You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/05/07 00:11:25 UTC
[incubator-teaclave] branch master updated: [services] Cleanup
unwrap and provide better error handling when launching service
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new cc9a52b [services] Cleanup unwrap and provide better error handling when launching service
cc9a52b is described below
commit cc9a52b2da302decd1ddf2b14620309c11037c34
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Wed May 6 16:48:26 2020 -0700
[services] Cleanup unwrap and provide better error handling when launching service
---
config/src/runtime.rs | 13 ++--
services/access_control/enclave/src/lib.rs | 52 +++++++--------
services/authentication/enclave/src/lib.rs | 75 +++++++++++-----------
services/execution/enclave/src/lib.rs | 29 ++++-----
services/frontend/enclave/src/lib.rs | 23 ++++---
services/management/enclave/src/lib.rs | 50 +++++++--------
services/scheduler/enclave/src/lib.rs | 50 +++++++--------
services/storage/enclave/src/lib.rs | 53 +++++++--------
.../enclave/src/authentication_service.rs | 6 +-
tests/functional/enclave/src/utils.rs | 8 +--
10 files changed, 165 insertions(+), 194 deletions(-)
diff --git a/config/src/runtime.rs b/config/src/runtime.rs
index f8b324f..1695359 100644
--- a/config/src/runtime.rs
+++ b/config/src/runtime.rs
@@ -73,8 +73,10 @@ pub struct AuditConfig {
enclave_info_source: ConfigSource,
#[serde(rename(serialize = "auditor_signatures", deserialize = "auditor_signatures"))]
auditor_signatures_source: Vec<ConfigSource>,
- pub enclave_info_bytes: Option<Vec<u8>>,
- pub auditor_signatures_bytes: Option<Vec<Vec<u8>>>,
+ #[serde(default = "Default::default")]
+ pub enclave_info_bytes: Vec<u8>,
+ #[serde(default = "Default::default")]
+ pub auditor_signatures_bytes: Vec<Vec<u8>>,
}
#[derive(Debug, Serialize, Deserialize)]
@@ -99,10 +101,9 @@ impl RuntimeConfig {
config.audit.enclave_info_bytes = match &config.audit.enclave_info_source {
ConfigSource::Path(ref enclave_info_path) => {
- let content = fs::read(enclave_info_path).with_context(|| {
+ fs::read(enclave_info_path).with_context(|| {
format!("Cannot read enclave_info from {:?}", enclave_info_path)
- })?;
- Some(content)
+ })?
}
};
@@ -114,7 +115,7 @@ impl RuntimeConfig {
};
signatures.push(signature);
}
- config.audit.auditor_signatures_bytes = Some(signatures);
+ config.audit.auditor_signatures_bytes = signatures;
if env::var("AS_ALGO").is_ok()
&& env::var("AS_URL").is_ok()
diff --git a/services/access_control/enclave/src/lib.rs b/services/access_control/enclave/src/lib.rs
index a45cdcf..cb86dad 100644
--- a/services/access_control/enclave/src/lib.rs
+++ b/services/access_control/enclave/src/lib.rs
@@ -22,6 +22,7 @@ extern crate sgx_tstd as std;
#[macro_use]
extern crate log;
+use anyhow::{anyhow, Result};
use std::prelude::v1::*;
use teaclave_attestation::{verifier, AttestationConfig, RemoteAttestation};
@@ -45,45 +46,33 @@ use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
mod acs;
mod service;
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let listen_address = config.internal_endpoints.access_control.listen_address;
let attestation_config = AttestationConfig::from_teaclave_config(&config)?;
let attested_tls_config = RemoteAttestation::new(attestation_config)
- .generate_and_endorse()
- .unwrap()
+ .generate_and_endorse()?
