Using the New Web Host Server in Your Conclave Application
The Conclave web host server has been introduced as part of the v1.2 release of the Conclave platform. It allows developers to concentrate on building their enclave and client components without worrying about the host part. It serves as a ready-made host for your Conclave application. You could refer to our previous blog for an introduction to the web host server.
In this blog, we will take a look at how we could use the web host server in our Conclave application.
Configuring the host module to use the web host server
Apply the Gradle application plugin and set the mainClassName property as shown below. It will allow us to run the web host from the command line.
plugins {
id 'java'
id 'application'
id 'com.github.johnrengelman.shadow' version '6.1.0'
}
application {
mainClassName = "com.r3.conclave.host.web.EnclaveWebHost"
}
Notice the shadow plugin has also been added to allow us to package and run the host as a single fat jar containing all the dependencies.
We need to add the webserver as a runtime dependency as shown below. Notice that there are no compile-time dependencies. Since we are using the web host, we do not need to have any code for the host module.
dependencies {
runtimeOnly project(path: ":enclave", configuration: mode)
runtimeOnly "com.r3.conclave:conclave-web-host:$conclaveVersion"
testImplementation "com.r3.conclave:conclave-host:$conclaveVersion"
testImplementation "org.junit.jupiter:junit-jupiter:5.6.0"
}
Finally, we need to configure the shadow jar:
shadowJar {
archiveAppendix.set(mode)
archiveClassifier.set("")
}
As the host shadow jar contains the enclave, this will set the enclave mode into the host jar. Add the below code, which will allow the mode to be chosen from the command line.
def mode = findProperty("enclaveMode")?.toString()?.toLowerCase() ?: "mock"
Next, we'll discuss running the web host server itself.
Running the web host server
Use the below command to build the shadow jar.
./gradlew host:shadowJar
The shadow jar will be created in the build/libs directory of the host module.
Use the jar -jar command to run the shadow jar.
java -jar host/build/libs/host.jar
Your web host server should now be up and running. It will be ready to communicate with the client on http://localhost:8080.
Note that the enclave mode is set to mock by default. To run the enclave in a different mode, build the shadow jar using the below command.
./gradlew -PenclaveMode= host:shadowJar
To make implementing a client easier, a new EnclaveClient API has been introduced, which takes care of connecting to the web host and downloading the attestation information. It also handles the encryption and decryption of Mail and provides a simple interface for sending and receiving Mail.
The EnclaveClient is agnostic of the communication protocol used to communicate with the host. This is where the EnclaveTransport has been introduced, which defines the communication protocol. Since we are using the web host, which is HTTP-based, WebEnclaveTransport has been added to handle HTTP communication.
The below code snippet shows how to implement a simple client.
- The client.start() method takes care of connecting to the web host using the WebEnclaveTransport , and also downloads remote attestation and validates the constraints.
- The client.sendMail() method can be used to send mails to the enclave.
- If you are expecting a delay in the response, you can poll the host using the client.pollMail() method.
try (WebEnclaveTransport transport = new WebEnclaveTransport(url);
EnclaveClient client = new EnclaveClient(constraint))
{
client.start(transport);
byte[] serializedOutput = serializeMessage(roleType, bid);
// Send mail to enclave and receive response
EnclaveMail responseMail = client.sendMail(serializedOutput);
//ResponseMail is null till enclave doesn't reply back
if (responseMail == null) {
do {
Thread.sleep(2000);
//Poll for reply to enclave
responseMail = client.pollMail();
} while (responseMail == null);
}
System.out.println("Response : " + new String(responseMail.getBodyAsBytes()));
}
That is how we use the new web host and write a client to communicate with it. Thanks for reading!
Want to learn more?
Below are some helpful resources to learn more about Conclave and Confidential Computing.
- Read the Conclave 1.2 release notes.
- Visit the Conclave docsite.
- Join the Conclave Discord channel.
- Join the Conclave mailing list, where you’ll have a direct line to the Conclave developer team.
Explore more articles
The latest news and announcements about Conclave.
Respond to the U.K. and U.S. governments' PET challenges to fight global societal challenges in the areas of global finance and healthcare.