Using the New Web Host Server in your Conclave application

Conclave Dec 07 2021 By: Ashutosh Meher
Comments

0 Comments

Views

1,399 Views

Using the New Web Host Server in your Conclave application
Ashutosh Meher
Ashutosh Meher Senior Developer Evangelist
Share this post:
Copied

The Conclave Web Host Server has been introduced as part of the v1.2 release of the Conclave platform. It allows developers to concentrate on building their enclave and client components without worrying about the host part. It serves as a ready-made host for your conclave application. You could refer to my previous blog for an introduction to the web host server.

If you are new to conclave, you could consider taking a look at one of my previous blog below for an introduction:
https://www.conclave.net/blog/conclave-secure-confidential-computing/

In this blog, we will take a look at how we could use the web host server in our conclave application.

Configuring the host module to use the web host

Apply the Gradle application plugin and set the mainClassName property as shown below. It will allow us to run the web host from the command line.


plugins {
    id 'java'
    id 'application'
    id 'com.github.johnrengelman.shadow' version '6.1.0'
}

application {
    mainClassName = "com.r3.conclave.host.web.EnclaveWebHost"
}

Notice the shadow plugin has also been added to allow us to package and run the host as a single fat jar containing all the dependencies.

We need to add the webserver as a runtime dependency as shown below. Notice that there are no compile-time dependencies, as we are using the web host, so we do not need to have any code for the host module.


dependencies {
    runtimeOnly project(path: ":enclave", configuration: mode)
    runtimeOnly "com.r3.conclave:conclave-web-host:$conclaveVersion"

    testImplementation "com.r3.conclave:conclave-host:$conclaveVersion"
    testImplementation "org.junit.jupiter:junit-jupiter:5.6.0"
}

Finally, we need to configure the shadow jar:


shadowJar {
    archiveAppendix.set(mode)
    archiveClassifier.set("")
}

As the host shadow jar contains the enclave, this will set the enclave mode into the host jar.

Add the below code, which will allow the mode to be chosen from the command line.


def mode = findProperty("enclaveMode")?.toString()?.toLowerCase() ?: "mock"

Running the web host

Use the below command to build the shadow jar.


./gradlew host:shadowJar

The shadow jar will be created in the build/libs directory of the host module.

Use the jar -jar command to run the shadow jar.


java -jar host/build/libs/host.jar

Your web host server should now be up and running. It will be ready to communicate with the client on http://localhost:8080.

Note that the enclave mode is set to mock by default. To run the enclave in a different mode build the shadow jar using the below command.


./gradlew -PenclaveMode= host:shadowJar

Implementing a Client to use the web host

To make implementing a client easier, a new EnclaveClient API has been introduced, which takes care of connecting to the web host and downloading the attestation information. It also handles the encryption and decryption of Mail for you and provides a simple interface for sending and receiving Mail.

The EnclaveClient is agostic of the communication protocol used to communicate with the host. This is where the EnclaveTransport has been introduced, which defines the communication protocol. Since we are using the web host, which is HTTP-based, WebEnclaveTransport has been added to handle HTTP communication.

The below code snippet shows how to implement a simple client.

  • The client.start() method takes care of connecting to the web host using the WebEnclaveTransport , and also downloads remote attestation and validates the constraints.
  • The client.sendMail() method can be used to send mails to the enclave.
  • If you are expecting a delay in the response, you can poll the host using the client.pollMail() method.

try (WebEnclaveTransport transport = new WebEnclaveTransport(url);
     EnclaveClient client = new EnclaveClient(constraint))
{
    client.start(transport);
    byte[] serializedOutput = serializeMessage(roleType, bid);

    // Send mail to enclave and receive response

    EnclaveMail responseMail = client.sendMail(serializedOutput);

    //ResponseMail is null till enclave doesn't reply back 
    if (responseMail == null) {
        do {
            Thread.sleep(2000);
            //Poll for reply to enclave
            responseMail = client.pollMail();
        } while (responseMail == null);
    }
    System.out.println("Response : " + new String(responseMail.getBodyAsBytes()));
}


That is how we use the new web host and write a client to communicate with it. I hope you liked this article. Thanks for reading.

Ashutosh Meher
Ashutosh Meher Ashutosh is a Developer Evangelist at R3, an enterprise blockchain software firm working with a global ecosystem of more than 350 participants across multiple industries from both the private and public sectors to develop on Corda, its open-source blockchain platform, Corda Enterprise, a commercial version of Corda for enterprise usage, and Conclave, a confidential computing platform. Follow Ashutosh on Twitter.

Leave a Reply

Subscribe to our newsletter to stay up to date on the latest developer news, tools, and articles.