.attested_tls_config()
- .unwrap();
+ .ok_or_else(|| anyhow!("cannot get attested TLS config"))?;
let enclave_info = EnclaveInfo::verify_and_new(
- config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("enclave_info"),
+ &config.audit.enclave_info_bytes,
AUDITOR_PUBLIC_KEYS,
- config
- .audit
- .auditor_signatures_bytes
- .as_ref()
- .expect("auditor signatures"),
+ &config.audit.auditor_signatures_bytes,
)?;
let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> = ACCESS_CONTROL_INBOUND_SERVICES
.iter()
- .map(|service| {
- enclave_info
- .get_enclave_attr(service)
- .expect("enclave_info")
+ .map(|service| match enclave_info.get_enclave_attr(service) {
+ Some(attr) => Ok(attr),
+ None => Err(anyhow!("cannot get enclave attribute of {}", service)),
})
- .collect();
- let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
+ .collect::<Result<_>>()?;
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?
.attestation_report_verifier(
- accepted_enclave_attrs,
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- )
- .unwrap();
+ accepted_enclave_attrs,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ )?;
- acs::init_acs().unwrap();
+ acs::init_acs()?;
let mut server = SgxTrustedTlsServer::<
TeaclaveAccessControlResponse,
TeaclaveAccessControlRequest,
@@ -100,8 +89,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/services/authentication/enclave/src/lib.rs b/services/authentication/enclave/src/lib.rs
index 18d3775..3bf2285 100644
--- a/services/authentication/enclave/src/lib.rs
+++ b/services/authentication/enclave/src/lib.rs
@@ -22,6 +22,7 @@ extern crate sgx_tstd as std;
#[macro_use]
extern crate log;
+use anyhow::{anyhow, Result};
use rand::RngCore;
use std::prelude::v1::*;
@@ -58,15 +59,13 @@ fn start_internal_endpoint(
jwt_secret: Vec<u8>,
attested_tls_config: Arc<RwLock<AttestedTlsConfig>>,
accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr>,
-) {
- let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
+) -> Result<()> {
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?
.attestation_report_verifier(
- accepted_enclave_attrs,
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- )
- .unwrap();
+ accepted_enclave_attrs,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ )?;
let mut server = SgxTrustedTlsServer::<
TeaclaveAuthenticationInternalResponse,
@@ -77,9 +76,10 @@ fn start_internal_endpoint(
internal_service::TeaclaveAuthenticationInternalService::new(db_client, jwt_secret);
match server.start(service) {
- Ok(_) => (),
+ Ok(_) => Ok(()),
Err(e) => {
error!("Service exit, error: {}.", e);
+ Err(anyhow!("cannot start internal endpoint"))
}
}
}
@@ -89,9 +89,8 @@ fn start_api_endpoint(
db_client: user_db::DbClient,
jwt_secret: Vec<u8>,
attested_tls_config: Arc<RwLock<AttestedTlsConfig>>,
-) {
- let server_config =
- SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config).unwrap();
+) -> Result<()> {
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?;
let mut server = SgxTrustedTlsServer::<
TeaclaveAuthenticationApiResponse,
@@ -101,43 +100,34 @@ fn start_api_endpoint(
let service = api_service::TeaclaveAuthenticationApiService::new(db_client, jwt_secret);
match server.start(service) {
- Ok(_) => (),
+ Ok(_) => Ok(()),
Err(e) => {
error!("Service exit, error: {}.", e);
+ Err(anyhow!("cannot start API endpoint"))
}
}
}
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let enclave_info = EnclaveInfo::verify_and_new(
- config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("enclave_info"),
+ &config.audit.enclave_info_bytes,
AUDITOR_PUBLIC_KEYS,
- config
- .audit
- .auditor_signatures_bytes
- .as_ref()
- .expect("auditor signatures"),
+ &config.audit.auditor_signatures_bytes,
)?;
let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> = AUTHENTICATION_INBOUND_SERVICES
.iter()
- .map(|service| {
- enclave_info
- .get_enclave_attr(service)
- .expect("enclave_info")
+ .map(|service| match enclave_info.get_enclave_attr(service) {
+ Some(attr) => Ok(attr),
+ None => Err(anyhow!("cannot get enclave attribute of {}", service)),
})
- .collect();
+ .collect::<Result<_>>()?;
let api_listen_address = config.api_endpoints.authentication.listen_address;
let internal_listen_address = config.internal_endpoints.authentication.listen_address;
let attestation_config = AttestationConfig::from_teaclave_config(&config)?;
let attested_tls_config = RemoteAttestation::new(attestation_config)
- .generate_and_endorse()
- .unwrap()
+ .generate_and_endorse()?
