pub mod pb { tonic::include_proto!("/grpc.examples.unaryecho"); } use hyper::Uri; use hyper_util::{client::legacy::connect::HttpConnector, rt::TokioExecutor}; use occlum_ratls::prelude::*; use occlum_ratls::RaTlsConfigBuilder; use pb::{echo_client::EchoClient, EchoRequest}; use tokio_rustls::rustls::ClientConfig; #[tokio::main] async fn main() -> Result<(), Box> { env_logger::init_from_env(env_logger::Env::default().default_filter_or("trace")); // let mrsigner_hex = "83E8A0C3ED045D9747ADE06C3BFC70FCA661A4A65FF79A800223621162A88B76"; // let mut mrsigner = [0u8; 32]; // hex::decode_to_slice(mrsigner_hex, &mut mrsigner).expect("mrsigner decoding failed"); let config = RaTlsConfig::new().allow_instance_measurement( // InstanceMeasurement::new().with_mrsigners(vec![mrsigner]) InstanceMeasurement::new().load_mr_signer_from_processor()?, ); let tls = ClientConfig::from_ratls_config(config) .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("{}", e)))?; let mut http = HttpConnector::new(); http.enforce_http(false); // We have to do some wrapping here to map the request type from // `https://example.com` -> `https://[::1]:50051` because `rustls` // doesn't accept ip's as `ServerName`. let connector = tower::ServiceBuilder::new() .layer_fn(move |s| { let tls = tls.clone(); hyper_rustls::HttpsConnectorBuilder::new() .with_tls_config(tls) .https_or_http() .enable_http2() .wrap_connector(s) }) .map_request(|_| Uri::from_static("https://[::1]:50051")) .service(http); let client = hyper_util::client::legacy::Client::builder(TokioExecutor::new()).build(connector); let uri = Uri::from_static("https://example.com"); let mut client = EchoClient::with_origin(client, uri); let request = tonic::Request::new(EchoRequest { message: "hello".into(), }); let response = client.unary_echo(request).await?; println!("RESPONSE={:?}", response); Ok(()) }