Updated Repo

Doc/AWS-documentation.md

@@ -0,0 +1,142 @@
+# AWS Bootcamp – Configuring an EC2 Instance
+
+---
+
+## 1. Introduction to AWS
+
+### What is AWS?
+Amazon Web Services (AWS) is a comprehensive cloud computing platform offering a wide range of services, including computing power, storage, networking, databases, analytics, and machine learning. AWS enables organizations and individuals to deploy applications and services without the need for physical hardware.
+
+### Why Use AWS?
+- **Cost Efficiency** – Pay only for the resources you use.
+- **Scalability** – Easily scale resources up or down to meet demand.
+- **Global Reach** – Deploy resources in multiple geographic regions.
+- **Security** – Enterprise-grade security with compliance certifications.
+
+---
+
+## 2. Key AWS Concepts
+
+- **Region** – A geographical area containing AWS data centers. Selecting the correct region can optimize performance, reduce costs, and ensure compliance with data regulations.
+- **Availability Zone (AZ)** – One or more isolated data centers within a region, providing redundancy and fault tolerance.
+- **Service** – An AWS feature or capability (e.g., EC2 for compute, S3 for storage).
+- **EC2 (Elastic Compute Cloud)** – A service that provides resizable virtual servers.
+- **Instance** – A single virtual server running on AWS EC2.
+- **AMI (Amazon Machine Image)** – A pre-configured template containing an operating system and optional software, used to launch an EC2 instance.
+
+---
+
+## 3. Prerequisites
+
+- An active AWS account ([Create one here](https://aws.amazon.com))
+- A laptop or desktop computer with internet access
+- For connection via terminal: basic familiarity with command-line tools (optional)
+
+---
+
+## 4. Step-by-Step: Launching a Standard EC2 Instance
+
+**Objective:** Deploy a virtual server on AWS.
+
+### Step 1: Log in to the AWS Management Console
+1. Navigate to [AWS Console](https://aws.amazon.com/console)
+2. Sign in using your AWS credentials.
+
+### Step 2: Access the EC2 Service
+1. In the search bar at the top of the AWS Console, type `EC2`.
+2. Select **EC2** from the search results to access the EC2 dashboard.
+
+### Step 3: Launch a New Instance
+1. Click **Launch Instance**.
+2. Under **Name and tags**, provide a descriptive name for your instance (e.g., `myCertifierServer`).
+
+### Step 4: Select an AMI (Operating System)
+- Recommended: **Amazon Linux 2 AMI** or **Ubuntu 20.04 LTS**.
+
+### Step 5: Choose an Instance Type
+- For initial testing and free-tier eligibility, select **t2.micro**.
+
+### Step 6: Create a Key Pair (For Secure Login)
+1. Under **Key pair (login)**, select **Create new key pair**.
+2. Provide a name (e.g., `mykeypair`).
+3. Choose file format:
+   - **PEM** for macOS/Linux
+   - **PPK** for Windows (PuTTY)
+4. Download the file and store it securely — this is required for SSH access.
+
+### Step 7: Configure Network Settings (Security Group)
+1. Allow **SSH (port 22)** access from your IP address for secure terminal access.
+2. If hosting a website, also allow **HTTP (port 80)** and **HTTPS (port 443)**.
+
+### Step 8: Launch the Instance
+- Review all configurations and click **Launch Instance**.
+- Wait until the **Instance state** changes to **Running**.
+
+---
+
+## 5. Connecting to Your Instance
+
+### Locate the Public IP Address
+1. From the EC2 dashboard, select your instance.
+2. Under **Details**, locate the **Public IPv4 address**.
+
+### macOS/Linux Connection
+```bash
+chmod 400 mykeypair.pem
+ssh -i mykeypair.pem ec2-user@<YourPublicIP>
+```
+*(Replace `<YourPublicIP>` with your instance’s public IP address)*
+
+### Windows Connection
+- Convert `.pem` to `.ppk` using PuTTYgen.
+- Open PuTTY, enter your instance’s public IP, and configure the private key in the **SSH > Auth** section.
+- Click **Open** to initiate the connection.
+
+---
+
+## 6. Managing Your Instance
+- **Stop** – Powers off the instance without deleting it (no compute charges while stopped).
+- **Start** – Powers the instance back on.
+- **Terminate** – Permanently deletes the instance.
+
+---
+
+## 7. Advanced Topic: Secure Encrypted Virtualization (SEV)
+
+### Overview
+SEV (Secure Encrypted Virtualization) is an AMD technology that encrypts the memory of an EC2 instance, ensuring that even the hypervisor cannot access it. This feature is part of AWS’s Confidential Computing offerings.
+
+### Benefits of SEV
+- Enhanced data security during processing
+- Protection against unauthorized access, even from privileged system components
+- Ideal for industries with strict compliance requirements, such as finance and healthcare
+
+### Launching an SEV-Enabled Instance
+1. Follow the same procedure as launching a standard EC2 instance.
+2. In **Step 5 (Choose Instance Type)**, select an AMD SEV-compatible instance type:
+   - General Purpose: `m6a`
+   - Compute Optimized: `c6a`
+   - Memory Optimized: `r6a`
+
+### Verifying SEV in Your Instance
+Once connected via SSH, run:
+```bash
+dmesg | grep -i sev
+lscpu | grep -i sev
+```
+If SEV is enabled, references to SEV will appear in the output.
+
+---
+
+## 8. Best Practices
+- Choose the AWS Region closest to your users for optimal latency and compliance.
+- Secure AWS credentials and enable MFA.
+- Stop or terminate unused instances to avoid unnecessary charges.
+- Use IAM roles rather than embedding credentials in applications.
+
+---
+
+## 9. References
+- [AWS EC2 Documentation](https://docs.aws.amazon.com/ec2/)
+- [AWS Free Tier Information](https://aws.amazon.com/free)
+- [AWS AMD SEV Overview](https://aws.amazon.com/ec2/amd/)

