You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/03/24 23:22:16 UTC
[incubator-teaclave] 01/02: [services] Use
create_trusted_*_endpoint utility functions to simply creating an trusted
service endpoint
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
commit efe76904edc79bcfeef9cb3c999eb17c08ed4f71
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Tue Mar 24 14:42:25 2020 -0700
[services] Use create_trusted_*_endpoint utility functions to simply creating an trusted service endpoint
---
services/frontend/enclave/src/lib.rs | 50 ++++++++++++----------------------
services/management/enclave/src/lib.rs | 25 ++++++-----------
utils/service_enclave_utils/src/lib.rs | 8 ++++++
3 files changed, 33 insertions(+), 50 deletions(-)
diff --git a/services/frontend/enclave/src/lib.rs b/services/frontend/enclave/src/lib.rs
index 3961927..1a0bad4 100644
--- a/services/frontend/enclave/src/lib.rs
+++ b/services/frontend/enclave/src/lib.rs
@@ -35,11 +35,11 @@ use teaclave_config::{RuntimeConfig, BUILD_CONFIG};
use teaclave_proto::teaclave_frontend_service::{
TeaclaveFrontendRequest, TeaclaveFrontendResponse,
};
-use teaclave_rpc::config::SgxTrustedTlsClientConfig;
use teaclave_rpc::config::SgxTrustedTlsServerConfig;
-use teaclave_rpc::endpoint::Endpoint;
use teaclave_rpc::server::SgxTrustedTlsServer;
-use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_service_enclave_utils::{
+ create_trusted_authentication_endpoint, create_trusted_management_endpoint, ServiceEnclave,
+};
use teaclave_types::{TeeServiceError, TeeServiceResult};
mod service;
@@ -62,7 +62,7 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
.attested_tls_config()
.unwrap();
let server_config =
- SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config.clone()).unwrap();
+ SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config).unwrap();
let mut server = SgxTrustedTlsServer::<TeaclaveFrontendResponse, TeaclaveFrontendRequest>::new(
listen_address,
@@ -71,35 +71,19 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
let enclave_info =
teaclave_types::EnclaveInfo::from_bytes(&config.audit.enclave_info_bytes.as_ref().unwrap());
- let enclave_attr = enclave_info
- .get_enclave_attr("teaclave_authentication_service")
- .expect("authentication");
- let client_config =
- SgxTrustedTlsClientConfig::from_attested_tls_config(attested_tls_config.clone())
- .unwrap()
- .attestation_report_verifier(
- vec![enclave_attr],
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- );
- let authentication_service_address =
- &config.internal_endpoints.authentication.advertised_address;
- let authentication_service_endpoint =
- Endpoint::new(authentication_service_address).config(client_config);
-
- let enclave_attr = enclave_info
- .get_enclave_attr("teaclave_management_service")
- .expect("management");
- let client_config = SgxTrustedTlsClientConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
- .attestation_report_verifier(
- vec![enclave_attr],
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- );
- let management_service_address = &config.internal_endpoints.management.advertised_address;
- let management_service_endpoint =
- Endpoint::new(management_service_address).config(client_config);
+ let authentication_service_endpoint = create_trusted_authentication_endpoint(
+ &config.internal_endpoints.authentication.advertised_address,
+ &enclave_info,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ );
+
+ let management_service_endpoint = create_trusted_management_endpoint(
+ &config.internal_endpoints.management.advertised_address,
+ &enclave_info,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ );
let service = service::TeaclaveFrontendService::new(
authentication_service_endpoint,
diff --git a/services/management/enclave/src/lib.rs b/services/management/enclave/src/lib.rs
index afbc615..a80e569 100644
--- a/services/management/enclave/src/lib.rs
+++ b/services/management/enclave/src/lib.rs
@@ -35,10 +35,9 @@ use teaclave_config::{RuntimeConfig, BUILD_CONFIG};
use teaclave_proto::teaclave_management_service::{
TeaclaveManagementRequest, TeaclaveManagementResponse,
};
-use teaclave_rpc::config::{SgxTrustedTlsClientConfig, SgxTrustedTlsServerConfig};
-use teaclave_rpc::endpoint::Endpoint;
+use teaclave_rpc::config::SgxTrustedTlsServerConfig;
use teaclave_rpc::server::SgxTrustedTlsServer;
-use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_service_enclave_utils::{create_trusted_storage_endpoint, ServiceEnclave};
use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
mod service;
@@ -100,20 +99,12 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
server_config,
);
- let storage_service_enclave_attrs = enclave_info
- .get_enclave_attr("teaclave_storage_service")
- .expect("enclave_info");
- let storage_service_client_config = SgxTrustedTlsClientConfig::new()
- .attestation_report_verifier(
- vec![storage_service_enclave_attrs],
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- );
-
- let storage_service_address = &config.internal_endpoints.storage.advertised_address;
-
- let storage_service_endpoint =
- Endpoint::new(storage_service_address).config(storage_service_client_config);
+ let storage_service_endpoint = create_trusted_storage_endpoint(
+ &config.internal_endpoints.storage.advertised_address,
+ &enclave_info,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ );
let service = service::TeaclaveManagementService::new(storage_service_endpoint)?;
match server.start(service) {
diff --git a/utils/service_enclave_utils/src/lib.rs b/utils/service_enclave_utils/src/lib.rs
index a25d56c..b014a55 100644
--- a/utils/service_enclave_utils/src/lib.rs
+++ b/utils/service_enclave_utils/src/lib.rs
@@ -94,6 +94,14 @@ macro_rules! impl_create_trusted_endpoint_fn {
impl_create_trusted_endpoint_fn!(create_trusted_storage_endpoint, "teaclave_storage_service");
impl_create_trusted_endpoint_fn!(
+ create_trusted_authentication_endpoint,
+ "teaclave_authentication_service"
+);
+impl_create_trusted_endpoint_fn!(
+ create_trusted_management_endpoint,
+ "teaclave_management_service"
+);
+impl_create_trusted_endpoint_fn!(
create_trusted_scheduler_endpoint,
"teaclave_scheduler_service"
);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org