testnet/detee-cli
3
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Fix tonic TLS issues #1

Merged
ghe0 merged 4 commits from wip_fixing_tonic_tls into main 2025-03-29 18:14:46 +00:00
Conversation 0 Commits 4 Files Changed 7 +56 -11
6 changed files with 56 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit bf677875ab - Show all commits

2
Cargo.lock generated
View File

@ -3585,10 +3585,8 @@ dependencies = [
"percent-encoding", "percent-encoding",
"pin-project", "pin-project",
"prost", "prost",
"rustls-pemfile",
"socket2", "socket2",
"tokio", "tokio",
"tokio-rustls",
"tokio-stream", "tokio-stream",
"tower 0.4.13", "tower 0.4.13",
"tower-layer", "tower-layer",

3
Cargo.toml
View File

@ -19,7 +19,8 @@ serde_yaml = "0.9.34"
tabled = "0.17.0" tabled = "0.17.0"
tokio-stream = "0.1.17" tokio-stream = "0.1.17"
tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] } tokio = { version = "1.42.0", features = ["macros", "rt-multi-thread"] }
tonic = { version = "0.12", features = ["tls"] } # tonic = { version = "0.12", features = ["tls"] }
tonic = { version = "0.12" }
thiserror = "2.0.9" thiserror = "2.0.9"
bs58 = "0.5.1" bs58 = "0.5.1"
chrono = "0.4.39" chrono = "0.4.39"

38
src/general/grpc.rs
View File

@ -3,8 +3,10 @@ use crate::snp::grpc::proto::VmContract;
use crate::utils::sign_request; use crate::utils::sign_request;
use detee_shared::general_proto::ReportNodeReq; use detee_shared::general_proto::ReportNodeReq;
use log::{debug, info, warn}; use log::{debug, info, warn};
use rustls::pki_types::pem::PemObject;
use tokio_stream::StreamExt; use tokio_stream::StreamExt;
use tonic::transport::{Certificate, Channel, ClientTlsConfig}; // use tonic::transport::{Certificate, Channel, ClientTlsConfig};
use tonic::transport::Channel;
pub mod proto { pub mod proto {
pub use detee_shared::common_proto::*; pub use detee_shared::common_proto::*;
@ -36,9 +38,34 @@ pub enum Error {
async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> { async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> {
let (brain_url, brain_san) = Config::get_brain_info(); let (brain_url, brain_san) = Config::get_brain_info();
use hyper_rustls::HttpsConnectorBuilder;
use rustls::pki_types::CertificateDer;
use rustls::{ClientConfig, RootCertStore};
let mut detee_root_ca_store = RootCertStore::empty();
detee_root_ca_store
.add(CertificateDer::from_pem_file(Config::get_root_ca_path()?).unwrap())
.unwrap();
let client_tls_config =
ClientConfig::builder().with_root_certificates(detee_root_ca_store).with_no_client_auth();
let connector = HttpsConnectorBuilder::new()
.with_tls_config(client_tls_config)
.https_only()
.enable_http2()
.build();
// let channel = Channel::from_shared(brain_url.to_string())
// .map_err(|_| Error::CorruptedBrainUrl)?
// .connect_with_connector(connector)
// .await
// .unwrap();
Ok(BrainGeneralCliClient::new( Ok(BrainGeneralCliClient::new(
Channel::from_shared(brain_url.to_string()) Channel::from_shared(brain_url.to_string())
.map_err(|_| Error::CorruptedBrainUrl)? .map_err(|_| Error::CorruptedBrainUrl)?
/*
.tls_config( .tls_config(
ClientTlsConfig::new() ClientTlsConfig::new()
.ca_certificate(Certificate::from_pem(std::fs::read_to_string( .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
@ -46,8 +73,10 @@ async fn client() -> Result<BrainGeneralCliClient<Channel>, Error> {
)?)) )?))
.domain_name(brain_san), .domain_name(brain_san),
)? )?
.connect() */
.await?, .connect_with_connector(connector)
.await
.unwrap(),
)) ))
} }
@ -162,7 +191,8 @@ pub async fn admin_list_accounts() -> Result<Vec<Account>, Error> {
pub async fn admin_list_contracts() -> Result<Vec<VmContract>, Error> { pub async fn admin_list_contracts() -> Result<Vec<VmContract>, Error> {
let mut contracts = Vec::new(); let mut contracts = Vec::new();
let mut grpc_stream = client().await?.list_all_vm_contracts(sign_request(Empty {})?).await?.into_inner(); let mut grpc_stream =
client().await?.list_all_vm_contracts(sign_request(Empty {})?).await?.into_inner();
while let Some(stream_update) = grpc_stream.next().await { while let Some(stream_update) = grpc_stream.next().await {
match stream_update { match stream_update {
Ok(contract) => { Ok(contract) => {