.attested_tls_config()
- .unwrap();
+ .ok_or_else(|| anyhow!("cannot get attested TLS config"))?;
let database = user_db::Database::open()?;
let mut api_jwt_secret = vec![0; user_info::JWT_SECRET_LEN];
let mut rng = rand::thread_rng();
@@ -147,7 +137,7 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
let attested_tls_config_ref = attested_tls_config.clone();
let client = database.get_client();
let api_endpoint_thread_handler = thread::spawn(move || {
- start_api_endpoint(
+ let _ = start_api_endpoint(
api_listen_address,
client,
api_jwt_secret,
@@ -157,7 +147,7 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
let client = database.get_client();
let internal_endpoint_thread_handler = thread::spawn(move || {
- start_internal_endpoint(
+ let _ = start_internal_endpoint(
internal_listen_address,
client,
internal_jwt_secret,
@@ -166,16 +156,25 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
);
});
- api_endpoint_thread_handler.join().unwrap();
- internal_endpoint_thread_handler.join().unwrap();
+ api_endpoint_thread_handler
+ .join()
+ .expect("cannot join API endpoint thread");
+ internal_endpoint_thread_handler
+ .join()
+ .expect("cannot join internal endpoint thread");
Ok(())
}
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/services/execution/enclave/src/lib.rs b/services/execution/enclave/src/lib.rs
index af99909..0903090 100644
--- a/services/execution/enclave/src/lib.rs
+++ b/services/execution/enclave/src/lib.rs
@@ -24,6 +24,8 @@ extern crate sgx_tstd as std;
use std::prelude::v1::*;
use std::untrusted::path::PathEx;
+use anyhow::{ensure, Result};
+
use teaclave_attestation::verifier;
use teaclave_binder::proto::{
ECallCommand, FinalizeEnclaveInput, FinalizeEnclaveOutput, InitEnclaveInput, InitEnclaveOutput,
@@ -40,19 +42,11 @@ mod ocall;
mod service;
mod task_file_manager;
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let enclave_info = EnclaveInfo::verify_and_new(
- config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("enclave_info"),
+ &config.audit.enclave_info_bytes,
AUDITOR_PUBLIC_KEYS,
- config
- .audit
- .auditor_signatures_bytes
- .as_ref()
- .expect("auditor signatures"),
+ &config.audit.auditor_signatures_bytes,
)?;
let scheduler_service_address = &config.internal_endpoints.scheduler.advertised_address;
let scheduler_service_endpoint = create_trusted_scheduler_endpoint(
@@ -69,13 +63,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[cfg(test_mode)]
std::untrusted::fs::create_dir_all(&fusion_base)?;
- anyhow::ensure!(
+ ensure!(
fusion_base.exists(),
"Fusion base directory is not mounted: {}",
fusion_base.display()
);
- let mut service = service::TeaclaveExecutionService::new(scheduler_service_endpoint).unwrap();
+ let mut service = service::TeaclaveExecutionService::new(scheduler_service_endpoint)?;
let _ = service.start();
Ok(())
@@ -83,8 +77,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/services/frontend/enclave/src/lib.rs b/services/frontend/enclave/src/lib.rs
index bf0cf20..12ce802 100644
--- a/services/frontend/enclave/src/lib.rs
+++ b/services/frontend/enclave/src/lib.rs
@@ -22,6 +22,7 @@ extern crate sgx_tstd as std;
#[macro_use]
extern crate log;
+use anyhow::{anyhow, Result};
use std::prelude::v1::*;
use teaclave_attestation::verifier;
@@ -45,24 +46,21 @@ use teaclave_types::{TeeServiceError, TeeServiceResult};
mod service;
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let listen_address = config.api_endpoints.frontend.listen_address;
let attestation_config = AttestationConfig::from_teaclave_config(&config)?;
let attested_tls_config = RemoteAttestation::new(attestation_config)
- .generate_and_endorse()
- .unwrap()
+ .generate_and_endorse()?
