From 9accf745e776b9f841fe996ebee683b87be0045d Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 15:27:04 +0100 Subject: [PATCH 01/15] refactor(key-provider-agent): remove unused mode (kbs, sealing) and their dependent functions --- .../src/key_provider_agent.c | 279 +----------------- 1 file changed, 3 insertions(+), 276 deletions(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 3f12e1a..2914775 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -64,117 +64,6 @@ int app_log_level = -1; const char* command_get_key = "getKey"; char* wrap_key = ""; -char* get_key_from_kbs_through_rats_tls(rats_tls_log_level_t log_level, - char* attester_type, - char* verifier_type, - char* tls_type, - char* crypto_type, - bool mutual, - char* ip, - int port, - char* app_id) { - rats_tls_conf_t conf; - - memset(&conf, 0, sizeof(conf)); - claim_t custom_claims[1]; - if (NULL != app_id) { - custom_claims[0].name = "appId"; - custom_claims[0].value = (uint8_t *) app_id; - custom_claims[0].value_size = strlen(app_id); - conf.custom_claims = (claim_t *)custom_claims; - conf.custom_claims_length = 1; - } - conf.log_level = log_level; - strcpy(conf.attester_type, attester_type); - strcpy(conf.verifier_type, verifier_type); - strcpy(conf.tls_type, tls_type); - strcpy(conf.crypto_type, crypto_type); - conf.cert_algo = RATS_TLS_CERT_ALGO_DEFAULT; - if (mutual) - conf.flags |= RATS_TLS_CONF_FLAGS_MUTUAL; - - /* Create a socket that uses an internet IPv4 address, - * Sets the socket to be stream based (TCP), - * 0 means choose the default protocol. - */ - int sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd < 0) { - LOG_ERROR("failed to call socket()\n"); - return NULL; - } - struct sockaddr_in s_addr; - memset(&s_addr, 0, sizeof(s_addr)); - s_addr.sin_family = AF_INET; - s_addr.sin_port = htons(port); - - /* Get the server IPv4 address from the command line call */ - if (inet_pton(AF_INET, ip, &s_addr.sin_addr) != 1) { - LOG_ERROR("invalid server address\n"); - return NULL; - } - - /* Connect to the server */ - if (connect(sockfd, (struct sockaddr*)&s_addr, sizeof(s_addr)) == -1) { - LOG_ERROR("failed to call connect()\n"); - return NULL; - } - printf("app2 id is %s\n", app_id); - rats_tls_handle handle; - rats_tls_err_t ret = rats_tls_init(&conf, &handle); - if (ret != RATS_TLS_ERR_NONE) { - LOG_ERROR("Failed to initialize rats tls %#x\n", ret); - return NULL; - } - ret = rats_tls_set_verification_callback(&handle, NULL); - if (ret != RATS_TLS_ERR_NONE) { - LOG_ERROR("Failed to set verification callback %#x\n", ret); - return NULL; - } - ret = rats_tls_negotiate(handle, sockfd); - if (ret != RATS_TLS_ERR_NONE) { - LOG_ERROR("Failed to negotiate %#x\n", ret); - goto err; - } - const char* msg; - - msg = command_get_key; - - size_t len = strlen(msg); - ret = rats_tls_transmit(handle, (void*)msg, &len); - if (ret != RATS_TLS_ERR_NONE || len != strlen(msg)) { - LOG_ERROR("Failed to transmit %#x\n", ret); - goto err; - } - int buff_size = 255; - char* buf = malloc(buff_size); - len = buff_size; - ret = rats_tls_receive(handle, buf, &len); - if (ret != RATS_TLS_ERR_NONE) { - LOG_ERROR("Failed to receive %#x\n", ret); - goto err; - } - - if (len != 32) { - LOG_ERROR("get key failed, error: the key size is not 16byte\n"); - goto err; - } - - if (len >= buff_size) - len = buff_size - 1; - buf[len] = '\0'; - - ret = rats_tls_cleanup(handle); - if (ret != RATS_TLS_ERR_NONE) - LOG_ERROR("Failed to cleanup %#x\n", ret); - - return buf; - -err: - /* Ignore the error code of cleanup in order to return the prepositional - * error */ - rats_tls_cleanup(handle); - return