diff --git a/src/main/java/com/iexec/sms/tee/session/base/SecretEnclaveBase.java b/src/main/java/com/iexec/sms/tee/session/base/SecretEnclaveBase.java index 79598978..92610aed 100644 --- a/src/main/java/com/iexec/sms/tee/session/base/SecretEnclaveBase.java +++ b/src/main/java/com/iexec/sms/tee/session/base/SecretEnclaveBase.java @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 IEXEC BLOCKCHAIN TECH + * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,5 +30,5 @@ public class SecretEnclaveBase { @JsonProperty("mrenclave") String mrenclave; @JsonProperty("environment") - Map environment; + Map environment; } diff --git a/src/main/java/com/iexec/sms/tee/session/base/SecretSessionBaseService.java b/src/main/java/com/iexec/sms/tee/session/base/SecretSessionBaseService.java index 71608163..fb27e630 100644 --- a/src/main/java/com/iexec/sms/tee/session/base/SecretSessionBaseService.java +++ b/src/main/java/com/iexec/sms/tee/session/base/SecretSessionBaseService.java @@ -188,7 +188,7 @@ private List fetchDatasetOrders(final TaskDescription taskDescript } } - private Map getBulkDatasetTokens(final int index, + private Map getBulkDatasetTokens(final int index, final TaskDescription taskDescription, final DatasetOrder datasetOrder) { final String prefix = IEXEC_DATASET_PREFIX + (index + 1); @@ -235,17 +235,17 @@ boolean isBulkDatasetOrderCompatibleWithDeal(final DatasetOrder datasetOrder, fi SecretEnclaveBase getPreComputeTokens(final TeeSessionRequest request, final Map signTokens) throws TeeSessionGenerationException { final SecretEnclaveBaseBuilder enclaveBase = SecretEnclaveBase.builder(); enclaveBase.name("pre-compute"); - final Map tokens = new HashMap<>(); + final Map tokens = new HashMap<>(); final TaskDescription taskDescription = request.getTaskDescription(); final String taskId = taskDescription.getChainTaskId(); enclaveBase.mrenclave(request.getTeeServicesProperties().getPreComputeProperties().getFingerprint()); tokens.put(IEXEC_PRE_COMPUTE_OUT.name(), IexecFileHelper.SLASH_IEXEC_IN); // `IS_DATASET_REQUIRED` still meaningful? - tokens.put(IS_DATASET_REQUIRED.name(), taskDescription.containsDataset()); + tokens.put(IS_DATASET_REQUIRED.name(), String.valueOf(taskDescription.containsDataset())); if (taskDescription.isBulkRequest()) { final List orders = fetchDatasetOrders(taskDescription); - tokens.put(IEXEC_BULK_SLICE_SIZE.name(), orders.size()); + tokens.put(IEXEC_BULK_SLICE_SIZE.name(), String.valueOf(orders.size())); for (int i = 0; i < orders.size(); i++) { final DatasetOrder order = orders.get(i); tokens.putAll(getBulkDatasetTokens(i, taskDescription, order)); @@ -307,7 +307,7 @@ SecretEnclaveBase getAppTokens(final TeeSessionRequest request) throws TeeSessio enclaveBase.name("app"); final TaskDescription taskDescription = request.getTaskDescription(); - final Map tokens = new HashMap<>(); + final Map tokens = new HashMap<>(); final TeeEnclaveConfiguration enclaveConfig = taskDescription.getAppEnclaveConfiguration(); if (enclaveConfig == null) { throw new TeeSessionGenerationException( @@ -323,7 +323,7 @@ SecretEnclaveBase getAppTokens(final TeeSessionRequest request) throws TeeSessio enclaveBase.mrenclave(enclaveConfig.getFingerprint()); - final Map computeSecrets = getApplicationComputeSecrets(taskDescription); + final Map computeSecrets = getApplicationComputeSecrets(taskDescription); tokens.putAll(computeSecrets); // trusted env variables (not confidential) tokens.putAll(IexecEnvUtils.getComputeStageEnvMap(taskDescription)); @@ -332,7 +332,7 @@ SecretEnclaveBase getAppTokens(final TeeSessionRequest request) throws TeeSessio final List addresses = fetchDatasetOrders(taskDescription).stream() .map(DatasetOrder::getDataset) .toList(); - tokens.put(IEXEC_BULK_SLICE_SIZE.name(), addresses.size()); + tokens.put(IEXEC_BULK_SLICE_SIZE.name(), String.valueOf(addresses.size())); for (int i = 0; i < addresses.size(); i++) { tokens.put(IEXEC_DATASET_PREFIX + (i + 