Merge pull request #80 from skalenetwork/SKALE-2536-certs-2

Skale 2536 certs 2

CSRManagerServer.cpp

@@ -22,21 +22,26 @@
 */
 
 
-#include "CSRManagerServer.h"
-#include "SGXException.h"
-#include "sgxwallet_common.h"
-
 #include <iostream>
 #include <fstream>
 
+
+
+
 #include <jsonrpccpp/server/connectors/httpserver.h>
 
-#include "spdlog/spdlog.h"
+
+#include "CSRManagerServer.h"
+#include "SGXException.h"
+#include "sgxwallet_common.h"
+
+
+#include "Log.h"
 #include "common.h"
 
 
-CSRManagerServer *cs = nullptr;
-jsonrpc::HttpServer *hs3 = nullptr;
+shared_ptr<CSRManagerServer> CSRManagerServer::cs = nullptr;
+shared_ptr<jsonrpc::HttpServer> CSRManagerServer::hs3 = nullptr;
 
 
 CSRManagerServer::CSRManagerServer(AbstractServerConnector &connector,
@@ -44,22 +49,15 @@ CSRManagerServer::CSRManagerServer(AbstractServerConnector &connector,
 
 
 Json::Value getUnsignedCSRsImpl() {
-    spdlog::info("Enter getUnsignedCSRsImpl");
-    Json::Value result;
-    result["status"] = 0;
-    result["errorMessage"] = "";
+    spdlog::info(__FUNCTION__);
+    INIT_RESULT(result)
 
     try {
         vector<string> hashes_vect = LevelDB::getCsrDb()->writeKeysToVector1(MAX_CSR_NUM);
         for (int i = 0; i < (int) hashes_vect.size(); i++) {
             result["hashes"][i] = hashes_vect.at(i);
         }
-    } catch (SGXException &_e) {
-        cerr << " err str " << _e.errString << endl;
-        result["status"] = _e.status;
-        result["errorMessage"] = _e.errString;
-
-    }
+    } HANDLE_SGX_EXCEPTION(result);
 
     return result;
 }
@@ -111,30 +109,26 @@ Json::Value signByHashImpl(const string &hash, int status) {
 
         result["status"] = status;
 
-    } catch (SGXException &_e) {
-        cerr << " err str " << _e.errString << endl;
-        result["status"] = _e.status;
-        result["errorMessage"] = _e.errString;
-    }
+    } HANDLE_SGX_EXCEPTION(result)
 
     return result;
 }
 
 
 Json::Value CSRManagerServer::getUnsignedCSRs() {
-    lock_guard<recursive_mutex> lock(m);
+    LOCK(m)
     return getUnsignedCSRsImpl();
 }
 
 Json::Value CSRManagerServer::signByHash(const string &hash, int status) {
-    lock_guard<recursive_mutex> lock(m);
+    LOCK(m)
     return signByHashImpl(hash, status);
 }
 
-int init_csrmanager_server() {
-    hs3 = new jsonrpc::HttpServer(BASE_PORT + 2);
+int CSRManagerServer::initCSRManagerServer() {
+    hs3 = make_shared<jsonrpc::HttpServer>(BASE_PORT + 2);
     hs3->BindLocalhost();
-    cs = new CSRManagerServer(*hs3, JSONRPC_SERVER_V2); // server (json-rpc 2.0)
+    cs = make_shared<CSRManagerServer>(*hs3, JSONRPC_SERVER_V2); // server (json-rpc 2.0)
 
     if (!cs->StartListening()) {
         spdlog::info("CSR manager server could not start listening");

CSRManagerServer.h

@@ -25,26 +25,37 @@
 #ifndef SGXD_CSRMANAGERSERVER_H
 #define SGXD_CSRMANAGERSERVER_H
 
+#include <mutex>
+
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
 #include "abstractCSRManagerServer.h"
 #include "LevelDB.h"
 
-#include <mutex>
+
+
 
 using namespace jsonrpc;
+using namespace std;
 
 class CSRManagerServer : public abstractCSRManagerServer {
 
-  std::recursive_mutex m;
+  recursive_mutex m;
+
+  static shared_ptr<HttpServer> hs3;
+
+  static shared_ptr<CSRManagerServer> cs;
 
   public:
 
   CSRManagerServer(AbstractServerConnector &connector, serverVersion_t type);
 
   virtual Json::Value getUnsignedCSRs();
-  virtual Json::Value signByHash(const std::string& hash, int status);
+  virtual Json::Value signByHash(const string& hash, int status);
+
+  static int initCSRManagerServer();
 };
 
