Cargo.lock

@@ -3585,10 +3585,8 @@ dependencies = [
  "percent-encoding",
  "pin-project",
  "prost",
- "rustls-pemfile",
  "socket2",
  "tokio",
- "tokio-rustls",
  "tokio-stream",
  "tower 0.4.13",
  "tower-layer",

Cargo.toml

@@ -19,7 +19,8 @@ serde_yaml = "0.9.34"
 tabled = "0.17.0"
 tokio-stream = "0.1.17"
 tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] }
-tonic = { version = "0.12", features = ["tls"] }
+# tonic = { version = "0.12", features = ["tls"] }
+tonic = { version = "0.12" }
 thiserror = "2.0.9"
 bs58 = "0.5.1"
 chrono = "0.4.39"

src/general/grpc.rs

@@ -3,8 +3,10 @@ use crate::snp::grpc::proto::VmContract;
 use crate::utils::sign_request;
 use detee_shared::general_proto::ReportNodeReq;
 use log::{debug, info, warn};
+use rustls::pki_types::pem::PemObject;
 use tokio_stream::StreamExt;
-use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+// use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+use tonic::transport::Channel;
 
 pub mod proto {
     pub use detee_shared::common_proto::*;
@@ -36,9 +38,34 @@ pub enum Error {
 
 async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> {
     let (brain_url, brain_san) = Config::get_brain_info();
+
+    use hyper_rustls::HttpsConnectorBuilder;
+    use rustls::pki_types::CertificateDer;
+    use rustls::{ClientConfig, RootCertStore};
+
+    let mut detee_root_ca_store = RootCertStore::empty();
+    detee_root_ca_store
+        .add(CertificateDer::from_pem_file(Config::get_root_ca_path()?).unwrap())
+        .unwrap();
+
+    let client_tls_config =
+        ClientConfig::builder().with_root_certificates(detee_root_ca_store).with_no_client_auth();
+    let connector = HttpsConnectorBuilder::new()
+        .with_tls_config(client_tls_config)
+        .https_only()
+        .enable_http2()
+        .build();
+
+    // let channel = Channel::from_shared(brain_url.to_string())
+    //     .map_err(|_| Error::CorruptedBrainUrl)?
+    //     .connect_with_connector(connector)
+    //     .await
+    //     .unwrap();
+
     Ok(BrainGeneralCliClient::new(
         Channel::from_shared(brain_url.to_string())
             .map_err(|_| Error::CorruptedBrainUrl)?
+            /*
             .tls_config(
                 ClientTlsConfig::new()
                     .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
@@ -46,8 +73,10 @@ async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> {
                     )?))
                     .domain_name(brain_san),
             )?
-            .connect()
-            .await?,
+             */
+            .connect_with_connector(connector)
+            .await
+            .unwrap(),
     ))
 }
 
@@ -162,7 +191,8 @@ pub async fn admin_list_accounts() -> Result<Vec<Account>, Error> {
 
 pub async fn admin_list_contracts() -> Result<Vec<VmContract>, Error> {
     let mut contracts = Vec::new();
-    let mut grpc_stream = client().await?.list_all_vm_contracts(sign_request(Empty {})?).await?.into_inner();
+    let mut grpc_stream =
+        client().await?.list_all_vm_contracts(sign_request(Empty {})?).await?.into_inner();
     while let Some(stream_update) = grpc_stream.next().await {
         match stream_update {
             Ok(contract) => {

src/sgx/grpc_brain.rs

@@ -5,7 +5,8 @@ use detee_shared::app_proto::{
 };
 use detee_shared::sgx::types::brain::AppDeployConfig;
 use tokio_stream::StreamExt;
-use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+// use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+use tonic::transport::Channel;
 
 use crate::config::Config;
 use crate::sgx::utils::calculate_nanolp_for_app;
@@ -70,6 +71,7 @@ async fn client() -> Result<BrainAppCliClient<Channel>> {
     Ok(BrainAppCliClient::new(
         Channel::from_shared(brain_url.to_string())
             .map_err(|_| Error::CorruptedBrainUrl)?
+            /*
             .tls_config(
                 ClientTlsConfig::new()
                     .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
@@ -77,6 +79,7 @@ async fn client() -> Result<BrainAppCliClient<Channel>> {
                     )?))
                     .domain_name(brain_san),
             )?
+             */
             .connect()
             .await?,
     ))

src/sgx/grpc_dtpm.rs

@@ -63,7 +63,11 @@ pub async fn connect_dtpm_grpc_client(
         .enable_http2()
         .build();
 
-    let channel = Endpoint::from_shared(hratls_uri)?.connect_with_connector(connector).await?;
+    let channel = Endpoint::from_shared(hratls_uri)?
+        // .tls_config(client_tls_config.into())?
+        .connect_with_connector(connector)
+        .await
+        .unwrap();
 
     Ok(DtpmConfigManagerClient::new(channel))
 }
@@ -74,7 +78,13 @@ pub async fn attest_and_send_config(loaded_config: DtpmConfig, uuid: &str) -> Re
 
     log::trace!("Decoded the configuration... {:?}", req_data);
 
-    let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
+    // let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
+    // let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
+    // dbg!(&hratls_uri, mr_enclave);
+
+    let hratls_uri = "https://212.95.45.139:33950".to_string();
+    let mr_enclave = None;
+
     log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave);
 
     let client = connect_dtpm_grpc_client(hratls_uri, mr_enclave).await?;

src/snp/grpc.rs

@@ -13,7 +13,8 @@ use proto::{
 use tokio_stream::StreamExt;
 use tonic::metadata::errors::InvalidMetadataValue;
 use tonic::metadata::AsciiMetadataValue;
-use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+// use tonic::transport::{Certificate, Channel, ClientTlsConfig};
+use tonic::transport::Channel;
 use tonic::Request;
 
 lazy_static! {
@@ -88,6 +89,7 @@ async fn client() -> Result<BrainVmCliClient<Channel>, Error> {
     Ok(BrainVmCliClient::new(
         Channel::from_shared(brain_url.to_string())
             .map_err(|_| Error::CorruptedBrainUrl)?
+            /*
             .tls_config(
                 ClientTlsConfig::new()
                     .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
@@ -95,6 +97,7 @@ async fn client() -> Result<BrainVmCliClient<Channel>, Error> {
                     )?))
                     .domain_name(brain_san),
             )?
+             */
             .connect()
             .await?,
     ))