Merge pull request #58 from olisystems/cl/merge-upstream-get-api-clie…

…nt-update

Merge upstream; get api client update to fix parachain block import

cli/Cargo.toml

@@ -18,10 +18,13 @@ log = "0.4"
 primitive-types = { version = "0.12.1", features = ["codec"] }
 rand = "0.8.5"
 rayon = "1.5.1"
+regex = "1.9.5"
+reqwest = { version = "0.11", features = ["blocking", "json"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 sgx_crypto_helper = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
 thiserror = "1.0"
+urlencoding = "2.1.3"
 ws = { version = "0.9.1", features = ["ssl"] }
 
 # scs / integritee
@@ -31,8 +34,9 @@ pallet-evm = { optional = true, git = "https://github.com/integritee-network/fro
 pallet-teerex = { git = "https://github.com/integritee-network/pallets.git", branch = "sdk-v0.12.0-polkadot-v0.9.42" }
 # `default-features = false` to remove the jsonrpsee dependency.
 enclave-bridge-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "sdk-v0.12.0-polkadot-v0.9.42" }
-substrate-api-client = { default-features = false, features = ["std", "ws-client"], git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.10.0" }
-substrate-client-keystore = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.10.0" }
+# disable unsupported jsonrpcsee
+substrate-api-client = { default-features = false, features = ["std", "sync-api"], git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.14.0" }
+substrate-client-keystore = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.42-tag-v0.14.0" }
 
