@@ -237,3 +237,234 @@ impl std::fmt::Display for AttestationBuilderError {
237237 Ok ( ( ) )
238238 }
239239}
240+
241+ #[ cfg( test) ]
242+ mod test {
243+ use rstest:: { fixture, rstest} ;
244+ use tlsn_data_fixtures:: http:: { request:: GET_WITH_HEADER , response:: OK_JSON } ;
245+
246+ use crate :: {
247+ connection:: { HandshakeData , HandshakeDataV1_2 } ,
248+ fixtures:: { encoder_seed, encoding_provider, ConnectionFixture } ,
249+ hash:: Blake3 ,
250+ request:: RequestConfig ,
251+ transcript:: { encoding:: EncodingTree , Transcript , TranscriptCommitConfigBuilder } ,
252+ } ;
253+
254+ use super :: * ;
255+
256+ fn request_and_connection ( ) -> ( Request , ConnectionFixture ) {
257+ let provider = CryptoProvider :: default ( ) ;
258+
259+ let transcript = Transcript :: new ( GET_WITH_HEADER , OK_JSON ) ;
260+ let ( sent_len, recv_len) = transcript. len ( ) ;
261+ // Plaintext encodings which the Prover obtained from GC evaluation
262+ let encodings_provider = encoding_provider ( GET_WITH_HEADER , OK_JSON ) ;
263+
264+ // At the end of the TLS connection the Prover holds the:
265+ let ConnectionFixture {
266+ server_name,
267+ server_cert_data,
268+ ..
269+ } = ConnectionFixture :: tlsnotary ( transcript. length ( ) ) ;
270+
271+ // Prover specifies the ranges it wants to commit to.
272+ let mut transcript_commitment_builder = TranscriptCommitConfigBuilder :: new ( & transcript) ;
273+ transcript_commitment_builder
274+ . commit_sent ( & ( 0 ..sent_len) )
275+ . unwrap ( )
276+ . commit_recv ( & ( 0 ..recv_len) )
277+ . unwrap ( ) ;
278+
279+ let transcripts_commitment_config = transcript_commitment_builder. build ( ) . unwrap ( ) ;
280+
281+ // Prover constructs encoding tree.
282+ let encoding_tree = EncodingTree :: new (
283+ & Blake3 :: default ( ) ,
284+ transcripts_commitment_config. iter_encoding ( ) ,
285+ & encodings_provider,
286+ & transcript. length ( ) ,
287+ )
288+ . unwrap ( ) ;
289+
290+ let request_config = RequestConfig :: default ( ) ;
291+ let mut request_builder = Request :: builder ( & request_config) ;
292+
293+ request_builder
294+ . server_name ( server_name. clone ( ) )
295+ . server_cert_data ( server_cert_data)
296+ . transcript ( transcript. clone ( ) )
297+ . encoding_tree ( encoding_tree) ;
298+ let ( request, _) = request_builder. build ( & provider) . unwrap ( ) ;
299+
300+ ( request, ConnectionFixture :: tlsnotary ( transcript. length ( ) ) )
301+ }
302+
303+ #[ fixture]
304+ #[ once]
305+ fn default_attestation_config ( ) -> AttestationConfig {
306+ AttestationConfig :: builder ( )
307+ . supported_signature_algs ( [ SignatureAlgId :: SECP256K1 ] )
308+ . build ( )
309+ . unwrap ( )
310+ }
311+
312+ #[ fixture]
313+ #[ once]
314+ fn crypto_provider ( ) -> CryptoProvider {
315+ let mut provider = CryptoProvider :: default ( ) ;
316+ provider. signer . set_secp256k1 ( & [ 42u8 ; 32 ] ) . unwrap ( ) ;
317+ provider
318+ }
319+
320+ #[ rstest]
321+ fn test_attestation_builder_accept_unsupported_signer ( ) {
322+ let ( request, _) = request_and_connection ( ) ;
323+ let attestation_config = AttestationConfig :: builder ( )
324+ . supported_signature_algs ( [ SignatureAlgId :: SECP256R1 ] )
325+ . build ( )
326+ . unwrap ( ) ;
327+
328+ let err = Attestation :: builder ( & attestation_config)
329+ . accept_request ( request)
330+ . err ( )
331+ . unwrap ( ) ;
332+ assert ! ( err. is_request( ) ) ;
333+ }
334+
335+ #[ rstest]
336+ fn test_attestation_builder_accept_unsupported_hasher ( ) {
337+ let ( request, _) = request_and_connection ( ) ;
338+
339+ let attestation_config = AttestationConfig :: builder ( )
340+ . supported_signature_algs ( [ SignatureAlgId :: SECP256K1 ] )
341+ . supported_hash_algs ( [ HashAlgId :: KECCAK256 ] )
342+ . build ( )
343+ . unwrap ( ) ;
344+
345+ let err = Attestation :: builder ( & attestation_config)
346+ . accept_request ( request)
347+ . err ( )
348+ . unwrap ( ) ;
349+ assert ! ( err. is_request( ) ) ;
350+ }
351+
352+ #[ rstest]
