Merge pull request #325 from iExecBlockchainComputing/release/5.0.0

Release/5.0.0

Author: james-toussaint

Dockerfile

@@ -1,6 +1,6 @@
-FROM azul/zulu-openjdk-alpine:11.0.3-jre
+FROM openjdk:11.0.7-jre-slim
 
-RUN apk add --no-cache bash coreutils openssl zip
+RUN apt-get update && apt-get install -y --no-install-recommends bash coreutils openssl zip
 
 ENV IEXEC_DECRYPT_FILE_PATH "/decrypt-dataset.sh"
 ENV IEXEC_ENCRYPT_FILE_PATH "/encrypt-result.sh"
@@ -9,10 +9,6 @@ COPY build/resources/main/decrypt-dataset.sh    /decrypt-dataset.sh
 COPY build/resources/main/encrypt-result.sh     /encrypt-result.sh
 COPY build/resources/main/entrypoint.sh         entrypoint.sh
 
-# Default certificate will only be valid at 'https://localhost:[...]' (and not at 'https://core:[...]' for e.g.)
-COPY build/resources/main/ssl-keystore-dev.p12 /ssl/ssl-truststore.p12
-ENV IEXEC_WORKER_SSL_TRUSTSTORE /ssl/ssl-truststore.p12
-
 RUN chmod +x /decrypt-dataset.sh && \
     chmod +x /encrypt-result.sh && \
     chmod +x entrypoint.sh

build.gradle

@@ -58,7 +58,7 @@ dependencyManagement {
 dependencies {
     // iexec
     compile "com.iexec.common:iexec-common:$iexecCommonVersion"
-    // compile files("../iexec-common/build/libs/iexec-common-${iexecCommonVersion}.jar")
+    //compile files("../iexec-common/build/libs/iexec-common-${iexecCommonVersion}.jar")
 
     // spring
     compile("org.springframework.boot:spring-boot-starter") {
@@ -72,6 +72,10 @@ dependencies {
     compile "org.springframework.retry:spring-retry"
     testCompile "org.springframework.boot:spring-boot-starter-test"
 
+    // Web3j issues, see core build.gradle
+    implementation 'com.squareup.okhttp3:okhttp:4.3.1'
+    implementation 'org.jetbrains.kotlin:kotlin-stdlib:1.3.50'
+
     // docker-client
     compile 'com.spotify:docker-client:8.13.1'
     compile 'org.glassfish.jersey.inject:jersey-hk2:2.26'
@@ -143,7 +147,7 @@ uploadArchives.enabled = canUploadArchives
 
 test {
     if (System.properties['test.profile'] == 'skipDocker') {
-        exclude '**/docker/**'
+        exclude '**/compute/DockerServiceTests*'
     }
 }
 
@@ -177,7 +181,7 @@ task buildImage(type: Exec) {
 }
 
 buildImage.dependsOn prepareDockerFile
-buildImage.enabled = isMasterBranch || project.hasProperty("forceDockerBuild")
+buildImage.enabled = (isMasterBranch || isDevelopBranch ) || project.hasProperty("forceDockerBuild")
 
 task pushImage(type: Exec) {
     if (project.hasProperty("nexusUser") && project.hasProperty("nexusPassword")) {
@@ -192,7 +196,7 @@ task pushImage(type: Exec) {
 }
 
 pushImage.dependsOn buildImage
-pushImage.enabled = isMasterBranch && project.hasProperty("nexusUser") && project.hasProperty("nexusPassword")
+pushImage.enabled = (isMasterBranch || isDevelopBranch ) && project.hasProperty("nexusUser") && project.hasProperty("nexusPassword")
 
