feat: Implement JSON value matching

client/src/origo.rs

@@ -169,7 +169,7 @@ pub(crate) async fn proxy_and_sign_and_generate_proof(
   let http_body = compute_http_witness(&flattened_plaintext, HttpMaskType::Body);
   let value = json_value_digest::<{ proofs::circuits::MAX_STACK_HEIGHT }>(
     &http_body,
-    &manifest.response.body.json,
+    &manifest.response.body.json_path,
   )?;
 
   proof.value = Some(String::from_utf8_lossy(&value).into_owned());

fixture/client.origo_tcp_local.json

@@ -44,10 +44,9 @@
 					"Content-Type": "text/plain; charset=utf-8"
 				},
 				"body": {
-					"json": [
+					"jsonPath": [
 						"hello"
-					],
-					"contains": "this_string_exists_in_body"
+					]
 				}
 			}
 		}

fixture/client.proxy_tcp_local.json

@@ -43,10 +43,9 @@
 					"Content-Type": "text/plain; charset=utf-8"
 				},
 				"body": {
-					"json": [
+					"jsonPath": [
 						"hello"
-					],
-					"contains": "world"
+					]
 				}
 			}
 		}

fixture/client.tee_tcp_local.json

@@ -47,7 +47,7 @@
 					"Content-Type": "text/plain; charset=utf-8"
 				},
 				"body": {
-					"json": [
+					"jsonPath": [
 						"hello"
 					],
 					"contains": "world"

fixture/examples/client.origo_reddit_local.json

@@ -48,7 +48,7 @@
           "content-type": "application/json"
         },
         "body": {
-          "json": [
+          "jsonPath": [
             "data",
             "redditorInfoByName",
             "karma",

fixture/examples/client.origo_spotify_local.json

@@ -34,7 +34,7 @@
           "content-type": "application/json"
         },
         "body": {
-          "json": [
+          "jsonPath": [
             "data",
             "me",
             "profile",

notary/src/errors.rs

@@ -8,8 +8,6 @@ use thiserror::Error;
 use tlsn_verifier::tls::{VerifierConfigBuilderError, VerifierError};
 use tracing::error;
 
-use crate::tls_parser::Direction;
-
 #[derive(Debug, Error)]
 pub enum ProxyError {
   #[error(transparent)]

notary/src/origo.rs

@@ -24,7 +24,6 @@ use proofs::{
 };
 use rs_merkle::{Hasher, MerkleTree};
 use serde::{Deserialize, Serialize};
-use tls_parser::rusticata_macros::debug;
 use tokio::{
   io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
   net::TcpStream,

notary/src/proxy.rs

@@ -1,11 +1,13 @@
-use std::{collections::HashMap, sync::Arc, time::Duration};
+use std::{sync::Arc, time::Duration};
 
 use axum::{
   extract::{self, Query, State},
   Json,
 };
 use client::TeeProof;
-use proofs::program::http::{JsonKey, ManifestRequest, ManifestResponse, ResponseBody};
+use proofs::program::http::{
+  ManifestRequest, ManifestResponse, ManifestResponseBody, NotaryResponse, NotaryResponseBody,
+};
 use reqwest::{Request, Response};
 use serde::Deserialize;
 use serde_json::Value;
@@ -55,7 +57,7 @@ pub async fn proxy(
 
 // TODO: This, similarly to other from_* methods, should be a trait
 // Requires adding reqwest to proofs crate
-async fn from_reqwest_response(response: Response) -> ManifestResponse {
+async fn from_reqwest_response(response: Response) -> NotaryResponse {
   let status = response.status().as_u16().to_string();
   let version = format!("{:?}", response.version());
   let message = response.status().canonical_reason().unwrap_or("").to_string();
@@ -64,17 +66,16 @@ async fn from_reqwest_response(response: Response) -> ManifestResponse {
     .iter()
     .map(|(k, v)| (capitalize_header(k.as_ref()), v.to_str().unwrap_or("").to_string()))
     .collect();
-
-  let body: HashMap<String, String> = response.json().await.unwrap_or_default();
-  // TODO: How to handle JsonKey::Num?
-  // TODO Use plain JSON in Manifest etc., and convert to JsonKey as needed
-  let json_keys: Vec<JsonKey> = body.keys().map(|k| JsonKey::String(k.to_string())).collect();
-  ManifestResponse {
-    status,
-    version,
-    message,
-    headers,
-    body: ResponseBody { json: json_keys, json_actual: None },
+  let json = response.json().await.ok();
+  NotaryResponse {
+    response:             ManifestResponse {
+      status,
+      version,
+      message,
+      headers,
+      body: ManifestResponseBody { json_path: vec![] },
+    },
+    notary_response_body: NotaryResponseBody { json },
   }
 }
 

notary/src/tee.rs

@@ -17,11 +17,10 @@ use futures_util::SinkExt;
 use hyper::{body::Bytes, upgrade::Upgraded};
 use hyper_util::rt::TokioIo;
 use proofs::program::{
-  http::{ManifestRequest, ManifestResponse},
+  http::{ManifestRequest, NotaryResponse},
   manifest::Manifest,
 };
 use serde::Deserialize;
-use tls_client2::tls_core::msgs::message::MessagePayload;
 use tokio::{
   io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt},
   time::{timeout, Duration},
@@ -227,7 +226,7 @@ pub async fn tee_proxy_service<S: AsyncWrite + AsyncRead + Send + Unpin>(
   let request = ManifestRequest::from_payload(&http.payload.request)?;
   debug!("{:?}", request);
 
-  let response = ManifestResponse::from_payload(&http.payload.response)?;
+  let response = NotaryResponse::from_payload(&http.payload.response)?;
   debug!("{:?}", response);
 
   // send TeeProof to client
@@ -245,7 +244,7 @@ pub async fn tee_proxy_service<S: AsyncWrite + AsyncRead + Send + Unpin>(
 pub fn create_tee_proof(
   manifest: &Manifest,
   request: &ManifestRequest,
-  response: &ManifestResponse,
+  response: &NotaryResponse,
   State(state): State<Arc<SharedState>>,
 ) -> Result<TeeProof, NotaryServerError> {
   validate_notarization_legal(manifest, request, response)?;
@@ -269,14 +268,14 @@ pub fn create_tee_proof(
 fn validate_notarization_legal(
   manifest: &Manifest,
   request: &ManifestRequest,
-  response: &ManifestResponse,
+  response: &NotaryResponse,
 ) -> Result<(), NotaryServerError> {
   manifest.validate()?;
   if !manifest.request.is_subset_of(&request) {
     return Err(NotaryServerError::ManifestRequestMismatch);
   }
 
-  if !manifest.response.is_subset_of(&response) {
+  if !response.matches_client_manifest(&manifest.response) {
     return Err(NotaryServerError::ManifestResponseMismatch);
   }