feat: add TDX SMS support and load cache in SmsService at startup (#762)

Author: jbern0rd

gradle.properties

@@ -1,7 +1,7 @@
 # x-release-please-start-version
 version=9.0.0
 # x-release-please-end
-iexecCommonsPocoVersion=5.1.0
+iexecCommonsPocoVersion=5.2.0
 iexecCommonVersion=9.1.0
 iexecBlockchainAdapterVersion=9.0.0
 iexecResultVersion=9.0.0

src/main/java/com/iexec/core/registry/PlatformRegistryConfiguration.java

@@ -1,20 +1,51 @@
+/*
+ * Copyright 2022-2025 IEXEC BLOCKCHAIN TECH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package com.iexec.core.registry;
 
-import lombok.Getter;
+import jakarta.validation.constraints.NotNull;
+import lombok.Value;
 import org.hibernate.validator.constraints.URL;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.bind.DefaultValue;
+import org.springframework.validation.annotation.Validated;
 
-@Getter
-@Configuration
+@Value
+@Validated
+@ConfigurationProperties(prefix = "sms")
 public class PlatformRegistryConfiguration {
+    @URL
+    @NotNull
+    String scone;
 
     @URL
-    @Value("${sms.scone}")
-    private String sconeSms;
+    @NotNull
+    String gramine;
 
     @URL
-    @Value("${sms.gramine}")
-    private String gramineSms;
-    
+    @NotNull
+    String tdx;
+
+    public PlatformRegistryConfiguration(
+            @DefaultValue("") final String scone,
+            @DefaultValue("") final String gramine,
+            @DefaultValue("") final String tdx
+    ) {
+        this.scone = scone;
+        this.gramine = gramine;
+        this.tdx = tdx;
+    }
 }

src/main/java/com/iexec/core/sms/SmsService.java

@@ -29,13 +29,16 @@
 import com.iexec.sms.api.SmsClient;
 import com.iexec.sms.api.SmsClientProvider;
 import feign.FeignException;
+import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.event.EventListener;
 import org.springframework.stereotype.Service;
 import org.web3j.crypto.Hash;
 
+import java.util.Arrays;
 import java.util.Optional;
+import java.util.function.Predicate;
 
 import static com.iexec.sms.secret.ReservedSecretKeyName.IEXEC_RESULT_IEXEC_RESULT_PROXY_URL;
 
@@ -60,6 +63,16 @@ public SmsService(final IexecHubService iexecHubService,
         this.smsClientProvider = smsClientProvider;
     }
 
+    @PostConstruct
+    void initSmsClients() {
+        Arrays.stream(TeeFramework.values())
+                .map(this::retrieveSmsUrl)
+                .filter(Optional::isPresent)
+                .map(Optional::get)
+                .filter(Predicate.not(String::isBlank))
+                .forEach(smsClientProvider::getSmsClient);
+    }
+
     private Optional<String> getVerifiedSmsUrl(final String chainTaskId) {
         final TaskDescription taskDescription = iexecHubService.getTaskDescription(chainTaskId);
         return getVerifiedSmsUrl(chainTaskId, taskDescription.getTeeFramework());
@@ -86,35 +99,31 @@ public Optional<String> getVerifiedSmsUrl(final String chainTaskId, final String
     Optional<String> getVerifiedSmsUrl(final String chainTaskId, final TeeFramework teeFrameworkForDeal) {
         log.debug("getVerifiedSmsUrl [chainTaskId:{}, teeFrameworkForDeal:{}]", chainTaskId, teeFrameworkForDeal);
         if (teeFrameworkForDeal == null) {
-            log.error("Can't get verified SMS url with invalid TEE framework " +
-                    "from tag [chainTaskId:{}]", chainTaskId);
+            log.error("Can't get verified SMS url with invalid TEE framework from tag [chainTaskId:{}]", chainTaskId);
             return Optional.empty();
         }
-        Optional<String> smsUrl = retrieveSmsUrl(teeFrameworkForDeal);
+        final Optional<String> smsUrl = retrieveSmsUrl(teeFrameworkForDeal);
         if (smsUrl.isEmpty()) {
-            log.error("Can't get verified SMS url since type of tag is not " +
-                            "supported [chainTaskId:{},teeFrameworkForDeal:{}]",
+            log.error("Can't get verified SMS url since type of tag is not supported [chainTaskId:{}, teeFrameworkForDeal:{}]",
                     chainTaskId, teeFrameworkForDeal);
             return Optional.empty();
         }
         final SmsClient smsClient = smsClientProvider.getSmsClient(smsUrl.get());
         if (!checkSmsTeeFramework(smsClient, teeFrameworkForDeal, chainTaskId)) {
-            log.error("Can't get verified SMS url since tag TEE type " +
-                            "does not match SMS TEE type [chainTaskId:{},teeFrameworkForDeal:{}]",
+            log.error("Can't get verified SMS url since tag TEE type does not match SMS TEE type [chainTaskId:{}, teeFrameworkForDeal:{}]",
                     chainTaskId, teeFrameworkForDeal);
             return Optional.empty();
         }
         return smsUrl;
     }
 
