Getting certificate from host agent. (#155)

* Getting certificate from host agent. * Removing retry logic. * Cleaning up the code. * Resolving comments from last iteration. * Formatting changes. * Formatting updates. * Resolving comments from last iteration. * Resolving comments from last iteration. * Correcting path creation. * Passing eppid as a query parameter, if provided. * Updating the local cached file name. * Adding dependencies to build folder. * Updating docker arguments to use 2 new driver names and comply with SGX driver 1.41. * Adding dependencies. * Adding JSON dependency and updating JenkinsfileTestLinuxRelease. * Adding dependency for add-apt-repository. * Updating configuration files and vcxproj files. * Adding dependency for add-apt-repository. * Closing project header in vcxproj file. * Adding dependency for nlohmann-json3-dev for ACCTestOeRelease test in jenkins file. * Adding dependency for nlohmann-json3-dev for ACCTest and ACCContainerTest in jenkins file. * Adding apt-get update at the start of ACCContainerTest and ACCTestOeRelease task. * Updating readme, resolving comments from last iteration and updating JenkinsFile. * Syntax error * Updating jenkins file variables. * updating jenkinsfile. * Updating dockerfile. * checking sgx device for ubuntu 18. * Updating Jenkins file. * updating jenkinsfile * Updating Jenkins file.
microsoft · Jan 21, 2022 · ddb9b28 · ddb9b28
1 parent b8f8901
commit ddb9b28
Show file tree

Hide file tree

Showing 19 changed files with 770 additions and 469 deletions.
diff --git a/.jenkins/Jenkinsfile b/.jenkins/Jenkinsfile
@@ -17,6 +17,10 @@ def ACCTest(String label, String version, String compiler, String build_type) {
                 }
                 // Run hardware tests using the libdcap_quoteprov.so build
                 def task = """
+                    sudo apt install software-properties-common -y
+                    sudo add-apt-repository ppa:team-xbmc/ppa -y
+                    sudo apt-get update -y
+                    sudo apt-get install nlohmann-json3-dev
                     cd ${WORKSPACE}/src/Linux
                     ./configure
                     make
@@ -33,7 +37,7 @@ def ACCTest(String label, String version, String compiler, String build_type) {
     }
 }
 
-// Test using oetools-test Docker image with /dev/sgx mounted inside container
+// Test using oetools-test Docker image with /dev/sgx_enclave and /dev/sgx_provision mounted inside container
 def ACCContainerTest(String label, String version) {
     stage("Ubuntu ${version} Non-Simulation Container SGX1-FLC RelWithDebInfo") {
         node("${label}") {
@@ -49,6 +53,10 @@ def ACCContainerTest(String label, String version) {
                 // generated az-dcap-client deb package installed
                 def task = """
                         sudo apt-get update -y
+                        sudo apt install software-properties-common -y
+                        sudo add-apt-repository ppa:team-xbmc/ppa -y
+                        sudo apt-get update -y
+                        sudo apt-get install nlohmann-json3-dev
                         sudo apt-get install -y libgtest-dev
                         sudo apt-get install -y cmake
                         cd /usr/src/gtest
@@ -62,13 +70,22 @@ def ACCContainerTest(String label, String version) {
                         dpkg-buildpackage -us -uc
                         sudo dpkg -i ${WORKSPACE}/src/az-dcap-client_*_amd64.deb
                         mkdir -p ${WORKSPACE}/openenclave/build
+                        sudo apt install ca-certificates
                         cd ${WORKSPACE}/openenclave/build
                         git submodule update --recursive --init
                         cmake ${WORKSPACE}/openenclave -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo
                         ninja -v
                         ctest --output-on-failure
                        """
-                dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+                echo"***************************   ${version.trim()} ****************************"
+                if(version.contains('20.04'))
+                {
+                    dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx/enclave:/dev/sgx/enclave --device /dev/sgx/provision:/dev/sgx/provision --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+                }
+                else
+                {
+                    dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+                } 			
             }
         }
     }
@@ -85,6 +102,10 @@ def ACCTestOeRelease(String label, String version) {
                 // the currently generated az-dcap-client deb package installed
                 def task = """
                         sudo apt-get update -y
+                        sudo apt install software-properties-common -y
+                        sudo add-apt-repository ppa:team-xbmc/ppa -y
+                        sudo apt-get update -y
+                        sudo apt-get install nlohmann-json3-dev
                         sudo apt-get install -y libgtest-dev
                         sudo apt-get install -y cmake
                         cd /usr/src/gtest
@@ -107,8 +128,15 @@ def ACCTestOeRelease(String label, String version) {
                             make run
                         done
                        """
-                dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
-            }
+                if(version.contains('20.04'))
+                {
+                    dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx/enclave:/dev/sgx/enclave --device /dev/sgx/provision:/dev/sgx/provision --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+                }
+                else
+                {
+                    dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+                } 			
+			}
         }
     }
 }