5
src/sgx/grpc_brain.rs
View File

@ -5,7 +5,8 @@ use detee_shared::app_proto::{
}; };
use detee_shared::sgx::types::brain::AppDeployConfig; use detee_shared::sgx::types::brain::AppDeployConfig;
use tokio_stream::StreamExt; use tokio_stream::StreamExt;
use tonic::transport::{Certificate, Channel, ClientTlsConfig}; // use tonic::transport::{Certificate, Channel, ClientTlsConfig};
use tonic::transport::Channel;
use crate::config::Config; use crate::config::Config;
use crate::sgx::utils::calculate_nanolp_for_app; use crate::sgx::utils::calculate_nanolp_for_app;
@ -70,6 +71,7 @@ async fn client() -> Result<BrainAppCliClient<Channel>> {
Ok(BrainAppCliClient::new( Ok(BrainAppCliClient::new(
Channel::from_shared(brain_url.to_string()) Channel::from_shared(brain_url.to_string())
.map_err(|_| Error::CorruptedBrainUrl)? .map_err(|_| Error::CorruptedBrainUrl)?
/*
.tls_config( .tls_config(
ClientTlsConfig::new() ClientTlsConfig::new()
.ca_certificate(Certificate::from_pem(std::fs::read_to_string( .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
@ -77,6 +79,7 @@ async fn client() -> Result<BrainAppCliClient<Channel>> {
)?)) )?))
.domain_name(brain_san), .domain_name(brain_san),
)? )?
*/
.connect() .connect()
.await?, .await?,
)) ))

14
src/sgx/grpc_dtpm.rs
View File

@ -63,7 +63,11 @@ pub async fn connect_dtpm_grpc_client(
.enable_http2() .enable_http2()
.build(); .build();
let channel = Endpoint::from_shared(hratls_uri)?.connect_with_connector(connector).await?; let channel = Endpoint::from_shared(hratls_uri)?
// .tls_config(client_tls_config.into())?
.connect_with_connector(connector)
.await
.unwrap();
Ok(DtpmConfigManagerClient::new(channel)) Ok(DtpmConfigManagerClient::new(channel))
} }
@ -74,7 +78,13 @@ pub async fn attest_and_send_config(loaded_config: DtpmConfig, uuid: &str) -> Re
log::trace!("Decoded the configuration... {:?}", req_data); log::trace!("Decoded the configuration... {:?}", req_data);
let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await; // let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
// let (hratls_uri, mr_enclave) = hratls_url_and_mr_enclave_from_app_id(uuid).await;
// dbg!(&hratls_uri, mr_enclave);
let hratls_uri = "https://212.95.45.139:33950".to_string();
let mr_enclave = None;
log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave); log::info!("hratls uri: {}\nmr_enclave: {:?}", &hratls_uri, &mr_enclave);
let client = connect_dtpm_grpc_client(hratls_uri, mr_enclave).await?; let client = connect_dtpm_grpc_client(hratls_uri, mr_enclave).await?;

5
src/snp/grpc.rs
View File

@ -13,7 +13,8 @@ use proto::{
use tokio_stream::StreamExt; use tokio_stream::StreamExt;
use tonic::metadata::errors::InvalidMetadataValue; use tonic::metadata::errors::InvalidMetadataValue;
use tonic::metadata::AsciiMetadataValue; use tonic::metadata::AsciiMetadataValue;
use tonic::transport::{Certificate, Channel, ClientTlsConfig}; // use tonic::transport::{Certificate, Channel, ClientTlsConfig};
use tonic::transport::Channel;
use tonic::Request; use tonic::Request;
lazy_static! { lazy_static! {
@ -88,6 +89,7 @@ async fn client() -> Result<BrainVmCliClient<Channel>, Error> {
Ok(BrainVmCliClient::new( Ok(BrainVmCliClient::new(
Channel::from_shared(brain_url.to_string()) Channel::from_shared(brain_url.to_string())
.map_err(|_| Error::CorruptedBrainUrl)? .map_err(|_| Error::CorruptedBrainUrl)?
/*
.tls_config( .tls_config(
ClientTlsConfig::new() ClientTlsConfig::new()
.ca_certificate(Certificate::from_pem(std::fs::read_to_string( .ca_certificate(Certificate::from_pem(std::fs::read_to_string(
@ -95,6 +97,7 @@ async fn client() -> Result<BrainVmCliClient<Channel>, Error> {
)?)) )?))
.domain_name(brain_san), .domain_name(brain_san),
)? )?
*/
.connect() .connect()
.await?, .await?,
)) ))