cycles-quartz/crates/utils/tcbinfo-updater/src/main.rs

use cw_client::{CliClient, CwClient};
use der::DecodePem;
use mc_attestation_verifier::SignedTcbInfo;
use p256::ecdsa::VerifyingKey;
use quartz_tcbinfo_msgs::ExecuteMsg;
use quoted_string::strip_dquotes;
use reqwest::Url;
use serde_json::{json, Value};
use std::collections::HashMap;
use std::{fs, path::Path};
use x509_cert::Certificate;

type TcbInfo = String;
type Fmspc = String;
type Update = String;

const TCB_SIGNER: &str = include_str!("../tcb_signer.pem");

async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {
    let url = format!("https://api.trustedservices.intel.com/sgx/certification/v4/tcb?fmspc={fmspc}&update={update}");
    let body: String = reqwest::get(url)
        .await
        .expect("url retrieval failed")
        .text()
        .await
        .expect("could not read https response");
    body
}

async fn get_fmspc_list() -> Vec<Fmspc> {
    let body: String =
        reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs")
            .await
            .expect("url retrieval failed")
            .text()
            .await
            .expect("could not read https response");
    let fmspc_data: Vec<Value> = serde_json::from_str(&body).expect("could not convert to JSON");
    let mut fmspc_list: Vec<Fmspc> = Vec::new();
    for item in fmspc_data.iter() {
        let fmspc: String = format!("{}", item["fmspc"]);
        fmspc_list.push(strip_dquotes(&fmspc).unwrap().to_string());
    }
    println!("{:?}", fmspc_list);
    fmspc_list
}

async fn upsert_tcbinfo() -> Result<(), &'static str> {

    let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech").expect("couldn't parse network URL");
           
    let client = CliClient::neutrond(testnet);
    let fmspc_list = get_fmspc_list().await;

    
    
    let mut store: HashMap<Fmspc, TcbInfo> = if Path::new("./standard").exists() {
        let data = fs::read_to_string("./standard").expect("Unable to read file");
        serde_json::from_str(&data).unwrap()
    } else {
        fs::File::create("./standard").expect("couldn't create file");
        HashMap::new()
    };

    

    let certificate = TCB_SIGNER.to_string();
    let parsed_certificate =
        Certificate::from_pem(certificate.clone()).expect("failed to parse PEM");

    let key = VerifyingKey::from_sec1_bytes(
        parsed_certificate
            .tbs_certificate
            .subject_public_key_info
            .subject_public_key
            .as_bytes()
            .expect("Failed to parse public key"),
    )
     .expect("Failed to decode public key");

    for fmspc in fmspc_list {
        
        let tcbinfo_from_api = get_tcbinfo(fmspc.clone(), "standard".to_string()).await;
        // assert!(verify_signature(tcbinfo.clone(), key));
         let contract_address =
                "neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk"
                    .parse()
            .expect("failed to parse contract address");
        let query_msg = format!("{\"get_tcb_info\": {\"fmspc\": \"{}\"}}", fmspc) ;
        let tcbinfo_on_chain =  client.query_smart(&contract_address, query_msg).await;
        println!("{tcbinfo_on_chain}");
        exit();
        let store_entry = if store.contains_key(&fmspc) {
            &store[&fmspc]
        } else {
            ""
        };
        if *store_entry != tcbinfo {
            println!("updating local TCBInfo for FMSPC: {fmspc}");
            store.insert(fmspc.clone(), tcbinfo.clone());
            println!("updating on-chain TCBInfo for FMSPC: {fmspc}");
            let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id");
            let sender = "ajinkya";
           
            let execute_msg = ExecuteMsg {
                tcb_info: tcbinfo.to_string(),
                certificate: certificate.clone(),
                time: None,
            };
            let res = client
                .tx_execute(
                    &contract_address,
                    &chain_id,
                    1000000,
                    sender,
                    json!(execute_msg),
                    "11000untrn",
                )
                .await;
            println!("done");
            std::thread::sleep(std::time::Duration::from_secs(5));
        } else {
            println!("TCBInfo for FMSPC: {fmspc} up to date")
        }
    }
    let serialized = serde_json::to_string(&store).unwrap();
    fs::write("./standard", serialized).expect("Unable to write file");
    Ok(())
}

fn verify_signature(tcbinfo: String, key: VerifyingKey) -> bool {
    let signed_tcbinfo =
        SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed");
    if signed_tcbinfo.verify(Some(&key), None).is_err() {
        return false;
    }
    true
}