 //gradle bootRun -PproxyHost=192.168.XX.XXX -PproxyPort=3128
 project.ext.getJvmArgs = {

gradle.properties

@@ -1,4 +1,4 @@
-iexecCommonVersion=4.0.1
+iexecCommonVersion=5.0.0
 nexusUser=fake
 nexusPassword=fake
-version=4.0.2
+version=5.0.0

src/main/java/com/iexec/worker/chain/ContributionAuthorizationService.java

@@ -1,13 +1,12 @@
 package com.iexec.worker.chain;
 
 import com.iexec.common.chain.*;
-import com.iexec.common.contract.generated.IexecHubABILegacy;
+import com.iexec.common.contract.generated.IexecHubContract;
+import com.iexec.common.contribution.Contribution;
 import com.iexec.common.replicate.ReplicateStatusCause;
-import com.iexec.common.security.Signature;
+import com.iexec.common.result.ComputedFile;
 import com.iexec.common.utils.BytesUtils;
-import com.iexec.common.utils.HashUtils;
-import com.iexec.common.utils.SignatureUtils;
-
+import com.iexec.common.worker.result.ResultUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
@@ -22,20 +21,18 @@
 public class ContributionService {
 
     private IexecHubService iexecHubService;
-    private ContributionAuthorizationService contributionAuthorizationService;
+    private WorkerpoolAuthorizationService workerpoolAuthorizationService;
+    private EnclaveAuthorizationService enclaveAuthorizationService;
+    private CredentialsService credentialsService;
 
     public ContributionService(IexecHubService iexecHubService,
-                               ContributionAuthorizationService contributionAuthorizationService) {
+                               WorkerpoolAuthorizationService workerpoolAuthorizationService,
+                               EnclaveAuthorizationService enclaveAuthorizationService,
+                               CredentialsService credentialsService) {
         this.iexecHubService = iexecHubService;
-        this.contributionAuthorizationService = contributionAuthorizationService;
-    }
-
-    public static String computeResultSeal(String walletAddress, String chainTaskId, String deterministHash) {
-        return HashUtils.concatenateAndHash(walletAddress, chainTaskId, deterministHash);
-    }
-
-    public static String computeResultHash(String chainTaskId, String deterministHash) {
-        return HashUtils.concatenateAndHash(chainTaskId, deterministHash);
+        this.workerpoolAuthorizationService = workerpoolAuthorizationService;
+        this.enclaveAuthorizationService = enclaveAuthorizationService;
+        this.credentialsService = credentialsService;
     }
 
     public boolean isChainTaskInitialized(String chainTaskId) {
@@ -66,20 +63,20 @@ public Optional<ReplicateStatusCause> getCannotContributeStatusCause(String chai
             return Optional.of(CONTRIBUTION_ALREADY_SET);
         }
 
-        if (!isContributionAuthorizationPresent(chainTaskId)) {
-            return Optional.of(CONTRIBUTION_AUTHORIZATION_NOT_FOUND);
+        if (!isWorkerpoolAuthorizationPresent(chainTaskId)) {
+            return Optional.of(CONTRIBUTION_AUTHORIZATION_NOT_FOUND);//TODO Rename status to WORKERPOOL_AUTHORIZATION_NOT_FOUND
         }
 
         return Optional.empty();
     }
 
-    private boolean isContributionAuthorizationPresent(String chainTaskId) {
-        ContributionAuthorization contributionAuthorization =
-                contributionAuthorizationService.getContributionAuthorization(chainTaskId);
-        if (contributionAuthorization != null){
+    private boolean isWorkerpoolAuthorizationPresent(String chainTaskId) {
+        WorkerpoolAuthorization workerpoolAuthorization =
+                workerpoolAuthorizationService.getWorkerpoolAuthorization(chainTaskId);
+        if (workerpoolAuthorization != null) {
             return true;
         }
-        log.error("ContributionAuthorization missing [chainTaskId:{}]", chainTaskId);
+        log.error("WorkerpoolAuthorization missing [chainTaskId:{}]", chainTaskId);
         return false;
     }
 
@@ -108,14 +105,6 @@ private boolean isContributionUnsetToContribute(ChainTask chainTask) {
         return chainContribution.getStatus().equals(ChainContributionStatus.UNSET);
     }
 