NULL; -} int push_wrapkey_to_secret_box(const char* wrapkey) { CURL* curl; @@ -214,63 +103,12 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { } } -static size_t write_callback(void *contents, size_t size, size_t nmemb, void *userp) -{ - size_t realsize = size * nmemb; - json_t *root; - json_error_t error; - root = json_loads(contents, 0, &error); - if (NULL == root) { - LOG_ERROR("get sealing key failed, please check if attest-helper server is ready"); - } - - json_t *j_code = json_object_get(root,"code"); - int code = json_integer_value(j_code); - if (200 == code) { - json_t *j_sealingkey = json_object_get(root, "sealingKey"); - wrap_key = json_string_value(j_sealingkey); - } else { - LOG_ERROR("get sealing key failed, please retry, error code: %d", code); - } - - return realsize; -} - -int get_sealing_key() { - CURL* curl; - CURLcode res; - long http_code = 0; - - curl = curl_easy_init(); - if (curl) { - // get token - curl_easy_setopt(curl, CURLOPT_URL, "http://127.0.0.1:8080/v1/attest/sealingkey"); - curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback); - res = curl_easy_perform(curl); - if (res != CURLE_OK) { - LOG_ERROR("curl_easy_perform() failed: %s please check if attest-helper server is ready\n", curl_easy_strerror(res)); - return -1; - } - curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code); - if (http_code != 200) { - LOG_ERROR("get sealing key failed, please check if attest-helper server is ready; %ld\n", http_code); - return -1; - curl_easy_cleanup(curl); - return 0; - } - } else { - LOG_ERROR("init curl failed\n"); - return -1; - } - return 0; -} - int main(int argc, char** argv) { setvbuf(stdout, NULL, _IONBF, 0); char* mode; mode = getenv("mode"); if (NULL == mode) { - LOG_ERROR("key provider mode doest not config, support mode: 'local' or 'kbs'\n"); + LOG_ERROR("key provider mode doest not config, support mode: 'local'\n"); return -1; } @@ -285,119 +123,8 @@ int main(int argc, char** argv) { LOG_ERROR("key size is not 16byte,please check\n"); return -1; } - } else if (!strcmp(mode, "sealing")) { - int ret = get_sealing_key(); - if (ret) { - LOG_ERROR("get sealing key faield\n"); - return -1; - } - }else if (!strcmp(mode, "kbs")) { - LOG_INFO("try to get key from kbs\n"); - char* kbs_endpoint = getenv("kbsEndpoint"); - if (NULL == kbs_endpoint) { - LOG_ERROR("kbs mode must config kbsEndpoint\n"); - return -1; - } - - LOG_DEBUG("config of kbsEndpoint is %s", kbs_endpoint); - - char* srv_ip; - char* str_port; - int port; - - srv_ip = strtok(kbs_endpoint, ":"); - str_port = strtok(NULL, ":"); - if (NULL == str_port) { - LOG_ERROR("kbsEndpoint format error, eg: 127.0.0.1:5443\n"); - return -1; - } - port = atoi(str_port); - - char* app_id = getenv("appId"); - - char* const short_options = "a:v:t:c:ml:DEh"; - struct option long_options[] = { - {"attester", required_argument, NULL, 'a'}, - {"verifier", required_argument, NULL, 'v'}, - {"tls", required_argument, NULL, 't'}, - {"crypto", required_argument, NULL, 'c'}, - {"mutual", no_argument, NULL, 'm'}, - {"log-level", required_argument, NULL, 'l'}, - {"help", no_argument, NULL, 'h'}, - {0, 0, 0, 0}}; - - char* attester_type = ""; - char* verifier_type = ""; - char* tls_type = ""; - char* crypto_type = ""; - bool mutual = true; - int opt; - rats_tls_log_level_t log_level = RATS_TLS_LOG_LEVEL_INFO; - do { - opt = getopt_long(argc, argv, short_options, long_options, NULL); - switch (opt) { - case 'a': - attester_type = optarg; - break; - case 'v': - verifier_type = optarg; - break; - case 't': - tls_type = optarg; - break; - case 