[accless] E: Thread-Local HTTP Clients

Author: csegarragonz

accless/libs/attestation/CMakeLists.txt

@@ -19,6 +19,7 @@ set(AZ_GUEST_ATTESTATION_INCLUDE_DIRS
 add_library(${CMAKE_PROJECT_TARGET}
     attestation.cpp
     ec_keypair.cpp
+    http_client.cpp
     mock.cpp
     mock_sgx.cpp
     mock_snp.cpp

accless/libs/attestation/attestation.cpp

@@ -10,61 +10,11 @@
 #include <vector>
 
 namespace accless::attestation {
-// Must match the signature libcurl expects
-static size_t curlWriteCallback(char *ptr, size_t size, size_t nmemb,
-                                void *userdata) {
-    auto *out = static_cast<std::string *>(userdata);
-    if (!out) {
-        return 0; // tells libcurl this is an error
-    }
-
-    const size_t total = size * nmemb;
-    out->append(ptr, total);
-    return total;
-}
-
 // Helper for GET requests
 static std::string http_get(const std::string &url,
                             const std::string &certPath) {
-    CURL *curl = curl_easy_init();
-    if (curl == nullptr) {
-        throw std::runtime_error("accless(att): failed to init curl");
-    }
-
-    char errbuf[CURL_ERROR_SIZE];
-    errbuf[0] = 0;
-
-    std::string response;
-    curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
-    curl_easy_setopt(curl, CURLOPT_CAINFO, certPath.c_str());
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curlWriteCallback);
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response);
-    curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
-
-    CURLcode res = curl_easy_perform(curl);
-    long status = 0;
-    curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &status);
-    curl_easy_cleanup(curl);
-
-    if (res != CURLE_OK) {
-        size_t len = strlen(errbuf);
-        fprintf(stderr, "accless(att): curl error: ");
-        if (len) {
-            fprintf(stderr, "%s%s", errbuf,
-                    ((errbuf[len - 1] != '\n') ? "\n" : ""));
-        } else {
-            fprintf(stderr, "%s\n", curl_easy_strerror(res));
-        }
-        throw std::runtime_error("accless(att): curl GET error");
-    }
-    if (status != 200) {
-        throw std::runtime_error(
-            "accless(att): GET request failed with status " +
-            std::to_string(status));
-    }
-
-    return response;
+    auto &client = http::getHttpClient(certPath);
+    return client.get(url);
 }
 
 std::pair<std::string, std::string>
@@ -86,45 +36,9 @@ std::string getJwtFromReport(const std::string &asUrl,
                              const std::string &certPath,
                              const std::string &endpoint,
                              const std::string &reportJson) {
-    std::string jwt;
-
-    CURL *curl = curl_easy_init();
-    if (!curl) {
-        std::cerr << "accless: failed to initialize CURL" << std::endl;
-        throw std::runtime_error("curl error");
-    }
-
     std::string url = asUrl + endpoint;
-    curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
-    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);
-    curl_easy_setopt(curl, CURLOPT_CAINFO, certPath.c_str());
-    curl_easy_setopt(curl, CURLOPT_POST, 1L);
-    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, reportJson.c_str());
-    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE,
-                     static_cast<long>(reportJson.size()));
-    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, curlWriteCallback);
-    curl_easy_setopt(curl, CURLOPT_WRITEDATA, &jwt);
-
-    // TODO: set error-buffer in C++ format
-
-    struct curl_slist *headers = nullptr;
-    headers = curl_slist_append(headers, "Content-Type: application/json");
-    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
-
-    // Perform the request
-    CURLcode res = curl_easy_perform(curl);
-    if (res != CURLE_OK) {
-        std::cerr << "accless: CURL error: " << curl_easy_strerror(res)
-                  << std::endl;
-        curl_easy_cleanup(curl);
-        curl_slist_free_all(headers);
-        throw std::runtime_error("curl error");
-    }
-
-    curl_easy_cleanup(curl);
-    curl_slist_free_all(headers);
-
-    return jwt;
+    auto &client = http::getHttpClient(certPath);
+    return client.postJson(url, reportJson);
 }
 
 std::string decryptJwt(const std::vector<uint8_t> &encrypted,

accless/libs/attestation/attestation.h

@@ -5,6 +5,8 @@
 
 #include <array>
 #include <cstdint>
+#include <curl/curl.h>
+#include <memory>
 #include <optional>
 #include <string>
 #include <vector>
@@ -42,6 +44,29 @@ std::string buildRequestBody(const std::string &quoteB64,
                              const std::string &nodeId);
 } // namespace utils
 