-extern int init_csrmanager_server();
 
 
 

Log.h

@@ -71,7 +71,9 @@ public:
 };
 
 #define INIT_RESULT(__RESULT__)     Json::Value __RESULT__; __RESULT__["status"] = 0; __RESULT__["errorMessage"] = "";
-#define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);}
+#define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \
+        catch (exception  &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();}
+
 #define LOCK(__M__)  lock_guard<recursive_mutex> lock(__M__);
 
 #endif

SGXRegistrationServer.cpp

@@ -43,7 +43,7 @@
 #include "SGXRegistrationServer.h"
 #include "LevelDB.h"
 
-#include "spdlog/spdlog.h"
+#include "Log.h"
 #include "common.h"
 
 int printDebugInfo = -1;
@@ -51,162 +51,135 @@ int useHTTPS = -1;
 int encryptKeys = -1;
 int autoconfirm = -1;
 
-SGXRegistrationServer *registrationServer = nullptr;
-HttpServer *httpServer2 = nullptr;
+shared_ptr <SGXRegistrationServer> SGXRegistrationServer::server = nullptr;
+shared_ptr <HttpServer> SGXRegistrationServer::httpServer = nullptr;
 
 SGXRegistrationServer::SGXRegistrationServer(AbstractServerConnector &connector,
                                              serverVersion_t type, bool _autoSign)
-        : AbstractRegServer(connector, type), isCertCreated(false), autoSign(_autoSign) {}
+        : AbstractRegServer(connector, type), autoSign(_autoSign) {}
 
 
 Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) {
-    Json::Value result;
-    result["status"] = 0;
-    result["errorMessage"] = "";
+    spdlog::info(__FUNCTION__);
+    INIT_RESULT(result)
+
+    result["result"] = false;
+
     try {
-        spdlog::info("enter signCertificateImpl");
 
-        string status = "1";
         string hash = cryptlite::sha256::hash_hex(_csr);
-        if (!_autoSign) {
-            string db_key = "CSR:HASH:" + hash;
-            LevelDB::getCsrStatusDb()->writeDataUnique(db_key, _csr);
+
+        if (system("ls " CERT_DIR "/" CERT_CREATE_COMMAND) != 0) {
+            spdlog::error("cert/create_client_cert does not exist");
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
         }
 
-        if (_autoSign) {
-            string csr_name = "cert/" + hash + ".csr";
+
+        string csr_name = string(CERT_DIR) + "/" + hash + ".csr";
         ofstream outfile(csr_name);
+        outfile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
         outfile << _csr << endl;
         outfile.close();
-            if (access(csr_name.c_str(), F_OK) != 0) {
-                throw SGXException(FILE_NOT_FOUND, "Csr does not exist");
+
+        if (system(("ls " + csr_name).c_str()) != 0) {
+            spdlog::error("could not create csr file");
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
         }
 
-            string genCert = "cd cert && ./create_client_cert " + hash;
+        if (system(("openssl req -in " + csr_name).c_str()) != 0) {
+            spdlog::error("Incorrect CSR format: {}", _csr);
+            throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "Incorrect CSR format ");
+        }
+
+
+        if (_autoSign) {
+
+            string genCert = string("cd ") + CERT_DIR + "&& ./"
+                    + CERT_CREATE_COMMAND + " " + hash ;
+
 
             if (system(genCert.c_str()) == 0) {
-                spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
-                status = "0";
+                spdlog::info("Client cert " + hash + " generated");
+                string db_key = "CSR:HASH:" + hash + "STATUS:";
+                string status = "0";
+                LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
+
             } else {
-                spdlog::info("CLIENT CERTIFICATE GENERATION FAILED");
-                string status_db_key = "CSR:HASH:" + hash + "STATUS:";
-                LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FAIL_TO_CREATE_CERTIFICATE));
+
+                spdlog::error("Client cert generation failed: {} ", genCert);
                 throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
-                //exit(-1);
             }
+        } else {
+            string db_key = "CSR:HASH:" + hash;
+            LevelDB::getCsrStatusDb()->writeDataUnique(db_key, _csr);
         }
 
         result["result"] = true;
         result["hash"] = hash;
 
