[incubator-teaclave] 01/02: [services] Use create_trusted_*_endpoint utility functions to simply creating an trusted service endpoint

Tue, 24 Mar 2020 16:22:21 -0700 

This is an automated email from the ASF dual-hosted git repository.

mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git

commit efe76904edc79bcfeef9cb3c999eb17c08ed4f71
Author: Mingshen Sun <[email protected]>
AuthorDate: Tue Mar 24 14:42:25 2020 -0700

    [services] Use create_trusted_*_endpoint utility functions to simply 
creating an trusted service endpoint
---
 services/frontend/enclave/src/lib.rs   | 50 ++++++++++++----------------------
 services/management/enclave/src/lib.rs | 25 ++++++-----------
 utils/service_enclave_utils/src/lib.rs |  8 ++++++
 3 files changed, 33 insertions(+), 50 deletions(-)

diff --git a/services/frontend/enclave/src/lib.rs 
b/services/frontend/enclave/src/lib.rs
index 3961927..1a0bad4 100644
--- a/services/frontend/enclave/src/lib.rs
+++ b/services/frontend/enclave/src/lib.rs
@@ -35,11 +35,11 @@ use teaclave_config::{RuntimeConfig, BUILD_CONFIG};
 use teaclave_proto::teaclave_frontend_service::{
     TeaclaveFrontendRequest, TeaclaveFrontendResponse,
 };
-use teaclave_rpc::config::SgxTrustedTlsClientConfig;
 use teaclave_rpc::config::SgxTrustedTlsServerConfig;
-use teaclave_rpc::endpoint::Endpoint;
 use teaclave_rpc::server::SgxTrustedTlsServer;
-use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_service_enclave_utils::{
+    create_trusted_authentication_endpoint, 
create_trusted_management_endpoint, ServiceEnclave,
+};
 use teaclave_types::{TeeServiceError, TeeServiceResult};
 
 mod service;
@@ -62,7 +62,7 @@ fn start_service(config: &RuntimeConfig) -> 
anyhow::Result<()> {
         .attested_tls_config()
         .unwrap();
     let server_config =
-        
SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config.clone()).unwrap();
+        
SgxTrustedTlsServerConfig::from_attested_tls_config(attested_tls_config).unwrap();
 
     let mut server = SgxTrustedTlsServer::<TeaclaveFrontendResponse, 
TeaclaveFrontendRequest>::new(
         listen_address,
@@ -71,35 +71,19 @@ fn start_service(config: &RuntimeConfig) -> 
anyhow::Result<()> {
 
     let enclave_info =
         
teaclave_types::EnclaveInfo::from_bytes(&config.audit.enclave_info_bytes.as_ref().unwrap());
-    let enclave_attr = enclave_info
-        .get_enclave_attr("teaclave_authentication_service")
-        .expect("authentication");
-    let client_config =
-        
SgxTrustedTlsClientConfig::from_attested_tls_config(attested_tls_config.clone())
-            .unwrap()
-            .attestation_report_verifier(
-                vec![enclave_attr],
-                AS_ROOT_CA_CERT,
-                verifier::universal_quote_verifier,
-            );
-    let authentication_service_address =
-        &config.internal_endpoints.authentication.advertised_address;
-    let authentication_service_endpoint =
-        Endpoint::new(authentication_service_address).config(client_config);
-
-    let enclave_attr = enclave_info
-        .get_enclave_attr("teaclave_management_service")
-        .expect("management");
-    let client_config = 
SgxTrustedTlsClientConfig::from_attested_tls_config(attested_tls_config)
-        .unwrap()
-        .attestation_report_verifier(
-            vec![enclave_attr],
-            AS_ROOT_CA_CERT,
-            verifier::universal_quote_verifier,
-        );
-    let management_service_address = 
&config.internal_endpoints.management.advertised_address;
-    let management_service_endpoint =
-        Endpoint::new(management_service_address).config(client_config);
+    let authentication_service_endpoint = 
create_trusted_authentication_endpoint(
+        &config.internal_endpoints.authentication.advertised_address,
+        &enclave_info,
+        AS_ROOT_CA_CERT,
+        verifier::universal_quote_verifier,
+    );
+
+    let management_service_endpoint = create_trusted_management_endpoint(
+        &config.internal_endpoints.management.advertised_address,
+        &enclave_info,
+        AS_ROOT_CA_CERT,
+        verifier::universal_quote_verifier,
+    );
 
     let service = service::TeaclaveFrontendService::new(
         authentication_service_endpoint,
diff --git a/services/management/enclave/src/lib.rs 
b/services/management/enclave/src/lib.rs
index afbc615..a80e569 100644
--- a/services/management/enclave/src/lib.rs
+++ b/services/management/enclave/src/lib.rs
@@ -35,10 +35,9 @@ use teaclave_config::{RuntimeConfig, BUILD_CONFIG};
 use teaclave_proto::teaclave_management_service::{
     TeaclaveManagementRequest, TeaclaveManagementResponse,
 };
-use teaclave_rpc::config::{SgxTrustedTlsClientConfig, 
SgxTrustedTlsServerConfig};
-use teaclave_rpc::endpoint::Endpoint;
+use teaclave_rpc::config::SgxTrustedTlsServerConfig;
 use teaclave_rpc::server::SgxTrustedTlsServer;
-use teaclave_service_enclave_utils::ServiceEnclave;
+use teaclave_service_enclave_utils::{create_trusted_storage_endpoint, 
ServiceEnclave};
 use teaclave_types::{EnclaveInfo, TeeServiceError, TeeServiceResult};
 
 mod service;
@@ -100,20 +99,12 @@ fn start_service(config: &RuntimeConfig) -> 
anyhow::Result<()> {
             server_config,
         );
 
-    let storage_service_enclave_attrs = enclave_info
-        .get_enclave_attr("teaclave_storage_service")
-        .expect("enclave_info");
-    let storage_service_client_config = SgxTrustedTlsClientConfig::new()
-        .attestation_report_verifier(
-            vec![storage_service_enclave_attrs],
-            AS_ROOT_CA_CERT,
-            verifier::universal_quote_verifier,
-        );
-
-    let storage_service_address = 
&config.internal_endpoints.storage.advertised_address;
-
-    let storage_service_endpoint =
-        
Endpoint::new(storage_service_address).config(storage_service_client_config);
+    let storage_service_endpoint = create_trusted_storage_endpoint(
+        &config.internal_endpoints.storage.advertised_address,
+        &enclave_info,
+        AS_ROOT_CA_CERT,
+        verifier::universal_quote_verifier,
+    );
 
     let service = 
service::TeaclaveManagementService::new(storage_service_endpoint)?;
     match server.start(service) {
diff --git a/utils/service_enclave_utils/src/lib.rs 
b/utils/service_enclave_utils/src/lib.rs
index a25d56c..b014a55 100644
--- a/utils/service_enclave_utils/src/lib.rs
+++ b/utils/service_enclave_utils/src/lib.rs
@@ -94,6 +94,14 @@ macro_rules! impl_create_trusted_endpoint_fn {
 
 impl_create_trusted_endpoint_fn!(create_trusted_storage_endpoint, 
"teaclave_storage_service");
 impl_create_trusted_endpoint_fn!(
+    create_trusted_authentication_endpoint,
+    "teaclave_authentication_service"
+);
+impl_create_trusted_endpoint_fn!(
+    create_trusted_management_endpoint,
+    "teaclave_management_service"
+);
+impl_create_trusted_endpoint_fn!(
     create_trusted_scheduler_endpoint,
     "teaclave_scheduler_service"
 );


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to