 # substrate dependencies
 frame-system = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }

cli/README.md

@@ -25,3 +25,11 @@ Trusted call 0x69ddfd1698bd2d629180c2dca34ce7add087526c51f43cf68245241b3f13154e
 Trusted call 0x69ddfd1698bd2d629180c2dca34ce7add087526c51f43cf68245241b3f13154e is Invalid
 
 ```
+
+## housekeeping tasks
+
+populate all TCBinfo's Intel has published
+```
+../target/release/integritee-cli register-tcb-info //Alice --fmspc 00606a000000
+../target/release/integritee-cli register-tcb-info //Alice --all
+```

cli/src/base_cli/commands/faucet.rs

@@ -19,12 +19,11 @@ use crate::{
 	command_utils::{get_accountid_from_str, get_chain_api},
 	Cli, CliResult, CliResultOk,
 };
-use itp_node_api::api_client::ParentchainExtrinsicSigner;
 use my_node_runtime::{BalancesCall, RuntimeCall};
 use sp_keyring::AccountKeyring;
 use sp_runtime::MultiAddress;
 use std::vec::Vec;
-use substrate_api_client::{compose_extrinsic_offline, SubmitExtrinsic};
+use substrate_api_client::{ac_compose_macros::compose_extrinsic_offline, SubmitExtrinsic};
 
 const PREFUNDING_AMOUNT: u128 = 1_000_000_000;
 
@@ -38,7 +37,7 @@ pub struct FaucetCommand {
 impl FaucetCommand {
 	pub(crate) fn run(&self, cli: &Cli) -> CliResult {
 		let mut api = get_chain_api(cli);
-		api.set_signer(ParentchainExtrinsicSigner::new(AccountKeyring::Alice.pair()));
+		api.set_signer(AccountKeyring::Alice.pair().into());
 		let mut nonce = api.get_nonce().unwrap();
 		for account in &self.accounts {
 			let to = get_accountid_from_str(account);

cli/src/base_cli/commands/listen.rs

@@ -53,7 +53,7 @@ impl ListenCommand {
 				}
 			};
 
-			let event_results = subscription.next_event::<RuntimeEvent, Hash>().unwrap();
+			let event_results = subscription.next_events::<RuntimeEvent, Hash>().unwrap();
 			blocks += 1;
 			match event_results {
 				Ok(evts) =>

cli/src/base_cli/commands/mod.rs

@@ -1,5 +1,6 @@
 pub mod balance;
 pub mod faucet;
 pub mod listen;
+pub mod register_tcb_info;
 pub mod shield_funds;
 pub mod transfer;

cli/src/base_cli/commands/register_tcb_info.rs

@@ -0,0 +1,146 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+use crate::{
+	command_utils::{get_chain_api, *},
+	Cli, CliResult, CliResultOk,
+};
+use itp_node_api::api_client::TEEREX;
+use itp_types::{parentchain::Hash, OpaqueCall};
+use itp_utils::ToHexPrefixed;
+use log::*;
+use regex::Regex;
+use serde::Deserialize;
+use substrate_api_client::{
+	ac_compose_macros::{compose_call, compose_extrinsic_offline},
+	SubmitAndWatch, XtStatus,
+};
+use urlencoding;
+
+#[derive(Debug, Deserialize)]
+struct Platform {
+	fmspc: String,
+	#[serde(rename = "platform")]
+	_platform: String,
+}
+
+#[derive(Parser)]
+pub struct RegisterTcbInfoCommand {
+	/// Sender's parentchain AccountId in ss58check format.
+	sender: String,
+	/// Intel's Family-Model-Stepping-Platform-Custom SKU. 6-Byte non-prefixed hex value
+	#[clap(short, long, action, conflicts_with = "all")]
+	fmspc: Option<String>,
+	/// registers all fmspc currently published by Intel
+	#[clap(short, long, action)]
+	all: bool,
+}
+
+impl RegisterTcbInfoCommand {
+	pub(crate) fn run(&self, cli: &Cli) -> CliResult {
+		let mut chain_api = get_chain_api(cli);
+
+		// Get the sender.
+		let from = get_pair_from_str(&self.sender);
+		chain_api.set_signer(from.into());
+
+		let fmspcs = if self.all {
+			trace!("fetching all fmspc's from api.trustedservices.intel.com");
+			let fmspcs = reqwest::blocking::get(
+				"https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs",
+			)
+			.unwrap();
+			let fmspcs: Vec<Platform> = fmspcs.json().expect("Error parsing JSON");
+			println!("{:?}", fmspcs);
+			fmspcs.into_iter().map(|f| f.fmspc).collect()
+		} else if let Some(fmspc) = self.fmspc.clone() {
+			vec![fmspc]
+		} else {
+			panic!("must specify either '--all' or '--fmspc'");
+		};
+		let mut nonce = chain_api.get_nonce().unwrap();
+		let xt_hashes: Vec<(String, Option<Hash>)> = fmspcs
+			.into_iter()
+			.map(|fmspc| {
+				println!(
+					"fetching tcb info for fmspc {} from api.trustedservices.intel.com",
+					fmspc
+				);
+				let response = reqwest::blocking::get(format!(
+					"https://api.trustedservices.intel.com/sgx/certification/v4/tcb?fmspc={}",
+					fmspc
+				))
+				.unwrap();
+				//extract certificate chain from header
+				let certificate_chain = urlencoding::decode(