+// Helper methods around a thread-local, re-usable HTTP client.
+namespace http {
+class HttpClient {
+  public:
+    explicit HttpClient(const std::string &certPath);
+    ~HttpClient();
+
+    std::string get(const std::string &url);
+    std::string postJson(const std::string &url, const std::string &body);
+
+  private:
+    CURL *curl_{nullptr};
+    std::string certPath_;
+    std::string response_;
+    char errbuf_[CURL_ERROR_SIZE];
+
+    void prepareRequest();
+    void perform();
+};
+
+HttpClient &getHttpClient(const std::string &certPath);
+} // namespace http
+
 // Mock helpers used in integration tests.
 namespace mock {
 std::string getMockSgxAttestationJwt(const std::string &asUrl,

accless/libs/attestation/http_client.cpp

@@ -0,0 +1,117 @@
+#include "attestation.h"
+
+#include <cstring>
+#include <curl/curl.h>
+
+namespace accless::attestation::http {
+// Must match the signature libcurl expects
+static size_t curlWriteCallback(char *ptr, size_t size, size_t nmemb,
+                                void *userdata) {
+    auto *out = static_cast<std::string *>(userdata);
+    if (!out) {
+        return 0; // tells libcurl this is an error
+    }
+
+    const size_t total = size * nmemb;
+    out->append(ptr, total);
+    return total;
+}
+
+HttpClient::HttpClient(const std::string &certPath) : certPath_(certPath) {
+    curl_ = curl_easy_init();
+    if (!curl_) {
+        throw std::runtime_error("accless(att): failed to init curl");
+    }
+
+    // Set options that don’t change between requests
+    memset(errbuf_, 0, sizeof(errbuf_));
+    curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, 1L);
+    curl_easy_setopt(curl_, CURLOPT_CAINFO, certPath_.c_str());
+    curl_easy_setopt(curl_, CURLOPT_WRITEFUNCTION, curlWriteCallback);
+    curl_easy_setopt(curl_, CURLOPT_WRITEDATA, &response_);
+    curl_easy_setopt(curl_, CURLOPT_ERRORBUFFER, errbuf_);
+}
+
+HttpClient::~HttpClient() {
+    if (curl_) {
+        curl_easy_cleanup(curl_);
+    }
+}
+
+std::string HttpClient::get(const std::string &url) {
+    prepareRequest();
+    curl_easy_setopt(curl_, CURLOPT_HTTPGET, 1L);
+    curl_easy_setopt(curl_, CURLOPT_URL, url.c_str());
+
+    perform();
+
+    return response_;
+}
+
+std::string HttpClient::postJson(const std::string &url,
+                                 const std::string &body) {
+    prepareRequest();
+
+    curl_easy_setopt(curl_, CURLOPT_URL, url.c_str());
+    curl_easy_setopt(curl_, CURLOPT_POST, 1L);
+    curl_easy_setopt(curl_, CURLOPT_POSTFIELDS, body.c_str());
+    curl_easy_setopt(curl_, CURLOPT_POSTFIELDSIZE,
+                     static_cast<long>(body.size()));
+
+    struct curl_slist *headers = nullptr;
+    headers = curl_slist_append(headers, "Content-Type: application/json");
+    curl_easy_setopt(curl_, CURLOPT_HTTPHEADER, headers);
+
+    perform();
+
+    curl_slist_free_all(headers);
+    return response_;
+}
+
+void HttpClient::prepareRequest() {
+    response_.clear();
+    memset(errbuf_, 0, sizeof(errbuf_));
+
+    // Make sure we’re not leaking POST state into a GET or vice versa
+    curl_easy_setopt(curl_, CURLOPT_HTTPGET, 0L);
+    curl_easy_setopt(curl_, CURLOPT_POST, 0L);
+    curl_easy_setopt(curl_, CURLOPT_POSTFIELDS, nullptr);
+    curl_easy_setopt(curl_, CURLOPT_POSTFIELDSIZE, 0L);
+
+    // WRITEDATA always points to our response_ string
+    curl_easy_setopt(curl_, CURLOPT_WRITEDATA, &response_);
+}
+
+void HttpClient::perform() {
+    CURLcode res = curl_easy_perform(curl_);
+    long status = 0;
+    curl_easy_getinfo(curl_, CURLINFO_RESPONSE_CODE, &status);
+
+    if (res != CURLE_OK) {
+        const size_t len = std::strlen(errbuf_);
+        std::string msg = "accless(att): curl error: ";
+        if (len) {
+            msg += errbuf_;
+        } else {
+            msg += curl_easy_strerror(res);
+        }
+        throw std::runtime_error(msg);
+    }
+
+    if (status != 200) {
+        throw std::runtime_error(
+            "accless(att): HTTP request failed with status " +
+            std::to_string(status));
+    }
+}
+
+thread_local std::unique_ptr<HttpClient> tlsClient;
+
+HttpClient &getHttpClient(const std::string &certPath) {
+    if (!tlsClient) {
+        tlsClient = std::make_unique<HttpClient>(certPath);
+    }
+
+    return *tlsClient;
+}
+} // namespace accless::attestation::http

applications/functions/escrow-xput/main.cpp

@@ -258,7 +258,7 @@ void doBenchmark(const std::vector<int> &numRequests, int numWarmupRepeats,
     std::ofstream csvFile(resultsFile, std::ios::out);
     csvFile << "NumRequests,TimeElapsed\n";
 
-    int maxParallelism = 100;
+    int maxParallelism = 10;
     try {
         for (const auto &i : numRequests) {
             for (int j = 0; j < numWarmupRepeats; j++) {