Adding integration tests for the omni-executor (#3255)

Author: silva-fj

tee-worker/client-api/parachain-api/prepare-build/interfaces/omniExecutor/definitions.ts

@@ -12,6 +12,7 @@ export default {
         MrEnclave: "H256",
         NativeCall: {
             _enum: {
+                request_auth_token: "(LitentryIdentity, AuthOptions)",
                 request_intent: "(LitentryIdentity, Intent)",
                 create_account_store: "(LitentryIdentity)",
                 add_account: "(LitentryIdentity, LitentryIdentity, LitentryValidationData, bool, Option<Vec<OmniAccountPermission>>)",
@@ -45,8 +46,8 @@ export default {
         NativeCallResponse: "Result<NativeCallOk, NativeCallError>",
         NativeCallOk: {
             _enum: {
-                AuthToken: "(Text)",
-                ExtrinsicReport: "(XtReport)",
+                ExtrinsicReport: "XtReport",
+                AuthToken: "Text",
             },
         },
         XtReport: {
@@ -59,36 +60,38 @@ export default {
             status: "TxStatus",
         },
         TxStatus: {
-            // Transaction is part of the future queue.
-            Future: "Null",
-            // Transaction is part of the ready queue.
-            Ready: "Null",
-            // The transaction has been broadcast to the given peers.
-            Broadcast: "Vec<Text>",
-            // Transaction has been included in block with given hash.
-            InBlock: "H256",
-            // The block this transaction was included in has been retracted.
-            Retracted: "H256",
-            // Maximum number of finality watchers has been reached,
-            // old watchers are being removed.
-            FinalityTimeout: "H256",
-            // Transaction has been finalized by a finality-gadget, e.g GRANDPA
-            Finalized: "H256",
-            // Transaction has been replaced in the pool, by another transaction
-            // that provides the same tags. (e.g. same (sender, nonce)).
-            Usurped: "H256",
-            // Transaction has been dropped from the pool because of the limit.
-            Dropped: "Null",
-            // Transaction is no longer valid in the current state.
-            Invalid: "Null",
+            _enum: {
+                // Transaction is part of the future queue.
+                Future: "Null",
+                // Transaction is part of the ready queue.
+                Ready: "Null",
+                // The transaction has been broadcast to the given peers.
+                Broadcast: "Vec<Text>",
+                // Transaction has been included in block with given hash.
+                InBlock: "H256",
+                // The block this transaction was included in has been retracted.
+                Retracted: "H256",
+                // Maximum number of finality watchers has been reached,
+                // old watchers are being removed.
+                FinalityTimeout: "H256",
+                // Transaction has been finalized by a finality-gadget, e.g GRANDPA
+                Finalized: "H256",
+                // Transaction has been replaced in the pool, by another transaction
+                // that provides the same tags. (e.g. same (sender, nonce)).
+                Usurped: "H256",
+                // Transaction has been dropped from the pool because of the limit.
+                Dropped: "Null",
+                // Transaction is no longer valid in the current state.
+                Invalid: "Null",
+            },
         },
         NativeCallError: {
             _enum: {
                 UnexpectedCall: "(Text)",
                 UnauthorizedSender: "Null",
                 AuthTokenCreationFailed: "Null",
                 InternalError: "Null",
-                IInvalidMemberIdentity: "Null",
+                InvalidMemberIdentity: "Null",
                 ValidationDataVerificationFailed: "Null",
             },
         },

tee-worker/client-api/parachain-api/src/index.ts

@@ -17,7 +17,8 @@ import { default as vc } from "../build/interfaces/vc/definitions";
 import { default as omniAccount } from "../build/interfaces/omniAccount/definitions";
 import { default as trusted_operations } from "../build/interfaces/trusted_operations/definitions";
 import { default as sidechain } from "../build/interfaces/sidechain/definitions";
-export { identity, vc, trusted_operations, sidechain, omniAccount };
+import { default as omniExecutor } from "../build/interfaces/omniExecutor/definitions";
+export { identity, vc, trusted_operations, sidechain, omniAccount, omniExecutor };
 