.attested_tls_config()
- .unwrap();
- let server_config =
- SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config).unwrap();
+ .ok_or_else(|| anyhow!("cannot get attested TLS config"))?;
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?;
let mut server = SgxTrustedTlsServer::<TeaclaveFrontendResponse, TeaclaveFrontendRequest>::new(
listen_address,
server_config,
);
- let enclave_info =
- teaclave_types::EnclaveInfo::from_bytes(&config.audit.enclave_info_bytes.as_ref().unwrap());
+ let enclave_info = teaclave_types::EnclaveInfo::from_bytes(&config.audit.enclave_info_bytes);
let authentication_service_endpoint = create_trusted_authentication_endpoint(
&config.internal_endpoints.authentication.advertised_address,
&enclave_info,
@@ -92,8 +90,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/services/management/enclave/src/lib.rs b/services/management/enclave/src/lib.rs
index 2eefa6d..bdba877 100644
--- a/services/management/enclave/src/lib.rs
+++ b/services/management/enclave/src/lib.rs
@@ -22,6 +22,7 @@ extern crate sgx_tstd as std;
#[macro_use]
extern crate log;
+use anyhow::{anyhow, Result};
use std::prelude::v1::*;
@@ -43,43 +44,31 @@ use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
mod service;
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let listen_address = config.internal_endpoints.management.listen_address;
let attestation_config = AttestationConfig::from_teaclave_config(&config)?;
let attested_tls_config = RemoteAttestation::new(attestation_config)
- .generate_and_endorse()
- .unwrap()
+ .generate_and_endorse()?
.attested_tls_config()
- .unwrap();
+ .ok_or_else(|| anyhow!("cannot get attested TLS config"))?;
let enclave_info = EnclaveInfo::verify_and_new(
- config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("enclave_info"),
+ &config.audit.enclave_info_bytes,
AUDITOR_PUBLIC_KEYS,
- config
- .audit
- .auditor_signatures_bytes
- .as_ref()
- .expect("auditor signatures"),
+ &config.audit.auditor_signatures_bytes,
)?;
let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> = MANAGEMENT_INBOUND_SERVICES
.iter()
- .map(|service| {
- enclave_info
- .get_enclave_attr(service)
- .expect("enclave_info")
+ .map(|service| match enclave_info.get_enclave_attr(service) {
+ Some(attr) => Ok(attr),
+ None => Err(anyhow!("cannot get enclave attribute of {}", service)),
})
- .collect();
- let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
+ .collect::<Result<_>>()?;
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?
.attestation_report_verifier(
- accepted_enclave_attrs,
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- )
- .unwrap();
+ accepted_enclave_attrs,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ )?;
let mut server =
SgxTrustedTlsServer::<TeaclaveManagementResponse, TeaclaveManagementRequest>::new(
listen_address,
@@ -108,8 +97,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/services/scheduler/enclave/src/lib.rs b/services/scheduler/enclave/src/lib.rs
index 90d85d4..93b5943 100644
--- a/services/scheduler/enclave/src/lib.rs
+++ b/services/scheduler/enclave/src/lib.rs
@@ -25,6 +25,7 @@ use std::prelude::v1::*;
#[macro_use]
extern crate log;
+use anyhow::{anyhow, Result};
mod publisher;
mod service;
@@ -46,43 +47,31 @@ use teaclave_service_enclave_utils::create_trusted_storage_endpoint;
use teaclave_service_enclave_utils::ServiceEnclave;
use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let listen_address = config.internal_endpoints.scheduler.listen_address;
let attestation_config = AttestationConfig::from_teaclave_config(&config)?;
let attested_tls_config = RemoteAttestation::new(attestation_config)
- .generate_and_endorse()
- .unwrap()
+ .generate_and_endorse()?
