def create_signup_info(originator_public_key_hash, nonce):
    # Part of what is returned with the signup data is an enclave quote, we
    # want to update the revocation list first.
    update_sig_rl()

    # Now, let the enclave create the signup data
    signup_data = enclave.create_enclave_data(originator_public_key_hash)
    if signup_data is None:
        return None

    # We don't really have any reason to call back down into the enclave
    # as we have everything we now need.  For other objects such as wait
    # timer and certificate they are serialized into JSON down in C++ code.
    #
    # Start building up the signup info dictionary we will serialize
    signup_info = {
        'verifying_key': signup_data['verifying_key'],
        'encryption_key': signup_data['encryption_key'],
        'proof_data': 'Not present',
        'enclave_persistent_id': 'Not present'
    }

    # If we are not running in the simulator, we are going to go and get
    # an attestation verification report for our signup data.
    if not enclave.is_sgx_simulator():
        response = \
            _ias.post_verify_attestation(
                quote=signup_data['enclave_quote'],
                nonce=nonce)

        verification_report = response.get('verification_report')
        if verification_report is None:
            logger.warning('IAS response did not contain an AVR')
            logger.warning('isvEnclaveQuoteStatus: %s', response.get('isvEnclaveQuoteStatus'))
            return None

        signature = response.get('signature')
        if signature is None:
            logger.warning('IAS response did not contain an AVR signature')
            logger.warning('isvEnclaveQuoteStatus: %s', response.get('isvEnclaveQuoteStatus'))
            return None

        # Now put the proof data into the dictionary
        signup_info['proof_data'] = \
            json.dumps({
                'verification_report': verification_report,
                'signature': signature
            })

        # Grab the EPID psuedonym and put it in the enclave-persistent ID for the
        # signup info
        verification_report_dict = json.loads(verification_report)
        signup_info['enclave_persistent_id'] = verification_report_dict.get('epidPseudonym')

    # Now we can finally serialize the signup info and create a corresponding
    # signup info object.  Because we don't want the sealed signup data in the
    # serialized version, we set it separately.

    signup_info_obj = enclave.deserialize_signup_info(json.dumps(signup_info))
    signup_info_obj.sealed_signup_data = signup_data['sealed_enclave_data']

    # Now we can return the real object
    return signup_info_obj
def create_signup_info(originator_public_key_hash, nonce):
    # Part of what is returned with the signup data is an enclave quote, we
    # want to update the revocation list first.
    update_sig_rl()

    # Now, let the enclave create the signup data
    signup_data = enclave.create_enclave_data(originator_public_key_hash)
    if signup_data is None:
        return None

    # We don't really have any reason to call back down into the enclave
    # as we have everything we now need.  For other objects such as wait
    # timer and certificate they are serialized into JSON down in C++ code.
    #
    # Start building up the signup info dictionary we will serialize
    signup_info = {
        'interpreter': signup_data['interpreter'],
        'verifying_key': signup_data['verifying_key'],
        'encryption_key': signup_data['encryption_key'],
        'proof_data': 'Not present',
        'enclave_persistent_id': 'Not present'
    }

    # If we are not running in the simulator, we are going to go and get
    # an attestation verification report for our signup data.
    if not enclave.is_sgx_simulator():
        logger.debug("posting verification to IAS")
        response = _ias.post_verify_attestation(
            quote=signup_data['enclave_quote'], nonce=nonce)
        logger.debug("posted verification to IAS")

        #check verification report
        if not _ias.verify_report_fields(signup_data['enclave_quote'],
                                         response['verification_report']):
            logger.debug("last error: " + _ias.last_verification_error())
            if _ias.last_verification_error() == "GROUP_OUT_OF_DATE":
                logger.warning(
                    "failure GROUP_OUT_OF_DATE (update your BIOS/microcode!!!) keep going"
                )
            else:
                logger.error("invalid report fields")
                return None
        #ALL checks have passed
        logger.info("report fields verified")

        # Now put the proof data into the dictionary
        signup_info['proof_data'] = \
            json.dumps({
                'verification_report': response['verification_report'],
                'certificates': response['ias_certificates'], # Note: this is a list with certification path, signer first
                'signature': response['ias_signature']
            })

        # Grab the EPID psuedonym and put it in the enclave-persistent ID for the
        # signup info
        verification_report_dict = json.loads(response['verification_report'])
        signup_info['enclave_persistent_id'] = verification_report_dict.get(
            'epidPseudonym')

    # Now we can finally serialize the signup info and create a corresponding
    # signup info object.  Because we don't want the sealed signup data in the
    # serialized version, we set it separately.

    signup_info_obj = enclave.deserialize_signup_info(json.dumps(signup_info))
    signup_info_obj.sealed_signup_data = signup_data['sealed_enclave_data']

    # Now we can return the real object
    return signup_info_obj