Restore CON-1135

ac101m · web-flow · commit ded9f5749b43 · 2022-12-20T12:45:08.000Z
# changes - Restore changes to gradle plugin that were inadvertently reverted by release merge #109.
diff --git a/docs/docs/enclave-configuration.md b/docs/docs/enclave-configuration.md
@@ -316,6 +316,28 @@ The path should be absolute or relative to the root of the enclave module.
     when building on Windows and macOS platforms. Additionally, on Windows, paths must use forwardslashes rather than
     the usual backslashes.
 
+## Enclave build process
+
+The Conclave gradle plugin automates the process of building a Conclave enclave and packaging it so that it can be
+instantiated elsewhere in a project.
+
+### Code hash and signer output
+
+When a Conclave enclave is built, information about the enclave is printed during the build process:
+
+```
+Enclave code hash:   4BEF016A8D35E04FCCFDDB725CE678C29A3FC284F47723869961334CED4C2A55
+Enclave code signer: 4924CA3A9C8241A3C0AA1A24A407AA86401D2B79FA9FF84932DA798A942166D4
+Enclave mode:        SIMULATION (INSECURE)
+```
+
+These values can then be used by attesting parties as part of an [enclave constraints](constraints.md) string.
+
+The code hash and signer are also written to files in the enclave module build directory at the following paths:
+
+- Code hash: `<enclave-module-dir>/build/conclave/<enclave-mode>/mrenclave`
+- Code signer: `<enclave-module-dir>/build/conclave/<enclave-mode>/mrsigner`
+
 ## Assisted configuration of Native Image builds
 
 You can generate the reflection and serialization configuration files by using the
diff --git a/docs/docs/release-notes.md b/docs/docs/release-notes.md
@@ -1,5 +1,9 @@
 # Release notes
 
+## 1.3.1
+1. To make deploying enclaves built with conclave easier, files containing the enclave code hash and signer are now 
+   generated when an enclave is built. See [here](enclave-configuration.md#enclave-build-process) for more information.
+
 ## 1.3
 
 1. :tada: **The Conclave Core SDK is now open source!** :tada: Read our
diff --git a/plugin-enclave-gradle/src/main/kotlin/com/r3/conclave/plugin/enclave/gradle/GenerateEnclaveMetadata.kt b/plugin-enclave-gradle/src/main/kotlin/com/r3/conclave/plugin/enclave/gradle/GenerateEnclaveMetadata.kt
@@ -1,8 +1,10 @@
 package com.r3.conclave.plugin.enclave.gradle
 
+import com.r3.conclave.utilities.internal.toHexString
 import org.gradle.api.file.RegularFileProperty
 import org.gradle.api.model.ObjectFactory
 import org.gradle.api.tasks.InputFile
+import org.gradle.api.tasks.OutputFile
 import org.gradle.internal.os.OperatingSystem
 import javax.inject.Inject
 import kotlin.io.path.absolutePathString
@@ -16,6 +18,12 @@ open class GenerateEnclaveMetadata @Inject constructor(
     @get:InputFile
     val inputSignedEnclave: RegularFileProperty = objects.fileProperty()
 
+    @get:OutputFile
+    val mrsignerOutputFile: RegularFileProperty = objects.fileProperty()
+
+    @get:OutputFile
+    val mrenclaveOutputFile: RegularFileProperty = objects.fileProperty()
+
     override fun action() {
         val metadataFile = temporaryDir.toPath().resolve("enclave_metadata.txt")
 
@@ -40,6 +48,10 @@ open class GenerateEnclaveMetadata @Inject constructor(
         }
 
         val enclaveMetadata = EnclaveMetadata.parseMetadataFile(metadataFile)
+
+        mrsignerOutputFile.asFile.get().writeText(enclaveMetadata.mrsigner.bytes.toHexString().uppercase())
+        mrenclaveOutputFile.asFile.get().writeText(enclaveMetadata.mrenclave.bytes.toHexString().uppercase())
+
         logger.lifecycle("Enclave code hash:   ${enclaveMetadata.mrenclave}")
         logger.lifecycle("Enclave code signer: ${enclaveMetadata.mrsigner}")
 
diff --git a/plugin-enclave-gradle/src/main/kotlin/com/r3/conclave/plugin/enclave/gradle/GradleEnclavePlugin.kt b/plugin-enclave-gradle/src/main/kotlin/com/r3/conclave/plugin/enclave/gradle/GradleEnclavePlugin.kt
@@ -371,32 +371,34 @@ class GradleEnclavePlugin @Inject constructor(private val layout: ProjectLayout)
                 type,
                 linuxExec
             ) { task ->
-                    val signingTask = enclaveExtension.signingType.map {
-                        when (it) {
-                            SigningType.DummyKey -> signEnclaveWithKeyTask
-                            SigningType.PrivateKey -> signEnclaveWithKeyTask
-                            else -> addEnclaveSignatureTask
-                        }
+                val signingTask = enclaveExtension.signingType.map {
+                    when (it) {
+                        SigningType.DummyKey -> signEnclaveWithKeyTask
+                        SigningType.PrivateKey -> signEnclaveWithKeyTask
+                        else -> addEnclaveSignatureTask
                     }
-                    task.dependsOn(signingTask)
-                    val signedEnclaveFile = enclaveExtension.signingType.flatMap {
-                        when (it) {
-                            SigningType.DummyKey -> signEnclaveWithKeyTask.outputSignedEnclave
-                            SigningType.PrivateKey -> signEnclaveWithKeyTask.outputSignedEnclave
-                            else -> {
-                                if (!enclaveExtension.mrsignerPublicKey.isPresent) {
-                                    throwMissingConfigForExternalSigning("mrsignerPublicKey")
-                                }
-                                if (!enclaveExtension.mrsignerSignature.isPresent) {
-                                    throwMissingConfigForExternalSigning("mrsignerSignature")
-                                }
-                                addEnclaveSignatureTask.outputSignedEnclave
+                }
+                task.dependsOn(signingTask)
+                val signedEnclaveFile = enclaveExtension.signingType.flatMap {
+                    when (it) {
+                        SigningType.DummyKey -> signEnclaveWithKeyTask.outputSignedEnclave
+                        SigningType.PrivateKey -> signEnclaveWithKeyTask.outputSignedEnclave
+                        else -> {
+                            if (!enclaveExtension.mrsignerPublicKey.isPresent) {
+                                throwMissingConfigForExternalSigning("mrsignerPublicKey")
+                            }
+                            if (!enclaveExtension.mrsignerSignature.isPresent) {
+                                throwMissingConfigForExternalSigning("mrsignerSignature")
                             }
+                            addEnclaveSignatureTask.outputSignedEnclave
                         }
                     }
-                    task.inputSignedEnclave.set(signedEnclaveFile)
-                    task.inputs.files(signedEnclaveFile)
                 }
+                task.inputSignedEnclave.set(signedEnclaveFile)
+                task.inputs.files(signedEnclaveFile)
+                task.mrsignerOutputFile.set(enclaveDirectory.resolve("mrsigner").toFile())
+                task.mrenclaveOutputFile.set(enclaveDirectory.resolve("mrenclave").toFile())
+            }
 
             val buildSignedEnclaveTask = target.createTask<BuildSignedEnclave>("buildSignedEnclave$type") { task ->
                 task.dependsOn(generateEnclaveMetadataTask)
