peer discovery by shard status with flexible url prefix

Cargo.lock

@@ -1680,11 +1680,11 @@ dependencies = [
 
 [[package]]
 name = "form_urlencoded"
-version = "1.2.0"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a62bc1cf6f830c2ec14a513a9fb124d0a213a629668a4186f329db21fe045652"
+checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
 dependencies = [
- "percent-encoding 2.3.0",
+ "percent-encoding 2.3.1",
 ]
 
 [[package]]
@@ -2607,9 +2607,9 @@ dependencies = [
 
 [[package]]
 name = "idna"
-version = "0.4.0"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d20d6b07bfbc108882d88ed8e37d39636dcc260e15e30c45e6ba089610b917c"
+checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
 dependencies = [
  "unicode-bidi 0.3.13",
  "unicode-normalization 0.1.22",
@@ -2855,6 +2855,7 @@ dependencies = [
  "teerex-primitives",
  "thiserror 1.0.40",
  "tokio",
+ "url 2.5.0",
  "warp",
 ]
 
@@ -2933,7 +2934,7 @@ dependencies = [
  "thiserror 1.0.40",
  "thiserror 1.0.9",
  "url 2.1.1",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -3192,7 +3193,7 @@ dependencies = [
  "thiserror 1.0.40",
  "thiserror 1.0.9",
  "url 2.1.1",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -3215,7 +3216,7 @@ dependencies = [
  "serde_json 1.0.106",
  "sgx_crypto_helper",
  "thiserror 1.0.40",
- "url 2.4.0",
+ "url 2.5.0",
  "ws",
 ]
 
@@ -3260,7 +3261,7 @@ dependencies = [
  "thiserror 1.0.9",
  "tungstenite 0.14.0",
  "tungstenite 0.15.0",
- "url 2.4.0",
+ "url 2.5.0",
  "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "webpki 0.21.4 (git+https://github.com/mesalock-linux/webpki?branch=mesalock_sgx)",
  "yasna 0.3.1",
@@ -3927,6 +3928,7 @@ dependencies = [
  "itp-sgx-externalities",
  "itp-test",
  "itp-types",
+ "itp-utils",
  "its-block-verification",
  "its-primitives",
  "its-state",
@@ -4174,7 +4176,7 @@ dependencies = [
  "serde 1.0.188",
  "serde_json 1.0.106",
  "thiserror 1.0.40",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -4270,7 +4272,7 @@ dependencies = [
  "tokio",
  "tokio-rustls",
  "tokio-util 0.6.10",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -5699,11 +5701,11 @@ dependencies = [
  "byteorder 1.4.3",
  "data-encoding",
  "multihash",
- "percent-encoding 2.3.0",
+ "percent-encoding 2.3.1",
  "serde 1.0.188",
  "static_assertions",
  "unsigned-varint 0.7.1",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -5879,9 +5881,9 @@ source = "git+https://github.com/mesalock-linux/rust-url-sgx?tag=sgx_1.1.3#23832
 
 [[package]]
 name = "percent-encoding"
-version = "2.3.0"
+version = "2.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94"
+checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
 
 [[package]]
 name = "pin-project"
@@ -6449,15 +6451,15 @@ dependencies = [
  "mime",
  "native-tls",
  "once_cell 1.18.0",
- "percent-encoding 2.3.0",
+ "percent-encoding 2.3.1",
  "pin-project-lite",
  "serde 1.0.188",
  "serde_json 1.0.106",
  "serde_urlencoded",
  "tokio",
  "tokio-native-tls",
  "tower-service",
- "url 2.4.0",
+ "url 2.5.0",
  "wasm-bindgen",
  "wasm-bindgen-futures",
  "web-sys",
@@ -8240,7 +8242,7 @@ dependencies = [
  "sp-runtime",
  "sp-runtime-interface",
  "tungstenite 0.18.0",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -8833,7 +8835,7 @@ dependencies = [
  "rustls 0.19.1",
  "sha-1 0.9.8",
  "thiserror 1.0.40",
- "url 2.4.0",
+ "url 2.5.0",
  "utf-8 0.7.6",
  "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)",
  "webpki-roots 0.21.1",
@@ -8855,7 +8857,7 @@ dependencies = [
  "rand 0.8.5",
  "sha1 0.10.5",
  "thiserror 1.0.40",
- "url 2.4.0",
+ "url 2.5.0",
  "utf-8 0.7.6",
 ]
 
