Merge pull request #437 from LIT-Protocol/feat/cache-amd-certs-in-nod…

…e-env feat: allow cert caching if local storage is defined
LIT-Protocol · Apr 26, 2024 · 58c6bbf · 58c6bbf
2 parents 068a0f4 + 3cc73d0
commit 58c6bbf
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 2 deletions.
diff --git a/e2e-nodejs/group-connection/test-connection-cert-caching.mjs b/e2e-nodejs/group-connection/test-connection-cert-caching.mjs
@@ -0,0 +1,53 @@
+import path from 'path';
+import { success, fail, testThis, log } from '../../tools/scripts/utils.mjs';
+import { LitNodeClient } from '@lit-protocol/lit-node-client';
+import { LocalStorage } from 'node-localstorage';
+export async function main() {
+  const networks = ['habanero', 'manzano'];
+  const storageProvider = new LocalStorage('./storage.test.db');
+  for (const network of networks) {
+    // ==================== Test Logic ====================
+    const client = new LitNodeClient({
+      litNetwork: network,
+      debug: globalThis.LitCI.debug,
+      storageProvider: {
+        provider: storageProvider,
+      },
+    });
+    log(`connecting to ${network.toUpperCase()}...`);
+    await client.connect();
+
+    // ==================== Post-Validation ====================
+    if (!client.ready) {
+      return fail('client not ready');
+    }
+    if (client.config.litNetwork !== network) {
+      return fail(`client not connected to ${network}`);
+    }
+
+    if (storageProvider.length < 1) {
+      fail(`cache is not hydrated with certificates`);
+    }
+
+    if (storageProvider.length < client.config.bootstrapUrls) {
+      fail(
+        `cache is not hydrated with enough certificates found: ${storageProvider.length} need ${client.config.bootstrapUrls.length}`
+      );
+    }
+    for (let i = 0; i < storageProvider.length; i++) {
+      const key = storageProvider.key(i);
+      if (!key.includes('https://kdsintf.amd.com/')) {
+        fail(
+          'found cache item which does not match indexing schema should contain: https://kdsintf.amd.com/vcek/v1/Milan/'
+        );
+      }
+    }
+  }
+
+  // ==================== Success ====================
+  return success(
+    `Connected to ${networks.join(', ')} and found certs in cache`
+  );
+}
+
+await testThis({ name: path.basename(import.meta.url), fn: main });
diff --git a/packages/crypto/src/lib/crypto.ts b/packages/crypto/src/lib/crypto.ts
@@ -481,8 +481,9 @@ export const checkSevSnpAttestation = async (
   // get the VCEK certificate
   let vcekCert;
   const vcekUrl = sevSnpUtilsSdk.get_vcek_url(report);
-  // if browser, use local storage
-  if (isBrowser()) {
+  // use local storage if we have one available
+  if (globalThis.localStorage) {
+    log('Using local storage for certificate caching');
     vcekCert = localStorage.getItem(vcekUrl);
     if (vcekCert) {
       vcekCert = uint8arrayFromString(vcekCert, 'base64');