Skip to content

S
sgxwallet
Unverified Commit ed41bdb2 authored by kladko's avatar kladko
Browse files
Options

SKALE-2536-fix-cert

parent a86223fe
Hide whitespace changes
Inline Side-by-side
Showing with 46 additions and 41 deletions
Log.h
View file @ ed41bdb2
...@@ -71,7 +71,9 @@ public: ...@@ -71,7 +71,9 @@ public:
}; };
#define INIT_RESULT(__RESULT__) Json::Value __RESULT__; __RESULT__["status"] = 0; __RESULT__["errorMessage"] = ""; #define INIT_RESULT(__RESULT__) Json::Value __RESULT__; __RESULT__["status"] = 0; __RESULT__["errorMessage"] = "";
#define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} #define HANDLE_SGX_EXCEPTION(_RESULT_) catch (SGXException &__e) { Log::handleSGXException(_RESULT_, __e);} \
catch (exception &__e) {spdlog::error(__e.what()); _RESULT_["status"] = 1; _RESULT_["errorMessage"] = __e.what();}
#define LOCK(__M__) lock_guard<recursive_mutex> lock(__M__); #define LOCK(__M__) lock_guard<recursive_mutex> lock(__M__);
#endif #endif
......
SGXRegistrationServer.cpp
View file @ ed41bdb2
...@@ -67,42 +67,50 @@ Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) { ...@@ -67,42 +67,50 @@ Json::Value signCertificateImpl(const string &_csr, bool _autoSign = false) {
try { try {
string status = "1";
string hash = cryptlite::sha256::hash_hex(_csr); string hash = cryptlite::sha256::hash_hex(_csr);
if (!_autoSign) {
string db_key = "CSR:HASH:" + hash; if (system("ls " CERT_DIR "/" CERT_CREATE_COMMAND) != 0) {
LevelDB::getCsrStatusDb()->writeDataUnique(db_key, _csr); spdlog::error("cert/create_client_cert does not exist");
throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
} }
if (_autoSign) { if (_autoSign) {
string csr_name = "cert/" + hash + ".csr"; string csr_name = string(CERT_DIR) + "/" + hash + ".csr";
ofstream outfile(csr_name); ofstream outfile(csr_name);
outfile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
outfile << _csr << endl; outfile << _csr << endl;
outfile.close(); outfile.close();
if (access(csr_name.c_str(), F_OK) != 0) {
throw SGXException(FILE_NOT_FOUND, "Csr does not exist"); if (system(("ls " + csr_name).c_str()) != 0) {
spdlog::error("could not create csr file");
throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
} }
string genCert = "cd cert && ./create_client_cert " + hash;
string genCert = string("cd ") + CERT_DIR + "&& ./" + CERT_CREATE_COMMAND + " " + hash;
if (system(("rm -f " + csr_name).c_str()) != 0) {
spdlog::error("could not delete csr file");
}
if (system(genCert.c_str()) == 0) { if (system(genCert.c_str()) == 0) {
spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED"); spdlog::info("CLIENT CERTIFICATE IS SUCCESSFULLY GENERATED");
status = "0"; string db_key = "CSR:HASH:" + hash + "STATUS:";
string status = "0";
LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
} else { } else {
spdlog::info("CLIENT CERTIFICATE GENERATION FAILED"); spdlog::error("CLIENT CERTIFICATE GENERATION FAILED");
string status_db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FAIL_TO_CREATE_CERTIFICATE));
throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED"); throw SGXException(FAIL_TO_CREATE_CERTIFICATE, "CLIENT CERTIFICATE GENERATION FAILED");
//exit(-1);
} }
} else {
string db_key = "CSR:HASH:" + hash;
LevelDB::getCsrStatusDb()->writeDataUnique(db_key, _csr);
} }
result["result"] = true; result["result"] = true;
result["hash"] = hash; result["hash"] = hash;
string db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->writeDataUnique(db_key, status);
} HANDLE_SGX_EXCEPTION(result) } HANDLE_SGX_EXCEPTION(result)
...@@ -117,34 +125,23 @@ Json::Value getCertificateImpl(const string &hash) { ...@@ -117,34 +125,23 @@ Json::Value getCertificateImpl(const string &hash) {
