Skip to main content

add_v2_certificate_header

ic_http_certification::utils

Function add_v2_certificate_header 

Source 
pub fn add_v2_certificate_header(
    data_certificate: &[u8],
    response: &mut HttpResponse<'_>,
    witness: &HashTree,
    expr_path: &[String],
)
Expand description

Adds the IC-Certificate header to a given HttpResponse. This header is used by the HTTP Gateway to verify the authenticity of query call responses made to the http_request method of the target canister.

§Arguments

  • data_certificate - A certificate used by the HTTP Gateway to verify a response. Retrieved using ic_cdk::api::data_certificate. This value is not validated by this function and is expected to be a valid certificate. The function will not fail if the certificate is invalid, but verification of the certificate by the HTTP Gateway will fail.
  • response - The HttpResponse to add the certificate header to. Created using HttpResponse::builder().
  • witness - A pruned merkle tree revealing the relevant certification for the current response. Created using HttpCertificationTree::witness(). The witness is not validated to be correct for the given response, and the function will not fail if the witness is invalid. The HTTP Gateway will fail to verify the response if the witness is invalid.
  • expr_path - An expression path for the current response informing the HTTP Gateway where the relevant certification is present in the merkle tree. Created using HttpCertificationPath::to_expr_path(). The expression path is not validated to be correct for the given response, and the function will not fail if the expression path is invalid.

§Examples

use ic_http_certification::{HttpCertification, HttpRequest, HttpResponse, DefaultCelBuilder, DefaultResponseCertification, HttpCertificationTree, HttpCertificationTreeEntry, HttpCertificationPath, CERTIFICATE_EXPRESSION_HEADER_NAME, CERTIFICATE_HEADER_NAME, utils::add_v2_certificate_header};

let cel_expr = DefaultCelBuilder::full_certification().build();

let request = HttpRequest::get("/index.html?foo=a&bar=b&baz=c").build();

let mut response = HttpResponse::builder()
    .with_headers(vec![(CERTIFICATE_EXPRESSION_HEADER_NAME.to_string(), cel_expr.to_string())])
    .build();

let request_url = "/example.json";
let path = HttpCertificationPath::exact(request_url);
let expr_path = path.to_expr_path();

let certification = HttpCertification::full(&cel_expr, &request, &response, None).unwrap();
let entry = HttpCertificationTreeEntry::new(&path, &certification);

let mut http_certification_tree = HttpCertificationTree::default();
http_certification_tree.insert(&entry);

// this should normally be retrieved using `ic_cdk::api::data_certificate()`.
let data_certificate = vec![1, 2, 3];

let witness = http_certification_tree.witness(&entry, request_url).unwrap();
add_v2_certificate_header(
    &data_certificate,
    &mut response,
    &witness,
    &expr_path
);

assert_eq!(
    response.headers(),
    vec![
        (CERTIFICATE_EXPRESSION_HEADER_NAME.to_string(), cel_expr.to_string()),
        (
            CERTIFICATE_HEADER_NAME.to_string(),
            "certificate=:AQID:, tree=:2dn3gwJJaHR0cF9leHBygwJMZXhhbXBsZS5qc29ugwJDPCQ+gwJYIFJ2k+R/YYbgGPADidRdRwDurH06HXACVHlTIVrv1q4WgwJYIGvHTtoVXrGXb4aD1BvH+OW26d0CtLUdA43LP+42N6xpgwJYIM7zUx3VibIaHEUF14Kx813l3Xlilg43Y5uGaABAA/i9ggNA:, expr_path=:2dn3g2lodHRwX2V4cHJsZXhhbXBsZS5qc29uYzwkPg==:, version=2".to_string(),
        ),
    ]
);