From 4ef498b43adcc4a22bff52b0754054c412f15ad3 Mon Sep 17 00:00:00 2001 From: ghe0 Date: Fri, 28 Mar 2025 17:47:20 +0200 Subject: [PATCH] added support for self signed TLS certificates --- Cargo.lock | 4 ++++ Cargo.toml | 2 +- scripts/install_daemon.sh | 3 ++- src/config.rs | 2 +- src/global.rs | 3 +++ src/grpc.rs | 31 +++++++++++++++++++++++++------ src/main.rs | 4 ++-- 7 files changed, 38 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e5b8a49..80681db 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1561,7 +1561,9 @@ version = "0.23.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8" dependencies = [ + "log", "once_cell", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -2009,8 +2011,10 @@ dependencies = [ "percent-encoding", "pin-project", "prost", + "rustls-pemfile", "socket2", "tokio", + "tokio-rustls", "tokio-stream", "tower 0.4.13", "tower-layer", diff --git a/Cargo.toml b/Cargo.toml index f7380a4..12ecb9a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,7 +8,7 @@ env_logger = "0.11.6" prost = "0.13.4" prost-types = "0.13.4" tokio = { version = "1.43.0", features = ["macros", "rt-multi-thread", "fs"] } -tonic = "0.12.3" +tonic = { version = "0.12", features = ["tls"] } reqwest = { version = "0.12.12", features = ["blocking"] } flate2 = "1.0.35" tar = "0.4.43" diff --git a/scripts/install_daemon.sh b/scripts/install_daemon.sh index acf00ef..25e9ce2 100644 --- a/scripts/install_daemon.sh +++ b/scripts/install_daemon.sh @@ -21,6 +21,7 @@ wget -q --show-progress -O /usr/local/bin/detee-sgx-daemon https://registry.dete wget -q --show-progress -O /etc/systemd/system/detee-sgx-daemon.service https://registry.detee.ltd/sgx/daemon/detee-sgx-daemon.service wget -q --show-progress -O /etc/detee/app_daemon/sample_config.yaml https://registry.detee.ltd/sgx/daemon/sample_config.yaml chmod +x /usr/local/bin/detee-sgx-daemon +wget -q --show-progress -O /etc/detee/root_ca.pem https://registry.detee.ltd/root_ca.pem echo "Take a look at /etc/detee/app_daemon/sample_config.yaml" echo "Modify config based on your setup and save it to /etc/detee/app_daemon/config.yaml" @@ -29,4 +30,4 @@ read my_var echo "Starting detee-sgx-daemon..." systemctl daemon-reload -systemctl start detee-sgx-daemon.service \ No newline at end of file +systemctl start detee-sgx-daemon.service diff --git a/src/config.rs b/src/config.rs index 7168570..93604c2 100644 --- a/src/config.rs +++ b/src/config.rs @@ -6,7 +6,7 @@ use crate::global::IP_INFO; #[derive(Debug, Clone, Deserialize)] pub struct HostConfig { - pub brain_url: String, + pub network: String, #[serde(default = "retrieve_node_ip")] pub host_ip_address: String, pub operator_wallet: String, diff --git a/src/global.rs b/src/global.rs index c042cdc..268a6c6 100644 --- a/src/global.rs +++ b/src/global.rs @@ -6,6 +6,9 @@ use std::fs::File; use std::io::{Read, Write}; use std::sync::LazyLock; +pub const DETEE_ROOT_CA: &str = "/etc/detee/root_ca.pem"; +pub const BRAIN_STAGING: (&str, &str) = ("https://159.65.58.38:31337", "staging-brain"); +pub const BRAIN_TESTING: (&str, &str) = ("https://164.92.249.180:31337", "testing-brain"); pub const PACKAGE_ARCHIVE_POSTFIX: &str = "-enclave_package.tar.gz"; pub const PACKAGE_ARCHIVE_DIR_PATH: &str = "./enclave_archives"; pub const PACKAGE_DIR_PATH: &str = "./enclaves"; diff --git a/src/grpc.rs b/src/grpc.rs index 5b626a6..f105be1 100644 --- a/src/grpc.rs +++ b/src/grpc.rs @@ -9,22 +9,41 @@ use tokio::task::JoinSet; use tokio_stream::wrappers::ReceiverStream; use tokio_stream::StreamExt; use tonic::metadata::AsciiMetadataValue; -use tonic::transport::Channel; +use tonic::transport::{Certificate, Channel, ClientTlsConfig}; use tonic::Request; -use crate::global::IP_INFO; -use crate::global::PUBLIC_KEY; +use crate::global::{IP_INFO, PUBLIC_KEY, BRAIN_STAGING, BRAIN_TESTING, DETEE_ROOT_CA}; pub struct ConnectionData { - pub brain_url: String, + pub network: String, pub brain_msg_tx: Sender, pub daemon_msg_rx: Receiver, pub daemon_msg_tx: Sender, pub app_contracts_uuid: Vec, } +async fn client(network: &str) -> Result> { + let (brain_url, brain_san) = match network { + "staging" => BRAIN_STAGING, + "testnet" => BRAIN_TESTING, + _ => { + return Err(anyhow::anyhow!( + "The only networks currently supported are staging and testnet." + )) + } + }; + let pem = std::fs::read_to_string(DETEE_ROOT_CA)?; + let ca = Certificate::from_pem(pem); + + let tls = ClientTlsConfig::new().ca_certificate(ca).domain_name(brain_san); + + let channel = Channel::from_shared(brain_url.to_string())?.tls_config(tls)?.connect().await?; + + Ok(BrainAppDaemonClient::new(channel)) +} + pub async fn register_node(config: &crate::HostConfig) -> Result> { - let mut client = BrainAppDaemonClient::connect(config.brain_url.clone()).await?; + let mut client = client(&config.network).await?; log::debug!("registering node with brain"); @@ -71,7 +90,7 @@ pub async fn register_node(config: &crate::HostConfig) -> Result Result<()> { - let client = BrainAppDaemonClient::connect(conn_data.brain_url).await?; + let client = client(&conn_data.network).await?; let mut streaming_tasks = JoinSet::new(); diff --git a/src/main.rs b/src/main.rs index e8f8cf5..6435e1a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -197,7 +197,7 @@ async fn main() -> Result<(), Box> { let (daemon_msg_tx, daemon_msg_rx) = tokio::sync::mpsc::channel(6); let mut app_handler = AppHandler::new(brain_msg_rx, daemon_msg_tx.clone()); - let brain_url = app_handler.host_config.brain_url.clone(); + let network = app_handler.host_config.network.clone(); let mut contracts = vec![]; match grpc::register_node(&app_handler.host_config).await { @@ -215,7 +215,7 @@ async fn main() -> Result<(), Box> { log::info!("Connecting to brain..."); if let Err(e) = grpc::connect_and_run(grpc::ConnectionData { - brain_url, + network, brain_msg_tx, daemon_msg_rx, daemon_msg_tx,