-        string db_key = "CSR:HASH:" + hash + "STATUS:";
-        LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
-
-    } catch (SGXException &_e) {
-        cerr << " err str " << _e.errString << endl;
-        result["status"] = _e.status;
-        result["errorMessage"] = _e.errString;
-        result["result"] = false;
-    }
+    } HANDLE_SGX_EXCEPTION(result)
 
     return result;
 }
 
-Json::Value GetSertificateImpl(const string &hash) {
+Json::Value getCertificateImpl(const string &hash) {
     Json::Value result;
 
     string cert;
     try {
         string db_key = "CSR:HASH:" + hash + "STATUS:";
-        shared_ptr<string> status_str_ptr = LevelDB::getCsrStatusDb()->readString(db_key);
+        shared_ptr <string> status_str_ptr = LevelDB::getCsrStatusDb()->readString(db_key);
         if (status_str_ptr == nullptr) {
-            throw SGXException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
+            throw SGXException(CERT_REQUEST_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
         }
         int status = atoi(status_str_ptr->c_str());
 
         if (status == 0) {
-            string crt_name = "cert/" + hash + ".crt";
-            //if (access(crt_name.c_str(), F_OK) == 0){
-            ifstream infile(crt_name);
-            if (!infile.is_open()) {
-                string status_db_key = "CSR:HASH:" + hash + "STATUS:";
-                LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
-                LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FILE_NOT_FOUND));
+            string crtPath = "cert/" + hash + ".crt";
+
+            if (system(("ls " + crtPath).c_str()) != 0) {
                 throw SGXException(FILE_NOT_FOUND, "Certificate does not exist");
-            } else {
+            }
+
+            ifstream infile(crtPath);
+            infile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
             ostringstream ss;
             ss << infile.rdbuf();
-                cert = ss.str();
-
             infile.close();
-                string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
-                if (system(remove_crt.c_str()) == 0) {
-                    //cerr << "cert removed" << endl;
-                    spdlog::info(" cert removed ");
-
-                } else {
-                    spdlog::info(" cert was not removed ");
-                }
-
-            }
+            cert = ss.str();
         }
 
         result["status"] = status;
         result["cert"] = cert;
 
-    } catch (SGXException &_e) {
-        cerr << " err str " << _e.errString << endl;
-        result["status"] = _e.status;
-        result["errorMessage"] = _e.errString;
-    }
+    } HANDLE_SGX_EXCEPTION(result)
 
     return result;
 }
 
 
 Json::Value SGXRegistrationServer::SignCertificate(const string &csr) {
-    spdlog::info("Enter signCertificate ");
-    lock_guard<recursive_mutex> lock(m);
+    spdlog::info(__FUNCTION__);
+    LOCK(m)
     return signCertificateImpl(csr, autoSign);
 }
 
 Json::Value SGXRegistrationServer::GetCertificate(const string &hash) {
-    lock_guard<recursive_mutex> lock(m);
-    return GetSertificateImpl(hash);
+    spdlog::info(__FUNCTION__);
+    LOCK(m)
+    return getCertificateImpl(hash);
 }
 
-void SGXRegistrationServer::set_cert_created(bool b) {
-    sleep(100);
-    isCertCreated = b;
-}
 
+int SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
 
-int initRegistrationServer(bool _autoSign) {
-
-//  string certPath = "cert/SGXCACertificate.crt";
-//  string keyPath = "cert/SGXCACertificate.key";
-//
-//  if (access(certPath.c_str(), F_OK) != 0){
-//    cerr << "CERTIFICATE IS GOING TO BE CREATED" << endl;
-//
-//    string genCert = "cd cert && ./self-signed-tls -c=US -s=California -l=San-Francisco -o=\"Skale Labs\" -u=\"Department of Software Engineering\" -n=\"SGXCACertificate\" -e=info@skalelabs.com";
-//
-//    if (system(genCert.c_str()) == 0){
-//      cerr << "CERTIFICATE IS SUCCESSFULLY GENERATED" << endl;
-//    }
-//    else{
-//      cerr << "CERTIFICATE GENERATION FAILED" << endl;
-//      exit(-1);
-//    }
-//  }
-
-    httpServer2 = new HttpServer(BASE_PORT + 1);
-    registrationServer = new SGXRegistrationServer(*httpServer2,
+    httpServer = make_shared<HttpServer>(BASE_PORT + 1);
+    server = make_shared<SGXRegistrationServer>(*httpServer,
                                                 JSONRPC_SERVER_V2,
                                                 _autoSign); // hybrid server (json-rpc 1.0 & 2.0)
 
-    if (!registrationServer->StartListening()) {
-        spdlog::info("Registration server could not start listening");
+    if (!server->StartListening()) {
+        spdlog::error("Registration server could not start listening on port {}", BASE_PORT + 1);
         exit(-1);
     } else {
         spdlog::info("Registration server started on port {}", BASE_PORT + 1);
@@ -216,3 +189,9 @@ int initRegistrationServer(bool _autoSign) {
     return 0;
 }
 
