fix issue with fetching public key

worldcoin · Aug 16, 2024 · aaebe97 · aaebe97
1 parent a9d7420
commit aaebe97
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 22 deletions.
diff --git a/.env.mpc1.dist b/.env.mpc1.dist
@@ -22,6 +22,7 @@ SMPC__PARTY_ID=0
 SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc1.fifo
 SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic
 SMPC__PROCESSING_TIMEOUT_SECS=60
+SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net
 
 # These can be either ARNs or IDs, in production multi account setup they are ARNs
 SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]'

diff --git a/.env.mpc2.dist b/.env.mpc2.dist
@@ -22,6 +22,7 @@ SMPC__PARTY_ID=1
 SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc2.fifo
 SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic
 SMPC__PROCESSING_TIMEOUT_SECS=60
+SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net
 
 # These can be either ARNs or IDs, in production multi account setup they are ARNs
 SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]'

diff --git a/.env.mpc3.dist b/.env.mpc3.dist
@@ -22,6 +22,7 @@ SMPC__PARTY_ID=2
 SMPC__REQUESTS_QUEUE_URL=https://sqs.eu-north-1.amazonaws.com/654654380399/mpc3.fifo
 SMPC__RESULTS_TOPIC_ARN=arn:aws:sns:eu-north-1:654654380399:mpc-results-topic
 SMPC__PROCESSING_TIMEOUT_SECS=60
+SMPC__PUBLIC_KEY_BASE_URL=https://d24uxaabh702ht.cloudfront.net
 
 # These can be either ARNs or IDs, in production multi account setup they are ARNs
 SMPC__KMS_KEY_ARNS='["077788e2-9eeb-4044-859b-34496cfd500b", "896353dc-5ea5-42d4-9e4e-f65dd8169dee", "42bb01f5-8380-48b4-b1f1-929463a587fb"]'

diff --git a/deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml b/deploy/stage/mpc1-stage/values-gpu-iris-mpc.yaml
@@ -62,8 +62,8 @@ env:
   - name: SMPC__PARTY_ID
     value: "0"
 
-  - name: SMPC__PUBLIC_KEY_BUCKET_NAME
-    value: "wf-smpcv2-stage-public-keys"
-    
+  - name: SMPC__PUBLIC_KEY_BASE_URL
+    value: "https://d24uxaabh702ht.cloudfront.net"
+
   - name: SMPC__ENABLE_PROCESSING_ENCRYPTED_SHARES
     value: "false"
diff --git a/deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml b/deploy/stage/mpc2-stage/values-gpu-iris-mpc.yaml
@@ -62,8 +62,8 @@ env:
   - name: SMPC__PARTY_ID
     value: "1"
 
-  - name: SMPC__PUBLIC_KEY_BUCKET_NAME
-    value: "wf-smpcv2-stage-public-keys"
+  - name: SMPC__PUBLIC_KEY_BASE_URL
+    value: "https://d24uxaabh702ht.cloudfront.net"
 
   - name: SMPC__ENABLE_PROCESSING_ENCRYPTED_SHARES
     value: "false"
diff --git a/deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml b/deploy/stage/mpc3-stage/values-gpu-iris-mpc.yaml
@@ -62,8 +62,8 @@ env:
   - name: SMPC__PARTY_ID
     value: "2"
 
-  - name: SMPC__PUBLIC_KEY_BUCKET_NAME
-    value: "wf-smpcv2-stage-public-keys"
+  - name: SMPC__PUBLIC_KEY_BASE_URL
+    value: "https://d24uxaabh702ht.cloudfront.net"
 
   - name: SMPC__ENABLE_PROCESSING_ENCRYPTED_SHARES
     value: "false"
diff --git a/iris-mpc-common/src/config/mod.rs b/iris-mpc-common/src/config/mod.rs
@@ -47,7 +47,7 @@ pub struct Config {
     pub processing_timeout_secs: u64,
 
     #[serde(default)]
-    pub public_key_bucket_name: String,
+    pub public_key_base_url: String,
 
     #[serde(default)]
     pub enable_processing_encrypted_shares: bool,

diff --git a/iris-mpc-common/src/helpers/key_pair.rs b/iris-mpc-common/src/helpers/key_pair.rs
@@ -81,8 +81,8 @@ impl SharesEncryptionKeyPair {
         let shared_config = aws_config::from_env().region(region_provider).load().await;
         let client = SecretsManagerClient::new(&shared_config);
 
-        let pk_b64_string = match download_public_key_from_s3(
-            config.public_key_bucket_name,
+        let pk_b64_string = match download_public_key(
+            config.public_key_base_url,
             config.party_id.to_string(),
         )
         .await
@@ -163,23 +163,27 @@ pub async fn download_private_key_from_asm(
     }
 }
 
-pub async fn download_public_key_from_s3(
-    bucket_name: String,
+pub async fn download_public_key(
+    base_url: String,
     node_id: String,
 ) -> Result<String, SharesDecodingError> {
     let client = reqwest::Client::new();
-    // TODO: remove coupling to S3
-    let url: String = format!(
-        "https://{}.s3.amazonaws.com/public-key-{}",
-        bucket_name, node_id
-    );
-    let response = client.get(url).send().await;
+    let url: String = format!("{}/public-key-{}", base_url, node_id);
+    let response = client.get(url.clone()).send().await;
     match response {
         Ok(response) => {
-            let body = response.text().await;
-            match body {
-                Ok(body) => Ok(body),
-                Err(e) => Err(SharesDecodingError::RequestError(e)),
+            if response.status().is_success() {
+                let body = response.text().await;
+                match body {
+                    Ok(body) => Ok(body),
+                    Err(e) => Err(SharesDecodingError::RequestError(e)),
+                }
+            } else {
+                Err(SharesDecodingError::ResponseContent {
+                    status: response.status(),
+                    message: response.text().await.unwrap_or_default(),
+                    url,
+                })
             }
         }
         Err(e) => Err(SharesDecodingError::RequestError(e)),