 // Export handy types
 import type { LitentryIdentity, Web3Network } from "../build/interfaces/identity/types";

tee-worker/omni-executor/Cargo.lock

@@ -13,6 +13,7 @@ members = [
     "oauth-providers",
     "parentchain/listener",
     "parentchain/api-interface",
+    "parentchain/attestation",
     "parentchain/rpc-client",
     "parentchain/signer",
     "rpc-server",
@@ -69,6 +70,7 @@ heima-primitives = { package = "core-primitives", path = "../../common/primitive
 native-task-handler = { path = "native-task-handler" }
 oauth-providers = { path = "oauth-providers" }
 parentchain-api-interface = { path = "parentchain/api-interface" }
+parentchain-attestation = { path = "parentchain/attestation" }
 parentchain-listener = { path = "parentchain/listener" }
 parentchain-rpc-client = { path = "parentchain/rpc-client" }
 parentchain-signer = { path = "parentchain/signer" }

tee-worker/omni-executor/Cargo.toml

@@ -18,6 +18,7 @@ ethereum-intent-executor = { workspace = true }
 executor-core = { workspace = true }
 executor-storage = { workspace = true }
 native-task-handler = { workspace = true }
+parentchain-attestation = { workspace = true }
 parentchain-listener = { workspace = true }
 parentchain-rpc-client = { workspace = true }
 parentchain-signer = { workspace = true }

tee-worker/omni-executor/executor-worker/Cargo.toml

@@ -20,7 +20,7 @@ pub struct RunArgs {
 	pub ethereum_url: String,
 	pub solana_url: String,
 	pub worker_rpc_port: String,
-	#[arg(short, long, default_value = "0", value_name = "start block to sync from parentchain")]
+	#[arg(long, default_value = "0", value_name = "start block to sync from parentchain")]
 	pub start_block: u64,
 	#[arg(
 		short,

tee-worker/omni-executor/executor-worker/src/cli.rs

@@ -24,10 +24,11 @@ use log::error;
 use native_task_handler::{
 	run_native_task_handler, Aes256KeyStore, ParentchainTxSigner, TaskHandlerContext,
 };
+use parentchain_attestation::perform_attestation;
 use parentchain_rpc_client::metadata::SubxtMetadataProvider;
 use parentchain_rpc_client::{CustomConfig, SubxtClientFactory};
 use parentchain_signer::key_store::SubstrateKeyStore;
-use parentchain_signer::TransactionSigner;
+use parentchain_signer::{get_signer, TransactionSigner};
 use rpc_server::{start_server as start_rpc_server, ShieldingKey};
 use solana_intent_executor::SolanaIntentExecutor;
 use std::env;
@@ -92,6 +93,18 @@ async fn main() -> Result<(), ()> {
 			// TODO: get mrenclave from quote
 			let mrenclave = [0u8; 32];
 
+			let signer = get_signer(substrate_key_store.clone());
+
+			perform_attestation(
+				parentchain_rpc_client_factory.clone(),
+				signer,
+				transaction_signer.clone(),
+			)
+			.await
+			.map_err(|_| {
+				error!("Could not perform attestation");
+			})?;
+
 			start_rpc_server(
 				&args.worker_rpc_port,
 				parentchain_rpc_client_factory,
@@ -106,9 +119,7 @@ async fn main() -> Result<(), ()> {
 				error!("Could not start server: {:?}", e);
 			})?;
 
-			listen_to_parentchain(args, storage_db, transaction_signer, substrate_key_store)
-				.await
-				.unwrap();
+			listen_to_parentchain(args, storage_db, transaction_signer).await.unwrap();
 
 			match signal::ctrl_c().await {
 				Ok(()) => {},
@@ -131,7 +142,6 @@ async fn listen_to_parentchain(
 	args: RunArgs,
 	storage_db: Arc<StorageDB>,
 	parentchain_tx_signer: Arc<ParentchainTxSigner>,
-	substrate_key_store: Arc<SubstrateKeyStore>,
 ) -> Result<JoinHandle<()>, ()> {
 	let (_sub_stop_sender, sub_stop_receiver) = oneshot::channel();
 	let ethereum_intent_executor =
@@ -149,7 +159,6 @@ async fn listen_to_parentchain(
 			sub_stop_receiver,
 			storage_db,
 			parentchain_tx_signer,
-			substrate_key_store,
 			&args.log_path,
 		)
 		.await?;