+
+shared_ptr<SGXRegistrationServer> SGXRegistrationServer::getServer() {
+    CHECK_STATE(server);
+    return server;
+}
+

SGXRegistrationServer.h

@@ -25,31 +25,44 @@
 #define SGXD_SGXREGISTRATIONSERVER_H
 
 
-#include "abstractregserver.h"
 #include <mutex>
 
+#include "abstractregserver.h"
+#include <jsonrpccpp/server/connectors/httpserver.h>
+
+
+#define CERT_DIR "cert"
+#define CERT_CREATE_COMMAND "create_client_cert"
+
+
 using namespace jsonrpc;
 using namespace std;
 
-class SGXRegistrationServer: public AbstractRegServer {
-  std::recursive_mutex m;
-  bool isCertCreated;
+class SGXRegistrationServer : public AbstractRegServer {
+    recursive_mutex m;
     bool autoSign;
 
+
+    static shared_ptr <HttpServer> httpServer;
+
+    static shared_ptr <SGXRegistrationServer> server;
+
+
 public:
 
-  SGXRegistrationServer(AbstractServerConnector &connector, serverVersion_t type, bool _autoSign = false);
+    static shared_ptr <SGXRegistrationServer> getServer();
 
-  void set_cert_created(bool b);
 
-  virtual Json::Value SignCertificate(const std::string& csr);
-  virtual Json::Value GetCertificate(const std::string& hash);
+    SGXRegistrationServer(AbstractServerConnector &connector, serverVersion_t type, bool _autoSign = false);
 
-};
 
+    virtual Json::Value SignCertificate(const string &csr);
+
+    virtual Json::Value GetCertificate(const string &hash);
 
-extern int initRegistrationServer(bool _autoSign = false);
+    static int initRegistrationServer(bool _autoSign = false);
 
+};
 
 
 #endif // SGXD_SGXREGISTRATIONSERVER_H
\ No newline at end of file

SGXWALLET_VERSION

-#define SGXWALLET_VERSION "1.48.1"
\ No newline at end of file
+#define SGXWALLET_VERSION "1.49.2"
\ No newline at end of file

SGXWalletServer.cpp

@@ -74,8 +74,8 @@ bool isStringDec(string &_str) {
 }
 
 
-SGXWalletServer *s = nullptr;
-HttpServer *httpServer = nullptr;
+shared_ptr<SGXWalletServer> SGXWalletServer::server = nullptr;
+shared_ptr<HttpServer> SGXWalletServer::httpServer = nullptr;
 
 SGXWalletServer::SGXWalletServer(AbstractServerConnector &_connector,
                                  serverVersion_t _type)
@@ -130,11 +130,11 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
         }
     }
 
-    httpServer = new HttpServer(BASE_PORT, certPath, keyPath, rootCAPath, _checkCerts, 64);
-    s = new SGXWalletServer(*httpServer,
+    httpServer = make_shared<HttpServer>(BASE_PORT, certPath, keyPath, rootCAPath, _checkCerts, 64);
+    server = make_shared<SGXWalletServer>(*httpServer,
                                      JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
 
-    if (!s->StartListening()) {
+    if (!server->StartListening()) {
         spdlog::error("SGX Server could not start listening");
         exit(-1);
     } else {
@@ -146,10 +146,10 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
 
 int SGXWalletServer::initHttpServer() { //without ssl
 
-    httpServer = new HttpServer(BASE_PORT + 3);
-    s = new SGXWalletServer(*httpServer,
+    httpServer = make_shared<HttpServer>(BASE_PORT + 3);
+    server = make_shared<SGXWalletServer>(*httpServer,
                                      JSONRPC_SERVER_V2); // hybrid server (json-rpc 1.0 & 2.0)
-    if (!s->StartListening()) {
+    if (!server->StartListening()) {
         spdlog::error("Server could not start listening");
         exit(-1);
     }
@@ -207,7 +207,7 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
 
     char *signature = (char *) calloc(BUF_LEN, 1);
 
-    shared_ptr<string> value = nullptr;
+    shared_ptr <string> value = nullptr;
 
     try {
         if (!checkName(_keyShareName, "BLS_KEY")) {
@@ -274,7 +274,7 @@ Json::Value SGXWalletServer::generateECDSAKeyImpl() {
     result["encryptedKey"] = "";
 
