bug/SKALE-3751-enable-zeromq

SGXWalletServer.cpp

@@ -118,6 +118,12 @@ void SGXWalletServer::printDB() {
 #define NUM_THREADS 200
 #endif
 
+bool SGXWalletServer::verifyCert(string &_certFileName) {
+    string rootCAPath = string(SGXDATA_FOLDER) + "cert_data/rootCA.pem";
+    string verifyCert = "cert/verify_client_cert " + rootCAPath + " " + _certFileName;
+    return system(verifyCert.c_str()) == 0;
+}
+
 
 int SGXWalletServer::initHttpsServer(bool _checkCerts) {
     COUNT_STATISTICS
@@ -158,6 +164,16 @@ int SGXWalletServer::initHttpsServer(bool _checkCerts) {
         }
     }
 
+    spdlog::info("Verifying  server cert");
+
+    if (verifyCert(certPath)) {
+        spdlog::info("SERVER CERTIFICATE IS SUCCESSFULLY VERIFIED");
+    } else {
+        spdlog::info("SERVER CERTIFICATE VERIFICATION FAILED");
+        exit(-12);
+    }
+
+
     httpServer = make_shared<HttpServer>(BASE_PORT, certPath, keyPath, rootCAPath, _checkCerts,
                                          NUM_THREADS);
 
@@ -213,17 +229,18 @@ SGXWalletServer::importBLSKeyShareImpl(const string &_keyShare, const string &_k
         }
 
         if (!checkHex(hashTmp)) {
-            throw SGXException(BLS_IMPORT_INVALID_KEY_SHARE, string(__FUNCTION__) + ":Invalid BLS key share, please use hex");
+            throw SGXException(BLS_IMPORT_INVALID_KEY_SHARE,
+                               string(__FUNCTION__) + ":Invalid BLS key share, please use hex");
         }
 
         encryptedKeyShareHex = encryptBLSKeyShare2Hex(&errStatus, (char *) errMsg.data(), hashTmp.c_str());
 
         if (errStatus != 0) {
-            throw SGXException(errStatus, string(__FUNCTION__) + ":" +errMsg.data());
+            throw SGXException(errStatus, string(__FUNCTION__) + ":" + errMsg.data());
         }
 
         if (encryptedKeyShareHex.empty()) {
-            throw SGXException(BLS_IMPORT_EMPTY_ENCRYPTED_KEY_SHARE,string(__FUNCTION__) +
+            throw SGXException(BLS_IMPORT_EMPTY_ENCRYPTED_KEY_SHARE, string(__FUNCTION__) +
                                                                      ":Empty encrypted key share");
         }
 
@@ -309,7 +326,6 @@ SGXWalletServer::blsSignMessageHashImpl(const string &_keyShareName, const strin
     result["signatureShare"] = string(signature.data());
 
 
-
     RETURN_SUCCESS(result);
 
 }
@@ -814,7 +830,7 @@ Json::Value SGXWalletServer::deleteBlsKeyImpl(const string &name) {
             result["deleted"] = true;
         } else {
             auto error_msg = "BLS key not found: " + name;
-            throw SGXException(DELETE_BLS_KEY_NOT_FOUND, string(__FUNCTION__)+ ":" + error_msg.c_str());
+            throw SGXException(DELETE_BLS_KEY_NOT_FOUND, string(__FUNCTION__) + ":" + error_msg.c_str());
         }
     } HANDLE_SGX_EXCEPTION(result)
 
@@ -903,7 +919,8 @@ Json::Value SGXWalletServer::dkgVerificationV2Impl(const string &_publicShares,
 }
 
 Json::Value
-SGXWalletServer::createBLSPrivateKeyV2Impl(const string &_blsKeyName, const string &_ethKeyName, const string &_polyName,
+SGXWalletServer::createBLSPrivateKeyV2Impl(const string &_blsKeyName, const string &_ethKeyName,
+                                           const string &_polyName,
                                            const string &_secretShare, int _t, int _n) {
     COUNT_STATISTICS
     spdlog::info("Entering {}", __FUNCTION__);

SGXWalletServer.hpp

@@ -55,7 +55,11 @@ class SGXWalletServer : public AbstractStubServer {
     static void checkForDuplicate(map <string, string> &_map, recursive_mutex &_m, const string &_key,
     const string &_value);
 
+
 public:
+
+    static bool verifyCert(string& _certFileName);
+
     static const char* getVersion() {
         return TOSTRING(SGXWALLET_VERSION);
     }