This macro should only be invoked once -- use via AC_REQUIRE.
 #
-# This code is only required when automatic dependency tracking
-# is enabled.  FIXME.  This creates each '.P' file that we will
-# need in order to bootstrap the dependency handling code.
+# This code is only required when automatic dependency tracking is enabled.
+# This creates each '.Po' and '.Plo' makefile fragment that we'll need in
+# order to bootstrap the dependency handling code.
 AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
 [AC_CONFIG_COMMANDS([depfiles],
     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
-     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
-])
+     [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])])

 # Do all the work for Automake.                             -*- Autoconf -*-

-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -532,8 +522,8 @@ AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
 AC_REQUIRE([AC_PROG_MKDIR_P])dnl
 # For better backward compatibility.  To be removed once Automake 1.9.x
 # dies out for good.  For more background, see:
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
-# <http://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00001.html>
+# <https://lists.gnu.org/archive/html/automake/2012-07/msg00014.html>
 AC_SUBST([mkdir_p], ['$(MKDIR_P)'])
 # We need awk for the "check" target (and possibly the TAP driver).  The
 # system "awk" is bad on some platforms.
@@ -600,7 +590,7 @@ END
 Aborting the configuration process, to ensure you take notice of the issue.

 You can download and install GNU coreutils to get an 'rm' implementation
-that behaves properly: <http://www.gnu.org/software/coreutils/>.
+that behaves properly: <https://www.gnu.org/software/coreutils/>.

 If you want to complete the configuration process using your problematic
 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM
@@ -642,7 +632,7 @@ for _am_header in $config_headers :; do
 done
 echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])

-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -663,7 +653,7 @@ if test x"${install_sh+set}" != xset; then
 fi
 AC_SUBST([install_sh])])

-# Copyright (C) 2003-2017 Free Software Foundation, Inc.
+# Copyright (C) 2003-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -684,7 +674,7 @@ AC_SUBST([am__leading_dot])])

 # Check to see how 'make' treats includes.	            -*- Autoconf -*-

-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -692,49 +682,42 @@ AC_SUBST([am__leading_dot])])

 # AM_MAKE_INCLUDE()
 # -----------------
-# Check to see how make treats includes.
+# Check whether make has an 'include' directive that can support all
+# the idioms we need for our automatic dependency tracking code.
 AC_DEFUN([AM_MAKE_INCLUDE],
-[am_make=${MAKE-make}
-cat > confinc << 'END'
+[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive])
+cat > confinc.mk << 'END'
 am__doit:
-	@echo this is the am__doit target
+	@echo this is the am__doit target >confinc.out
 .PHONY: am__doit
 END
-# If we don't find an include directive, just comment out the code.
-AC_MSG_CHECKING([for style of include used by $am_make])
 am__include="#"
 am__quote=
-_am_result=none
-# First try GNU make style include.
-echo "include confinc" > confmf
-# Ignore all kinds of additional output from 'make'.
-case `$am_make -s -f confmf 2> /dev/null` in #(
-*the\ am__doit\ target*)
-  am__include=include
-  am__quote=
-  _am_result=GNU
-  ;;
-esac
-# Now try BSD make style include.
-if test "$am__include" = "#"; then
-   echo '.include "confinc"' > confmf
-   case `$am_make -s -f confmf 2> /dev/null` in #(
-   *the\ am__doit\ target*)
-     am__include=.include
-     am__quote="\""
-     _am_result=BSD
-     ;;
-   esac
-fi
-AC_SUBST([am__include])
-AC_SUBST([am__quote])
-AC_MSG_RESULT([$_am_result])
-rm -f confinc confmf
-])
+# BSD make does it like this.
+echo '.include "confinc.mk" # ignored' > confmf.BSD
+# Other make implementations (GNU, Solaris 10, AIX) do it like this.
+echo 'include confinc.mk # ignored' > confmf.GNU
+_am_result=no
+for s in GNU BSD; do
+  AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out])
+  AS_CASE([$?:`cat confinc.out 2>/dev/null`],
+      ['0:this is the am__doit target'],
+      [AS_CASE([$s],
+          [BSD], [am__include='.include' am__quote='"'],
+          [am__include='include' am__quote=''])])
+  if test "$am__include" != "#"; then
+    _am_result="yes ($s style)"
+    break
+  fi
+done
+rm -f confinc.* confmf.*
+AC_MSG_RESULT([${_am_result}])
+AC_SUBST([am__include])])
+AC_SUBST([am__quote])])

 # Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-

-# Copyright (C) 1997-2017 Free Software Foundation, Inc.
+# Copyright (C) 1997-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -773,7 +756,7 @@ fi

 # Helper functions for option handling.                     -*- Autoconf -*-

-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -802,7 +785,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
 AC_DEFUN([_AM_IF_OPTION],
 [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])