1) + IEXEC_DATASET_FILENAME_SUFFIX, addresses.get(i)); } @@ -356,8 +356,8 @@ SecretEnclaveBase getAppTokens(final TeeSessionRequest request) throws TeeSessio * @param taskDescription A task description * @return A {@code Map} containing secrets retrieved from the database. */ - private Map getApplicationComputeSecrets(final TaskDescription taskDescription) { - final Map tokens = new HashMap<>(); + private Map getApplicationComputeSecrets(final TaskDescription taskDescription) { + final Map tokens = new HashMap<>(); final List ids = getAppComputeSecretsHeaders(taskDescription); log.debug("TeeTaskComputeSecret looking for secrets [chainTaskId:{}, count:{}]", taskDescription.getChainTaskId(), ids.size()); @@ -434,7 +434,7 @@ SecretEnclaveBase getPostComputeTokens(final TeeSessionRequest request, final Ma final SecretEnclaveBaseBuilder enclaveBase = SecretEnclaveBase.builder() .name("post-compute") .mrenclave(request.getTeeServicesProperties().getPostComputeProperties().getFingerprint()); - final Map tokens = new HashMap<>(); + final Map tokens = new HashMap<>(); final TaskDescription taskDescription = request.getTaskDescription(); final List ids = getPostComputeSecretHeaders(taskDescription, request.getWorkerAddress()); log.debug("Web2Secret looking for secrets [chainTaskId:{}, count:{}]", diff --git a/src/main/java/com/iexec/sms/tee/session/gramine/GramineSessionMakerService.java b/src/main/java/com/iexec/sms/tee/session/gramine/GramineSessionMakerService.java index 88127242..4728a88e 100644 --- a/src/main/java/com/iexec/sms/tee/session/gramine/GramineSessionMakerService.java +++ b/src/main/java/com/iexec/sms/tee/session/gramine/GramineSessionMakerService.java @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 IEXEC BLOCKCHAIN TECH + * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,7 +37,7 @@ public class GramineSessionMakerService { private final SecretSessionBaseService secretSessionBaseService; - public GramineSessionMakerService(SecretSessionBaseService secretSessionBaseService) { + public GramineSessionMakerService(final SecretSessionBaseService secretSessionBaseService) { this.secretSessionBaseService = secretSessionBaseService; } @@ -49,29 +49,25 @@ public GramineSessionMakerService(SecretSessionBaseService secretSessionBaseServ * @return session config */ @NonNull - public GramineSession generateSession(TeeSessionRequest request) throws TeeSessionGenerationException { - SecretSessionBase baseSession = secretSessionBaseService.getSecretsTokens(request); - GramineSessionBuilder gramineSession = GramineSession.builder() + public GramineSession generateSession(final TeeSessionRequest request) throws TeeSessionGenerationException { + final SecretSessionBase baseSession = secretSessionBaseService.getSecretsTokens(request); + final GramineSessionBuilder gramineSession = GramineSession.builder() .session(request.getSessionId()); - GramineEnclave gramineAppEnclave = toGramineEnclave(baseSession.getAppCompute()); - GramineEnclave graminePostEnclave = toGramineEnclave(baseSession.getPostCompute()); + final GramineEnclave gramineAppEnclave = toGramineEnclave(baseSession.getAppCompute()); + final GramineEnclave graminePostEnclave = toGramineEnclave(baseSession.getPostCompute()); - return gramineSession.enclaves(List.of( - // No pre-compute for now - gramineAppEnclave, - graminePostEnclave)) + // No pre-compute for now + return gramineSession + .enclaves(List.of(gramineAppEnclave, graminePostEnclave)) .build(); } - private GramineEnclave toGramineEnclave(SecretEnclaveBase enclaveBase) { + private GramineEnclave toGramineEnclave(final SecretEnclaveBase enclaveBase) { return GramineEnclave.builder() .name(enclaveBase.getName()) .mrenclave(enclaveBase.getMrenclave()) - // TODO: Validate command-line arguments from the host - // (https://github.com/gramineproject/gsc/issues/13) .command("") .environment(enclaveBase.getEnvironment()) - // TODO: Remove useless volumes when SPS is ready .volumes(List.of()) .build(); } diff --git a/src/main/java/com/iexec/sms/tee/session/gramine/sps/GramineEnclave.java b/src/main/java/com/iexec/sms/tee/session/gramine/sps/GramineEnclave.java index 647d60d3..0d2a7188 100644 --- a/src/main/java/com/iexec/sms/tee/session/gramine/sps/GramineEnclave.java +++ b/src/main/java/com/iexec/sms/tee/session/gramine/sps/GramineEnclave.java @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 IEXEC BLOCKCHAIN TECH + * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,8 @@ package com.iexec.sms.tee.session.gramine.sps; import com.fasterxml.jackson.annotation.JsonProperty; -import lombok.