-    private Optional<String> retrieveSmsUrl(TeeFramework teeFramework) {
-        Optional<String> smsUrl = Optional.empty();
-        if (teeFramework == TeeFramework.SCONE) {
-            smsUrl = Optional.of(registryConfiguration.getSconeSms());
-        } else if (teeFramework == TeeFramework.GRAMINE) {
-            smsUrl = Optional.of(registryConfiguration.getGramineSms());
-        }
-        return smsUrl;
+    private Optional<String> retrieveSmsUrl(final TeeFramework teeFramework) {
+        return switch (teeFramework) {
+            case SCONE -> Optional.of(registryConfiguration.getScone());
+            case GRAMINE -> Optional.of(registryConfiguration.getGramine());
+            case TDX -> Optional.of(registryConfiguration.getTdx());
+            default -> Optional.empty();
+        };
     }
 
     private boolean checkSmsTeeFramework(SmsClient smsClient,
@@ -130,8 +139,7 @@ private boolean checkSmsTeeFramework(SmsClient smsClient,
         }
 
         if (smsTeeFramework != teeFrameworkForDeal) {
-            log.error("SMS is configured for another TEE framework " +
-                            "[chainTaskId:{}, teeFrameworkForDeal:{}, smsTeeFramework:{}]",
+            log.error("SMS is configured for another TEE framework [chainTaskId:{}, teeFrameworkForDeal:{}, smsTeeFramework:{}]",
                     chainTaskId, teeFrameworkForDeal, smsTeeFramework);
             return false;
         }

src/test/java/com/iexec/core/chain/WebSocketBlockchainListenerTests.java

@@ -56,8 +56,6 @@ class WebSocketBlockchainListenerTests {
 
     @DynamicPropertySource
     static void registerProperties(DynamicPropertyRegistry registry) {
-        registry.add("sms.scone", () -> "");
-        registry.add("sms.gramine", () -> "");
         registry.add("chain.node-address", () -> getServiceUrl(
                 environment.getServiceHost(CHAIN_SVC_NAME, CHAIN_SVC_PORT),
                 environment.getServicePort(CHAIN_SVC_NAME, CHAIN_SVC_PORT))

src/test/java/com/iexec/core/detector/replicate/ContributionAndFinalizationUnnotifiedDetectorTests.java

@@ -19,6 +19,7 @@
 import com.iexec.common.replicate.ReplicateStatus;
 import com.iexec.common.replicate.ReplicateStatusUpdate;
 import com.iexec.commons.poco.task.TaskDescription;
+import com.iexec.commons.poco.tee.TeeFramework;
 import com.iexec.core.chain.IexecHubService;
 import com.iexec.core.configuration.CronConfiguration;
 import com.iexec.core.replicate.Replicate;
@@ -94,6 +95,7 @@ private void mockTaskAndTaskDecription(final String callback) {
                 TaskDescription.builder()
                         .trust(BigInteger.ONE)
                         .isTeeTask(true)
+                        .teeFramework(TeeFramework.SCONE)
                         .callback(callback)
                         .build()
         );