@@ -8865,7 +8867,7 @@ version = "1.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
 dependencies = [
- "cfg-if 0.1.10",
+ "cfg-if 1.0.0",
  "digest 0.10.7",
  "rand 0.8.5",
  "static_assertions",
@@ -9008,13 +9010,13 @@ dependencies = [
 
 [[package]]
 name = "url"
-version = "2.4.0"
+version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50bff7831e19200a85b17131d085c25d7811bc4e186efdaf54bbd132994a88cb"
+checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633"
 dependencies = [
  "form_urlencoded",
- "idna 0.4.0",
- "percent-encoding 2.3.0",
+ "idna 0.5.0",
+ "percent-encoding 2.3.1",
 ]
 
 [[package]]
@@ -9097,7 +9099,7 @@ dependencies = [
  "mime",
  "mime_guess",
  "multer",
- "percent-encoding 2.3.0",
+ "percent-encoding 2.3.1",
  "pin-project",
  "rustls-pemfile",
  "scoped-tls",
@@ -9277,7 +9279,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64b20236ab624147dfbb62cf12a19aaf66af0e41b8398838b66e997d07d269d4"
 dependencies = [
  "indexmap 1.9.3",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]
@@ -9723,7 +9725,7 @@ dependencies = [
  "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)",
  "sha-1 0.8.2",
  "slab 0.4.8",
- "url 2.4.0",
+ "url 2.5.0",
 ]
 
 [[package]]

core-primitives/extrinsics-factory/src/lib.rs

@@ -70,7 +70,7 @@ where
 	genesis_hash: H256,
 	signer: Signer,
 	nonce_cache: Arc<NonceCache>,
-	node_metadata_repository: Arc<NodeMetadataRepository>,
+	pub node_metadata_repository: Arc<NodeMetadataRepository>,
 }
 
 impl<Signer, NonceCache, NodeMetadataRepository>

enclave-runtime/Cargo.lock

@@ -2453,6 +2453,7 @@ dependencies = [
  "itp-settings",
  "itp-sgx-crypto",
  "itp-types",
+ "itp-utils",
  "its-block-verification",
  "its-primitives",
  "its-state",

enclave-runtime/src/tls_ra/tls_ra_client.rs

@@ -27,14 +27,23 @@ use crate::{
 	},
 	ocall::OcallApi,
 	tls_ra::{seal_handler::SealStateAndKeys, ClientProvisioningRequest},
+	utils::{
+		get_extrinsic_factory_from_integritee_solo_or_parachain,
+		get_validator_accessor_from_integritee_solo_or_parachain,
+	},
 	GLOBAL_SIGNING_KEY_REPOSITORY_COMPONENT, GLOBAL_STATE_HANDLER_COMPONENT,
 };
 use codec::Encode;
+use itc_parentchain::light_client::{concurrent_access::ValidatorAccess, ExtrinsicSender};
 use itp_attestation_handler::{RemoteAttestationType, DEV_HOSTNAME};
 use itp_component_container::ComponentGetter;
+use itp_extrinsics_factory::CreateExtrinsics;
+use itp_node_api::metadata::provider::AccessNodeMetadata;
+use itp_node_api_metadata::pallet_sidechain::SidechainCallIndexes;
 use itp_ocall_api::EnclaveAttestationOCallApi;
 use itp_sgx_crypto::key_repository::AccessPubkey;
-use itp_types::{AccountId, ShardIdentifier};
+use itp_types::{AccountId, OpaqueCall, ShardIdentifier, SidechainBlockNumber, H256};
+use itp_utils::hex::hex_encode;
 use log::*;
 use rustls::{ClientConfig, ClientSession, Stream};
 use sgx_types::*;
@@ -239,9 +248,45 @@ pub unsafe extern "C" fn request_state_provisioning(
 		return e.into()
 	};
 
+	if let Err(e) = touch_shard(shard) {
+		error!("touch shard error: {:?}", e);
+		return sgx_status_t::SGX_ERROR_UNEXPECTED
+	}
 	sgx_status_t::SGX_SUCCESS
 }
 
