feat: enable support for TDX tasks

jbern0rd · jbern0rd · commit a5bdcfc8169b · 2025-11-04T10:31:40.000+01:00
diff --git a/src/main/java/com/iexec/resultproxy/authorization/AuthorizationService.java b/src/main/java/com/iexec/resultproxy/authorization/AuthorizationService.java
@@ -92,7 +92,7 @@ public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(fin
         }
 
         final boolean isTeeTask = !workerpoolAuthorization.getEnclaveChallenge().equals(BytesUtils.EMPTY_ADDRESS);
-        final boolean isTeeTaskOnchain = TeeUtils.isTeeTag(chainDeal.getTag());
+        final boolean isTeeTaskOnchain = TeeUtils.getTeeFramework(chainDeal.getTag()) != null;
         if (isTeeTask != isTeeTaskOnchain) {
             log.error("Could not match on-chain task type [isTeeTask:{}, isTeeTaskOnchain:{}, chainTaskId:{}, walletAddress:{}]",
                     isTeeTask, isTeeTaskOnchain, chainTaskId, workerpoolAuthorization.getWorkerWallet());
diff --git a/src/main/java/com/iexec/resultproxy/proxy/ProxyService.java b/src/main/java/com/iexec/resultproxy/proxy/ProxyService.java
@@ -103,7 +103,7 @@ boolean canUploadResult(ResultModel model, String walletAddress) {
             return false;
         }
 
-        final boolean isTeeTask = TeeUtils.isTeeTag(chainDeal.getTag());
+        final boolean isTeeTask = TeeUtils.getTeeFramework(chainDeal.getTag()) != null;
 
         // Standard tasks
         if (!isTeeTask) {
diff --git a/src/main/java/com/iexec/resultproxy/result/Result.java b/src/main/java/com/iexec/resultproxy/result/Result.java
@@ -5,6 +5,10 @@
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
+/**
+ * @deprecated never used
+ */
+@Deprecated(forRemoval = true)
 @Data
 @AllArgsConstructor
 @NoArgsConstructor
diff --git a/src/test/java/com/iexec/resultproxy/TestUtils.java b/src/test/java/com/iexec/resultproxy/TestUtils.java
@@ -19,12 +19,13 @@
 import com.iexec.commons.poco.chain.ChainDeal;
 import com.iexec.commons.poco.chain.ChainTask;
 import com.iexec.commons.poco.chain.ChainTaskStatus;
-import com.iexec.commons.poco.tee.TeeUtils;
+import com.iexec.commons.poco.order.OrderTag;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.Optional;
 
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class TestUtils {
@@ -36,18 +37,24 @@ public class TestUtils {
     public static final String POOL_WRONG_SIGNATURE = "0xf869daaca2407b7eabd27c3c4c5a3f3565172ca7211ac1d8bfacea2beb511a4029446a07cccc0884"
             + "c2193b269dfb341461db8c680a8898bb53862d6e48340c2e1b";
 
-    public static ChainDeal getChainDeal() {
-        return ChainDeal.builder()
+    public static final String RESULT_DIGEST = "0x3210";
+    public static final String RESULT_HASH = "0x97f68778e2fa9d60e58ceb64de2c0e72e309400c3168c69499db2140fad28039";
+    public static final String WALLET_ADDRESS = "0x123abc";
+    public static final String WORKER_ADDRESS = "0xabc123";
+
+    public static Optional<ChainDeal> getChainDeal(final OrderTag tag) {
+        return Optional.of(ChainDeal.builder()
                 .poolOwner(POOL_ADDRESS)
-                .tag(TeeUtils.TEE_SCONE_ONLY_TAG)
-                .build();
+                .tag(tag.getValue())
+                .requester(WALLET_ADDRESS)
+                .build());
     }
 