 
-    vector<string> keys;
+    vector <string> keys;
 
     try {
         keys = genECDSAKey();
@@ -319,7 +319,7 @@ Json::Value SGXWalletServer::renameECDSAKeyImpl(const string &_keyName, const st
             throw SGXException(UNKNOWN_ERROR, "invalid key name");
         }
 
-        shared_ptr<string> key_ptr = readFromDb(_tempKeyName);
+        shared_ptr <string> key_ptr = readFromDb(_tempKeyName);
 
 
         writeDataToDB(_keyName, *key_ptr);
@@ -340,7 +340,7 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
     result["signature_r"] = "";
     result["signature_s"] = "";
 
-    vector<string> sign_vect(3);
+    vector <string> sign_vect(3);
 
     try {
 
@@ -362,7 +362,7 @@ Json::Value SGXWalletServer::ecdsaSignMessageHashImpl(int _base, const string &_
             throw SGXException(-22, "Invalid base");
         }
 
-        shared_ptr<string> key_ptr = readFromDb(_keyName, "");
+        shared_ptr <string> key_ptr = readFromDb(_keyName, "");
 
         sign_vect = ecdsaSignHash(key_ptr->c_str(), cutHash.c_str(), _base);
         if (sign_vect.size() != 3) {
@@ -393,7 +393,7 @@ Json::Value SGXWalletServer::getPublicECDSAKeyImpl(const string &_keyName) {
         if (!checkECDSAKeyName(_keyName)) {
             throw SGXException(INVALID_ECDSA_KEY_NAME, "Invalid ECDSA key name");
         }
-        shared_ptr<string> keyStr = readFromDb(_keyName);
+        shared_ptr <string> keyStr = readFromDb(_keyName);
         publicKey = getECDSAPubKey(keyStr->c_str());
         spdlog::debug("PublicKey {}", publicKey);
         spdlog::debug("PublicKey length {}", publicKey.length());
@@ -435,7 +435,7 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
     result["status"] = 0;
     result["errorMessage"] = "";
 
-    vector<vector<string>> verifVector;
+    vector <vector<string>> verifVector;
     try {
         if (!checkName(_polyName, "POLY")) {
             throw SGXException(INVALID_POLY_NAME, "Invalid polynomial name");
@@ -444,13 +444,13 @@ Json::Value SGXWalletServer::getVerificationVectorImpl(const string &_polyName,
             throw SGXException(INVALID_DKG_PARAMS, "Invalid parameters: n or t ");
         }
 
-        shared_ptr<string> encr_poly_ptr = readFromDb(_polyName);
+        shared_ptr <string> encr_poly_ptr = readFromDb(_polyName);
 
         verifVector = get_verif_vect(encr_poly_ptr->c_str(), _t, _n);
         //cerr << "verif vect size " << verifVector.size() << endl;
 
         for (int i = 0; i < _t; i++) {
-            vector<string> cur_coef = verifVector.at(i);
+            vector <string> cur_coef = verifVector.at(i);
             for (int j = 0; j < 4; j++) {
                 result["verificationVector"][i][j] = cur_coef.at(j);
                 result["Verification Vector"][i][j] = cur_coef.at(j);
@@ -484,9 +484,9 @@ Json::Value SGXWalletServer::getSecretShareImpl(const string &_polyName, const J
             throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
         }
 
-        shared_ptr<string> encr_poly_ptr = readFromDb(_polyName);
+        shared_ptr <string> encr_poly_ptr = readFromDb(_polyName);
 
-        vector<string> pubKeysStrs;
+        vector <string> pubKeysStrs;
         for (int i = 0; i < _n; i++) {
             if (!checkHex(_pubKeys[i].asString(), 64)) {
                 throw SGXException(INVALID_HEX, "Invalid public key");
@@ -532,7 +532,7 @@ Json::Value SGXWalletServer::dkgVerificationImpl(const string &_publicShares, co
             throw SGXException(INVALID_DKG_PARAMS, "Invalid length of public shares");
         }
 
-        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
+        shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
 
         if (!verifyShares(_publicShares.c_str(), _secretShare.c_str(), encryptedKeyHex_ptr->c_str(), _t, _n, _index)) {
             result["result"] = false;
@@ -576,11 +576,11 @@ SGXWalletServer::createBLSPrivateKeyImpl(const string &_blsKeyName, const string
         if (!check_n_t(_t, _n)) {
             throw SGXException(INVALID_DKG_PARAMS, "Invalid DKG parameters: n or t ");
         }
-        vector<string> sshares_vect;
+        vector <string> sshares_vect;
 
         spdlog::debug("secret shares from json are - {}", _secretShare);
 
