By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
Conclave
Blog
This is some text inside of a div block.
February 3, 2023
December 30, 2021

Using the New Web Host Server in Your Conclave Application

Ashutosh Meher
Developer Evangelist at R3

The Conclave web host server has been introduced as part of the v1.2 release of the Conclave platform. It allows developers to concentrate on building their enclave and client components without worrying about the host part. It serves as a ready-made host for your Conclave application. You could refer to our previous blog for an introduction to the web host server.

In this blog, we will take a look at how we could use the web host server in our Conclave application.

Configuring the host module to use the web host server

Apply the Gradle application plugin and set the mainClassName property as shown below. It will allow us to run the web host from the command line.

plugins {
   id 'java'
   id 'application'
   id 'com.github.johnrengelman.shadow' version '6.1.0'
}

application {
   mainClassName = "com.r3.conclave.host.web.EnclaveWebHost"
}

 
Notice the shadow plugin has also been added to allow us to package and run the host as a single fat jar containing all the dependencies.

We need to add the webserver as a runtime dependency as shown below. Notice that there are no compile-time dependencies. Since we are using the web host, we do not need to have any code for the host module.

dependencies {
   runtimeOnly project(path: ":enclave", configuration: mode)
   runtimeOnly "com.r3.conclave:conclave-web-host:$conclaveVersion"

   testImplementation "com.r3.conclave:conclave-host:$conclaveVersion"
   testImplementation "org.junit.jupiter:junit-jupiter:5.6.0"
}

 
Finally, we need to configure the shadow jar:

shadowJar {
   archiveAppendix.set(mode)
   archiveClassifier.set("")
}

 
As the host shadow jar contains the enclave, this will set the enclave mode into the host jar. Add the below code, which will allow the mode to be chosen from the command line.

def mode = findProperty("enclaveMode")?.toString()?.toLowerCase() ?: "mock"
Next, we'll discuss running the web host server itself.

Running the web host server

Use the below command to build the shadow jar.

./gradlew host:shadowJar  
The shadow jar will be created in the build/libs directory of the host module.

Use the jar -jar command to run the shadow jar.

java -jar host/build/libs/host.jar  
Your web host server should now be up and running. It will be ready to communicate with the client on http://localhost:8080.

Note that the enclave mode is set to mock by default. To run the enclave in a different mode, build the shadow jar using the below command.

./gradlew -PenclaveMode= host:shadowJar
 
To make implementing a client easier, a new EnclaveClient API has been introduced, which takes care of connecting to the web host and downloading the attestation information. It also handles the encryption and decryption of Mail and provides a simple interface for sending and receiving Mail.

The EnclaveClient is agnostic of the communication protocol used to communicate with the host. This is where the EnclaveTransport has been introduced, which defines the communication protocol. Since we are using the web host, which is HTTP-based, WebEnclaveTransport has been added to handle HTTP communication.

The below code snippet shows how to implement a simple client.

  • The client.start() method takes care of connecting to the web host using the WebEnclaveTransport , and also downloads remote attestation and validates the constraints.
  • The client.sendMail() method can be used to send mails to the enclave.
  • If you are expecting a delay in the response, you can poll the host using the client.pollMail() method.

try (WebEnclaveTransport transport = new WebEnclaveTransport(url);
    EnclaveClient client = new EnclaveClient(constraint))
{
   client.start(transport);
   byte[] serializedOutput = serializeMessage(roleType, bid);

   // Send mail to enclave and receive response

   EnclaveMail responseMail = client.sendMail(serializedOutput);

   //ResponseMail is null till enclave doesn't reply back
   if (responseMail == null) {
       do {
           Thread.sleep(2000);
           //Poll for reply to enclave
           responseMail = client.pollMail();
       } while (responseMail == null);
   }
   System.out.println("Response : " + new String(responseMail.getBodyAsBytes()));
}  
That is how we use the new web host and write a client to communicate with it. Thanks for reading!

Want to learn more?

Below are some helpful resources to learn more about Conclave and Confidential Computing.

Explore more articles

The latest news and announcements about Conclave.

View all
 min read
Conclave Core

Conclave 1.1: Writing Confidential Computing Apps Just Got a Whole Lot Easier

Learn more
 min read
Confidential Computing

Supply Chain Resilience using Confidential Computing

Learn more
 min read
Confidential Computing

How familiar are you with secure computing?

Learn more