-    public static ChainTask getChainTask(ChainTaskStatus status) {
-        return ChainTask.builder()
+    public static Optional<ChainTask> getChainTask(final ChainTaskStatus status) {
+        return Optional.of(ChainTask.builder()
                 .dealid(CHAIN_DEAL_ID)
                 .finalDeadline(Instant.now().plus(5L, ChronoUnit.SECONDS).toEpochMilli())
                 .status(status)
-                .build();
+                .build());
     }
 }
diff --git a/src/test/java/com/iexec/resultproxy/authorization/AuthorizationServiceTests.java b/src/test/java/com/iexec/resultproxy/authorization/AuthorizationServiceTests.java
@@ -17,9 +17,9 @@
 package com.iexec.resultproxy.authorization;
 
 import com.iexec.common.result.ResultModel;
-import com.iexec.commons.poco.chain.ChainDeal;
 import com.iexec.commons.poco.chain.ChainTask;
 import com.iexec.commons.poco.chain.WorkerpoolAuthorization;
+import com.iexec.commons.poco.order.OrderTag;
 import com.iexec.commons.poco.security.Signature;
 import com.iexec.commons.poco.utils.BytesUtils;
 import com.iexec.commons.poco.utils.HashUtils;
@@ -28,6 +28,8 @@
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.EnumSource;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -63,8 +65,6 @@
 @ExtendWith(MockitoExtension.class)
 class AuthorizationServiceTests {
 
-    private static final String RESULT_DIGEST = "0x3210";
-
     @Container
     private static final MongoDBContainer mongoDBContainer = new MongoDBContainer(DockerImageName.parse(System.getProperty("mongo.image")));
 
@@ -93,13 +93,12 @@ void beforeEach() throws GeneralSecurityException {
     }
 
     // region isAuthorizedOnExecutionWithDetailedIssue
-    @Test
-    void shouldBeAuthorizedOnExecutionOfTeeTaskWithDetails() {
-        final ChainDeal chainDeal = getChainDeal();
-        final ChainTask chainTask = getChainTask(ACTIVE);
+    @ParameterizedTest
+    @EnumSource(value = OrderTag.class, names = "STANDARD", mode = EnumSource.Mode.EXCLUDE)
+    void shouldBeAuthorizedOnExecutionOfTeeTaskWithDetails(final OrderTag tag) {
         final WorkerpoolAuthorization auth = getWorkerpoolAuthorization(true);
-        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
-        when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.of(chainDeal));
+        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(getChainTask(ACTIVE));
+        when(iexecHubService.getChainDeal(CHAIN_DEAL_ID)).thenReturn(getChainDeal(tag));
 
         final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEmpty();
@@ -118,17 +117,16 @@ void shouldNotBeAuthorizedOnExecutionOfTeeTaskWithEmptyAuthorizationWithDetails(
         assertThat(isAuth).isEqualTo(Optional.of(EMPTY_PARAMS_UNAUTHORIZED));
     }
 
-    @Test
-    void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenTaskTypeNotMatchedOnchainWithDetails() {
-        final ChainDeal chainDeal = getChainDeal();
-        final ChainTask chainTask = getChainTask(ACTIVE);
+    @ParameterizedTest
+    @EnumSource(value = OrderTag.class, names = "STANDARD", mode = EnumSource.Mode.EXCLUDE)
+    void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenTaskTypeNotMatchedOnchainWithDetails(final OrderTag tag) {
         final WorkerpoolAuthorization auth = WorkerpoolAuthorization.builder()
                 .chainTaskId("0x1111111111111111111111111111111111111111111111111111111111111111")
                 .workerWallet("0x87ae2b87b5db23830572988fb1f51242fbc471ce")
                 .enclaveChallenge(BytesUtils.EMPTY_ADDRESS)
                 .build();
-        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
-        when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.of(chainDeal));
+        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(getChainTask(ACTIVE));
+        when(iexecHubService.getChainDeal(CHAIN_DEAL_ID)).thenReturn(getChainDeal(tag));
 
         final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(NO_MATCH_ONCHAIN_TYPE));
@@ -158,26 +156,24 @@ void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenFinalDeadlineReached() {
 
     @Test
     void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenGetDealFailedWithDetails() {
-        final ChainTask chainTask = getChainTask(ACTIVE);
         final Signature wrongSignature = new Signature(POOL_WRONG_SIGNATURE);
         final WorkerpoolAuthorization auth = getWorkerpoolAuthorizationWithWrongSignature(wrongSignature);
 