+					response.headers().get("TCB-Info-Issuer-Chain").unwrap().to_str().unwrap(),
+				)
+				.unwrap()
+				.to_string();
+				trace!("certificate chain: \n{}", certificate_chain);
+
+				let body = response.text().unwrap();
+				trace!("raw json: \n{}", body);
+				let re = Regex::new(r#"tcbInfo\"\s?:(\{.*\}),\s?\"signature"#).unwrap();
+				let tcb_info = &re.captures(&body).unwrap()[1];
+				let re = Regex::new(r#"\"signature\"\s?:\s?\"(.*)\"\}"#).unwrap();
+				let intel_signature_hex = &re.captures(&body).unwrap()[1];
+				trace!("TCB info: {}", tcb_info);
+				trace!("signature: {}", intel_signature_hex);
+
+				let intel_signature = hex::decode(intel_signature_hex).unwrap();
+
+				let call = OpaqueCall::from_tuple(&compose_call!(
+					chain_api.metadata(),
+					TEEREX,
+					"register_tcb_info",
+					tcb_info,
+					intel_signature,
+					certificate_chain
+				));
+
+				trace!(
+					"encoded call to be sent as extrinsic with nonce {}: {}",
+					nonce,
+					call.to_hex()
+				);
+
+				let xt = compose_extrinsic_offline!(
+					chain_api.clone().signer().unwrap(),
+					call,
+					chain_api.extrinsic_params(nonce)
+				);
+				nonce += 1;
+				match chain_api.submit_and_watch_extrinsic_until(xt, XtStatus::InBlock) {
+					Ok(xt_report) => {
+						println!(
+							"[+] register_tcb_info. extrinsic hash: {:?} / status: {:?}",
+							xt_report.extrinsic_hash, xt_report.status,
+						);
+						(fmspc, Some(xt_report.extrinsic_hash))
+					},
+					Err(e) => {
+						error!("register_tcb_info extrinsic failed {:?}", e);
+						(fmspc, None)
+					},
+				}
+			})
+			.collect();
+		println!("{:?}", xt_hashes);
+		Ok(CliResultOk::None)
+	}
+}

cli/src/base_cli/commands/shield_funds.rs

@@ -21,13 +21,13 @@ use crate::{
 };
 use base58::FromBase58;
 use codec::{Decode, Encode};
-use itp_node_api::api_client::{ParentchainExtrinsicSigner, ENCLAVE_BRIDGE};
+use itp_node_api::api_client::ENCLAVE_BRIDGE;
 use itp_sgx_crypto::ShieldingCryptoEncrypt;
 use itp_stf_primitives::types::ShardIdentifier;
 use log::*;
 use my_node_runtime::Balance;
 use sp_core::sr25519 as sr25519_core;
-use substrate_api_client::{compose_extrinsic, SubmitAndWatchUntilSuccess};
+use substrate_api_client::{ac_compose_macros::compose_extrinsic, SubmitAndWatch, XtStatus};
 
 #[derive(Parser)]
 pub struct ShieldFundsCommand {
@@ -57,7 +57,7 @@ impl ShieldFundsCommand {
 
 		// Get the sender.
 		let from = get_pair_from_str(&self.from);
-		chain_api.set_signer(ParentchainExtrinsicSigner::new(sr25519_core::Pair::from(from)));
+		chain_api.set_signer(sr25519_core::Pair::from(from).into());
 
 		// Get the recipient.
 		let to = get_accountid_from_str(&self.to);
@@ -75,7 +75,7 @@ impl ShieldFundsCommand {
 			self.amount
 		);
 
-		match chain_api.submit_and_watch_extrinsic_until_success(xt, true) {
+		match chain_api.submit_and_watch_extrinsic_until(xt, XtStatus::Finalized) {
 			Ok(xt_report) => {
 				println!(
 					"[+] shield funds success. extrinsic hash: {:?} / status: {:?} / block hash: {:?}",

cli/src/base_cli/commands/transfer.rs

@@ -19,12 +19,11 @@ use crate::{
 	command_utils::{get_accountid_from_str, get_chain_api, *},
 	Cli, CliResult, CliResultOk,
 };
-use itp_node_api::api_client::{Address, ParentchainExtrinsicSigner};
 use log::*;
 use my_node_runtime::Balance;
-use sp_core::{crypto::Ss58Codec, sr25519 as sr25519_core, Pair};
+use sp_core::{crypto::Ss58Codec, Pair};
 use substrate_api_client::{
-	extrinsic::BalancesExtrinsics, GetAccountInformation, SubmitAndWatchUntilSuccess,
+	extrinsic::BalancesExtrinsics, GetAccountInformation, SubmitAndWatch, XtStatus,
 };
 
 #[derive(Parser)]
@@ -46,9 +45,9 @@ impl TransferCommand {
 		info!("from ss58 is {}", from_account.public().to_ss58check());
 		info!("to ss58 is {}", to_account.to_ss58check());
 		let mut api = get_chain_api(cli);
-		api.set_signer(ParentchainExtrinsicSigner::new(sr25519_core::Pair::from(from_account)));
-		let xt = api.balance_transfer_allow_death(Address::Id(to_account.clone()), self.amount);
-		let tx_report = api.submit_and_watch_extrinsic_until_success(xt, false).unwrap();
+		api.set_signer(from_account.into());
+		let xt = api.balance_transfer_allow_death(to_account.clone().into(), self.amount);
+		let tx_report = api.submit_and_watch_extrinsic_until(xt, XtStatus::InBlock).unwrap();