-        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
+        shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_ethKeyName);
 
         bool res = CreateBLSShare(_blsKeyName, _secretShare.c_str(), encryptedKeyHex_ptr->c_str());
         if (res) {
@@ -609,11 +609,11 @@ Json::Value SGXWalletServer::getBLSPublicKeyShareImpl(const string &_blsKeyName)
         if (!checkName(_blsKeyName, "BLS_KEY")) {
             throw SGXException(INVALID_POLY_NAME, "Invalid BLSKey name");
         }
-        shared_ptr<string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
+        shared_ptr <string> encryptedKeyHex_ptr = readFromDb(_blsKeyName);
         spdlog::debug("encr_bls_key_share is {}", *encryptedKeyHex_ptr);
         spdlog::debug("length is {}", encryptedKeyHex_ptr->length());
 
-        vector<string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
+        vector <string> public_key_vect = GetBLSPubKey(encryptedKeyHex_ptr->c_str());
         for (uint8_t i = 0; i < 4; i++) {
             result["blsPublicKeyShare"][i] = public_key_vect.at(i);
             result["BlsPublicKeyShare"][i] = public_key_vect.at(i);
@@ -633,7 +633,7 @@ Json::Value SGXWalletServer::complaintResponseImpl(const string &_polyName, int
             throw SGXException(INVALID_POLY_NAME, "Invalid polynomial name");
         }
         string shareG2_name = "shareG2_" + _polyName + "_" + to_string(_ind) + ":";
-        shared_ptr<string> shareG2_ptr = readFromDb(shareG2_name);
+        shared_ptr <string> shareG2_ptr = readFromDb(shareG2_name);
 
         string DHKey = decryptDHKey(_polyName, _ind);
 
@@ -669,7 +669,7 @@ Json::Value SGXWalletServer::isPolyExistsImpl(const string &_polyName) {
     result["exists"] = false;
 
     try {
-        std::shared_ptr<std::string> poly_str_ptr = LevelDB::getLevelDb()->readString(_polyName);
+        std::shared_ptr <std::string> poly_str_ptr = LevelDB::getLevelDb()->readString(_polyName);
 
         if (poly_str_ptr != nullptr) {
             result["IsExist"] = true;
@@ -785,7 +785,7 @@ Json::Value SGXWalletServer::getServerStatus() {
     return getServerStatusImpl();
 }
 
-shared_ptr<string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
+shared_ptr <string> SGXWalletServer::readFromDb(const string &name, const string &prefix) {
 
     auto dataStr = LevelDB::getLevelDb()->readString(prefix + name);
 
@@ -796,7 +796,7 @@ shared_ptr<string> SGXWalletServer::readFromDb(const string &name, const string
     return dataStr;
 }
 
-shared_ptr<string> SGXWalletServer::readKeyShare(const string &_keyShareName) {
+shared_ptr <string> SGXWalletServer::readKeyShare(const string &_keyShareName) {
 
     auto keyShareStr = LevelDB::getLevelDb()->readString("BLSKEYSHARE:" + _keyShareName);
 

SGXWalletServer.hpp

@@ -25,19 +25,22 @@
 #define SGXWALLET_SGXWALLETSERVER_HPP
 
 
-#include "abstractstubserver.h"
-#include <mutex>
 
+#include <jsonrpccpp/server/connectors/httpserver.h>
+#include <mutex>
+#include "abstractstubserver.h"
 
 using namespace jsonrpc;
 using namespace std;
 
 class SGXWalletServer : public AbstractStubServer {
 
-
-    SGXWalletServer *server = nullptr;
     recursive_mutex m;
 
+    static shared_ptr<SGXWalletServer> server;
+    static shared_ptr<HttpServer> httpServer;
+
+
 public:
     SGXWalletServer(AbstractServerConnector &_connector, serverVersion_t _type);
 

ServerInit.cpp

@@ -113,6 +113,7 @@ void initAll(uint32_t  _logLevel, bool _checkCert, bool _autoSign) {
     static int sgxServerInited;
 
     cout << "Running sgxwallet version:" << SGXWALLET_VERSION << endl;
+
     CHECK_STATE(sgxServerInited == 0)
     sgxServerInited = 1;
     initEnclave(_logLevel);
@@ -121,8 +122,8 @@ void initAll(uint32_t  _logLevel, bool _checkCert, bool _autoSign) {
 
     if (useHTTPS) {
         SGXWalletServer::initHttpsServer(_checkCert);
-        initRegistrationServer(_autoSign);
-        init_csrmanager_server();
+        SGXRegistrationServer::initRegistrationServer(_autoSign);
+        CSRManagerServer::initCSRManagerServer();
     } else {
         SGXWalletServer::initHttpServer();
     }

