Update Generic client to handle worker key refresh mechanism

manju956 · manju956 · commit e6be4ea2e1cd · 2020-04-08T09:29:48.000-07:00
When a worker key gets refreshed during the work order submission,
a specific error code is returned to client to indicate worker key
refresh happened at the enclave. On receiving this error code, client
retrieves the updated worker details and does work order submission
again.

Signed-off-by: manju956 &lt;manjunath.a.c@intel.com&gt;
diff --git a/common/crypto_utils/avalon_crypto_utils/crypto_utility.py b/common/crypto_utils/avalon_crypto_utils/crypto_utility.py
@@ -13,6 +13,7 @@
 # limitations under the License.
 
 import base64
+import hashlib
 import utility.hex_utils as hex_utils
 import avalon_crypto_utils.crypto.crypto as crypto
 import logging
@@ -197,3 +198,17 @@ def strip_begin_end_public_key(key):
     return key.replace("\n", "")\
         .replace("-----BEGIN PUBLIC KEY-----", "").replace(
         "-----END PUBLIC KEY-----", "")
+
+
+# -----------------------------------------------------------------------------
+def calculate_worker_id_from_public_key(key):
+    """
+    Calculates worker id from workers public key by erasing
+    BEGIN PUBLIC KEY and END PUBLIC KEY and taking hash on it.
+
+    @param key - public key of the worker
+    """
+    stripped_key = strip_begin_end_public_key(key).encode("utf-8")
+    # Calculate sha256 of worker id to get 32 bytes. The TC spec proxy
+    # model contracts expect byte32. Then take a hexdigest for hex str.
+    return hashlib.sha256(stripped_key).hexdigest()
diff --git a/common/python/error_code/enclave_error.py b/common/python/error_code/enclave_error.py
@@ -28,5 +28,6 @@ class EnclaveError(IntEnum):
     ENCLAVE_ERR_VALUE = -8,
     ENCLAVE_ERR_SYSTEM = -9,
     ENCLAVE_ERR_CRYPTO = -11,
+    ENCLAVE_ERR_ENCRYPT_KEY_REFRESH = -13,
     ENCLAVE_ERR_SYSTEM_BUSY = -10
     ENCLAVE_ERR_INVALID_WORKLOAD = -12
diff --git a/common/python/error_code/error_status.py b/common/python/error_code/error_status.py
@@ -33,7 +33,8 @@ class WorkOrderStatus(IntEnum):
     PROCESSING = 7
     BUSY = 8
     INVALID_WORKLOAD = 9
-    UNKNOWN_ERROR = 10
+    WORKER_ENCRYPT_KEY_REFRESHED = 10
+    UNKNOWN_ERROR = 11
 
 
 @unique
diff --git a/examples/apps/generic_client/generic_client.py b/examples/apps/generic_client/generic_client.py
@@ -16,6 +16,7 @@
 
 import os
 import sys
+import time
 import json
 import argparse
 import logging
@@ -36,6 +37,7 @@
 from avalon_sdk.direct.jrpc.jrpc_work_order_receipt \
      import JRPCWorkOrderReceiptImpl
 from error_code.error_status import WorkOrderStatus, ReceiptCreateStatus
+from error_code.enclave_error import EnclaveError
 import avalon_crypto_utils.signature as signature
 from error_code.error_status import SignatureStatus
 from avalon_sdk.work_order_receipt.work_order_receipt \
@@ -291,38 +293,23 @@ def _verify_wo_res_signature(work_order_res,
     return True
 
 
-def Main(args=None):
-    options = _parse_command_line(args)
-
-    config = _parse_config_file(options.config)
-    if config is None:
-        logger.error("\n Error in parsing config file: {}\n".format(
-            options.config
-        ))
-        sys.exit(-1)
-
-    # mode should be one of listing or registry (default)
-    mode = options.mode
-
-    # Http JSON RPC listener uri
-    uri = options.uri
-    if uri:
-        config["tcf"]["json_rpc_uri"] = uri
+def _start_client(config, options, jrpc_req_id, worker_id, worker_registry):
+    """
+    Generates, submits work order requests. Retrieve response for the
+    work order requests, verifies the response and generate receipt
 
-    # Address of smart contract
-    address = options.address
-    if address:
-        if mode == "listing":
-            config["ethereum"]["direct_registry_contract_address"] = \
-                address
-        elif mode == "registry":
-            logger.error(
-                "\n Only Worker registry listing address is supported." +
-                "Worker registry address is unsupported \n")
-            sys.exit(-1)
+    @param config - instance of parsed config file
+    @param options - command line options that are passed to the client
+    @param jrpc_req_id - JSON RPC request id
+    @param worker_id - worker id obtained from worker registry
+    @param worker_registry - worker registry
+    """
 
-    # worker id
-    worker_id = options.worker_id
+    # Get first worker from worker registry
+    worker_id = _lookup_first_worker(worker_registry, jrpc_req_id)
+    if worker_id is None:
+        logger.error("\n Unable to get worker \n")
+        sys.exit(-1)
 
     # work load id of worker
     workload_id = options.workload_id
@@ -342,42 +329,6 @@ def Main(args=None):
     # requester signature for work order requests
     requester_signature = options.requester_signature
 