tee-worker/omni-executor/executor-worker/src/main.rs

@@ -167,7 +167,7 @@ async fn handle_native_task<
 				Intent::SystemRemark(remark) => {
 					let remark_call = SystemCall::remark { remark: remark.to_vec() };
 					let dispatch_as_omni_account_call =
-						parentchain_api_interface::tx().omni_account().dispatch_as_omni_account(
+						parentchain_api_interface::tx().omni_account().dispatch_as_signed(
 							sender_identity.hash().to_subxt_type(),
 							RuntimeCall::System(remark_call),
 							task.auth_type.to_subxt_type(),
@@ -180,7 +180,7 @@ async fn handle_native_task<
 						value: transfer.value,
 					};
 					let dispatch_as_omni_account_call =
-						parentchain_api_interface::tx().omni_account().dispatch_as_omni_account(
+						parentchain_api_interface::tx().omni_account().dispatch_as_signed(
 							sender_identity.hash().to_subxt_type(),
 							RuntimeCall::Balances(transfer_call),
 							task.auth_type.to_subxt_type(),

tee-worker/omni-executor/native-task-handler/src/lib.rs

@@ -0,0 +1,24 @@
+[package]
+name = "parentchain-attestation"
+version = "0.1.0"
+authors = ['Trust Computing GmbH <[email protected]>']
+edition.workspace = true
+
+[dependencies]
+log = { workspace = true }
+subxt-core = { workspace = true }
+subxt-signer = { workspace = true }
+
+# Local dependencies
+parentchain-api-interface = { workspace = true }
+parentchain-rpc-client = { workspace = true }
+parentchain-signer = { workspace = true }
+
+[dev-dependencies]
+env_logger = { workspace = true }
+
+[lints]
+workspace = true
+
+[features]
+gramine-quote = []

tee-worker/omni-executor/parentchain/attestation/Cargo.toml

@@ -0,0 +1,66 @@
+use parentchain_api_interface::{
+	runtime_types::core_primitives::teebag::types::DcapProvider,
+	teebag::calls::types::register_enclave::{AttestationType, WorkerMode, WorkerType},
+};
+use parentchain_rpc_client::{
+	metadata::SubxtMetadataProvider, CustomConfig, SubstrateRpcClient, SubxtClient,
+	SubxtClientFactory,
+};
+use parentchain_signer::{key_store::SubstrateKeyStore, TransactionSigner};
+use std::sync::Arc;
+use subxt_core::Metadata;
+use subxt_signer::sr25519::Keypair;
+
+type TxSigner = TransactionSigner<
+	SubstrateKeyStore,
+	SubxtClient<CustomConfig>,
+	SubxtClientFactory<CustomConfig>,
+	CustomConfig,
+	Metadata,
+	SubxtMetadataProvider<CustomConfig>,
+>;
+
+#[allow(unused_assignments, unused_mut, unused_variables)]
+pub async fn perform_attestation(
+	client_factory: Arc<SubxtClientFactory<CustomConfig>>,
+	signer: Keypair,
+	transaction_signer: Arc<TxSigner>,
+) -> Result<(), ()> {
+	let mut quote = vec![];
+	let mut attestation_type = AttestationType::Dcap(DcapProvider::Intel);
+
+	#[cfg(feature = "gramine-quote")]
+	{
+		use log::info;
+		use std::fs;
+		use std::fs::File;
+		use std::io::Write;
+		let mut f = File::create("/dev/attestation/user_report_data").unwrap();
+		let content = signer.public_key().0;
+		f.write_all(&content).unwrap();
+
+		quote = fs::read("/dev/attestation/quote").unwrap();
+		info!("Attestation quote {:?}", quote);
+	}
+	#[cfg(not(feature = "gramine-quote"))]
+	{
+		attestation_type = AttestationType::Ignore;
+	}
+
+	let registration_call = parentchain_api_interface::tx().teebag().register_enclave(
+		WorkerType::OmniExecutor,
+		WorkerMode::OffChainWorker,
+		quote,
+		vec![],
+		None,
+		None,
+		attestation_type,
+	);
+
+	let mut client = client_factory.new_client_until_connected().await;
+	let signed_call = transaction_signer.sign(registration_call).await;
+	client.submit_tx(&signed_call).await.map_err(|e| {
+		log::error!("Error while submitting tx: {:?}", e);
+	})?;
+	Ok(())
+}