353+ fn test_attestation_builder_accept_unsupported_encoding_commitment ( ) {
354+ let ( request, _) = request_and_connection ( ) ;
355+
356+ let attestation_config = AttestationConfig :: builder ( )
357+ . supported_signature_algs ( [ SignatureAlgId :: SECP256K1 ] )
358+ . supported_fields ( [
359+ FieldKind :: ConnectionInfo ,
360+ FieldKind :: ServerEphemKey ,
361+ FieldKind :: ServerIdentityCommitment ,
362+ ] )
363+ . build ( )
364+ . unwrap ( ) ;
365+
366+ let err = Attestation :: builder ( & attestation_config)
367+ . accept_request ( request)
368+ . err ( )
369+ . unwrap ( ) ;
370+ assert ! ( err. is_request( ) ) ;
371+ }
372+
373+ #[ rstest]
374+ fn test_attestation_builder_sign_missing_signer (
375+ default_attestation_config : & AttestationConfig ,
376+ ) {
377+ let ( request, _) = request_and_connection ( ) ;
378+
379+ let attestation_builder = Attestation :: builder ( default_attestation_config)
380+ . accept_request ( request. clone ( ) )
381+ . unwrap ( ) ;
382+
383+ let mut provider = CryptoProvider :: default ( ) ;
384+ provider. signer . set_secp256r1 ( & [ 42u8 ; 32 ] ) . unwrap ( ) ;
385+
386+ let err = attestation_builder. build ( & provider) . err ( ) . unwrap ( ) ;
387+ assert ! ( matches!( err. kind, ErrorKind :: Config ) ) ;
388+ }
389+
390+ #[ rstest]
391+ fn test_attestation_builder_sign_missing_encoding_seed (
392+ default_attestation_config : & AttestationConfig ,
393+ crypto_provider : & CryptoProvider ,
394+ ) {
395+ let ( request, connection) = request_and_connection ( ) ;
396+
397+ let mut attestation_builder = Attestation :: builder ( default_attestation_config)
398+ . accept_request ( request. clone ( ) )
399+ . unwrap ( ) ;
400+
401+ let ConnectionFixture {
402+ connection_info,
403+ server_cert_data,
404+ ..
405+ } = connection;
406+
407+ let HandshakeData :: V1_2 ( HandshakeDataV1_2 {
408+ server_ephemeral_key,
409+ ..
410+ } ) = server_cert_data. handshake . clone ( ) ;
411+
412+ attestation_builder
413+ . connection_info ( connection_info. clone ( ) )
414+ . server_ephemeral_key ( server_ephemeral_key) ;
415+
416+ let err = attestation_builder. build ( crypto_provider) . err ( ) . unwrap ( ) ;
417+ assert ! ( matches!( err. kind, ErrorKind :: Field ) ) ;
418+ }
419+
420+ #[ rstest]
421+ fn test_attestation_builder_sign_missing_server_ephemeral_key (
422+ default_attestation_config : & AttestationConfig ,
423+ crypto_provider : & CryptoProvider ,
424+ ) {
425+ let ( request, connection) = request_and_connection ( ) ;
426+
427+ let mut attestation_builder = Attestation :: builder ( default_attestation_config)
428+ . accept_request ( request. clone ( ) )
429+ . unwrap ( ) ;
430+
431+ let ConnectionFixture {
432+ connection_info, ..
433+ } = connection;
434+
435+ attestation_builder
436+ . connection_info ( connection_info. clone ( ) )
437+ . encoding_seed ( encoder_seed ( ) . to_vec ( ) ) ;
438+
439+ let err = attestation_builder. build ( crypto_provider) . err ( ) . unwrap ( ) ;
440+ assert ! ( matches!( err. kind, ErrorKind :: Field ) ) ;
441+ }
442+
443+ #[ rstest]
444+ fn test_attestation_builder_sign_missing_connection_info (
445+ default_attestation_config : & AttestationConfig ,
446+ crypto_provider : & CryptoProvider ,
447+ ) {
448+ let ( request, connection) = request_and_connection ( ) ;
449+
450+ let mut attestation_builder = Attestation :: builder ( default_attestation_config)
451+ . accept_request ( request. clone ( ) )
452+ . unwrap ( ) ;
453+
454+ let ConnectionFixture {
455+ server_cert_data, ..
456+ } = connection;
457+
458+ let HandshakeData :: V1_2 ( HandshakeDataV1_2 {
459+ server_ephemeral_key,
460+ ..
461+ } ) = server_cert_data. handshake . clone ( ) ;
462+
463+ attestation_builder
464+ . server_ephemeral_key ( server_ephemeral_key)
465+ . encoding_seed ( encoder_seed ( ) . to_vec ( ) ) ;
466+
467+ let err = attestation_builder. build ( crypto_provider) . err ( ) . unwrap ( ) ;
468+ assert ! ( matches!( err. kind, ErrorKind :: Field ) ) ;
469+ }
470+ }
0 commit comments