mirror of
https://github.com/tlsnotary/tlsn.git
synced 2026-01-10 07:07:57 -05:00
92da5adc24
* Add attestation example. * Apply fmt. * Apply clippy fix. * Rebase. * Improved readme + more default loggging in prove example * Removed wrong AI generated "learn more" links * re-export ContentType in tlsn-core * remove unnecessary checks from example --------- Co-authored-by: yuroitaki <> Co-authored-by: Hendrik Eeckhaut <hendrik@eeckhaut.org> Co-authored-by: sinu <65924192+sinui0@users.noreply.github.com>
97 lines
3.2 KiB
Rust
97 lines
3.2 KiB
Rust
// This example demonstrates how to verify a presentation. See `present.rs` for
|
|
// an example of how to build a presentation from an attestation and connection
|
|
// secrets.
|
|
|
|
use std::time::Duration;
|
|
|
|
use clap::Parser;
|
|
|
|
use tlsn::{
|
|
attestation::{
|
|
presentation::{Presentation, PresentationOutput},
|
|
signing::VerifyingKey,
|
|
CryptoProvider,
|
|
},
|
|
config::{CertificateDer, RootCertStore},
|
|
verifier::ServerCertVerifier,
|
|
};
|
|
use tlsn_examples::ExampleType;
|
|
use tlsn_server_fixture_certs::CA_CERT_DER;
|
|
|
|
#[derive(Parser, Debug)]
|
|
#[command(version, about, long_about = None)]
|
|
struct Args {
|
|
/// What data to notarize.
|
|
#[clap(default_value_t, value_enum)]
|
|
example_type: ExampleType,
|
|
}
|
|
|
|
#[tokio::main]
|
|
async fn main() -> Result<(), Box<dyn std::error::Error>> {
|
|
let args = Args::parse();
|
|
|
|
verify_presentation(&args.example_type).await
|
|
}
|
|
|
|
async fn verify_presentation(example_type: &ExampleType) -> Result<(), Box<dyn std::error::Error>> {
|
|
// Read the presentation from disk.
|
|
let presentation_path = tlsn_examples::get_file_path(example_type, "presentation");
|
|
|
|
let presentation: Presentation = bincode::deserialize(&std::fs::read(presentation_path)?)?;
|
|
|
|
// Create a crypto provider accepting the server-fixture's self-signed
|
|
// root certificate.
|
|
//
|
|
// This is only required for offline testing with the server-fixture. In
|
|
// production, use `CryptoProvider::default()` instead.
|
|
let root_cert_store = RootCertStore {
|
|
roots: vec![CertificateDer(CA_CERT_DER.to_vec())],
|
|
};
|
|
let crypto_provider = CryptoProvider {
|
|
cert: ServerCertVerifier::new(&root_cert_store)?,
|
|
..Default::default()
|
|
};
|
|
|
|
let VerifyingKey {
|
|
alg,
|
|
data: key_data,
|
|
} = presentation.verifying_key();
|
|
|
|
println!(
|
|
"Verifying presentation with {alg} key: {}\n\n**Ask yourself, do you trust this key?**\n",
|
|
hex::encode(key_data)
|
|
);
|
|
|
|
// Verify the presentation.
|
|
let PresentationOutput {
|
|
server_name,
|
|
connection_info,
|
|
transcript,
|
|
// extensions, // Optionally, verify any custom extensions from prover/notary.
|
|
..
|
|
} = presentation.verify(&crypto_provider).unwrap();
|
|
|
|
// The time at which the connection was started.
|
|
let time = chrono::DateTime::UNIX_EPOCH + Duration::from_secs(connection_info.time);
|
|
let server_name = server_name.unwrap();
|
|
let mut partial_transcript = transcript.unwrap();
|
|
// Set the unauthenticated bytes so they are distinguishable.
|
|
partial_transcript.set_unauthed(b'X');
|
|
|
|
let sent = String::from_utf8_lossy(partial_transcript.sent_unsafe());
|
|
let recv = String::from_utf8_lossy(partial_transcript.received_unsafe());
|
|
|
|
println!("-------------------------------------------------------------------");
|
|
println!(
|
|
"Successfully verified that the data below came from a session with {server_name} at {time}.",
|
|
);
|
|
println!("Note that the data which the Prover chose not to disclose are shown as X.\n");
|
|
println!("Data sent:\n");
|
|
println!("{sent}\n");
|
|
println!("Data received:\n");
|
|
println!("{recv}\n");
|
|
println!("-------------------------------------------------------------------");
|
|
|
|
Ok(())
|
|
}
|