'c': - crypto_type = optarg; - break; - case 'l': - if (!strcasecmp(optarg, "debug")) - log_level = RATS_TLS_LOG_LEVEL_DEBUG; - else if (!strcasecmp(optarg, "info")) - log_level = RATS_TLS_LOG_LEVEL_INFO; - else if (!strcasecmp(optarg, "warn")) - log_level = RATS_TLS_LOG_LEVEL_WARN; - else if (!strcasecmp(optarg, "error")) - log_level = RATS_TLS_LOG_LEVEL_ERROR; - else if (!strcasecmp(optarg, "fatal")) - log_level = RATS_TLS_LOG_LEVEL_FATAL; - else if (!strcasecmp(optarg, "off")) - log_level = RATS_TLS_LOG_LEVEL_NONE; - break; - case -1: - break; - case 'h': - puts( - " Usage:\n\n" - " rats-tls-client [arguments]\n\n" - " Options:\n\n" - " --attester/-a value set the type of quote attester\n" - " --verifier/-v value set the type of quote verifier\n" - " --tls/-t value set the type of tls wrapper\n" - " --crypto/-c value set the type of crypto wrapper\n" - " --mutual/-m set to enable mutual attestation\n" - " --log-level/-l set the log level\n" - " --ip/-i set the listening ip address\n" - " --port/-p set the listening tcp port\n" - " --debug-enclave/-D set to enable enclave debugging\n" - " --verdictd/-E set to connect verdictd based on EAA protocol\n" - " --help/-h show the usage\n"); - exit(-1); - default: - exit(-1); - } - } while (opt != -1); - - global_log_level = log_level; - app_log_level = log_level; - - wrap_key = get_key_from_kbs_through_rats_tls(log_level, attester_type, verifier_type, - tls_type, crypto_type, mutual, srv_ip, - port, app_id); - if (NULL == wrap_key) { - LOG_ERROR("get key from kbs failed\n"); - return -1; - } - } else { - LOG_ERROR("key provider mode only support 'local' or 'kbs' or 'sealing'"); + } else { + LOG_ERROR("key provider mode only support 'local'"); return -1; } From 174d8d56656f12394ece89dc4dd0973dbdfd47fc Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 15:29:01 +0100 Subject: [PATCH 02/15] chore: remove unused variable --- .../keyprovider/key-provider-agent/src/key_provider_agent.c | 1 - 1 file changed, 1 deletion(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 2914775..4fc825c 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -62,7 +62,6 @@ int app_log_level = -1; #define DEFAULT_PORT 1234 #define DEFAULT_IP "127.0.0.1" -const char* command_get_key = "getKey"; char* wrap_key = ""; int push_wrapkey_to_secret_box(const char* wrapkey) { From 44fc91ab134a97fd8f9d0753f49bf4705210d78c Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 15:32:28 +0100 Subject: [PATCH 03/15] chore: remove unused headers --- .../key-provider-agent/src/key_provider_agent.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 4fc825c..3572fff 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -1,16 +1,9 @@ -#include #include -#include -#include -#include -#include #include #include #include -#include -#include -#include -#include +#include +#include int app_log_level = -1; #define TIMEPRINT \ do { \ From 892fc49b9e651c9684fe214578b74c2a1ea68ebc Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 15:39:28 +0100 Subject: [PATCH 04/15] chore: remove unused defined constants --- .../keyprovider/key-provider-agent/src/key_provider_agent.