add ratls to key_grabber

2024-10-06 19:56:20 +03:00 · 2024-10-06 19:56:20 +03:00 · 5ea4751e02
commit 5ea4751e02
parent fc20534577
2 changed files with 42 additions and 1 deletions
--- a/rewrite/scripts/package.sh
+++ b/rewrite/scripts/package.sh
@ -14,8 +14,10 @@ if [ "$prerequisites" == "--prep" ]; then
    rustup target add x86_64-unknown-linux-musl
    mkdir -p /root/.ssh

+    echo
    echo "docker cp ~/.ssh/config packager:/root/.ssh/config"
    echo "docker cp ~/.ssh/gitea_ed25519 packager:/root/.ssh/gitea_ed25519"
+    echo
    echo "Run above commands in another terminal"
    while true; do
        echo -n "." && sleep 1
--- a/rewrite/src/grpc/client.rs
+++ b/rewrite/src/grpc/client.rs
@ -120,7 +120,46 @@ impl ConnManager {
 }

 pub async fn key_grabber(node_ip: String) -> Result<(Keypair, Pubkey), Box<dyn std::error::Error>> {
-    let mut client = UpdateClient::connect(format!("http://{node_ip}:31373")).await?;
+    use hyper::Uri;
+    use hyper_util::{client::legacy::connect::HttpConnector, rt::TokioExecutor};
+    use occlum_ratls::{prelude::*, RaTlsConfigBuilder};
+    use tokio_rustls::rustls::ClientConfig;
+
+    println!("Getting key from {node_ip}...");
+
+    let mrsigner_hex = "83E8A0C3ED045D9747ADE06C3BFC70FCA661A4A65FF79A800223621162A88B76";
+    let mrsigner = crate::sgx::mrsigner_from_hex(mrsigner_hex).expect("mrsigner decoding failed");
+    let config = RaTlsConfig::new()
+        .allow_instance_measurement(InstanceMeasurement::new().with_mrsigners(vec![mrsigner]));
+
+    let tls = ClientConfig::from_ratls_config(config)
+        .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, format!("{}", e)))?;
+
+    let mut http = HttpConnector::new();
+    http.enforce_http(false);
+
+    let cloned_node_ip = node_ip.clone();
+
+    let connector = tower::ServiceBuilder::new()
+        .layer_fn(move |s| {
+            let tls = tls.clone();
+
+            hyper_rustls::HttpsConnectorBuilder::new()
+                .with_tls_config(tls)
+                .https_or_http()
+                .enable_http2()
+                .wrap_connector(s)
+        })
+        .map_request(move |_| {
+            Uri::from_str(&format!("https://{cloned_node_ip}:31373")).expect("Could not parse URI")
+        })
+        .service(http);
+
+    let client = hyper_util::client::legacy::Client::builder(TokioExecutor::new()).build(connector);
+
+    let uri = Uri::from_static("https://example.com");
+    let mut client = UpdateClient::with_origin(client, uri);
+
    let response = client.get_keys(tonic::Request::new(Empty {})).await?;
    let response = &response.into_inner();
    let keypair = response.keypair.clone();