insecure-samples/yourdomain.csr

+-----BEGIN CERTIFICATE REQUEST-----
+MIICmjCCAYICAQAwVTELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEOMAwGA1UEAwwFU0tB
+TEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE6YD01cpYiyacQ+nx
+esoN3IVs74b/+78uwpUMXbodlfNTLjqbWOkVwBVNZtrLSAa9d1Unz+gODfDBtVMl
+cWkyfRLgQfT8Ks6opEUitmyzc3B/rXsU3lO0qGz+tHscOB9lJQVl64LXaFpVFTnh
+LHZtQxvPuqrMfnc6iE0HlLU9wYAFVeDxtmH4oTFsTcsKNK4USynlyI33oc4q1sUC
+2ZYB2D1OeewtuAlJEEq75CrSlWXuqruFp1kgNKp/xAdw7CnhCBQhmMC1q1kAK4oo
+/g4Nb2SMS5VfHATnswJXdjbMD26tROr7Y8WOojWwHtC2YU96cqy3tw9U4RNGm3Sf
+gkhZAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAcioOqQ0t/M57ugitShFeN6Cq
+cnc8mScGkLlaWjr9eznr9N3GiQQfSY3otJ/i0SD2kbrZ3E1MAGIup0ZHm+CTs2KU
+sPJYz6XwDHPN17Pfal95+wA2dpWOwHz3c8AJ/9qIh2e3SesLF4lUrP56HspNiRbJ
+EReGdHHA+c5MLe85vAOoRwEX+XHwmnoki3V9MORx0oTCecshuebY11aGXTSqB8t2
+xe6GrVoBHIUS56z5lltKHJayoFbyiI0dfrMs0SnY2j9CwYqEy/0w8gDH78zCc2wf
+bgneXwSdFcy/V9182hcocKHxECLdYal+3DnnnN0GZHZlxV5yn1zfAIYHYBBzkg==
+-----END CERTIFICATE REQUEST-----

insecure-samples/yourdomain.key

+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDE6YD01cpYiyac
+Q+nxesoN3IVs74b/+78uwpUMXbodlfNTLjqbWOkVwBVNZtrLSAa9d1Unz+gODfDB
+tVMlcWkyfRLgQfT8Ks6opEUitmyzc3B/rXsU3lO0qGz+tHscOB9lJQVl64LXaFpV
+FTnhLHZtQxvPuqrMfnc6iE0HlLU9wYAFVeDxtmH4oTFsTcsKNK4USynlyI33oc4q
+1sUC2ZYB2D1OeewtuAlJEEq75CrSlWXuqruFp1kgNKp/xAdw7CnhCBQhmMC1q1kA
+K4oo/g4Nb2SMS5VfHATnswJXdjbMD26tROr7Y8WOojWwHtC2YU96cqy3tw9U4RNG
+m3SfgkhZAgMBAAECggEAWditZYlzBUmguWZnhS5gqUh4fMciEwT8K8rPFVBizoMP
+/mE2jpFX8Puu/J00sdJQePzNFxhPKrKDqu8gXBJOTKIzDa4qqTCjEOG7ReZ03MCM
+kUVHxrLXALRk3ybckXiuIols2B9ImR7dMLs5qJuQAbTAKN1kd2Aw6L0uYIoi1GT7
+B76Xe1LuvVxjyzGzBdRX1fWZ44WUVVq5zmiMdgAVNQZNTqKJdt6kJjkfZFTidc7z
+/69+0Xlq7nl5E4/7SEYRqEzNgdLAIJttkf6LX4Vunek6qewHSj9ji31ecNSD0wmM
+GFjCPW9uInWLymQQBJm633RBZF362FSzX8lqxa4AjQKBgQD5sF9IXvvw4qiYJ7Hl
+QaSBY6VPPniaXWeQer/9ki8doxXnhc38fNGxcni8BtV5+2+VSSlNIZ1ahI/kRsDA
+o0yq7JvhMU7nUqPGN/23lDCqOuWyuXcNsKXZV9lVj3kzhI+Z++GDSteMywXYQ5qh
+4Kx12AUi7o2ggwpsG2SrIUd63wKBgQDJ46LDvQ8Xrj6m87qWQ6RJib4tYKmuSNQx
+Ov0HVbYPXk9BTnS3hvvxQLZHFPj9iopMG6SywmEgBcVlRwkFuF8gUXOFMjBfPDe+
+ouukjoL59mjrC0i+c9apwsfPBgfG5vzjlNjdna6dcUykg90NJDrv7zGCfImfZGgs
+9vfKVMvbxwKBgEHwFMmM4+WyRamg2fbcBfBxeydZLQo+3mmmMOtq3mxqNA+nI0Wp
+RMsimsW03E1RXB9FadXHqcFMvp8fHCoDNezxfRzUI60tArkG8ka3qL5bvWscVVdV
+LgcejvNsZyp2uGGGxgAhFJlGyC1bdQuIxKJ+QKT/8IDR+j+gYE5dBH5rAoGAUEBH
+W+1UCYK+7thlbAO5U24Ihbst19SlXGhpWjgM5bEEah5IsQdcMLsbecfxbb9bWAOJ
+BXHU78i7fZWuFXMDhTI7bE/WAJVMR2A1sTThBYGYlQ3oPaSISPTfPgDUqJD7J2/s
+gLOETJtT7vVnsiibsPJwyMC+Z/ienHkTaH8qhdMCgYAsP7JiJ2RXWMMSfzaORE5T
+Ggzm5rsdROod+qKP20zjGZByQaWnjdLNVEcICE1ASXv6ROGP9/GyOv/Cmr8ZU0lI
+2WRetrhJipQgTPtv+5WeeqR5FAqw6ZtdrAse8+GFHfafhL83Wf8EWpZkYXB7JE2K
+hdlRVAxc5YkTVsfeV8IXtA==
+-----END PRIVATE KEY-----

