Skip to content

ibm-hyper-protect/paynow-website

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pay Now Website

The Pay Now Website is a simple application, that presents an interface to make payments. The application shows how sensitive payment related information like e.g. credit card data is used. It is recommended to run this application in a confidential computing environment where PII data in use is protected from malicious actors.

The website is a node.js Express app, serving the site itself. The payment page has AJAX calls into the application. The application processes these RESTful JSON requests and stores the transaction data in memory.

The application can both be run locally, or in the IBM Cloud, for example in a IBM Cloud Hyper Protect Virtual Server for VPC.

Build and Run the Application

Simple way to run the application

To build and run an application container image, run these commands:

docker build -t paynow .
docker run -it -p 8443:8443 paynow

Run the application with your SSL certificate

Alternatively, you can create a SSL private key and certificate and pass these to the application:

docker build -t paynow .
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crt
CERT=$(base64 -w 0 server.crt)
KEY=$(base64 -w 0 server.key)
docker run -it -p 8443:8443 -e KEY=$KEY -e CERT=$CERT paynow

The application will use your private key and certificate for SSL.

Test the Application

Use a web browser to navigate to locahost:8443 and confirm that the donations homepage loads. (Or, of course, whichever host you're running it on.)

Navigate to the donations page try out that functionality, driving AJAX calls to issue GET and POST requests. You can view the console to check these network calls are functioning correctly.

Note: If you do not use your own certificate, your web browser may display a warning about a insecure connection and a invalid certificate, as in this case the application uses a simple self signed certificate for CN=localhost.

Run the Application in Hyper Protect Virtual Server for VPC and validate the attestation record

You can run the application in Hyper Protect Virtual Server for VPC. To do so, follow this tutorial .

You can optionally include the private key and the certificate in the env section of the contract.

Validate the attestation record

You can then download a zip file containing the attestation record and the signature file from API URL https://ip:8443/api/v1/attestation. This zip file contains the attestation record se-checksums.txt or se-checksums.txt.enc (the latter if you are using an encrypted attestation record) and the signature file se-signature.bin.

To verify the signature, follow these instructions.

To validate the attestation record, compute the checksum of your contract (you may need to remove a potential trailing EOL character at the end of file contract.yml first):

perl -p -i -e 'chomp if eof' contract.yml
sha256sum contract.yml

and compare this checksum to the value for cidata/user-data in file se-checksums.txt.