-    # setup logging
-    config["Logging"] = {
-        "LogFile": "__screen__",
-        "LogLevel": "INFO"
-    }
-
-    plogger.setup_loggers(config.get("Logging", {}))
-    sys.stdout = plogger.stream_to_logger(
-        logging.getLogger("STDOUT"), logging.DEBUG)
-    sys.stderr = plogger.stream_to_logger(
-        logging.getLogger("STDERR"), logging.WARN)
-
-    logger.info("******* Hyperledger Avalon Generic client *******")
-
-    if mode == "registry" and address:
-        logger.error("\n Worker registry contract address is unsupported \n")
-        sys.exit(-1)
-
-    # Retrieve JSON RPC uri from registry list
-    if not uri and mode == "listing":
-        uri = _retrieve_uri_from_registry_list(config)
-        if uri is None:
-            logger.error("\n Unable to get http JSON RPC uri \n")
-            sys.exit(-1)
-
-    # Prepare worker
-    # JRPC request id. Choose any integer value
-    jrpc_req_id = 31
-    worker_registry = JRPCWorkerRegistryImpl(config)
-    if not worker_id:
-        # Get first worker from worker registry
-        worker_id = _lookup_first_worker(worker_registry, jrpc_req_id)
-        if worker_id is None:
-            logger.error("\n Unable to get worker \n")
-            sys.exit(-1)
-
     # Retrieve worker details
     jrpc_req_id += 1
     worker_retrieve_result = worker_registry.worker_retrieve(
@@ -465,10 +416,14 @@ def Main(args=None):
                     res['result'], session_key, session_iv)
             logger.info("\nDecrypted response:\n {}"
                         .format(decrypted_res))
+    # Handle worker key refresh scenario
+    elif "error" in res and \
+            res["error"]["code"] == \
+            WorkOrderStatus.WORKER_ENCRYPT_KEY_REFRESHED:
+        logger.error("Worker Key refreshed. Retrieving latest Worker details")
+        _start_client(config, options, jrpc_req_id, worker_id, worker_registry)
     else:
-        logger.error("\n Work order get result failed {}\n".format(
-            res
-        ))
+        logger.error("\n Work order get result failed {}\n".format(res))
         sys.exit(1)
 
     if show_receipt:
@@ -483,5 +438,69 @@ def Main(args=None):
             sys.exit(1)
 
 
+def Main(args=None):
+    options = _parse_command_line(args)
+
+    config = _parse_config_file(options.config)
+    if config is None:
+        logger.error("\n Error in parsing config file: {}\n".format(
+            options.config
+        ))
+        sys.exit(-1)
+
+    # mode should be one of listing or registry (default)
+    mode = options.mode
+
+    # Http JSON RPC listener uri
+    uri = options.uri
+    if uri:
+        config["tcf"]["json_rpc_uri"] = uri
+
+    # Address of smart contract
+    address = options.address
+    if address:
+        if mode == "listing":
+            config["ethereum"]["direct_registry_contract_address"] = \
+                address
+        elif mode == "registry":
+            logger.error(
+                "\n Only Worker registry listing address is supported." +
+                "Worker registry address is unsupported \n")
+            sys.exit(-1)
+
+    # worker id
+    worker_id = options.worker_id
+
+    # setup logging
+    config["Logging"] = {
+        "LogFile": "__screen__",
+        "LogLevel": "INFO"
+    }
+
+    plogger.setup_loggers(config.get("Logging", {}))
+    sys.stdout = plogger.stream_to_logger(
+        logging.getLogger("STDOUT"), logging.DEBUG)
+    sys.stderr = plogger.stream_to_logger(
+        logging.getLogger("STDERR"), logging.WARN)
+
+    logger.info("******* Hyperledger Avalon Generic client *******")
+
+    if mode == "registry" and address:
+        logger.error("\n Worker registry contract address is unsupported \n")
+        sys.exit(-1)
+
+    # Retrieve JSON RPC uri from registry list
+    if not uri and mode == "listing":
+        uri = _retrieve_uri_from_registry_list(config)
+        if uri is None:
+            logger.error("\n Unable to get http JSON RPC uri \n")
+            sys.exit(-1)
+
+    # JRPC request id. Choose any integer value
+    jrpc_req_id = 31
+    worker_registry = JRPCWorkerRegistryImpl(config)
+    _start_client(config, options, jrpc_req_id, worker_id, worker_registry)
+
+
 # -----------------------------------------------------------------------------
 Main()
diff --git a/listener/avalon_listener/tcs_work_order_handler.py b/listener/avalon_listener/tcs_work_order_handler.py
@@ -144,6 +144,8 @@ def WorkOrderGetResult(self, **params):
                     err_code = WorkOrderStatus.UNKNOWN_ERROR
                 elif err_code == EnclaveError.ENCLAVE_ERR_INVALID_WORKLOAD:
                     err_code = WorkOrderStatus.INVALID_WORKLOAD
+                elif err_code == EnclaveError.ENCLAVE_ERR_ENCRYPT_KEY_REFRESH:
+                    err_code = WorkOrderStatus.WORKER_ENCRYPT_KEY_REFRESHED
                 else:
                     err_code = WorkOrderStatus.FAILED
                 raise JSONRPCDispatchException(