*; +import lombok.Builder; +import lombok.Value; import java.util.List; import java.util.Map; @@ -33,7 +34,7 @@ public class GramineEnclave { @JsonProperty("command") String command; @JsonProperty("environment") - Map environment; + Map environment; @JsonProperty("volumes") List volumes; diff --git a/src/main/java/com/iexec/sms/tee/session/scone/SconeSessionMakerService.java b/src/main/java/com/iexec/sms/tee/session/scone/SconeSessionMakerService.java index 6eb3b1e2..a30f1091 100644 --- a/src/main/java/com/iexec/sms/tee/session/scone/SconeSessionMakerService.java +++ b/src/main/java/com/iexec/sms/tee/session/scone/SconeSessionMakerService.java @@ -154,7 +154,7 @@ private URL resolveValidAttestationServer() { private SconeEnclave toSconeEnclave(final SecretEnclaveBase enclaveBase, final String command, final boolean addJavaEnvVars) { - final HashMap enclaveEnvironment = new HashMap<>(enclaveBase.getEnvironment()); + final HashMap enclaveEnvironment = new HashMap<>(enclaveBase.getEnvironment()); if (addJavaEnvVars) { enclaveEnvironment.putAll( Map.of( diff --git a/src/main/java/com/iexec/sms/tee/session/scone/cas/SconeEnclave.java b/src/main/java/com/iexec/sms/tee/session/scone/cas/SconeEnclave.java index eae0a921..b33f3178 100644 --- a/src/main/java/com/iexec/sms/tee/session/scone/cas/SconeEnclave.java +++ b/src/main/java/com/iexec/sms/tee/session/scone/cas/SconeEnclave.java @@ -1,5 +1,5 @@ /* - * Copyright 2022-2023 IEXEC BLOCKCHAIN TECH + * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,8 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.*; +import lombok.Builder; +import lombok.Value; import lombok.extern.slf4j.Slf4j; import java.util.List; @@ -41,16 +42,16 @@ public class SconeEnclave { @JsonProperty("command") String command; @JsonProperty("environment") - Map environment; + Map environment; - @Override - public String toString() { - try { - return new ObjectMapper().writeValueAsString(this); - } catch (JsonProcessingException e) { - log.error("Failed to write CAS session as string [session:{}]", name, e); - return ""; + @Override + public String toString() { + try { + return new ObjectMapper().writeValueAsString(this); + } catch (JsonProcessingException e) { + log.error("Failed to write CAS session as string [session:{}]", name, e); + return ""; + } } - } } diff --git a/src/test/java/com/iexec/sms/tee/session/base/SecretSessionBaseServiceTests.java b/src/test/java/com/iexec/sms/tee/session/base/SecretSessionBaseServiceTests.java index 8162c680..3676da39 100644 --- a/src/test/java/com/iexec/sms/tee/session/base/SecretSessionBaseServiceTests.java +++ b/src/test/java/com/iexec/sms/tee/session/base/SecretSessionBaseServiceTests.java @@ -291,7 +291,7 @@ void shouldGetPreComputeBulkProcessingTokensForInvalidOrder() throws Exception { assertThat(enclaveBase.getName()).isEqualTo("pre-compute"); assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT); assertThat(enclaveBase.getEnvironment()).containsAllEntriesOf(Map.ofEntries( - Map.entry("IEXEC_BULK_SLICE_SIZE", 1), + Map.entry("IEXEC_BULK_SLICE_SIZE", "1"), Map.entry("IEXEC_DATASET_1_URL", ""), Map.entry("IEXEC_DATASET_1_CHECKSUM", ""), Map.entry("IEXEC_DATASET_1_KEY", ""), @@ -332,7 +332,7 @@ void shouldGetPreComputeBulkProcessingTokensForValidOrder() throws Exception { assertThat(enclaveBase.getName()).isEqualTo("pre-compute"); assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT); assertThat(enclaveBase.getEnvironment()).containsAllEntriesOf(Map.ofEntries( - Map.entry("IEXEC_BULK_SLICE_SIZE", 1), + Map.entry("IEXEC_BULK_SLICE_SIZE", "1"), Map.entry("IEXEC_DATASET_1_URL", DATASET_URL), Map.entry("IEXEC_DATASET_1_CHECKSUM", DATASET_CHECKSUM), Map.entry("IEXEC_DATASET_1_KEY", DATASET_KEY), @@ -355,7 +355,7 @@ void shouldNotGetBulkProcessingPreComputeTokens() throws Exception { ); assertThat(enclaveBase.getName()).isEqualTo("pre-compute"); assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT); - assertThat(enclaveBase.getEnvironment()).contains(Map.entry("IEXEC_BULK_SLICE_SIZE", 0)); + assertThat(enclaveBase.getEnvironment()).contains(Map.entry("IEXEC_BULK_SLICE_SIZE", "0")); } @Test @@ -375,12 +375,12 @@ void shouldGetPreComputeTokensWithDataset() throws Exception { ); assertThat(enclaveBase.getName()).isEqualTo("pre-compute"); assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT); - final Map expectedTokens = Map.ofEntries( + final Map expectedTokens = Map.ofEntries( Map.entry("IEXEC_DEAL_ID", DEAL_ID), Map.entry("IEXEC_TASK_INDEX", "0"), Map.entry("IEXEC_TASK_ID", TASK_ID), Map.entry("IEXEC_PRE_COMPUTE_OUT", "/iexec_in"), - Map.entry("IS_DATASET_REQUIRED", true), + Map.entry("IS_DATASET_REQUIRED", "true"), Map.entry("IEXEC_DATASET_KEY", DATASET_KEY), Map.entry("IEXEC_DATASET_URL", DATASET_URL), Map.entry("IEXEC_DATASET_FILENAME", DATASET_ADDRESS), @@ -426,12 +426,12 @@ void shouldGetPreComputeTokensWithoutDataset() throws Exception { ); assertThat(enclaveBase.getName()).isEqualTo("pre-compute"); assertThat(enclaveBase.getMrenclave()).isEqualTo(PRE_COMPUTE_FINGERPRINT); - final Map expectedTokens = Map.ofEntries( + final Map expectedTokens = Map.ofEntries( Map.entry("IEXEC_DEAL_ID", DEAL_ID), Map.entry("IEXEC_TASK_INDEX", "0"), Map.entry("IEXEC_TASK_ID", TASK_ID), Map.entry("IEXEC_PRE_COMPUTE_OUT", "/iexec_in"), - Map.entry("IS_DATASET_REQUIRED", false), + Map.entry("IS_DATASET_REQUIRED", "false"), Map.entry("IEXEC_INPUT_FILES_FOLDER", "/iexec_in"), Map.entry("IEXEC_INPUT_FILES_NUMBER", "2"), Map.entry("IEXEC_INPUT_FILE_URL_1", INPUT_FILE_URL_1), @@ -462,7 +462,7 @@ void shouldGetAppComputeBulkProcessingTokens() throws TeeSessionGenerationExcept assertThat(enclaveBase.getName()).isEqualTo("app"); assertThat(enclaveBase.getMrenclave()).isEqualTo(APP_FINGERPRINT); assertThat(enclaveBase.getEnvironment()).containsAllEntriesOf(Map.ofEntries( - Map.entry("IEXEC_BULK_SLICE_SIZE", 1), + Map.entry("IEXEC_BULK_SLICE_SIZE", "1"), Map.entry("IEXEC_DATASET_1_FILENAME", datasetAddress) )); } @@ -483,7 +483,7 @@ void shouldGetAppTokensForAdvancedTaskDescription() throws TeeSessionGenerationE final SecretEnclaveBase enclaveBase = teeSecretsService.getAppTokens(request); assertThat(enclaveBase.getName()).isEqualTo("app"); assertThat(enclaveBase.getMrenclave()).isEqualTo(APP_FINGERPRINT); - final Map expectedTokens = Map.ofEntries( + final Map expectedTokens = Map.ofEntries( Map.entry("IEXEC_DEAL_ID", DEAL_ID), Map.entry("IEXEC_TASK_INDEX", "0"), Map.entry("IEXEC_TASK_ID", TASK_ID), @@ -541,7 +541,7 @@ void shouldGetTokensWithEmptyAppComputeSecretWhenSecretsDoNotExist() throws TeeS final SecretEnclaveBase enclaveBase = teeSecretsService.getAppTokens(request); assertThat(enclaveBase.getName()).isEqualTo("app"); assertThat(enclaveBase.getMrenclave()).isEqualTo(APP_FINGERPRINT); - final Map expectedTokens = Map.ofEntries( + final Map expectedTokens = Map.ofEntries( Map.entry("IEXEC_DEAL_ID", DEAL_ID), Map.entry("IEXEC_TASK_INDEX", "0"), Map.entry("IEXEC_TASK_ID", TASK_ID), @@ -652,7 +652,7 @@ void shouldGetPostComputeTokens() throws Exception { ); assertThat(enclaveBase.getName()).isEqualTo("post-compute"); assertThat(enclaveBase.getMrenclave()).isEqualTo(POST_COMPUTE_FINGERPRINT); - final Map expectedTokens = Map.of( + final Map expectedTokens = Map.of( // encryption tokens "RESULT_ENCRYPTION", "true", "RESULT_ENCRYPTION_PUBLIC_KEY", ENCRYPTION_PUBLIC_KEY,