 		println!(
 			"[+] L1 extrinsic success. extrinsic hash: {:?} / status: {:?}",
 			tx_report.extrinsic_hash, tx_report.status

cli/src/base_cli/mod.rs

@@ -18,7 +18,8 @@
 use crate::{
 	base_cli::commands::{
 		balance::BalanceCommand, faucet::FaucetCommand, listen::ListenCommand,
-		shield_funds::ShieldFundsCommand, transfer::TransferCommand,
+		register_tcb_info::RegisterTcbInfoCommand, shield_funds::ShieldFundsCommand,
+		transfer::TransferCommand,
 	},
 	command_utils::*,
 	Cli, CliResult, CliResultOk, ED25519_KEY_TYPE, SR25519_KEY_TYPE,
@@ -31,7 +32,6 @@ use itp_node_api::api_client::PalletTeerexApi;
 use sp_core::crypto::Ss58Codec;
 use sp_keystore::Keystore;
 use std::path::PathBuf;
-use substrate_api_client::Metadata;
 use substrate_client_keystore::LocalKeystore;
 
 mod commands;
@@ -65,6 +65,9 @@ pub enum BaseCommand {
 	/// listen to parentchain events
 	Listen(ListenCommand),
 
+	/// Register TCB info for FMSPC
+	RegisterTcbInfo(RegisterTcbInfoCommand),
+
 	/// Transfer funds from an parentchain account to an incognito account
 	ShieldFunds(ShieldFundsCommand),
 }
@@ -81,6 +84,7 @@ impl BaseCommand {
 			BaseCommand::Transfer(cmd) => cmd.run(cli),
 			BaseCommand::ListWorkers => list_workers(cli),
 			BaseCommand::Listen(cmd) => cmd.run(cli),
+			BaseCommand::RegisterTcbInfo(cmd) => cmd.run(cli),
 			BaseCommand::ShieldFunds(cmd) => cmd.run(cli),
 		}
 	}
@@ -125,14 +129,13 @@ fn list_accounts() -> CliResult {
 fn print_metadata(cli: &Cli) -> CliResult {
 	let api = get_chain_api(cli);
 	let meta = api.metadata();
-	println!("Metadata:\n {}", Metadata::pretty_format(&meta.runtime_metadata()).unwrap());
+	println!("Metadata:\n {}", &meta.pretty_format().unwrap());
 	Ok(CliResultOk::Metadata { metadata: meta.clone() })
 }
-
 fn print_sgx_metadata(cli: &Cli) -> CliResult {
 	let worker_api_direct = get_worker_api_direct(cli);
 	let metadata = worker_api_direct.get_state_metadata().unwrap();
-	println!("Metadata:\n {}", Metadata::pretty_format(metadata.runtime_metadata()).unwrap());
+	println!("Metadata:\n {}", metadata.pretty_format().unwrap());
 	Ok(CliResultOk::Metadata { metadata })
 }
 

cli/src/command_utils.rs

@@ -18,7 +18,7 @@
 use crate::Cli;
 use base58::FromBase58;
 use itc_rpc_client::direct_client::{DirectApi, DirectClient as DirectWorkerApi};
-use itp_node_api::api_client::{ParentchainApi, WsRpcClient};
+use itp_node_api::api_client::{ParentchainApi, TungsteniteRpcClient};
 use log::*;
 use my_node_runtime::{AccountId, Signature};
 use sgx_crypto_helper::rsa3072::Rsa3072PubKey;
@@ -40,7 +40,7 @@ pub(crate) fn get_shielding_key(cli: &Cli) -> Result<Rsa3072PubKey, String> {
 pub(crate) fn get_chain_api(cli: &Cli) -> ParentchainApi {
 	let url = format!("{}:{}", cli.node_url, cli.node_port);
 	info!("connecting to {}", url);
-	ParentchainApi::new(WsRpcClient::new(&url).unwrap()).unwrap()
+	ParentchainApi::new(TungsteniteRpcClient::new(&url, 5).unwrap()).unwrap()
 }
 
 pub(crate) fn get_accountid_from_str(account: &str) -> AccountId {

cli/src/lib.rs

@@ -24,6 +24,7 @@
 #[macro_use]
 extern crate clap;
 extern crate chrono;
+extern crate core;
 extern crate env_logger;
 extern crate log;
 
@@ -45,9 +46,9 @@ pub mod trusted_cli;
 
 use crate::commands::Commands;
 use clap::Parser;
+use itp_node_api::api_client::Metadata;
 use sp_application_crypto::KeyTypeId;
 use sp_core::{H160, H256};
-use substrate_api_client::Metadata;
 use thiserror::Error;
 
 const VERSION: &str = env!("CARGO_PKG_VERSION");

cli/src/oracle/commands/add_to_whitelist.rs

@@ -19,8 +19,11 @@ use crate::{
 	command_utils::{get_chain_api, get_pair_from_str, mrenclave_from_base58},
 	Cli,
 };
-use itp_node_api::api_client::{ParentchainExtrinsicSigner, ADD_TO_WHITELIST, TEERACLE};
-use substrate_api_client::{compose_call, compose_extrinsic, SubmitAndWatch, XtStatus};
+use itp_node_api::api_client::{ADD_TO_WHITELIST, TEERACLE};
+use substrate_api_client::{
+	ac_compose_macros::{compose_call, compose_extrinsic},
+	SubmitAndWatch, XtStatus,
+};
 
 /// Add a trusted market data source to the on-chain whitelist.
 #[derive(Debug, Clone, Parser)]
@@ -45,7 +48,7 @@ impl AddToWhitelistCmd {
 
 		let market_data_source = self.source.clone();
 
-		api.set_signer(ParentchainExtrinsicSigner::new(from.into()));
+		api.set_signer(from.into());
 
 		let call = compose_call!(
 			api.metadata(),