-    public boolean isContributionAuthorizationValid(ContributionAuthorization auth, String signerAddress) {
-        // create the hash that was used in the signature in the core
-        byte[] message = BytesUtils.stringToBytes(
-                HashUtils.concatenateAndHash(auth.getWorkerWallet(), auth.getChainTaskId(), auth.getEnclaveChallenge()));
-
-        return SignatureUtils.isSignatureValid(message, auth.getSignature(), signerAddress);
-    }
-
     public boolean isContributionDeadlineReached(String chainTaskId) {
         Optional<ChainTask> oTask = iexecHubService.getChainTask(chainTaskId);
         if (!oTask.isPresent()) return true;
@@ -124,30 +113,64 @@ public boolean isContributionDeadlineReached(String chainTaskId) {
     }
 
     // returns ChainReceipt of the contribution if successful, null otherwise
-    public Optional<ChainReceipt> contribute(ContributionAuthorization contribAuth, String deterministHash, Signature enclaveSignature) {
-        String resultSeal = computeResultSeal(contribAuth.getWorkerWallet(), contribAuth.getChainTaskId(), deterministHash);
-        String resultHash = computeResultHash(contribAuth.getChainTaskId(), deterministHash);
-        IexecHubABILegacy.TaskContributeEventResponse contributeResponse = iexecHubService.contribute(contribAuth, resultHash, resultSeal, enclaveSignature);
+    public Optional<ChainReceipt> contribute(Contribution contribution) {
+
+        IexecHubContract.TaskContributeEventResponse contributeResponse = iexecHubService.contribute(contribution);
 
         if (contributeResponse == null) {
-            log.error("ContributeTransactionReceipt received but was null [chainTaskId:{}]", contribAuth.getChainTaskId());
+            log.error("ContributeTransactionReceipt received but was null [chainTaskId:{}]", contribution.getChainTaskId());
             return Optional.empty();
         }
 
-        ChainReceipt chainReceipt = ChainUtils.buildChainReceipt(contributeResponse.log, contribAuth.getChainTaskId(),
+        ChainReceipt chainReceipt = ChainUtils.buildChainReceipt(contributeResponse.log, contribution.getChainTaskId(),
                 iexecHubService.getLatestBlockNumber());
 
-
-
         return Optional.of(chainReceipt);
     }
 
-    public boolean putContributionAuthorization(ContributionAuthorization contributionAuthorization) {
-        return contributionAuthorizationService.putContributionAuthorization(contributionAuthorization);
+    public boolean putWorkerpoolAuthorization(WorkerpoolAuthorization workerpoolAuthorization) {
+        return workerpoolAuthorizationService.putWorkerpoolAuthorization(workerpoolAuthorization);
+    }
+
+    public WorkerpoolAuthorization getWorkerpoolAuthorization(String chainTaskId) {
+        return workerpoolAuthorizationService.getWorkerpoolAuthorization(chainTaskId);
     }
 