.attested_tls_config()
- .unwrap();
+ .ok_or_else(|| anyhow!("cannot get attested TLS config"))?;
let enclave_info = EnclaveInfo::verify_and_new(
- config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("enclave_info"),
+ &config.audit.enclave_info_bytes,
AUDITOR_PUBLIC_KEYS,
- config
- .audit
- .auditor_signatures_bytes
- .as_ref()
- .expect("auditor signatures"),
+ &config.audit.auditor_signatures_bytes,
)?;
let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> = SCHEDULER_INBOUND_SERVICES
.iter()
- .map(|service| {
- enclave_info
- .get_enclave_attr(service)
- .expect("enclave_info")
+ .map(|service| match enclave_info.get_enclave_attr(service) {
+ Some(attr) => Ok(attr),
+ None => Err(anyhow!("cannot get enclave attribute of {}", service)),
})
- .collect();
- let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
+ .collect::<Result<_>>()?;
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?
.attestation_report_verifier(
- accepted_enclave_attrs,
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- )
- .unwrap();
+ accepted_enclave_attrs,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ )?;
let mut server =
SgxTrustedTlsServer::<TeaclaveSchedulerResponse, TeaclaveSchedulerRequest>::new(
@@ -110,8 +99,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/services/storage/enclave/src/lib.rs b/services/storage/enclave/src/lib.rs
index 46c3958..15a3382 100644
--- a/services/storage/enclave/src/lib.rs
+++ b/services/storage/enclave/src/lib.rs
@@ -23,10 +23,12 @@ extern crate sgx_tstd as std;
extern crate log;
use std::cell::RefCell;
+use std::format;
use std::prelude::v1::*;
use std::sync::mpsc::channel;
use std::thread;
+use anyhow::{anyhow, Result};
use rusty_leveldb::DB;
use teaclave_attestation::{verifier, AttestationConfig, RemoteAttestation};
@@ -46,48 +48,36 @@ use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
mod proxy;
mod service;
-fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
+fn start_service(config: &RuntimeConfig) -> Result<()> {
let listen_address = config.internal_endpoints.storage.listen_address;
let attestation_config = AttestationConfig::from_teaclave_config(&config)?;
let attested_tls_config = RemoteAttestation::new(attestation_config)
- .generate_and_endorse()
- .unwrap()
+ .generate_and_endorse()?
.attested_tls_config()
- .unwrap();
+ .ok_or_else(|| anyhow!("cannot get attested TLS config"))?;
let enclave_info = EnclaveInfo::verify_and_new(
- config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("enclave_info"),
+ &config.audit.enclave_info_bytes,
AUDITOR_PUBLIC_KEYS,
- config
- .audit
- .auditor_signatures_bytes
- .as_ref()
- .expect("auditor signatures"),
+ &config.audit.auditor_signatures_bytes,
)?;
let accepted_enclave_attrs: Vec<teaclave_types::EnclaveAttr> = STORAGE_INBOUND_SERVICES
.iter()
- .map(|service| {
- enclave_info
- .get_enclave_attr(service)
- .expect("enclave_info")
+ .map(|service| match enclave_info.get_enclave_attr(service) {
+ Some(attr) => Ok(attr),
+ None => Err(anyhow!("cannot get enclave attribute of {}", service)),
})
- .collect();
- let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)
- .unwrap()
+ .collect::<Result<_>>()?;
+ let server_config = SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config)?