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 3572fff..d5d005c 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -52,8 +52,6 @@ int app_log_level = -1; printf(__VA_ARGS__); \ } while (0); -#define DEFAULT_PORT 1234 -#define DEFAULT_IP "127.0.0.1" char* wrap_key = ""; From e3b261ff852ed8d3505abfeaf37459e555078c44 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 15:44:29 +0100 Subject: [PATCH 05/15] chore: delete unsued dependencies in key-provider-agent Makefile --- cvmassistants/keyprovider/key-provider-agent/Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/Makefile b/cvmassistants/keyprovider/key-provider-agent/Makefile index 2b4cf3d..a69f152 100644 --- a/cvmassistants/keyprovider/key-provider-agent/Makefile +++ b/cvmassistants/keyprovider/key-provider-agent/Makefile @@ -1,11 +1,10 @@ CC=cc -CFLAGS += -Wall -I/usr/local/include/rats-tls/ -LDFLAGS += -L/usr/local/lib/rats-tls/ +CFLAGS += -Wall all: key_provider_agent key_provider_agent: src/key_provider_agent.c - $(CC) src/key_provider_agent.c -lcurl -lrats_tls -ljansson -o $@ $(CFLAGS) $(LDFLAGS) + $(CC) src/key_provider_agent.c -lcurl -o $@ $(CFLAGS) clean: /bin/rm -rf *.o *~ key_provider_agent From 29b52ddc7df3e6909234e26b7bb387846d52725d Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 15:57:55 +0100 Subject: [PATCH 06/15] fix: correct oversized variable --- .../keyprovider/key-provider-agent/src/key_provider_agent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index d5d005c..861e81c 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -58,7 +58,7 @@ char* wrap_key = ""; int push_wrapkey_to_secret_box(const char* wrapkey) { CURL* curl; CURLcode res; - char request_buffer[1024 * 64]; + char request_buffer[64]; long http_code = 0; curl = curl_easy_init(); From ee33a6726f893472463486558f8d9408484c57ee Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 16:22:58 +0100 Subject: [PATCH 07/15] chore: remove unused env variables in app.yml --- apploader/conf/app.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apploader/conf/app.yml b/apploader/conf/app.yml index 54fba53..946d020 100644 --- a/apploader/conf/app.yml +++ b/apploader/conf/app.yml @@ -24,9 +24,7 @@ csvAssistants: entrypoint: /workplace/csv-agent/csvassistants/keyprovider/key_provider_agent env: mode: local #local or kbs - localKey: 00112233445566778899aabbccddeeff - kbsEndpoint: 127.0.0.1:1234 - attestion: csv + localKey: 00112233445566778899aabbccddeeff args: [""] From b6bb45517d2ccdcb80c7b62d69224bc51d52d9a9 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 16:30:08 +0100 Subject: [PATCH 08/15] refactor: let "local" mode the only one available --- apploader/conf/app.yml | 1 - .../src/key_provider_agent.c | 31 ++++++------------- 2 files changed, 10 insertions(+), 22 deletions(-) diff --git a/apploader/conf/app.yml b/apploader/conf/app.yml index 946d020..ddf5a3a 100644 --- a/apploader/conf/app.yml +++ b/apploader/conf/app.yml @@ -23,7 +23,6 @@ csvAssistants: type: job entrypoint: /workplace/csv-agent/csvassistants/keyprovider/key_provider_agent env: - mode: local #local or kbs localKey: 00112233445566778899aabbccddeeff args: [""] diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 861e81c..85bd0ea 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -69,7 +69,7 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "http"); - strcat(request_buffer, "key=wrapkey&value="); + strcpy(request_buffer, "key=wrapkey&value="); strcat(request_buffer, wrapkey); LOG_DEBUG("request body is %s\n", request_buffer) @@ -95,34 +95,23 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { int main(int argc, char** argv) { setvbuf(stdout, NULL, _IONBF, 0); - char* mode; - mode = getenv("mode"); - if (NULL == mode) { - LOG_ERROR("key provider mode doest not config, support mode: 'local'\n"); + + LOG_INFO("Try to get key from local\n"); + wrap_key = getenv("localKey"); + if (NULL == wrap_key) { + LOG_ERROR("local-key does not config\n"); return -1; } - - if (!strcmp(mode, "local")) { - LOG_INFO("try to get key from local\n"); - wrap_key = getenv("localKey"); - if (NULL == wrap_key) { - LOG_ERROR("local-key doest not config\n"); - return -1; - } - if (strlen(wrap_key) != 32) { - LOG_ERROR("key size is not 16byte,please check\n"); - return -1; - } - } else { - LOG_ERROR("key provider mode only support 'local'"); + if (strlen(wrap_key) != 32) { + LOG_ERROR("Key size is not 32 bytes, please check\n"); return -1; } - LOG_INFO("get wrap_key successful from %s\n", mode); + LOG_INFO("Get wrap_key successful from local\n"); LOG_DEBUG("wrapkey is %s\n", wrap_key); int ret = push_wrapkey_to_secret_box(wrap_key); if (ret != 0) { - LOG_ERROR("push wrapkey to secret box failed\n") + LOG_ERROR("Push wrapkey to secret box failed\n"); return -1; } return 0; From e389e4903ce6522a0f00e31660ba5f081d58fa97 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Mon, 27 Oct 2025 16:34:30 +0100 Subject: [PATCH 09/15] chore: remove unused python script --- cvmassistants/keyprovider/keyprovider.py | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 cvmassistants/keyprovider/keyprovider.py diff --git a/cvmassistants/keyprovider/keyprovider.py b/cvmassistants/keyprovider/keyprovider.py deleted file mode 100644 index c0e31b0..0000000 --- a/cvmassistants/keyprovider/keyprovider.py +++ /dev/null @@ -1,13 +0,0 @@ -import requests -import os - -key = os.getenv('local-key') -print(key) -url = "http://127.0.0.1:9090/secret" -payload={"key":"wrapkey","value":key} -files=[ -] -headers = { -} -response = requests.request("POST", url, headers=headers, data=payload, files=files) -print(response.text) From 673784980d9a4e017ea11d0e25d3001af31b3f6f Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Tue, 28 Oct 2025 10:49:57 +0100 Subject: [PATCH 10/15] chore: standardize and refactor logs --- .../src/key_provider_agent.c | 89 ++++++++----------- 1 file changed, 36 insertions(+), 53 deletions(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 85bd0ea..a9de838 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -4,53 +4,36 @@ #include #include #include -int app_log_level = -1; -#define TIMEPRINT \ - do { \ - struct timeval now; \ - struct tm* ptime = NULL; \ - gettimeofday(&now, NULL); \ - ptime = gmtime(&now.tv_sec); \ - printf("[%d/%d/%d %02d:%02d:%02d]", 1900 + ptime->tm_year, \ - 1 + ptime->tm_mon, ptime->tm_mday, ptime->tm_hour, \ - ptime->tm_min, ptime->tm_sec); \ - } while (0); +// Log levels +#define LOG_LEVEL_DEBUG 0 +#define LOG_LEVEL_INFO 1 +#define LOG_LEVEL_WARN 2 +#define LOG_LEVEL_ERROR 3 -#define LOG_DEBUG(...) \ - do { \ - if (app_log_level) { \ - break; \ - } \ - TIMEPRINT \ - printf("[Debug]"); \ - printf("[%s:%d] ", __FILE__, __LINE__); \ - printf(__VA_ARGS__); \ - } while (0); +int app_log_level = LOG_LEVEL_INFO; // Default to INFO level -#define LOG_WARING(...) \ - do { \ - TIMEPRINT \ - printf("[Waring]"); \ - printf("[%s:%d] ", __FILE__, __LINE__); \ - printf(__VA_ARGS__); \ - \ - } while (0); +#define LOG_WITH_TIMESTAMP(fmt, level, associated_level, ...) \ + do { \ + if (app_log_level <= associated_level) { \ + time_t now = time(NULL); \ + struct tm *t = gmtime(&now); \ + char ts[24]; \ + strftime(ts, sizeof(ts), "%Y-%m-%d %H:%M:%S UTC", t); \ + printf("%-29s [%-5s] [%s:%d] " fmt "\n", ts, level, __FILE__, __LINE__, ##__VA_ARGS__); \ + } \ + } while (0) -#define LOG_ERROR(...) \ - do { \ - TIMEPRINT \ - printf("[Error]"); \ - printf("[%s:%d] ", __FILE__, __LINE__); \ - printf(__VA_ARGS__); \ - } while (0); +#define LOG_DEBUG(fmt, ...) \ + LOG_WITH_TIMESTAMP(fmt, "DEBUG", LOG_LEVEL_DEBUG, ##__VA_ARGS__) -#define LOG_INFO(...) \ - do { \ - TIMEPRINT \ - printf("[Info]"); \ - printf("[%s:%d] ", __FILE__, __LINE__); \ - printf(__VA_ARGS__); \ - } while (0); +#define LOG_INFO(fmt, ...) \ + LOG_WITH_TIMESTAMP(fmt, "INFO", LOG_LEVEL_INFO, ##__VA_ARGS__) + +#define LOG_WARN(fmt, ...) \ + LOG_WITH_TIMESTAMP(fmt, "WARN", LOG_LEVEL_WARN, ##__VA_ARGS__) + +#define LOG_ERROR(fmt, ...) \ + LOG_WITH_TIMESTAMP(fmt, "ERROR", LOG_LEVEL_ERROR, ##__VA_ARGS__) char* wrap_key = ""; @@ -71,24 +54,24 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { strcpy(request_buffer, "key=wrapkey&value="); strcat(request_buffer, wrapkey); - LOG_DEBUG("request body is %s\n", request_buffer) + LOG_DEBUG("Request body is %s", request_buffer); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, request_buffer); res = curl_easy_perform(curl); if (res != CURLE_OK) { - LOG_ERROR("curl_easy_perform() failed: %s \n", curl_easy_strerror(res)); + LOG_ERROR("curl_easy_perform() failed: %s", curl_easy_strerror(res)); return -1; } curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code); if (http_code != 200) { - LOG_ERROR("verify quteo from azure failed, http code is ;%ld\n", http_code); + LOG_ERROR("Verify quteo from azure failed, http code is %ld", http_code); return -1; } curl_easy_cleanup(curl); return 0; } else { - LOG_ERROR("init curl failed\n"); + LOG_ERROR("Init curl failed"); return -1; } } @@ -96,22 +79,22 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { int main(int argc, char** argv) { setvbuf(stdout, NULL, _IONBF, 0); - LOG_INFO("Try to get key from local\n"); + LOG_INFO("Try to get key from local"); wrap_key = getenv("localKey"); if (NULL == wrap_key) { - LOG_ERROR("local-key does not config\n"); + LOG_ERROR("local-key does not config"); return -1; } if (strlen(wrap_key) != 32) { - LOG_ERROR("Key size is not 32 bytes, please check\n"); + LOG_ERROR("Key size is not 32 bytes, please check"); return -1; } - LOG_INFO("Get wrap_key successful from local\n"); - LOG_DEBUG("wrapkey is %s\n", wrap_key); + LOG_INFO("Get wrap_key successful from local"); + LOG_DEBUG("Wrapkey is %s", wrap_key); int ret = push_wrapkey_to_secret_box(wrap_key); if (ret != 0) { - LOG_ERROR("Push wrapkey to secret box failed\n"); + LOG_ERROR("Push wrapkey to secret box failed"); return -1; } return 0; From d3707f97745807d2d7eda5b2d419267a3797dae3 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Tue, 28 Oct 2025 11:03:18 +0100 Subject: [PATCH 11/15] fix: correct a log error message --- .../keyprovider/key-provider-agent/src/key_provider_agent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index a9de838..8f57d8c 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -65,7 +65,7 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &http_code); if (http_code != 200) { - LOG_ERROR("Verify quteo from azure failed, http code is %ld", http_code); + LOG_ERROR("Failed to push wrap key to secret box, HTTP response code: %ld", http_code); return -1; } curl_easy_cleanup(curl); From 565d90d1c98c49b96f5a93cc00ac60f32d662c34 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Wed, 29 Oct 2025 10:21:35 +0100 Subject: [PATCH 12/15] fix: reintroduce log level management from cli --- .../src/key_provider_agent.c | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 8f57d8c..2fc40cf 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -4,6 +4,7 @@ #include #include #include +#include // Log levels #define LOG_LEVEL_DEBUG 0 #define LOG_LEVEL_INFO 1 @@ -79,6 +80,48 @@ int push_wrapkey_to_secret_box(const char* wrapkey) { int main(int argc, char** argv) { setvbuf(stdout, NULL, _IONBF, 0); + // Command line options + char* const short_options = "l:h"; + struct option