From 57ecc18c6e16c5433236dbaac96f2ad36fd18759 Mon Sep 17 00:00:00 2001
From: Bruno Vavala <bruno.vavala@intel.com>
Date: Sat, 6 Apr 2024 02:19:49 +0000
Subject: [PATCH] fix the proxy handling mechanism for the scripts that contact
 IAS in HW mode; this involves: the register-with-ledger script which
 registers the policy; the eservice script which runs and registers enclaves;
 the test scripts that will perform enclave registration (or just initialize
 enclaves, including their attestation), and which should be all called under
 unit-tests.sh

Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
---
 build/Makefile                       |  2 +-
 docker/test-sgx.yaml                 |  2 ++
 eservice/bin/register-with-ledger.sh | 25 ++++++++++++++++++-------
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/build/Makefile b/build/Makefile
index 2035c33c..335028ee 100644
--- a/build/Makefile
+++ b/build/Makefile
@@ -132,7 +132,7 @@ force-config :
 
 ifeq ($(SGX_MODE),HW)
 register : $(PYTHON_DIR)
-	@ echo registering enclave and IAS public key on the ledger
+	@ echo Register the enclave registration policy on the ledger
 	. $(abspath $(DSTDIR)/bin/activate) && $(SRCDIR)/eservice/bin/register-with-ledger.sh
 
 else
diff --git a/docker/test-sgx.yaml b/docker/test-sgx.yaml
index 833be892..9253c73e 100644
--- a/docker/test-sgx.yaml
+++ b/docker/test-sgx.yaml
@@ -20,6 +20,8 @@ services:
       - SGX_MODE=HW
 
   services_container:
+    environment:
+      - PDO_FORCE_IAS_PROXY=${PDO_FORCE_IAS_PROXY:-false}
     image: pdo_services_sgx:${PDO_VERSION:-latest}
     volumes:
       - /var/run/aesmd:/var/run/aesmd
diff --git a/eservice/bin/register-with-ledger.sh b/eservice/bin/register-with-ledger.sh
index 6cd6a048..d2432057 100755
--- a/eservice/bin/register-with-ledger.sh
+++ b/eservice/bin/register-with-ledger.sh
@@ -50,13 +50,24 @@ function DeriveIasPublicKey {
 function Store {
     try test -e ${ETCDIR}/${ESERVICE_TOML}
     yell Download IAS certificates and Compute the enclave information
-    try eservice-enclave-info \
-        --save ${eservice_enclave_info_file} \
-        --loglevel warn \
-        --logfile __screen__ \
-        --identity ${ESERVICE_IDENTITY} \
-        --config ${ESERVICE_TOML} \
-        --config-dir ${ETCDIR}
+    if [ "${PDO_FORCE_IAS_PROXY}" == "true" ]; then
+        yell PDO_FORCE_IAS_PROXY is true
+        NO_PROXY='' no_proxy='' try eservice-enclave-info \
+            --save ${eservice_enclave_info_file} \
+            --loglevel info \
+            --logfile __screen__ \
+            --identity ${ESERVICE_IDENTITY} \
+            --config ${ESERVICE_TOML} \
+            --config-dir ${ETCDIR}
+    else
+        try eservice-enclave-info \
+            --save ${eservice_enclave_info_file} \
+            --loglevel info \
+            --logfile __screen__ \
+            --identity ${ESERVICE_IDENTITY} \
+            --config ${ESERVICE_TOML} \
+            --config-dir ${ETCDIR}
+    fi
     yell Enclave info are ready
 }