sample_apps/simple_app_java/app/build.gradle

@@ -0,0 +1,57 @@
+plugins {
+    id 'com.android.application'
+}
+
+android {
+    namespace 'com.example.certifier'
+    compileSdk 35
+
+    defaultConfig {
+        applicationId "com.example.certifier"
+        minSdk 24
+        targetSdk 35
+        versionCode 1
+        versionName "1.0"
+
+        // NDK ABIs
+        ndk { abiFilters "arm64-v8a" } // add "x86_64" if you want emulator
+
+        // CMake/NDK config
+        externalNativeBuild {
+            cmake {
+                cppFlags "-std=c++17 -fexceptions -frtti"
+                // When you want to link the real Certifier repo directly:
+                // arguments "-DCERTIFIER_ROOT=/absolute/path/to/certifier-framework-for-confidential-computing"
+            }
+        }
+    }
+
+    buildTypes {
+        release {
+            minifyEnabled false
+            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'),
+                          'proguard-rules.pro'
+        }
+        debug { minifyEnabled false }
+    }
+
+    // Point to CMakeLists.txt
+    externalNativeBuild {
+        cmake { path "src/main/cpp/CMakeLists.txt" }
+    }
+
+    compileOptions {
+        sourceCompatibility JavaVersion.VERSION_1_8
+        targetCompatibility JavaVersion.VERSION_1_8
+    }
+
+    buildFeatures {
+        buildConfig true
+    }
+}
+
+dependencies {
+    implementation 'androidx.appcompat:appcompat:1.7.0'
+    implementation 'com.google.android.material:material:1.12.0'
+    implementation 'androidx.constraintlayout:constraintlayout:2.1.4'
+}

sample_apps/simple_app_java/app/proguard-rules.pro

@@ -0,0 +1 @@
+# will remain empty for now

sample_apps/simple_app_java/app/src/main/AndroidManifest.xml

@@ -0,0 +1,20 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.example.certifier">
+
+    <!-- Uncomment if you do networking (client/server) -->
+    <!-- <uses-permission android:name="android.permission.INTERNET" /> -->
+
+    <application
+        android:label="Certifier Demo"
+        android:supportsRtl="true"
+        android:allowBackup="true">
+        <activity
+            android:name=".MainActivity"
+            android:exported="true">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN"/>
+                <category android:name="android.intent.category.LAUNCHER"/>
+            </intent-filter>
+        </activity>
+    </application>
+</manifest>

sample_apps/simple_app_java/app/src/main/cpp/CMakeLists.txt

@@ -0,0 +1,16 @@
+cmake_minimum_required(VERSION 3.18)
+project(certifier_android LANGUAGES C CXX)
+
+set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD_REQUIRED ON)
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+
+add_library(certifier_native SHARED
+    native-lib.cpp
+    simple_core_android.cc
+    # Later: add Certifier framework sources here or via CERTIFIER_ROOT
+)
+
+find_library(log-lib log)
+target_link_libraries(certifier_native ${log-lib})
+target_compile_options(certifier_native PRIVATE -fexceptions -frtti)