-    public ContributionAuthorization getContributionAuthorization(String chainTaskId) {
-        return contributionAuthorizationService.getContributionAuthorization(chainTaskId);
+    public Contribution getContribution(ComputedFile computedFile) {
+        String chainTaskId = computedFile.getTaskId();
+        WorkerpoolAuthorization workerpoolAuthorization = workerpoolAuthorizationService.getWorkerpoolAuthorization(chainTaskId);
+        if (workerpoolAuthorization == null) {
+            log.error("Cant getContribution (cant getWorkerpoolAuthorization) [chainTaskId:{}]", chainTaskId);
+            return null;
+        }
+
+        String resultDigest = computedFile.getResultDigest();
+        String resultHash = ResultUtils.computeResultHash(chainTaskId, resultDigest);
+        String resultSeal = ResultUtils.computeResultSeal(credentialsService.getCredentials().getAddress(), chainTaskId, resultDigest);
+        String workerpoolSignature = workerpoolAuthorization.getSignature().getValue();
+        String enclaveChallenge = workerpoolAuthorization.getEnclaveChallenge();
+        String enclaveSignature = computedFile.getEnclaveSignature();
+
+        boolean isTeeTask = iexecHubService.isTeeTask(chainTaskId);
+        if (isTeeTask) {
+            if (!enclaveAuthorizationService.isVerifiedEnclaveSignature(chainTaskId,
+                    resultHash, resultSeal, enclaveSignature, enclaveChallenge)){
+                log.error("Cant getContribution (isVerifiedEnclaveSignature false) [chainTaskId:{}]", chainTaskId);
+                return null;
+            }
+        } else {
+            enclaveSignature = BytesUtils.EMPTY_HEXASTRING_64;
+        }
+
+        return Contribution.builder()
+                .chainTaskId(chainTaskId)
+                .resultDigest(resultDigest)
+                .resultHash(resultHash)
+                .resultSeal(resultSeal)
+                .enclaveChallenge(enclaveChallenge)
+                .enclaveSignature(enclaveSignature)
+                .workerPoolSignature(workerpoolSignature)
+                .build();
     }
 
 }

src/main/java/com/iexec/worker/chain/ContributionService.java

@@ -1,30 +1,17 @@
 package com.iexec.worker.chain;
 
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Service;
-import org.web3j.crypto.CipherException;
-import org.web3j.crypto.Credentials;
-import org.web3j.crypto.WalletUtils;
+import com.iexec.common.chain.CredentialsAbstractService;
 
-import java.io.IOException;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
 
-@Slf4j
 @Service
-public class CredentialsService {
-
-    private Credentials credentials;
-
-    public CredentialsService(WalletDetails walletDetails) throws IOException, CipherException {
-        try {
-            credentials = WalletUtils.loadCredentials(walletDetails.getPassword(), walletDetails.getPath());
-            log.info("Load wallet credentials [address:{}] ", credentials.getAddress());
-        } catch (IOException | CipherException e) {
-            log.error("Credentials cannot be loaded [exception:{}] ", e);
-            throw e;
-        }
-    }
+public class CredentialsService extends CredentialsAbstractService {
 
-    public Credentials getCredentials() {
-        return credentials;
+    public CredentialsService(
+            @Value("${wallet.password}") String walletPassword,
+            @Value("${wallet.encryptedFilePath}") String walletPath
+    ) throws Exception {
+        super(walletPassword, walletPath);
     }
-}
+}

src/main/java/com/iexec/worker/chain/CredentialsService.java

@@ -0,0 +1,32 @@
+package com.iexec.worker.chain;
+
+import com.iexec.common.security.Signature;
+import com.iexec.common.tee.TeeEnclaveChallengeSignature;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+
+import static com.iexec.common.utils.SignatureUtils.isExpectedSignerOnSignedMessageHash;
+
+
+@Slf4j
+@Service
+public class EnclaveAuthorizationService {
+
+    public boolean isVerifiedEnclaveSignature(String chainTaskId, String resultHash, String resultSeal,
+                                              String enclaveSignature, String enclaveChallenge) {
+        if (enclaveChallenge == null || enclaveChallenge.isEmpty()) {
+            log.error("Cant verify enclave signature (enclave challenge not found) [chainTaskId:{}]", chainTaskId);
+            return false;
+        }
+
+        if (enclaveSignature == null || enclaveSignature.isEmpty()) {
+            log.error("Cant verify enclave signature (enclave signature not found) [chainTaskId:{}]", chainTaskId);
+            return false;
+        }
+
+        String messageHash = TeeEnclaveChallengeSignature.getMessageHash(resultHash, resultSeal);
+
+        return isExpectedSignerOnSignedMessageHash(messageHash,
+                new Signature(enclaveSignature), enclaveChallenge);
+    }
+}