From 0c0c4c4abcb949890c3f12228fd6f1f8c4e0a1a0 Mon Sep 17 00:00:00 2001
From: Shirong Hao <shirong@linux.alibaba.com>
Date: Thu, 15 Apr 2021 02:14:09 +0000
Subject: [PATCH] ADD Enclave TLS Server demo

---
 demos/enclave_tls/README.md                   | 20 +++++++++++++++++++
 .../download_and_build_enclave_tls.sh         |  9 +++++++++
 .../run_enclave_tls_server_in_occlum.sh       | 20 +++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 demos/enclave_tls/README.md
 create mode 100755 demos/enclave_tls/download_and_build_enclave_tls.sh
 create mode 100755 demos/enclave_tls/run_enclave_tls_server_in_occlum.sh

diff --git a/demos/enclave_tls/README.md b/demos/enclave_tls/README.md
new file mode 100644
index 00000000..3a2d5505
--- /dev/null
+++ b/demos/enclave_tls/README.md
@@ -0,0 +1,20 @@
+# Use Enclave TLS server with Occlum
+
+This project demonstrates how to run a server with [Enclave TLS](https://github.com/alibaba/inclavare-containers/tree/master/enclave-tls).
+
+Step 1: Download and build Enclave TLS.
+```shell
+./download_and_build_enclave_tls.sh
+```
+When completed, the resulting server can be found at `/opt/enclave-tls/bin`.
+
+Step 2: You can run the encalve tls server on Occlum.
+```shell
+./run_enclave_tls_server_in_occlum.sh
+```
+
+Step 3: To check whether the enclave tls server works, run
+```shell
+/opt/enclave-tls/bin/enclave-tls-client
+```
+in another terminal.
diff --git a/demos/enclave_tls/download_and_build_enclave_tls.sh b/demos/enclave_tls/download_and_build_enclave_tls.sh
new file mode 100755
index 00000000..f1759c2f
--- /dev/null
+++ b/demos/enclave_tls/download_and_build_enclave_tls.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+set -e
+
+# Download and Build Enclave Tls server
+mkdir -p enclave_tls_src
+pushd enclave_tls_src
+git clone https://github.com/alibaba/inclavare-containers
+cd inclavare-containers/enclave-tls && make OCCLUM=1 && make install
+popd
diff --git a/demos/enclave_tls/run_enclave_tls_server_in_occlum.sh b/demos/enclave_tls/run_enclave_tls_server_in_occlum.sh
new file mode 100755
index 00000000..2e3683ec
--- /dev/null
+++ b/demos/enclave_tls/run_enclave_tls_server_in_occlum.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+set -e
+
+# 1. Init Occlum Workspace
+rm -rf occlum_workspace
+mkdir occlum_workspace
+cd occlum_workspace
+occlum init
+
+# 2. Copy files into Occlum Workspace and Build
+cp -f /opt/enclave-tls/bin/enclave-tls-server image/bin
+cp -f /opt/occlum/glibc/lib/libdl.so.2 image/opt/occlum/glibc/lib
+mkdir -p image/opt/enclave-tls
+cp -rf /opt/enclave-tls/lib image/opt/enclave-tls
+# The following libs are required by libenclave_quote_sgx_ecdsa.so
+cp /usr/lib/x86_64-linux-gnu/libsgx_dcap_quoteverify.so.1 image/opt/occlum/glibc/lib
+occlum build
+
+# 3. Run enclave_tls_server
+occlum run /bin/enclave-tls-server