+fn touch_shard(shard: ShardIdentifier) -> EnclaveResult<()> {
+	// send confirmation about provisioning to chain to signal that we're ready to serve the shard (this will not yield an event because secondary validateers are ignored.)
+	// fixme: it would be more elegant to have a separate dispatchable for this like `touch_shard` so we don't need to abuse this call
+	// https://github.com/integritee-network/pallets/issues/232
+	let extrinsics_factory = get_extrinsic_factory_from_integritee_solo_or_parachain()?;
+	let validator_access = get_validator_accessor_from_integritee_solo_or_parachain()?;
+
+	let call = extrinsics_factory
+		.node_metadata_repository
+		.get_from_metadata(|m| m.confirm_imported_sidechain_block_indexes())
+		.map_err(|e| EnclaveError::Other(e.into()))?
+		.map_err(|e| EnclaveError::Other(format!("{:?}", e).into()))?;
+
+	let opaque_call = OpaqueCall::from_tuple(&(
+		call,
+		shard,
+		SidechainBlockNumber::from(0u8),
+		SidechainBlockNumber::from(0u8),
+		H256::default(),
+	));
+	debug!("encoded call: {}", hex_encode(opaque_call.encode().as_slice()));
+	let xts = extrinsics_factory
+		.create_extrinsics(&[opaque_call], None)
+		.map_err(|e| EnclaveError::Other(e.into()))?;
+
+	info!("Sending dummy sidechain block import confirmation extrinsic to touch the shard and signal that we're ready to receive sidechain blocks.");
+	validator_access
+		.execute_mut_on_validator(|v| v.send_extrinsics(xts))
+		.map_err(|e| EnclaveError::Other(e.into()))?;
+	Ok(())
+}
+
 /// Internal [`request_state_provisioning`] function to be able to use the handy `?` operator.
 // allowing clippy rant because this fn will be refactored with MU RA deprecation
 #[allow(clippy::too_many_arguments)]

service/Cargo.toml

@@ -26,9 +26,9 @@ serde_derive = "1.0"
 serde_json = "1.0"
 thiserror = "1.0"
 tokio = { version = "1.6.1", features = ["full"] }
+url = "2.5.0"
 warp = "0.3"
 
-
 # ipfs
 ipfs-api = "0.11.0"
 

service/src/main_impl.rs

@@ -55,8 +55,8 @@ use regex::Regex;
 use sgx_types::*;
 use sp_runtime::traits::Header as HeaderT;
 use substrate_api_client::{
-	api::XtStatus, rpc::HandleSubscription, GetChainInfo, SubmitAndWatch, SubscribeChain,
-	SubscribeEvents,
+	api::XtStatus, rpc::HandleSubscription, GetAccountInformation, GetChainInfo, SubmitAndWatch,
+	SubscribeChain, SubscribeEvents,
 };
 
 use teerex_primitives::{AnySigner, MultiEnclave};
@@ -68,6 +68,7 @@ use itp_enclave_api::Enclave;
 
 use enclave_bridge_primitives::ShardIdentifier;
 use itc_parentchain::primitives::ParentchainId;
+use itp_types::parentchain::AccountId;
 use sp_core::crypto::{AccountId32, Ss58Codec};
 use sp_keyring::AccountKeyring;
 use sp_runtime::MultiSigner;
@@ -618,7 +619,12 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 				*shard,
 			);
 
-			init_provided_shard_vault(shard, &enclave, we_are_primary_validateer);
+			init_provided_shard_vault(
+				shard,
+				&enclave,
+				&integritee_rpc_api,
+				we_are_primary_validateer,
+			);
 
 			spawn_worker_for_shard_polling(
 				shard,
@@ -665,13 +671,23 @@ fn start_worker<E, T, D, InitializationHandler, WorkerModeProvider>(
 fn init_provided_shard_vault<E: EnclaveBase>(
 	shard: &ShardIdentifier,
 	enclave: &Arc<E>,
+	node_api: &ParentchainApi,
 	we_are_primary_validateer: bool,
 ) {
 	if let Ok(shard_vault) = enclave.get_ecc_vault_pubkey(shard) {
+		// verify if proxy is set up on chain
+		let nonce = node_api.get_account_nonce(&AccountId::from(shard_vault)).unwrap();
 		println!(
-			"[Integritee] shard vault account is already initialized in state: {}",
-			shard_vault.to_ss58check()
+			"[Integritee] shard vault account is already initialized in state: {} with nonce {}",
+			shard_vault.to_ss58check(),
+			nonce
 		);
+		if nonce == 0 && we_are_primary_validateer {
+			println!(
+				"[Integritee] nonce = 0 means shard vault not properly set up on chain. will retry"
+			);
+			enclave.init_proxied_shard_vault(shard, &ParentchainId::Integritee).unwrap();
+		}
 	} else if we_are_primary_validateer {
 		println!("[Integritee] initializing proxied shard vault account now");
 		enclave.init_proxied_shard_vault(shard, &ParentchainId::Integritee).unwrap();