sample_apps/simple_app_java/app/src/main/cpp/native-lib.cpp

@@ -0,0 +1,30 @@
+#include <jni.h>
+#include <string>
+
+std::string run_certifier_simple(const std::string& workDir,
+                                 const std::string& mode,
+                                 const std::string& host,
+                                 int port);
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_certifier_examples_SimpleApp_runCertifierNative(
+        JNIEnv* env, jclass /*clazz*/,
+        jstring jWorkDir, jstring jMode, jstring jHost, jint jPort) {
+
+    const char* w = env->GetStringUTFChars(jWorkDir, nullptr);
+    const char* m = env->GetStringUTFChars(jMode,    nullptr);
+    const char* h = env->GetStringUTFChars(jHost,    nullptr);
+
+    std::string work = w ? w : "";
+    std::string mode = m ? m : "";
+    std::string host = h ? h : "";
+    int port = static_cast<int>(jPort);
+
+    if (w) env->ReleaseStringUTFChars(jWorkDir, w);
+    if (m) env->ReleaseStringUTFChars(jMode,    m);
+    if (h) env->ReleaseStringUTFChars(jHost,    h);
+
+    std::string result = run_certifier_simple(work, mode, host, port);
+    return env->NewStringUTF(result.c_str());
+}

sample_apps/simple_app_java/app/src/main/cpp/simple_core_android.cc

@@ -0,0 +1,24 @@
+#include <string>
+#include <sstream>
+#include <android/log.h>
+
+#define LOGI(...) __android_log_print(ANDROID_LOG_INFO,  "CertifierJNI", __VA_ARGS__)
+#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, "CertifierJNI", __VA_ARGS__)
+
+// Later you'll include Certifier headers and call its API.
+// #include "..."  // from your local copy or from CERTIFIER_ROOT/include
+
+std::string run_certifier_simple(const std::string& workDir,
+                                 const std::string& mode,
+                                 const std::string& host,
+                                 int port) {
+    LOGI("run_certifier_simple(workDir=%s, mode=%s, host=%s, port=%d)",
+         workDir.c_str(), mode.c_str(), host.c_str(), port);
+
+    // TODO: Copy assets to workDir (policy/keys), then call TrustManager, etc.
+    std::ostringstream out;
+    out << "Certifier native OK\n"
+        << "mode=" << mode << " host=" << host << " port=" << port << "\n"
+        << "workDir=" << workDir;
+    return out.str();
+}

sample_apps/simple_app_java/app/src/main/java/com/example/certifier/MainActivity.java

@@ -0,0 +1,22 @@
+package com.example.certifier;
+
+import android.os.Bundle;
+import android.widget.TextView;
+import androidx.appcompat.app.AppCompatActivity;
+import org.certifier.examples.SimpleApp;
+
+public class MainActivity extends AppCompatActivity {
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        String workDir = getFilesDir().getAbsolutePath(); // place assets here later if needed
+        String result  = SimpleApp.runCertifier(workDir); // default client 127.0.0.1:8080
+
+        TextView tv = new TextView(this);
+        tv.setTextSize(16f);
+        tv.setPadding(32, 64, 32, 32);
+        tv.setText(result);
+        setContentView(tv);
+    }
+}

sample_apps/simple_app_java/app/src/main/java/org/certifier/SecureAuthenticatedChannel.java

@@ -0,0 +1,37 @@
+package org.certifier;
+
+import java.nio.charset.StandardCharsets;
+
+public class SecureAuthenticatedChannel {
+    static {
+        System.loadLibrary("certifier_jni");
+    }
+
+    public SecureAuthenticatedChannel() {}
+
+    public native void close();
+    public native int read(byte[] buffer); // returns bytes read
+    public native int write(byte[] data);  // returns bytes written
+    public native boolean init_client_ssl(String serverAddr, int port);
+
+    private static native int cf_channel_peer_id(long nativePtr, byte[] out, int outLen);
+    private static native int cf_channel_peer_cert(long nativePtr, byte[] out, int outLen);
+
+    private transient long swigCPtr;
+
+    public String getPeerId() {
+        byte[] buf = new byte[256];
+        int n = cf_channel_peer_id(this.swigCPtr, buf, buf.length);
+        if (n <= 0) return "";
+        return new String(buf, 0, n, StandardCharsets.UTF_8);
+    }
+
+    public byte[] getPeerCert() {
+        byte[] buf = new byte[4096];
+        int n = cf_channel_peer_cert(this.swigCPtr, buf, buf.length);
+        if (n <= 0) return new byte[0];
+        byte[] out = new byte[n];
+        System.arraycopy(buf, 0, out, 0, n);
+        return out;
+    }
+}

sample_apps/simple_app_java/app/src/main/java/org/certifier/Store.java

@@ -0,0 +1,18 @@
+package org.certifier;
+
+public class Store {
+    static {
+        System.loadLibrary("certifier_jni");
+    }
+
+    public Store() {}
+
+    public native long get_num_entries();
+    public native int  find_entry(String tag, String type);
+    public native String tag(long ent);
+    public native String type(long ent);
+    public native long get_entry(long ent);
+    public native boolean delete_entry(long ent);
+    public native boolean update_or_insert(String tag, String type, String value);
+    public native void print();
+}