sgxwallet_common.h

@@ -81,6 +81,9 @@ extern int autoconfirm;
 #define INVALID_DKG_PARAMS -12
 #define INVALID_SECRET_SHARES_LENGTH -13
 
+#define CERT_REQUEST_DOES_NOT_EXIST -14
+
+
 #define INVALID_ECDSA_KEY_NAME -20
 #define INVALID_HEX -21
 #define INVALID_ECSDA_SIGNATURE -22

testw.cpp

@@ -69,6 +69,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #include <thread>
 #include "common.h"
 #include "stubclient.h"
+#include "SGXRegistrationServer.h"
 #include "SGXWalletServer.h"
 #include "testw.h"
 
@@ -303,9 +304,23 @@ public:
     ~TestFixture() {
         destroyEnclave();
     }
+};
+
+class TestFixtureHTTPS {
+public:
+    TestFixtureHTTPS() {
+        resetDB();
+        setOptions(false, false, true, true);
+        initAll(0, false, true);
+    }
 
+    ~TestFixtureHTTPS() {
+        destroyEnclave();
+    }
 };
 
+
+
 TEST_CASE_METHOD(TestFixture, "ECDSA keygen and signature test", "[ecdsa-key-sig-gen]") {
 
 
@@ -769,6 +784,28 @@ TEST_CASE_METHOD(TestFixture, "Get ServerStatus", "[get-server-status]") {
 
 }
 
+TEST_CASE_METHOD(TestFixtureHTTPS, "Cert request sign", "[cert-sign]") {
+
+    REQUIRE(SGXRegistrationServer::getServer() != nullptr);
+
+    string csrFile = "insecure-samples/yourdomain.csr";
+
+    ifstream infile(csrFile);
+    infile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
+    ostringstream ss;
+    ss << infile.rdbuf();
+    infile.close();
+
+    auto result = SGXRegistrationServer::getServer()->SignCertificate(ss.str());
+
+    REQUIRE(result["status"] == 0);
+
+    result = SGXRegistrationServer::getServer()->SignCertificate("Haha");
+
+    REQUIRE(result["status"] != 0);
+}
+
+
 
 TEST_CASE_METHOD(TestFixture, "DKG API test", "[dkg-api]") {
 

testw.h

@@ -21,6 +21,8 @@
 #define SAMPLE_DKG_PUB_KEY_2 "378b3e6fdfe2633256ae1662fcd23466d02ead907b5d4366136341cea5e46f5a7bb67d897d6e35f619810238aa143c416f61c640ed214eb9c67a34c4a31b7d25"
 
 
+//openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr^
+#define SAMPLE_CSR_FILE_NAME "samples/yourdomain.csr"
 
 
 #endif //SGXWALLET_TESTW_H

testw.py

@@ -35,7 +35,8 @@ print("Starting build push")
 print("Top directory is:" + topDir)
 
 
-testList = ["[get-server-status]",
+testList = [ "[cert-sign]",
+            "[get-server-status]",
             "[ecdsa-key-gen]",
             "[ecdsa-key-sig-gen]",
             "[ecdsa-get-pub-key]",