diff --git a/.jenkins/JenkinsfileTestLinuxRelease b/.jenkins/JenkinsfileTestLinuxRelease
@@ -62,7 +62,7 @@ def ACCContainerTest(String label, String version) {
                     ninja -v
                     ctest --output-on-failure
                     """
-                dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+                dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
             }
         }
     }
@@ -95,7 +95,7 @@ def ACCTestOeRelease(String label, String version) {
                         make run
                     done
                     """
-            dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx:/dev/sgx --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
+            dcap.ContainerRun("${DOCKER_REGISTRY}/dcapdockerciregistry-ubuntu${version}:latest", "clang-10", task, "--cap-add=SYS_PTRACE --device /dev/sgx_enclave:/dev/sgx_enclave --device /dev/sgx_provision:/dev/sgx_provision --volume /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket")
             }
         }
     }

diff --git a/README.md b/README.md
@@ -38,6 +38,8 @@ The Azure-DCAP-Client library uses the following environment variables if set:
 * `AZDCAP_BASE_CERT_URL` and `AZDCAP_CLIENT_ID` - Used in conjunction to explicitly overwrite the default values for the PCK caching service. These should be used only for development purposes and they **must** not be used in any production environment.
 * `AZDCAP_COLLATERAL_VERSION` - Used to specify the collateral version requested from the PCK caching service. Must be either'v1' or 'v2' if specified and defaults to 'v1' if unspecified.
 * `AZDCAP_DEBUG_LOG_LEVEL` - Used to enable logging to stdout for debug purposes. Supported values are INFO, WARNING, and ERROR; any other values will fail silently. If a logging callback is set by the caller such as open enclave this setting will be ignored as the logging callback will have precedence. Log levels follow standard behavior: INFO logs everything, WARNING logs warnings and errors, and ERROR logs only errors. Default setting has logging off. These capatalized values are represented internally as strings.
+* `AZDCAP_PRIMARY_BASE_CERT_URL` and `AZDCAP_SECONDARY_BASE_CERT_URL` - Used in conjunction to explicitly overwrite the default values of endpoints to fetch certificates. These should be used only for development purposes and they **must** not be used in any production environment.
+* `AZDCAP_BYPASS_BASE_URL`- Used in conjunction to explicitly fetch certificates from PCK caching service instead of the host agent. This should be used only for development purposes and **must** not be used in any production environment.
 
 # See Also
 

diff --git a/build/Phase2/install_prereqs.cmd b/build/Phase2/install_prereqs.cmd
@@ -8,6 +8,10 @@ apt-get install libssl-dev
 apt install libcurl4-openssl-dev
 apt-get install pkg-config
 
+add-apt-repository ppa:team-xbmc/ppa -y
+apt-get update -y
+apt-get install nlohmann-json3-dev
+
 apt install build-essential
 
 apt-get install -y debhelper dh-virtualenv

diff --git a/src/Linux/README.MD b/src/Linux/README.MD
@@ -6,6 +6,10 @@ This library requires libcurl built with OpenSSL support and package config.
 * `sudo apt-get install libssl-dev`
 * `sudo apt install libcurl4-openssl-dev`
 * `sudo apt-get install pkg-config`
+* `sudo  add-apt-repository ppa:team-xbmc/ppa -y`
+* `sudo  apt-get update`
+* `sudo  apt-get install nlohmann-json3-dev`
+
 
 Install Google Test
 ```

diff --git a/src/Linux/curl_easy.cpp b/src/Linux/curl_easy.cpp
@@ -70,7 +70,7 @@ char const* curl_easy::error::what() const noexcept
 ///////////////////////////////////////////////////////////////////////////////
 // curl_easy implementation
 ///////////////////////////////////////////////////////////////////////////////
-std::unique_ptr<curl_easy> curl_easy::create(const std::string& url, const std::string* const p_body)
+std::unique_ptr<curl_easy> curl_easy::create(const std::string& url, const std::string* const p_body, unsigned long dwflag)
 {
     std::unique_ptr<curl_easy> easy(new curl_easy);
 

diff --git a/src/Linux/curl_easy.h b/src/Linux/curl_easy.h
@@ -36,7 +36,7 @@ class curl_easy
         char function[128]{};
     };
 
-    static std::unique_ptr<curl_easy> create(const std::string& url, const std::string* const p_body);
+    static std::unique_ptr<curl_easy> create(const std::string& url, const std::string* const p_body, unsigned long dwFlags = 0);
 
     ~curl_easy();