#[tokio::main]
pub async fn main() {
    upsert_tcbinfo().await.expect("TCBInfo update failed");
}
WIP 2024-12-04 20:35:35 +00:00			`use cw_client::{CliClient, CwClient};`
			`use der::DecodePem;`
add local signature verification 2024-12-04 19:22:13 +00:00			`use mc_attestation_verifier::SignedTcbInfo;`
			`use p256::ecdsa::VerifyingKey;`
WIP 2024-12-04 20:35:35 +00:00			`use quartz_tcbinfo_msgs::ExecuteMsg;`
			`use quoted_string::strip_dquotes;`
			`use reqwest::Url;`
WIP 2024-12-03 10:02:58 +00:00			`use serde_json::{json, Value};`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`use std::collections::HashMap;`
WIP 2024-12-04 20:35:35 +00:00			`use std::{fs, path::Path};`
add local signature verification 2024-12-04 19:22:13 +00:00			`use x509_cert::Certificate;`
WIP 2024-12-04 21:00:18 +00:00
changed type of tcbinfo 2024-12-04 19:48:38 +00:00			`type TcbInfo = String;`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`type Fmspc = String;`
			`type Update = String;`

update local store + execute contract 2024-11-29 19:07:22 +00:00			`const TCB_SIGNER: &str = include_str!("../tcb_signer.pem");`

changed type of tcbinfo 2024-12-04 19:48:38 +00:00			`async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`let url = format!("https://api.trustedservices.intel.com/sgx/certification/v4/tcb?fmspc={fmspc}&update={update}");`
WIP async 2024-12-03 09:13:37 +00:00			`let body: String = reqwest::get(url)`
			`.await`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`.expect("url retrieval failed")`
			`.text()`
WIP async 2 2024-12-03 09:38:50 +00:00			`.await`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`.expect("could not read https response");`
WIP 2024-12-04 20:35:35 +00:00			`body`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`}`

WIP async 2024-12-03 09:13:37 +00:00			`async fn get_fmspc_list() -> Vec<Fmspc> {`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`let body: String =`
WIP 2024-12-04 20:35:35 +00:00			`reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs")`
			`.await`
			`.expect("url retrieval failed")`
			`.text()`
			`.await`
			`.expect("could not read https response");`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`let fmspc_data: Vec<Value> = serde_json::from_str(&body).expect("could not convert to JSON");`
			`let mut fmspc_list: Vec<Fmspc> = Vec::new();`
			`for item in fmspc_data.iter() {`
			`let fmspc: String = format!("{}", item["fmspc"]);`
			`fmspc_list.push(strip_dquotes(&fmspc).unwrap().to_string());`
			`}`
			`println!("{:?}", fmspc_list);`
			`fmspc_list`
			`}`

WIP 2024-12-04 20:35:35 +00:00			`async fn upsert_tcbinfo() -> Result<(), &'static str> {`
WIP 2024-12-05 12:03:39 +00:00
			`let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech").expect("couldn't parse network URL");`

			`let client = CliClient::neutrond(testnet);`
			`let fmspc_list = get_fmspc_list().await;`



WIP 2024-12-04 20:35:35 +00:00			`let mut store: HashMap<Fmspc, TcbInfo> = if Path::new("./standard").exists() {`
			`let data = fs::read_to_string("./standard").expect("Unable to read file");`
WIP 2024-12-05 11:26:03 +00:00			`serde_json::from_str(&data).unwrap()`
			`} else {`
WIP 2024-12-04 20:35:35 +00:00			`fs::File::create("./standard").expect("couldn't create file");`
WIP 2024-12-05 11:26:03 +00:00			`HashMap::new()`
WIP 2024-12-04 20:35:35 +00:00			`};`
WIP 2024-12-05 11:26:03 +00:00
WIP 2024-12-05 12:03:39 +00:00

