switchboard_evm/
secrets.rs

1use crate::*;
2use rand::rngs::OsRng;
3use reqwest;
4use rsa::{pkcs8::EncodePublicKey, Pkcs1v15Encrypt, RsaPrivateKey, RsaPublicKey};
5use serde::Deserialize;
6use serde_json;
7use serde_json::json;
8use std::collections::HashMap;
9use std::result::Result;
10
11#[allow(dead_code)]
12#[allow(non_snake_case)]
13#[derive(Debug, Deserialize)]
14pub struct Secrets {
15    pub keys: HashMap<String, String>,
16}
17
18/// `fetch_secrets`: to be used in conjunction with the Switchboard Secrets
19/// Server stack.
20/// When hosting your own secrets server, you may list the MR_ENCLAVE of the
21/// functions you wish to reveal your secrets to.  This will only ever expose
22/// your secrets to your code. Unless exported in your code, no chain or oracle
23/// will be able to view these secrets:
24///
25/// # Relevant Materials:
26/// - [Secret Server Github Repository](https://github.com/switchboard-xyz/secrets-server)
27///
28/// # Parameters:
29/// - `url`: the url or ip address of the secrets server in use
30///
31/// # Returns
32/// - `Map<String, String>`: The key-value store of your secrets.
33pub async fn fetch_secrets(url: &str) -> Result<Secrets, SbError> {
34    let mut os_rng = OsRng::default();
35    let priv_key = RsaPrivateKey::new(&mut os_rng, 2048).map_err(|_| SbError::KeyParseError)?;
36    let pub_key = RsaPublicKey::from(&priv_key)
37        .to_public_key_der()
38        .map_err(|_| SbError::KeyParseError)?;
39    let pub_key: &[u8] = pub_key.as_ref();
40    let secrets_quote = Gramine::generate_quote(pub_key).map_err(|_| SbError::SgxError)?;
41    let client = reqwest::Client::new();
42    let res = client
43        .post(url)
44        .json(&json!({
45            "quote": &secrets_quote,
46            "pubkey": pub_key,
47        }))
48        .send()
49        .await
50        .map_err(|_| SbError::NetworkError)?;
51    let ciphertext = res.bytes().await.map_err(|_| SbError::NetworkError)?;
52    let secrets: Secrets;
53    secrets = serde_json::from_slice(
54        &priv_key
55            .decrypt(Pkcs1v15Encrypt, &ciphertext)
56            .map_err(|_| SbError::DecryptError)?,
57    )
58    .map_err(|_| SbError::ParseError)?;
59    Ok(secrets)
60}