Skip to content

Commit a287189

Browse files
themighty1sinui0
andauthored
chore(examples): inline custom crypto provider for clarity (#815)
Co-authored-by: sinu.eth <[email protected]>
1 parent 19447aa commit a287189

File tree

5 files changed

+79
-41
lines changed

5 files changed

+79
-41
lines changed

crates/examples/attestation/present.rs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,13 @@
22
// attestation and the corresponding connection secrets. See the `prove.rs`
33
// example to learn how to acquire an attestation from a Notary.
44

5+
use clap::Parser;
56
use hyper::header;
7+
68
use tlsn_core::{attestation::Attestation, presentation::Presentation, CryptoProvider, Secrets};
79
use tlsn_examples::ExampleType;
810
use tlsn_formats::http::HttpTranscript;
911

10-
use clap::Parser;
11-
1212
#[derive(Parser, Debug)]
1313
#[command(version, about, long_about = None)]
1414
struct Args {

crates/examples/attestation/prove.rs

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,23 +4,23 @@
44

55
use std::env;
66

7+
use clap::Parser;
78
use http_body_util::Empty;
89
use hyper::{body::Bytes, Request, StatusCode};
910
use hyper_util::rt::TokioIo;
1011
use spansy::Spanned;
11-
use tlsn_examples::ExampleType;
1212
use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
13+
use tracing::debug;
1314

1415
use notary_client::{Accepted, NotarizationRequest, NotaryClient};
15-
use tls_server_fixture::SERVER_DOMAIN;
16+
use tls_core::verify::WebPkiVerifier;
17+
use tls_server_fixture::{CA_CERT_DER, SERVER_DOMAIN};
1618
use tlsn_common::config::ProtocolConfig;
17-
use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfig};
19+
use tlsn_core::{request::RequestConfig, transcript::TranscriptCommitConfig, CryptoProvider};
20+
use tlsn_examples::ExampleType;
1821
use tlsn_formats::http::{DefaultHttpCommitter, HttpCommit, HttpTranscript};
1922
use tlsn_prover::{Prover, ProverConfig};
2023
use tlsn_server_fixture::DEFAULT_FIXTURE_PORT;
21-
use tracing::debug;
22-
23-
use clap::Parser;
2424

2525
// Setting of the application server.
2626
const USER_AGENT: &str = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36";
@@ -90,6 +90,20 @@ async fn notarize(
9090
.await
9191
.expect("Could not connect to notary. Make sure it is running.");
9292

93+
// Create a crypto provider accepting the server-fixture's self-signed
94+
// root certificate.
95+
//
96+
// This is only required for offline testing with the server-fixture. In
97+
// production, use `CryptoProvider::default()` instead.
98+
let mut root_store = tls_core::anchors::RootCertStore::empty();
99+
root_store
100+
.add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
101+
.unwrap();
102+
let crypto_provider = CryptoProvider {
103+
cert: WebPkiVerifier::new(root_store, None),
104+
..Default::default()
105+
};
106+
93107
// Set up protocol configuration for prover.
94108
// Prover configuration.
95109
let prover_config = ProverConfig::builder()
@@ -103,7 +117,7 @@ async fn notarize(
103117
.max_recv_data(tlsn_examples::MAX_RECV_DATA)
104118
.build()?,
105119
)
106-
.crypto_provider(tlsn_examples::get_crypto_provider_with_server_fixture())
120+
.crypto_provider(crypto_provider)
107121
.build()?;
108122

109123
// Create a new prover and perform necessary setup.

crates/examples/attestation/verify.rs

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,15 @@
44

55
use std::time::Duration;
66

7+
use clap::Parser;
8+
9+
use tls_core::verify::WebPkiVerifier;
10+
use tls_server_fixture::CA_CERT_DER;
711
use tlsn_core::{
812
presentation::{Presentation, PresentationOutput},
913
signing::VerifyingKey,
14+
CryptoProvider,
1015
};
11-
12-
use clap::Parser;
1316
use tlsn_examples::ExampleType;
1417

1518
#[derive(Parser, Debug)]
@@ -33,7 +36,19 @@ async fn verify_presentation(example_type: &ExampleType) -> Result<(), Box<dyn s
3336

3437
let presentation: Presentation = bincode::deserialize(&std::fs::read(presentation_path)?)?;
3538

36-
let provider = tlsn_examples::get_crypto_provider_with_server_fixture();
39+
// Create a crypto provider accepting the server-fixture's self-signed
40+
// root certificate.
41+
//
42+
// This is only required for offline testing with the server-fixture. In
43+
// production, use `CryptoProvider::default()` instead.
44+
let mut root_store = tls_core::anchors::RootCertStore::empty();
45+
root_store
46+
.add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
47+
.unwrap();
48+
let crypto_provider = CryptoProvider {
49+
cert: WebPkiVerifier::new(root_store, None),
50+
..Default::default()
51+
};
3752

3853
let VerifyingKey {
3954
alg,
@@ -52,7 +67,7 @@ async fn verify_presentation(example_type: &ExampleType) -> Result<(), Box<dyn s
5267
transcript,
5368
// extensions, // Optionally, verify any custom extensions from prover/notary.
5469
..
55-
} = presentation.verify(&provider).unwrap();
70+
} = presentation.verify(&crypto_provider).unwrap();
5671

5772
// The time at which the connection was started.
5873
let time = chrono::DateTime::UNIX_EPOCH + Duration::from_secs(connection_info.time);

crates/examples/interactive/interactive.rs

Lines changed: 37 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,18 @@ use std::{
66
use http_body_util::Empty;
77
use hyper::{body::Bytes, Request, StatusCode, Uri};
88
use hyper_util::rt::TokioIo;
9+
use tokio::io::{AsyncRead, AsyncWrite};
10+
use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
11+
use tracing::instrument;
12+
13+
use tls_core::verify::WebPkiVerifier;
14+
use tls_server_fixture::CA_CERT_DER;
915
use tlsn_common::config::{ProtocolConfig, ProtocolConfigValidator};
10-
use tlsn_core::transcript::Idx;
11-
use tlsn_examples::get_crypto_provider_with_server_fixture;
16+
use tlsn_core::{transcript::Idx, CryptoProvider};
1217
use tlsn_prover::{state::Prove, Prover, ProverConfig};
13-
1418
use tlsn_server_fixture::DEFAULT_FIXTURE_PORT;
1519
use tlsn_server_fixture_certs::SERVER_DOMAIN;
1620
use tlsn_verifier::{SessionInfo, Verifier, VerifierConfig};
17-
use tokio::io::{AsyncRead, AsyncWrite};
18-
use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
19-
use tracing::instrument;
2021

2122
const SECRET: &str = "TLSNotary's private key 🤡";
2223

@@ -64,6 +65,20 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
6465
assert_eq!(uri.scheme().unwrap().as_str(), "https");
6566
let server_domain = uri.authority().unwrap().host();
6667

68+
// Create a crypto provider accepting the server-fixture's self-signed
69+
// root certificate.
70+
//
71+
// This is only required for offline testing with the server-fixture. In
72+
// production, use `CryptoProvider::default()` instead.
73+
let mut root_store = tls_core::anchors::RootCertStore::empty();
74+
root_store
75+
.add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
76+
.unwrap();
77+
let crypto_provider = CryptoProvider {
78+
cert: WebPkiVerifier::new(root_store, None),
79+
..Default::default()
80+
};
81+
6782
// Create prover and connect to verifier.
6883
//
6984
// Perform the setup phase with the verifier.
@@ -77,7 +92,7 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
7792
.build()
7893
.unwrap(),
7994
)
80-
.crypto_provider(get_crypto_provider_with_server_fixture())
95+
.crypto_provider(crypto_provider)
8196
.build()
8297
.unwrap(),
8398
)
@@ -143,9 +158,23 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
143158
.build()
144159
.unwrap();
145160

161+
// Create a crypto provider accepting the server-fixture's self-signed
162+
// root certificate.
163+
//
164+
// This is only required for offline testing with the server-fixture. In
165+
// production, use `CryptoProvider::default()` instead.
166+
let mut root_store = tls_core::anchors::RootCertStore::empty();
167+
root_store
168+
.add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
169+
.unwrap();
170+
let crypto_provider = CryptoProvider {
171+
cert: WebPkiVerifier::new(root_store, None),
172+
..Default::default()
173+
};
174+
146175
let verifier_config = VerifierConfig::builder()
147176
.protocol_config_validator(config_validator)
148-
.crypto_provider(get_crypto_provider_with_server_fixture())
177+
.crypto_provider(crypto_provider)
149178
.build()
150179
.unwrap();
151180
let verifier = Verifier::new(verifier_config);

crates/examples/src/lib.rs

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,10 @@
11
use std::fmt;
2-
use tls_core::verify::WebPkiVerifier;
3-
use tls_server_fixture::CA_CERT_DER;
4-
use tlsn_core::CryptoProvider;
52

63
// Maximum number of bytes that can be sent from prover to server.
74
pub const MAX_SENT_DATA: usize = 1 << 12;
85
// Maximum number of bytes that can be received by prover from server.
96
pub const MAX_RECV_DATA: usize = 1 << 14;
107

11-
/// Crypto provider accepting the server-fixture's self-signed certificate.
12-
///
13-
/// This is only required for offline testing with the server-fixture. In
14-
/// production, use `CryptoProvider::default()` instead.
15-
pub fn get_crypto_provider_with_server_fixture() -> CryptoProvider {
16-
// custom root store with server-fixture
17-
let mut root_store = tls_core::anchors::RootCertStore::empty();
18-
root_store
19-
.add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
20-
.unwrap();
21-
22-
CryptoProvider {
23-
cert: WebPkiVerifier::new(root_store, None),
24-
..Default::default()
25-
}
26-
}
27-
288
#[derive(clap::ValueEnum, Clone, Default, Debug)]
299
pub enum ExampleType {
3010
#[default]

0 commit comments

Comments
 (0)