-        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
-        when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.empty());
+        when(iexecHubService.getChainTask(CHAIN_TASK_ID)).thenReturn(getChainTask(ACTIVE));
+        when(iexecHubService.getChainDeal(CHAIN_DEAL_ID)).thenReturn(Optional.empty());
 
         final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(GET_CHAIN_DEAL_FAILED));
     }
 
-    @Test
-    void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenPoolSignatureIsNotValidWithDetails() {
-        final ChainDeal chainDeal = getChainDeal();
-        final ChainTask chainTask = getChainTask(ACTIVE);
+    @ParameterizedTest
+    @EnumSource(value = OrderTag.class, names = "STANDARD", mode = EnumSource.Mode.EXCLUDE)
+    void shouldNotBeAuthorizedOnExecutionOfTeeTaskWhenPoolSignatureIsNotValidWithDetails(final OrderTag tag) {
         final Signature wrongSignature = new Signature(POOL_WRONG_SIGNATURE);
         final WorkerpoolAuthorization auth = getWorkerpoolAuthorizationWithWrongSignature(wrongSignature);
 
-        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(Optional.of(chainTask));
-        when(iexecHubService.getChainDeal(chainTask.getDealid())).thenReturn(Optional.of(chainDeal));
+        when(iexecHubService.getChainTask(auth.getChainTaskId())).thenReturn(getChainTask(ACTIVE));
+        when(iexecHubService.getChainDeal(CHAIN_DEAL_ID)).thenReturn(getChainDeal(tag));
 
         final Optional<AuthorizationError> isAuth = authorizationService.isAuthorizedOnExecutionWithDetailedIssue(auth);
         assertThat(isAuth).isEqualTo(Optional.of(INVALID_SIGNATURE));
@@ -277,7 +273,7 @@ void shouldNotAddAuthorizationTwiceInCollection() {
     // endregion
 
     // region utils
-    String getEnclaveSignature(final ECKeyPair ecKeyPair) {
+    private String getEnclaveSignature(final ECKeyPair ecKeyPair) {
         final String resultHash = HashUtils.concatenateAndHash(CHAIN_TASK_ID, RESULT_DIGEST);
         final String resultSeal = HashUtils.concatenateAndHash(workerCreds.getAddress(), CHAIN_TASK_ID, RESULT_DIGEST);
         final String messageHash = HashUtils.concatenateAndHash(resultHash, resultSeal);
diff --git a/src/test/java/com/iexec/resultproxy/proxy/ProxyServiceTest.java b/src/test/java/com/iexec/resultproxy/proxy/ProxyServiceTest.java

Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ public Optional<AuthorizationError> isAuthorizedOnExecutionWithDetailedIssue(fin`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`final boolean isTeeTask = !workerpoolAuthorization.getEnclaveChallenge().equals(BytesUtils.EMPTY_ADDRESS);`
`95`		`- final boolean isTeeTaskOnchain = TeeUtils.isTeeTag(chainDeal.getTag());`
	`95`	`+ final boolean isTeeTaskOnchain = TeeUtils.getTeeFramework(chainDeal.getTag()) != null;`
`96`	`96`	`if (isTeeTask != isTeeTaskOnchain) {`
`97`	`97`	`log.error("Could not match on-chain task type [isTeeTask:{}, isTeeTaskOnchain:{}, chainTaskId:{}, walletAddress:{}]",`
`98`	`98`	`isTeeTask, isTeeTaskOnchain, chainTaskId, workerpoolAuthorization.getWorkerWallet());`
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ boolean canUploadResult(ResultModel model, String walletAddress) {`
`103`	`103`	`return false;`
`104`	`104`	`}`
`105`	`105`
`106`		`- final boolean isTeeTask = TeeUtils.isTeeTag(chainDeal.getTag());`
	`106`	`+ final boolean isTeeTask = TeeUtils.getTeeFramework(chainDeal.getTag()) != null;`
`107`	`107`
`108`	`108`	`// Standard tasks`
`109`	`109`	`if (!isTeeTask) {`