string db_key = "CSR:HASH:" + hash + "STATUS:"; string db_key = "CSR:HASH:" + hash + "STATUS:";
shared_ptr <string> status_str_ptr = LevelDB::getCsrStatusDb()->readString(db_key); shared_ptr <string> status_str_ptr = LevelDB::getCsrStatusDb()->readString(db_key);
if (status_str_ptr == nullptr) { if (status_str_ptr == nullptr) {
throw SGXException(KEY_SHARE_DOES_NOT_EXIST, "Data with this name does not exist in csr db"); throw SGXException(CERT_REQUEST_DOES_NOT_EXIST, "Data with this name does not exist in csr db");
} }
int status = atoi(status_str_ptr->c_str()); int status = atoi(status_str_ptr->c_str());
if (status == 0) { if (status == 0) {
string crtPath = "cert/" + hash + ".crt"; string crtPath = "cert/" + hash + ".crt";
ifstream infile(crtPath);
if (!infile.is_open()) {
string status_db_key = "CSR:HASH:" + hash + "STATUS:";
LevelDB::getCsrStatusDb()->deleteKey(status_db_key);
LevelDB::getCsrStatusDb()->writeDataUnique(status_db_key, to_string(FILE_NOT_FOUND));
throw SGXException(FILE_NOT_FOUND, "Certificate does not exist");
} else {
ostringstream ss;
ss << infile.rdbuf();
cert = ss.str();
infile.close();
string remove_crt = "cd cert && rm -rf " + hash + ".crt && rm -rf " + hash + ".csr";
if (system(remove_crt.c_str()) == 0) {
//cerr << "cert removed" << endl;
spdlog::info(" cert removed ");
} else {
spdlog::info(" cert was not removed ");
}
if (system(("ls " + crtPath).c_str()) != 0) {
throw SGXException(FILE_NOT_FOUND, "Certificate does not exist");
} }
ifstream infile(crtPath);
infile.exceptions(std::ifstream::failbit | std::ifstream::badbit);
ostringstream ss;
ss << infile.rdbuf();
infile.close();
cert = ss.str();
} }
result["status"] = status; result["status"] = status;
...@@ -173,11 +170,11 @@ int SGXRegistrationServer::initRegistrationServer(bool _autoSign) { ...@@ -173,11 +170,11 @@ int SGXRegistrationServer::initRegistrationServer(bool _autoSign) {
httpServer = make_shared<HttpServer>(BASE_PORT + 1); httpServer = make_shared<HttpServer>(BASE_PORT + 1);
server = make_shared<SGXRegistrationServer>(*httpServer, server = make_shared<SGXRegistrationServer>(*httpServer,
JSONRPC_SERVER_V2, JSONRPC_SERVER_V2,
_autoSign); // hybrid server (json-rpc 1.0 & 2.0) _autoSign); // hybrid server (json-rpc 1.0 & 2.0)
if (!server->StartListening()) { if (!server->StartListening()) {
spdlog::info("Registration server could not start listening"); spdlog::error("Registration server could not start listening on port {}", BASE_PORT + 1);
exit(-1); exit(-1);
} else { } else {
spdlog::info("Registration server started on port {}", BASE_PORT + 1); spdlog::info("Registration server started on port {}", BASE_PORT + 1);
......
SGXRegistrationServer.h
View file @ ed41bdb2
...@@ -31,6 +31,9 @@ ...@@ -31,6 +31,9 @@
#include <jsonrpccpp/server/connectors/httpserver.h> #include <jsonrpccpp/server/connectors/httpserver.h>
#define CERT_DIR "cert"
#define CERT_CREATE_COMMAND "create_client_cert"
using namespace jsonrpc; using namespace jsonrpc;
using namespace std; using namespace std;
......
sgxwallet_common.h
View file @ ed41bdb2
...@@ -81,6 +81,9 @@ extern int autoconfirm; ...@@ -81,6 +81,9 @@ extern int autoconfirm;
#define INVALID_DKG_PARAMS -12 #define INVALID_DKG_PARAMS -12
#define INVALID_SECRET_SHARES_LENGTH -13 #define INVALID_SECRET_SHARES_LENGTH -13
#define CERT_REQUEST_DOES_NOT_EXIST -14
#define INVALID_ECDSA_KEY_NAME -20 #define INVALID_ECDSA_KEY_NAME -20
#define INVALID_HEX -21 #define INVALID_HEX -21
#define INVALID_ECSDA_SIGNATURE -22 #define INVALID_ECSDA_SIGNATURE -22
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment