chore(examples): inline custom crypto provider for clarity (#815)

Co-authored-by: sinu.eth <[email protected]>

Author: themighty1

crates/examples/attestation/present.rs

@@ -2,13 +2,13 @@
 // attestation and the corresponding connection secrets. See the `prove.rs`
 // example to learn how to acquire an attestation from a Notary.
 
+use clap::Parser;
 use hyper::header;
+
 use tlsn_core::{attestation::Attestation, presentation::Presentation, CryptoProvider, Secrets};
 use tlsn_examples::ExampleType;
 use tlsn_formats::http::HttpTranscript;
 
-use clap::Parser;
-
 #[derive(Parser, Debug)]
 #[command(version, about, long_about = None)]
 struct Args {

crates/examples/attestation/prove.rs

@@ -4,23 +4,23 @@
 
 use std::env;
 
+use clap::Parser;
 use http_body_util::Empty;
 use hyper::{body::Bytes, Request, StatusCode};
 use hyper_util::rt::TokioIo;
 use spansy::Spanned;
-use tlsn_examples::ExampleType;
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
+use tracing::debug;
 
 use notary_client::{Accepted, NotarizationRequest, NotaryClient};
-use tls_server_fixture::SERVER_DOMAIN;
+use tls_core::verify::WebPkiVerifier;
+use tls_server_fixture::{CA_CERT_DER, SERVER_DOMAIN};
 use tlsn_common::config::ProtocolConfig;
-use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfig};
+use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfig, CryptoProvider};
+use tlsn_examples::ExampleType;
 use tlsn_formats::http::{DefaultHttpCommitter, HttpCommit, HttpTranscript};
 use tlsn_prover::{Prover, ProverConfig};
 use tlsn_server_fixture::DEFAULT_FIXTURE_PORT;
-use tracing::debug;
-
-use clap::Parser;
 
 // Setting of the application server.
 const USER_AGENT: &str = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36";
@@ -90,6 +90,20 @@ async fn notarize(
         .await
         .expect("Could not connect to notary. Make sure it is running.");
 
+    // Create a crypto provider accepting the server-fixture's self-signed
+    // root certificate.
+    //
+    // This is only required for offline testing with the server-fixture. In
+    // production, use `CryptoProvider::default()` instead.
+    let mut root_store = tls_core::anchors::RootCertStore::empty();
+    root_store
+        .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
+        .unwrap();
+    let crypto_provider = CryptoProvider {
+        cert: WebPkiVerifier::new(root_store, None),
+        ..Default::default()
+    };
+
     // Set up protocol configuration for prover.
     // Prover configuration.
     let prover_config = ProverConfig::builder()
@@ -103,7 +117,7 @@ async fn notarize(
                 .max_recv_data(tlsn_examples::MAX_RECV_DATA)
                 .build()?,
         )
-        .crypto_provider(tlsn_examples::get_crypto_provider_with_server_fixture())
+        .crypto_provider(crypto_provider)
         .build()?;
 
     // Create a new prover and perform necessary setup.

crates/examples/attestation/verify.rs

@@ -4,12 +4,15 @@
 
 use std::time::Duration;
 
+use clap::Parser;
+
+use tls_core::verify::WebPkiVerifier;
+use tls_server_fixture::CA_CERT_DER;
 use tlsn_core::{
     presentation::{Presentation, PresentationOutput},
     signing::VerifyingKey,
+    CryptoProvider,
 };
-
-use clap::Parser;
 use tlsn_examples::ExampleType;
 
 #[derive(Parser, Debug)]
@@ -33,7 +36,19 @@ async fn verify_presentation(example_type: &ExampleType) -> Result<(), Box<dyn s
 
     let presentation: Presentation = bincode::deserialize(&std::fs::read(presentation_path)?)?;
 
-    let provider = tlsn_examples::get_crypto_provider_with_server_fixture();
+    // Create a crypto provider accepting the server-fixture's self-signed
+    // root certificate.
+    //
+    // This is only required for offline testing with the server-fixture. In
+    // production, use `CryptoProvider::default()` instead.
+    let mut root_store = tls_core::anchors::RootCertStore::empty();
+    root_store
+        .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
+        .unwrap();
+    let crypto_provider = CryptoProvider {
+        cert: WebPkiVerifier::new(root_store, None),
+        ..Default::default()
+    };
 
     let VerifyingKey {
         alg,
@@ -52,7 +67,7 @@ async fn verify_presentation(example_type: &ExampleType) -> Result<(), Box<dyn s
         transcript,
         // extensions, // Optionally, verify any custom extensions from prover/notary.
         ..
-    } = presentation.verify(&provider).unwrap();
+    } = presentation.verify(&crypto_provider).unwrap();
 
     // The time at which the connection was started.
     let time = chrono::DateTime::UNIX_EPOCH + Duration::from_secs(connection_info.time);

crates/examples/interactive/interactive.rs

@@ -6,17 +6,18 @@ use std::{
 use http_body_util::Empty;
 use hyper::{body::Bytes, Request, StatusCode, Uri};
 use hyper_util::rt::TokioIo;
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
+use tracing::instrument;
+
+use tls_core::verify::WebPkiVerifier;
+use tls_server_fixture::CA_CERT_DER;
 use tlsn_common::config::{ProtocolConfig, ProtocolConfigValidator};
-use tlsn_core::transcript::Idx;
-use tlsn_examples::get_crypto_provider_with_server_fixture;
+use tlsn_core::{transcript::Idx, CryptoProvider};
 use tlsn_prover::{state::Prove, Prover, ProverConfig};
-
 use tlsn_server_fixture::DEFAULT_FIXTURE_PORT;
 use tlsn_server_fixture_certs::SERVER_DOMAIN;
 use tlsn_verifier::{SessionInfo, Verifier, VerifierConfig};
-use tokio::io::{AsyncRead, AsyncWrite};
-use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
-use tracing::instrument;
 
 const SECRET: &str = "TLSNotary's private key 🤡";
 
@@ -64,6 +65,20 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     assert_eq!(uri.scheme().unwrap().as_str(), "https");
     let server_domain = uri.authority().unwrap().host();
 
+    // Create a crypto provider accepting the server-fixture's self-signed
+    // root certificate.
+    //
+    // This is only required for offline testing with the server-fixture. In
+    // production, use `CryptoProvider::default()` instead.
+    let mut root_store = tls_core::anchors::RootCertStore::empty();
+    root_store
+        .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
+        .unwrap();
+    let crypto_provider = CryptoProvider {
+        cert: WebPkiVerifier::new(root_store, None),
+        ..Default::default()
+    };
+
     // Create prover and connect to verifier.
     //
     // Perform the setup phase with the verifier.
@@ -77,7 +92,7 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
                     .build()
                     .unwrap(),
             )
-            .crypto_provider(get_crypto_provider_with_server_fixture())
+            .crypto_provider(crypto_provider)
             .build()
             .unwrap(),
     )
@@ -143,9 +158,23 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
         .build()
         .unwrap();
 
+    // Create a crypto provider accepting the server-fixture's self-signed
+    // root certificate.
+    //
+    // This is only required for offline testing with the server-fixture. In
+    // production, use `CryptoProvider::default()` instead.
+    let mut root_store = tls_core::anchors::RootCertStore::empty();
+    root_store
+        .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
+        .unwrap();
+    let crypto_provider = CryptoProvider {
+        cert: WebPkiVerifier::new(root_store, None),
+        ..Default::default()
+    };
+
     let verifier_config = VerifierConfig::builder()
         .protocol_config_validator(config_validator)
-        .crypto_provider(get_crypto_provider_with_server_fixture())
+        .crypto_provider(crypto_provider)
         .build()
         .unwrap();
     let verifier = Verifier::new(verifier_config);

crates/examples/src/lib.rs

@@ -1,30 +1,10 @@
 use std::fmt;
-use tls_core::verify::WebPkiVerifier;
-use tls_server_fixture::CA_CERT_DER;
-use tlsn_core::CryptoProvider;
 
 // Maximum number of bytes that can be sent from prover to server.
 pub const MAX_SENT_DATA: usize = 1 << 12;
 // Maximum number of bytes that can be received by prover from server.
 pub const MAX_RECV_DATA: usize = 1 << 14;
 
-/// Crypto provider accepting the server-fixture's self-signed certificate.
-///
-/// This is only required for offline testing with the server-fixture. In
-/// production, use `CryptoProvider::default()` instead.
-pub fn get_crypto_provider_with_server_fixture() -> CryptoProvider {
-    // custom root store with server-fixture
-    let mut root_store = tls_core::anchors::RootCertStore::empty();
-    root_store
-        .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
-        .unwrap();
-
-    CryptoProvider {
-        cert: WebPkiVerifier::new(root_store, None),
-        ..Default::default()
-    }
-}
-
 #[derive(clap::ValueEnum, Clone, Default, Debug)]
 pub enum ExampleType {
     #[default]