long_options[] = { + {"log-level", required_argument, NULL, 'l'}, + {"help", no_argument, NULL, 'h'}, + {0, 0, 0, 0} + }; + + int opt; + do { + opt = getopt_long(argc, argv, short_options, long_options, NULL); + switch (opt) { + case 'l': + if (!strcasecmp(optarg, "debug")) + app_log_level = LOG_LEVEL_DEBUG; + else if (!strcasecmp(optarg, "info")) + app_log_level = LOG_LEVEL_INFO; + else if (!strcasecmp(optarg, "warn")) + app_log_level = LOG_LEVEL_WARN; + else if (!strcasecmp(optarg, "error")) + app_log_level = LOG_LEVEL_ERROR; + else { + LOG_ERROR("Invalid log level: %s. Valid options: debug, info, warn, error", optarg); + return -1; + } + break; + case 'h': + puts( + " Usage:\n\n" + " key-provider-agent [options]\n\n" + " Options:\n\n" + " --log-level/-l value set the log level (debug, info, warn, error)\n" + " --help/-h show the usage\n"); + exit(0); + case -1: + break; + default: + puts("Use --help for usage information"); + exit(-1); + } + } while (opt != -1); + LOG_INFO("Try to get key from local"); wrap_key = getenv("localKey"); if (NULL == wrap_key) { From 6023bebd7da09e9086d94fa7c5afc4a6e17817c7 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Wed, 29 Oct 2025 10:32:24 +0100 Subject: [PATCH 13/15] feat: inroduce no log option --- .../key-provider-agent/src/key_provider_agent.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 2fc40cf..202ba58 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -10,6 +10,7 @@ #define LOG_LEVEL_INFO 1 #define LOG_LEVEL_WARN 2 #define LOG_LEVEL_ERROR 3 +#define LOG_LEVEL_NONE 4 int app_log_level = LOG_LEVEL_INFO; // Default to INFO level @@ -101,17 +102,15 @@ int main(int argc, char** argv) { app_log_level = LOG_LEVEL_WARN; else if (!strcasecmp(optarg, "error")) app_log_level = LOG_LEVEL_ERROR; - else { - LOG_ERROR("Invalid log level: %s. Valid options: debug, info, warn, error", optarg); - return -1; - } + else if (!strcasecmp(optarg, "off")) + app_log_level = LOG_LEVEL_NONE; break; case 'h': puts( " Usage:\n\n" " key-provider-agent [options]\n\n" " Options:\n\n" - " --log-level/-l value set the log level (debug, info, warn, error)\n" + " --log-level/-l value set the log level (debug, info, warn, error, off)\n" " --help/-h show the usage\n"); exit(0); case -1: From d29a5cfc997918c2619278de5088e73702760670 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Wed, 29 Oct 2025 11:13:15 +0100 Subject: [PATCH 14/15] chore: delete dependency to libjansson-dev in base-image/Dockerfile --- base-image/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/base-image/Dockerfile b/base-image/Dockerfile index 0e70031..d77b74c 100644 --- a/base-image/Dockerfile +++ b/base-image/Dockerfile @@ -31,7 +31,6 @@ RUN apt-get install -y \ libssl-dev \ software-properties-common \ libcurl4-openssl-dev \ - libjansson-dev \ libcbor-dev # RA-TLS DCAP libraries: @@ -85,7 +84,6 @@ RUN apt-get update \ wget \ software-properties-common \ vim \ - libjansson-dev \ libcbor-dev RUN mkdir -p /usr/share/zoneinfo/ From f89d20f8c209e2578d5abbd2517943f61c0b26d3 Mon Sep 17 00:00:00 2001 From: aghiles-ait Date: Wed, 29 Oct 2025 13:36:32 +0100 Subject: [PATCH 15/15] chore: replace header to keep lexicographic order --- .../keyprovider/key-provider-agent/src/key_provider_agent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c index 202ba58..3c266e6 100644 --- a/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c +++ b/cvmassistants/keyprovider/key-provider-agent/src/key_provider_agent.c @@ -1,10 +1,10 @@ #include +#include #include #include #include #include #include -#include // Log levels #define LOG_LEVEL_DEBUG 0 #define LOG_LEVEL_INFO 1