Introducing Conclave Web Host Server: Do more with less code

Conclave Dec 07 2021 By: Ashutosh Meher
Comments

0 Comments

Views

550 Views

Introducing Conclave Web Host Server: Do More with Less Code
Ashutosh Meher
Ashutosh Meher Senior Developer Evangelist
Share this post:
Copied

The confidential computing landscape has been emerging quickly. Organizations are now starting the understand the value of secure data processing. We at R3 are working towards supporting the fast-evolving confidential computing field with our platform “Conclave” by making it more robust and developer-friendly.

If you are new to conclave, you could consider taking a look at one of my previous blog below for an introduction:
https://www.conclave.net/blog/conclave-secure-confidential-computing/

What is the Web Host Server?

Among other new features, the latest release of Conclave i.e. v1.2 introduces the Conclave web host server. One of the major pain for developers in writing conclave applications is the requirement to code the mail transport mechanism between the client and the host. This is what the new web host server solves. It is a Spring Boot server built to serve as a host for your conclave application.

How does the Web Host Server help?

Let’s take a look at a typical host implementation needed for a simple conclave application. The host needs to do some standard tasks like accepting client connection, loading the enclave, sharing attestation information with the clients, and relaying encrypted mails between client and enclave.

  • Below is the code required to start the host server to accept client connections. It uses a TCP connection, some other implementations may use a different approach.

private void startServer(){
    ServerSocket serverSocket = null;
    Socket clientSocket = null;
    try {
        serverSocket = new ServerSocket(5051);
    }catch (IOException ioe){
        ioe.printStackTrace();
    }
    System.out.println("Listening on port 5051");
    while (true) {
        try {
            assert serverSocket != null;
            clientSocket = serverSocket.accept();
        } catch (IOException e) {
            System.out.println("I/O error: " + e);
        }
        String routingHint = UUID.randomUUID().toString();
        clientMap.put(routingHint, clientSocket);

        final EnclaveInstanceInfo attestation = enclaveHost.getEnclaveInstanceInfo();
        final byte[] attestationBytes = attestation.serialize();
        sendMessageToClient(routingHint, attestationBytes);
        recieveMailFromClientAndDeliverToEnclave(clientSocket, routingHint);
    }
}

  • This is required to load the enclave and receive enclave callbacks.

private void recieveMailFromClientAndDeliverToEnclave(Socket clientSocket, String routingHint){
    try {
        DataInputStream input = new DataInputStream(clientSocket.getInputStream());
        byte[] mailBytes = new byte[input.readInt()];
        input.readFully(mailBytes);

        enclaveHost.deliverMail(1, mailBytes, routingHint);
    }catch (IOException ioException){
        ioException.printStackTrace();
    }
}


private void sendMessageToClient(String routingHint, byte[] content){
    try {
        Socket clientSocket = clientMap.get(routingHint);
        DataOutputStream outputStream = new DataOutputStream(clientSocket.getOutputStream());
        outputStream.writeInt(content.length);
        outputStream.write(content);
        outputStream.flush();
    }catch (IOException ioe){
        ioe.printStackTrace();
        return;
    }
}

As you could see, the host component of a conclave application does nothing more than some standard tasks which have nothing to do with the business logic of the application. These are tasks that can be abstracted away from the developers and they can be presented with some APIs to perform the needed tasks. This is where the new Conclave web host server comes into the picture. It serves as a ready-made host for your conclave application.

As part of the web host server Conclave 1.2 also introduces a new EnclaveClient API which makes managing the connection to the enclave much easier and we provide a web implementation for the client for connecting to the web host. All the developers need to do is run the web host server, and call certain REST endpoints from the client to deliver mails and poll responses. This makes the lives of developers easier, as they don’t anymore have to deal with the details of implementing the transport mechanism for the mails.


There are certain things to note though while using the web host server.

  • The current version does not allow developers to do any customizations. It doesn’t currently allow developers to extend it and add custom functionalities.
  • The current version of the web host server would not be reliable across restarts, i.e. if you are polling for enclave responses and the web host restarts, then any enclave responses not retrieved will be lost.
  • EnclaveTransport API has been introduced to abstract away, from EnclaveClient, the details of how mail is transported to and from the host. WebEnclaveTransport class is provided as the concrete implementation of EnclaveTransport. If you choose to implement your own host, you could still use the WebEnclaveTransport to make things easier.

I hope you find this article interesting and also love using the Conclave new web host server, and relieve yourself from building the transport mechanism for your conclave applications.

Ashutosh Meher
Ashutosh Meher Ashutosh is a Developer Evangelist at R3, an enterprise blockchain software firm working with a global ecosystem of more than 350 participants across multiple industries from both the private and public sectors to develop on Corda, its open-source blockchain platform, Corda Enterprise, a commercial version of Corda for enterprise usage, and Conclave, a confidential computing platform. Follow Ashutosh on Twitter.

Leave a Reply

Subscribe to our newsletter to stay up to date on the latest developer news, tools, and articles.