WIP 2024-12-04 20:35:35 +00:00			`let certificate = TCB_SIGNER.to_string();`
			`let parsed_certificate =`
			`Certificate::from_pem(certificate.clone()).expect("failed to parse PEM");`
WIP 2024-12-05 12:03:39 +00:00
WIP 2024-12-04 20:35:35 +00:00			`let key = VerifyingKey::from_sec1_bytes(`
add local signature verification 2024-12-04 19:22:13 +00:00			`parsed_certificate`
			`.tbs_certificate`
			`.subject_public_key_info`
			`.subject_public_key`
			`.as_bytes()`
			`.expect("Failed to parse public key"),`
			`)`
WIP 2024-12-05 11:26:03 +00:00			`.expect("Failed to decode public key");`
WIP 2024-12-04 20:35:35 +00:00
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`for fmspc in fmspc_list {`
WIP 2024-12-05 12:03:39 +00:00
			`let tcbinfo_from_api = get_tcbinfo(fmspc.clone(), "standard".to_string()).await;`
			`// assert!(verify_signature(tcbinfo.clone(), key));`
			`let contract_address =`
			`"neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk"`
			`.parse()`
			`.expect("failed to parse contract address");`
			`let query_msg = format!("{\"get_tcb_info\": {\"fmspc\": \"{}\"}}", fmspc) ;`
			`let tcbinfo_on_chain = client.query_smart(&contract_address, query_msg).await;`
			`println!("{tcbinfo_on_chain}");`
			`exit();`
WIP 2024-12-05 11:26:03 +00:00			`let store_entry = if store.contains_key(&fmspc) {`
WIP 2024-12-04 20:41:48 +00:00			`&store[&fmspc]`
WIP 2024-12-05 11:26:03 +00:00			`} else {`
			`""`
			`};`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`if *store_entry != tcbinfo {`
update local store + execute contract 2024-11-29 19:07:22 +00:00			`println!("updating local TCBInfo for FMSPC: {fmspc}");`
			`store.insert(fmspc.clone(), tcbinfo.clone());`
			`println!("updating on-chain TCBInfo for FMSPC: {fmspc}");`
			`let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id");`
add execute 2024-11-29 19:07:22 +00:00			`let sender = "ajinkya";`
WIP 2024-12-05 12:03:39 +00:00
WIP 2024-12-03 09:58:52 +00:00			`let execute_msg = ExecuteMsg {`
update local store + execute contract 2024-11-29 19:07:22 +00:00			`tcb_info: tcbinfo.to_string(),`
WIP 2024-12-04 20:35:35 +00:00			`certificate: certificate.clone(),`
update local store + execute contract 2024-11-29 19:07:22 +00:00			`time: None,`
WIP 2024-12-03 10:01:17 +00:00			`};`
WIP 2024-12-04 20:35:35 +00:00			`let res = client`
			`.tx_execute(`
			`&contract_address,`
			`&chain_id,`
WIP 2024-12-05 11:26:03 +00:00			`1000000,`
			`sender,`
WIP 2024-12-04 20:35:35 +00:00			`json!(execute_msg),`
			`"11000untrn",`
			`)`
			`.await;`
WIP 2024-12-05 12:03:39 +00:00			`println!("done");`
WIP 2024-12-03 10:42:57 +00:00			`std::thread::sleep(std::time::Duration::from_secs(5));`
WIP 2024-12-04 20:35:35 +00:00			`} else {`
update local store + execute contract 2024-11-29 19:07:22 +00:00			`println!("TCBInfo for FMSPC: {fmspc} up to date")`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`}`
			`}`
WIP 2024-12-04 20:35:35 +00:00			`let serialized = serde_json::to_string(&store).unwrap();`
			`fs::write("./standard", serialized).expect("Unable to write file");`
update local store + execute contract 2024-11-29 19:07:22 +00:00			`Ok(())`
tcbinfo-updater initial commit 2024-11-29 19:07:22 +00:00			`}`
update local store + execute contract 2024-11-29 19:07:22 +00:00
WIP 2024-12-04 20:35:35 +00:00			`fn verify_signature(tcbinfo: String, key: VerifyingKey) -> bool {`
			`let signed_tcbinfo =`
			`SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed");`
WIP 2024-12-05 11:26:03 +00:00			`if signed_tcbinfo.verify(Some(&key), None).is_err() {`
			`return false;`
WIP 2024-12-04 21:00:18 +00:00			`}`
WIP 2024-12-04 20:35:35 +00:00			`true`
add local signature verification 2024-12-04 19:22:13 +00:00			`}`

WIP async 2024-12-03 09:13:37 +00:00			`#[tokio::main]`
			`pub async fn main() {`
			`upsert_tcbinfo().await.expect("TCBInfo update failed");`
update local store + execute contract 2024-11-29 19:07:22 +00:00			`}`