-# Copyright (C) 1999-2017 Free Software Foundation, Inc.
+# Copyright (C) 1999-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -849,7 +832,7 @@ AC_LANG_POP([C])])
 # For backward compatibility.
 AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])

-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -868,7 +851,7 @@ AC_DEFUN([AM_RUN_LOG],

 # Check to make sure that the build environment is sane.    -*- Autoconf -*-

-# Copyright (C) 1996-2017 Free Software Foundation, Inc.
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -949,7 +932,7 @@ AC_CONFIG_COMMANDS_PRE(
 rm -f conftest.file
 ])

-# Copyright (C) 2009-2017 Free Software Foundation, Inc.
+# Copyright (C) 2009-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1009,7 +992,7 @@ AC_SUBST([AM_BACKSLASH])dnl
 _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
 ])

-# Copyright (C) 2001-2017 Free Software Foundation, Inc.
+# Copyright (C) 2001-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1037,7 +1020,7 @@ fi
 INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
 AC_SUBST([INSTALL_STRIP_PROGRAM])])

-# Copyright (C) 2006-2017 Free Software Foundation, Inc.
+# Copyright (C) 2006-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -1056,7 +1039,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])

 # Check how to create a tarball.                            -*- Autoconf -*-

-# Copyright (C) 2004-2017 Free Software Foundation, Inc.
+# Copyright (C) 2004-2018 Free Software Foundation, Inc.
 #
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,

--- a/cert/create_CA
+++ b/cert/create_CA
@@ -8,6 +8,7 @@ openssl req -x509 -sha256 -nodes -days 1024 -newkey rsa:2048 -key rootCA.key -ou

 mkdir new_certs
 touch index.txt
+touch index.txt.attr
 echo "01" > serial



--- a/cert/create_client_cert
+++ b/cert/create_client_cert
 #!/bin/bash

 #sign csr
-yes | openssl ca -config ca.config -in "client.csr" -out "client.crt"
+CSREXT=".csr"
+CRTEXT=".crt"
+CSRFILE="$1$CSREXT"
+CRTFILE="$1$CRTEXT" 
+yes | openssl ca -config ca.config -in $CSRFILE -out $CRTFILE
--- a/cert_util.cpp
+++ b/cert_util.cpp
+//
+// Created by kladko on 12/27/19.
+//
+
+#include <iostream>
+#include <cstring>
+#include <jsonrpccpp/client/connectors/httpclient.h>
+#include "stubclient.h"
+
+#include <unistd.h>
+
+int print_hashes(){
+  jsonrpc::HttpClient client("http://localhost:1028");
+  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+  std::cout << "Client inited" << std::endl;
+  std::cout << c.GetUnsignedCSRs() << std::endl;
+  exit(0);
+}
+
+void sign_by_hash(std::string & hash, int status){
+  jsonrpc::HttpClient client("http://localhost:1028");
+  StubClient c(client, jsonrpc::JSONRPC_CLIENT_V2);
+  std::cout << "Client inited" << std::endl;
+  std::cout << c.SignByHash(hash, status) << std::endl;
+  exit(0);
+}
+
+int main(int argc, char *argv[]) {
+
+  int opt;
+
+  if (argc > 1 && strlen(argv[1]) == 1) {
+    fprintf(stderr, "option is too short %s\n", argv[1]);
+    exit(1);
+  }
+
+  if (argc == 1) {
+    std::cout << "You may use following flags:" << std::endl;
+    std::cout << " -p  print all unsigned csr hashes " << std::endl;
+    std::cout << " -s [hash] sign csr by hash" << std::endl;
+    std::cout << " -r [hash] reject csr by hash" << std::endl;
+    exit(0);
+  }
+     std::string hash;
+      while ((opt = getopt(argc, argv, "ps:r:")) != -1) {
+          switch (opt) {
+
+              case 'p': print_hashes();
+                        break;
+              case 's': hash = optarg;
+                        sign_by_hash(hash, 0);
+                        break;
+              case 'r': hash = optarg;
+                        sign_by_hash(hash, 2);
+                        break;
+              case '?': // fprintf(stderr, "unknown flag\n");
+                        exit(1);
+
+          }
+      }
+
+  return 0;
+}
+
--- a/compile
+++ b/compile
-/usr/share/automake-1.15/compile
\ No newline at end of file
+/usr/share/automake-1.16/compile
\ No newline at end of file
--- a/depcomp
+++ b/depcomp
-/usr/share/automake-1.15/depcomp
\ No newline at end of file
+/usr/share/automake-1.16/depcomp
\ No newline at end of file
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -20,8 +20,8 @@ RUN git clone -b sgx_2.5 --depth 1 https://github.com/intel/linux-sgx && \
 # For debug purposes
 # COPY jhi.conf /etc/jhi/jhi.conf

