Introducing Conclave Web Host Server: Do More With Less Code

December 14, 2021

By Ashutosh Meher, Developer Evangelist at R3


The confidential computing landscape has been emerging quickly. Organizations are now starting to understand the value of secure data processing. We at R3 are working towards supporting the fast-evolving confidential computing field with our platform Conclave by making it more robust and developer-friendly.

If you are new to Conclave, consider taking a look at one of our previous blog posts for an introduction.

What is the web host server?

Among other new features, the latest release of Conclave 1.2 introduces the Conclave web host server. One of the major pain points for developers is the requirement to code the mail transport mechanism between the client and the host. This is what the new web host server solves. It is a Spring Boot server built to serve as a host for your Conclave application.

How does the web host server help?

Let’s take a look at a typical host implementation needed for a simple Conclave application. The host needs to do some standard tasks like accepting client connection, loading the enclave, sharing attestation information with the clients, and relaying encrypted mails between the client and the enclave.

Below is the code required to start the host server to accept client connections. It uses a TCP connection, while some other implementations may use a different approach.

private void startServer(){
    ServerSocket serverSocket = null;
    Socket clientSocket = null;
    try {
        serverSocket = new ServerSocket(5051);
    }catch (IOException ioe){
        ioe.printStackTrace();
    }
    System.out.println("Listening on port 5051");
    while (true) {
        try {
            assert serverSocket != null;
            clientSocket = serverSocket.accept();
        } catch (IOException e) {
            System.out.println("I/O error: " + e);
        }
        String routingHint = UUID.randomUUID().toString();
        clientMap.put(routingHint, clientSocket);

        final EnclaveInstanceInfo attestation = enclaveHost.getEnclaveInstanceInfo();
        final byte[] attestationBytes = attestation.serialize();
        sendMessageToClient(routingHint, attestationBytes);
        recieveMailFromClientAndDeliverToEnclave(clientSocket, routingHint);
    }
}

 

This is required to load the enclave and receive enclave callbacks.

private void recieveMailFromClientAndDeliverToEnclave(Socket clientSocket, String routingHint){
    try {
        DataInputStream input = new DataInputStream(clientSocket.getInputStream());
        byte[] mailBytes = new byte[input.readInt()];
        input.readFully(mailBytes);

        enclaveHost.deliverMail(1, mailBytes, routingHint);
    }catch (IOException ioException){
        ioException.printStackTrace();
    }
}
private void sendMessageToClient(String routingHint, byte[] content){
    try {
        Socket clientSocket = clientMap.get(routingHint);
        DataOutputStream outputStream = new DataOutputStream(clientSocket.getOutputStream());
        outputStream.writeInt(content.length);
        outputStream.write(content);
        outputStream.flush();
    }catch (IOException ioe){
        ioe.printStackTrace();
        return;
    }
}

 

As you could see, the host component of a Conclave application does nothing more than some standard tasks which have nothing to do with the business logic of the application. These are tasks that can be abstracted away from the developers and they can be presented with some APIs to perform the needed tasks. This is where the new Conclave web host server comes into the picture. It serves as a ready-made host for your Conclave application.

As part of the web host server, Conclave 1.2 also introduces a new EnclaveClient API that makes managing the connection to the enclave much easier. All the developers need to do is run the web host server and call certain REST endpoints from the client to deliver mails and poll responses. This makes the lives of developers easier, as they don’t have to deal with the details of implementing the transport mechanism for the mails.

A few things to note when using the web host server

There are certain things to note though while using the web host server.

    • The current version does not allow developers to do any customizations.
    • The current version of the web host server would not be reliable across restarts. For example, if you are polling for enclave responses and the web host restarts, then any enclave responses not retrieved will be lost.
    • EnclaveTransport API has been introduced to abstract away, from EnclaveClient, the details of how mail is transported to and from the host. The WebEnclaveTransport class is provided as the concrete implementation of EnclaveTransport. If you choose to implement your own host, you could still use the WebEnclaveTransport to make things easier.

Want to learn more?

Below are some helpful resources to learn more about Conclave and Confidential Computing.