dfinity · krpeacock · Jun 3, 2024 · Apr 29, 2024 · May 7, 2024 · Jun 3, 2024
@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+### Added
+
+- feat!: add support for proof of absence in Certificate lookups
+
 ### Changed
 
 - fix: publish script will correctly update the `package-lock.json` file with the correct dependencies when making a new release

@@ -1,4 +1,10 @@
-import { ActorMethod, Certificate, getManagementCanister } from '@dfinity/agent';
+import {
+  ActorMethod,
+  Certificate,
+  LookupResultFound,
+  LookupStatus,
+  getManagementCanister,
+} from '@dfinity/agent';
 import { IDL } from '@dfinity/candid';
 import { Principal } from '@dfinity/principal';
 import agent from '../utils/agent';
@@ -18,14 +24,21 @@ test('read_state', async () => {
     rootKey: resolvedAgent.rootKey,
     canisterId: canisterId,
   });
-  expect(cert.lookup([new TextEncoder().encode('Time')])).toBe(undefined);
-  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-  const rawTime = cert.lookup(path)!;
+  expect(cert.lookup([new TextEncoder().encode('Time')])).toEqual({ status: LookupStatus.Unknown });
+
+  let rawTime = cert.lookup(path);
+
+  expect(rawTime.status).toEqual(LookupStatus.Found);
+  rawTime = rawTime as LookupResultFound;
+
+  expect(rawTime.value).toBeInstanceOf(ArrayBuffer);
+  rawTime.value = rawTime.value as ArrayBuffer;
+
   const decoded = IDL.decode(
     [IDL.Nat],
     new Uint8Array([
       ...new TextEncoder().encode('DIDL\x00\x01\x7d'),
-      ...(new Uint8Array(rawTime) || []),
+      ...(new Uint8Array(rawTime.value) || []),
     ]),
   )[0];
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -54,14 +67,21 @@ test('read_state with passed request', async () => {
     rootKey: resolvedAgent.rootKey,
     canisterId: canisterId,
   });
-  expect(cert.lookup([new TextEncoder().encode('Time')])).toBe(undefined);
-  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-  const rawTime = cert.lookup(path)!;
+  expect(cert.lookup([new TextEncoder().encode('Time')])).toEqual({ status: LookupStatus.Unknown });
+
+  let rawTime = cert.lookup(path);
+
+  expect(rawTime.status).toEqual(LookupStatus.Found);
+  rawTime = rawTime as LookupResultFound;
+
+  expect(rawTime.value).toBeInstanceOf(ArrayBuffer);
+  rawTime.value = rawTime.value as ArrayBuffer;
+
   const decoded = IDL.decode(
     [IDL.Nat],
     new Uint8Array([
       ...new TextEncoder().encode('DIDL\x00\x01\x7d'),
-      ...(new Uint8Array(rawTime) || []),
+      ...(new Uint8Array(rawTime.value) || []),
     ]),
   )[0];
   // eslint-disable-next-line @typescript-eslint/no-explicit-any

@@ -29,7 +29,12 @@ import {
 } from './types';
 import { AgentHTTPResponseError } from './errors';
 import { SubnetStatus, request } from '../../canisterStatus';
-import { CertificateVerificationError, HashTree, lookup_path } from '../../certificate';
+import {
+  CertificateVerificationError,
+  HashTree,
+  LookupStatus,
+  lookup_path,
+} from '../../certificate';
 import { ed25519 } from '@noble/curves/ed25519';
 import { ExpirableMap } from '../../utils/expirableMap';
 import { Ed25519PublicKey } from '../../public_key';
@@ -902,14 +907,14 @@ export class HttpAgent implements Agent {
         throw new Error('Could not decode time from response');
       }
       const timeLookup = lookup_path(['time'], tree);
-      if (!timeLookup) {
+      if (timeLookup.status !== LookupStatus.Found) {
         throw new Error('Time was not found in the response or was not in its expected format.');
       }
 
-      if (!(timeLookup instanceof ArrayBuffer) && !ArrayBuffer.isView(timeLookup)) {
+      if (!(timeLookup.value instanceof ArrayBuffer) && !ArrayBuffer.isView(timeLookup)) {
         throw new Error('Time was not found in the response or was not in its expected format.');
       }
-      const date = decodeTime(bufFromBufLike(timeLookup));
+      const date = decodeTime(bufFromBufLike(timeLookup.value as ArrayBuffer));
       this.log('Time from response:', date);
       this.log('Time from response in milliseconds:', Number(date));
       return Number(date);

@@ -9,8 +9,9 @@ import {
   HashTree,
   flatten_forks,
   check_canister_ranges,
-  lookupResultToBuffer,
+  LookupStatus,
   lookup_path,
+  lookupResultToBuffer,
 } from '../certificate';
 import { toHex } from '../utils/buffer';
 import * as Cbor from '../cbor';
@@ -290,14 +291,25 @@ export const fetchNodeKeys = (
     throw new Error('Canister not in range');
   }
 
-  const nodeTree = lookup_path(['subnet', delegation?.subnet_id as ArrayBuffer, 'node'], tree);
-  const nodeForks = flatten_forks(nodeTree as HashTree) as HashTree[];
-  nodeForks.length;
+  const subnetLookupResult = lookup_path(['subnet', delegation.subnet_id, 'node'], tree);
+  if (subnetLookupResult.status !== LookupStatus.Found) {
+    throw new Error('Node not found');
+  }
+  if (subnetLookupResult.value instanceof ArrayBuffer) {
+    throw new Error('Invalid node tree');
+  }
+
+  const nodeForks = flatten_forks(subnetLookupResult.value);
   const nodeKeys = new Map<string, DerEncodedPublicKey>();
+
   nodeForks.forEach(fork => {
-    Object.getPrototypeOf(new Uint8Array(fork[1] as ArrayBuffer));
     const node_id = Principal.from(new Uint8Array(fork[1] as ArrayBuffer)).toText();
-    const derEncodedPublicKey = lookup_path(['public_key'], fork[2] as HashTree) as ArrayBuffer;
+    const publicKeyLookupResult = lookup_path(['public_key'], fork[2] as HashTree);
+    if (publicKeyLookupResult.status !== LookupStatus.Found) {
+      throw new Error('Public key not found');
+    }
+
+    const derEncodedPublicKey = publicKeyLookupResult.value as ArrayBuffer;
     if (derEncodedPublicKey.byteLength !== 44) {
       throw new Error('Invalid public key length');
     } else {