-
-RUN git clone --recurse-submodules https://github.com/skalenetwork/sgxwallet.git
+###RUN git clone --recurse-submodules https://76b7983ebf14269178b99eff5b2be4b4b56fe7a5:@github.com/skalenetwork/sgxwallet.git
+RUN git clone --recurse-submodules https://76b7983ebf14269178b99eff5b2be4b4b56fe7a5:@github.com/skalenetwork/sgxwallet.git
 WORKDIR  sgxwallet
 #RUN cd sgx-software-enable && make && ./sgx_enable
 RUN cd scripts; ./build.py

--- a/install-sh
+++ b/install-sh
-/usr/share/automake-1.15/install-sh
\ No newline at end of file
+/usr/share/automake-1.16/install-sh
\ No newline at end of file
--- a/missing
+++ b/missing
-/usr/share/automake-1.15/missing
\ No newline at end of file
+/usr/share/automake-1.16/missing
\ No newline at end of file
--- a/secure_enclave/Makefile.in
+++ b/secure_enclave/Makefile.in
-# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
 # @configure_input@

-# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.

 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -137,7 +137,15 @@ am__v_at_0 = @
 am__v_at_1 = 
 DEFAULT_INCLUDES = -I.@am__isrc@
 depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/BLSEnclave.Po ./$(DEPDIR)/DH_dkg.Po \
+	./$(DEPDIR)/DKGUtils.Po ./$(DEPDIR)/alt_bn128_g1.Po \
+	./$(DEPDIR)/alt_bn128_g2.Po ./$(DEPDIR)/alt_bn128_init.Po \
+	./$(DEPDIR)/curves.Po ./$(DEPDIR)/domain_parameters.Po \
+	./$(DEPDIR)/numbertheory.Po ./$(DEPDIR)/point.Po \
+	./$(DEPDIR)/secure_enclave.Po ./$(DEPDIR)/secure_enclave_t.Po \
+	./$(DEPDIR)/signature.Po ./$(DEPDIR)/signed_enclave_debug.Po \
+	./$(DEPDIR)/signed_enclave_rel.Po
 am__mv = mv -f
 COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -365,8 +373,8 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
 	  *config.status*) \
 	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
 	  *) \
-	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
-	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
 	esac;
 $(top_srcdir)/build-aux/sgx_enclave.am $(am__empty):

@@ -431,21 +439,27 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c

-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BLSEnclave.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DH_dkg.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DKGUtils.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g1.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g2.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_init.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curves.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/domain_parameters.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numbertheory.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/point.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave_t.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signature.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_debug.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_rel.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/BLSEnclave.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DH_dkg.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/DKGUtils.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g1.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_g2.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alt_bn128_init.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/curves.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/domain_parameters.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/numbertheory.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/point.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secure_enclave_t.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signature.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_debug.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signed_enclave_rel.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+	@$(MKDIR_P) $(@D)
+	@echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)

 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -569,7 +583,10 @@ cscopelist-am: $(am__tagged_files)
 distclean-tags:
 	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags

-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+	$(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
 	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
 	list='$(DISTFILES)'; \
@@ -642,7 +659,21 @@ clean: clean-am
 clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am

 distclean: distclean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/BLSEnclave.Po
+	-rm -f ./$(DEPDIR)/DH_dkg.Po
+	-rm -f ./$(DEPDIR)/DKGUtils.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g1.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g2.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_init.Po
+	-rm -f ./$(DEPDIR)/curves.Po
+	-rm -f ./$(DEPDIR)/domain_parameters.Po
+	-rm -f ./$(DEPDIR)/numbertheory.Po
+	-rm -f ./$(DEPDIR)/point.Po
+	-rm -f ./$(DEPDIR)/secure_enclave.Po
+	-rm -f ./$(DEPDIR)/secure_enclave_t.Po
+	-rm -f ./$(DEPDIR)/signature.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_debug.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_rel.Po
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-tags
@@ -688,7 +719,21 @@ install-ps-am:
 installcheck-am:

 maintainer-clean: maintainer-clean-am
-	-rm -rf ./$(DEPDIR)
+		-rm -f ./$(DEPDIR)/BLSEnclave.Po
+	-rm -f ./$(DEPDIR)/DH_dkg.Po
+	-rm -f ./$(DEPDIR)/DKGUtils.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g1.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_g2.Po
+	-rm -f ./$(DEPDIR)/alt_bn128_init.Po
+	-rm -f ./$(DEPDIR)/curves.Po
+	-rm -f ./$(DEPDIR)/domain_parameters.Po
+	-rm -f ./$(DEPDIR)/numbertheory.Po
+	-rm -f ./$(DEPDIR)/point.Po
+	-rm -f ./$(DEPDIR)/secure_enclave.Po
+	-rm -f ./$(DEPDIR)/secure_enclave_t.Po
+	-rm -f ./$(DEPDIR)/signature.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_debug.Po
+	-rm -f ./$(DEPDIR)/signed_enclave_rel.Po
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic

@@ -708,19 +753,19 @@ uninstall-am: uninstall-libexecPROGRAMS

 .MAKE: install-am install-strip

-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
-	clean-libexecPROGRAMS cscopelist-am ctags ctags-am distclean \
-	distclean-compile distclean-generic distclean-tags distdir dvi \
-	dvi-am html html-am info info-am install install-am \
-	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-html install-html-am \
-	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
-	ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-libexecPROGRAMS
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+	clean-generic clean-libexecPROGRAMS cscopelist-am ctags \
+	ctags-am distclean distclean-compile distclean-generic \
+	distclean-tags distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am install-dvi \
+	install-dvi-am install-exec install-exec-am install-html \
+	install-html-am install-info install-info-am \
+	install-libexecPROGRAMS install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \
+	uninstall-am uninstall-libexecPROGRAMS

 .PRECIOUS: Makefile


--- a/sgxwallet.c
+++ b/sgxwallet.c
@@ -63,16 +63,15 @@ int main(int argc, char *argv[]) {

  while ((opt = getopt(argc, argv, "csh")) != -1) {
    switch (opt) {
-//    case 'h':
-//      if (strlen(argv[1]) == 2 ) {
-//        fprintf(stderr, "-c  client certificate will not be checked\n");
-//        fprintf(stderr, "-s  client certificate will be signed automatically\n");
-//        exit(0);
-//      } else {
-//        fprintf(stderr, "unknown flag %s\n", argv[1]);
-//        exit(1);
-//      }
-
+    case 'h':
+      if (strlen(argv[1]) == 2 ) {
+        fprintf(stderr, "-c  client certificate will not be checked\n");
+        fprintf(stderr, "-s  client certificate will be signed automatically\n");
+        exit(0);
+      } else {
+        fprintf(stderr, "unknown flag %s\n", argv[1]);
+        exit(1);
+      }
    case 'c':
      check_client_cert = false;
      break;

--- a/sgxwallet_common.h
+++ b/sgxwallet_common.h
@@ -78,7 +78,13 @@

 #define FILE_NOT_FOUND -44

-#define SGX_ENCLAVE_ERROR -666;
+#define FAIL_TO_CREATE_CERTIFICATE -55
+
+#define SGX_ENCLAVE_ERROR -666
+
+#define MAX_CSR_NUM 1000
+
+#define BASE_PORT 1026

 #define WALLETDB_NAME  "sgxwallet.db"//"test_sgxwallet.db"//
 #define ENCLAVE_NAME "secure_enclave.signed.so"

--- a/stubclient.h
+++ b/stubclient.h
@@ -208,6 +208,35 @@ class StubClient : public jsonrpc::Client
                throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
        }

+
+    ////CSRManagerServer
+
+  Json::Value GetUnsignedCSRs() throw (jsonrpc::JsonRpcException)
+  {
+    Json::Value p;
+    p = Json::nullValue;
+    Json::Value result = this->CallMethod("GetUnsignedCSRs",p);
+    if (result.isObject())
+      return result;
+    else
+      throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+  }
+
+
+
+    Json::Value SignByHash(const std::string& hash, int status) throw (jsonrpc::JsonRpcException)
+    {
+        Json::Value p;
+        p["hash"] = hash;
+        p["status"] = status;
+        Json::Value result = this->CallMethod("SignByHash",p);
+        if (result.isObject())
+            return result;
+        else
+            throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
+    }
+
+
        Json::Value getServerStatus() throw (jsonrpc::JsonRpcException)
        {
            Json::Value p;
@@ -218,6 +247,7 @@ class StubClient : public jsonrpc::Client
            else
                throw jsonrpc::JsonRpcException(jsonrpc::Errors::ERROR_CLIENT_INVALID_RESPONSE, result.toStyledString());
        }
+
 };

 #endif //JSONRPC_CPP_STUB_STUBCLIENT_H_
--- a/testw.cpp
+++ b/testw.cpp
@@ -958,9 +958,8 @@ TEST_CASE("API test", "[api_test]") {

 TEST_CASE("getServerStatus test", "[getServerStatus_test]") {
  init_all( false, false );
-  HttpClient client("http://localhost:1028");
+  HttpClient client("http://localhost:1026");
  StubClient c(client, JSONRPC_CLIENT_V2);
-
  REQUIRE(c.getServerStatus()["status"] == 0);
  sgx_destroy_enclave(eid);
 }