.attestation_report_verifier(
- accepted_enclave_attrs,
- AS_ROOT_CA_CERT,
- verifier::universal_quote_verifier,
- )
- .unwrap();
+ accepted_enclave_attrs,
+ AS_ROOT_CA_CERT,
+ verifier::universal_quote_verifier,
+ )?;
let (sender, receiver) = channel();
thread::spawn(move || {
let opt = rusty_leveldb::in_memory();
- let storage = DB::open("teaclave_db", opt).unwrap();
+ let storage = DB::open("teaclave_db", opt).expect("cannot open teaclave_db");
let mut storage_service =
service::TeaclaveStorageService::new(RefCell::new(storage), receiver);
storage_service.start();
@@ -111,8 +101,13 @@ fn start_service(config: &RuntimeConfig) -> anyhow::Result<()> {
#[handle_ecall]
fn handle_start_service(input: &StartServiceInput) -> TeeServiceResult<StartServiceOutput> {
- start_service(&input.config).map_err(|_| TeeServiceError::ServiceError)?;
- Ok(StartServiceOutput)
+ match start_service(&input.config) {
+ Ok(_) => Ok(StartServiceOutput),
+ Err(e) => {
+ log::error!("Failed to start the service: {}", e);
+ Err(TeeServiceError::ServiceError)
+ }
+ }
}
#[handle_ecall]
diff --git a/tests/functional/enclave/src/authentication_service.rs b/tests/functional/enclave/src/authentication_service.rs
index e85785a..a3257d5 100644
--- a/tests/functional/enclave/src/authentication_service.rs
+++ b/tests/functional/enclave/src/authentication_service.rs
@@ -28,8 +28,7 @@ use teaclave_types::EnclaveInfo;
fn get_api_client() -> TeaclaveAuthenticationApiClient {
let runtime_config = RuntimeConfig::from_toml("runtime.config.toml").expect("runtime");
- let enclave_info =
- EnclaveInfo::from_bytes(&runtime_config.audit.enclave_info_bytes.as_ref().unwrap());
+ let enclave_info = EnclaveInfo::from_bytes(&runtime_config.audit.enclave_info_bytes);
let enclave_attr = enclave_info
.get_enclave_attr("teaclave_authentication_service")
.expect("authentication");
@@ -48,8 +47,7 @@ fn get_api_client() -> TeaclaveAuthenticationApiClient {
fn get_internal_client() -> TeaclaveAuthenticationInternalClient {
let runtime_config = RuntimeConfig::from_toml("runtime.config.toml").expect("runtime");
- let enclave_info =
- EnclaveInfo::from_bytes(&runtime_config.audit.enclave_info_bytes.as_ref().unwrap());
+ let enclave_info = EnclaveInfo::from_bytes(&runtime_config.audit.enclave_info_bytes);
let enclave_attr = enclave_info
.get_enclave_attr("teaclave_authentication_service")
.expect("authentication");
diff --git a/tests/functional/enclave/src/utils.rs b/tests/functional/enclave/src/utils.rs
index 4ef0c68..aa264b7 100644
--- a/tests/functional/enclave/src/utils.rs
+++ b/tests/functional/enclave/src/utils.rs
@@ -83,13 +83,7 @@ pub const FRONTEND_SERVICE_ADDR: &str = "localhost:7777";
lazy_static! {
static ref ENCLAVE_INFO: EnclaveInfo = {
let runtime_config = RuntimeConfig::from_toml(CONFIG_FILE).expect("runtime config");
- EnclaveInfo::from_bytes(
- &runtime_config
- .audit
- .enclave_info_bytes
- .as_ref()
- .expect("encalve info"),
- )
+ EnclaveInfo::from_bytes(&runtime_config.audit.enclave_info_bytes)
};
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org