Add correct server certificate and assert correct redactions

tlsnotary · Nov 19, 2023 · 955ec80 · 955ec80
1 parent 55f0ff2
commit 955ec80
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 7 deletions.
diff --git a/tlsn/tests-integration/Cargo.toml b/tlsn/tests-integration/Cargo.toml
@@ -10,6 +10,7 @@ tlsn-tls-core.workspace = true
 tlsn-prover = { workspace = true, features = ["tracing"] }
 tlsn-verifier = { workspace = true, features = ["tracing"] }
 tlsn-server-fixture.workspace = true
+tlsn-utils.workspace = true
 
 p256 = { workspace = true, features = ["ecdsa"] }
 hyper = { workspace = true, features = ["client", "http1"] }

diff --git a/tlsn/tests-integration/tests/verify.rs b/tlsn/tests-integration/tests/verify.rs
@@ -1,12 +1,14 @@
 use futures::AsyncWriteExt;
 use hyper::{body::to_bytes, Body, Request, StatusCode};
+use tls_core::{anchors::RootCertStore, verify::WebPkiVerifier};
 use tlsn_core::{proof::SessionInfo, Direction, RedactedTranscript};
 use tlsn_prover::tls::{Prover, ProverConfig};
 use tlsn_server_fixture::{CA_CERT_DER, SERVER_DOMAIN};
 use tlsn_verifier::tls::{Verifier, VerifierConfig};
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
 use tracing::instrument;
+use utils::range::RangeSet;
 
 #[tokio::test]
 #[ignore]
@@ -15,7 +17,16 @@ async fn verify() {
 
     let (socket_0, socket_1) = tokio::io::duplex(2 << 23);
 
-    let (_, (sent, received, session_info)) = tokio::join!(prover(socket_0), verifier(socket_1));
+    let (_, (sent, received, _session_info)) = tokio::join!(prover(socket_0), verifier(socket_1));
+
+    assert_eq!(sent.authed(), &RangeSet::from(0..sent.data().len() - 1));
+    assert_eq!(
+        sent.redacted(),
+        &RangeSet::from(sent.data().len() - 1..sent.data().len())
+    );
+
+    assert_eq!(received.authed(), &RangeSet::from(2..received.data().len()));
+    assert_eq!(received.redacted(), &RangeSet::from(0..2));
 }
 
 #[instrument(skip(notary_socket))]
@@ -24,7 +35,7 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(notary_socke
 
     let server_task = tokio::spawn(tlsn_server_fixture::bind(server_socket.compat()));
 
-    let mut root_store = tls_core::anchors::RootCertStore::empty();
+    let mut root_store = RootCertStore::empty();
     root_store
         .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
         .unwrap();
@@ -79,9 +90,9 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(notary_socke
     let sent_transcript_len = prover.sent_transcript().data().len();
     let recv_transcript_len = prover.recv_transcript().data().len();
 
-    // Reveal everything
-    prover.reveal(0..sent_transcript_len, Direction::Sent);
-    prover.reveal(0..recv_transcript_len, Direction::Received);
+    // Reveal parts of the transcript
+    prover.reveal(0..sent_transcript_len - 1, Direction::Sent);
+    prover.reveal(2..recv_transcript_len, Direction::Received);
     prover.prove().await.unwrap();
 
     prover.finalize().await.unwrap()
@@ -91,8 +102,18 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(notary_socke
 async fn verifier<T: AsyncWrite + AsyncRead + Send + Sync + Unpin + 'static>(
     socket: T,
 ) -> (RedactedTranscript, RedactedTranscript, SessionInfo) {
-    let verifier = Verifier::new(VerifierConfig::builder().id("test").build().unwrap());
-    let (sent, received, session_info) = verifier.verify(socket.compat()).await.unwrap();
+    let mut root_store = RootCertStore::empty();
+    root_store
+        .add(&tls_core::key::Certificate(CA_CERT_DER.to_vec()))
+        .unwrap();
 
+    let verifier_config = VerifierConfig::builder()
+        .id("test")
+        .cert_verifier(WebPkiVerifier::new(root_store, None))
+        .build()
+        .unwrap();
+    let verifier = Verifier::new(verifier_config);
+
+    let (sent, received, session_info) = verifier.verify(socket.compat()).await.unwrap();
     (sent, received, session_info)
 }