(wip): sketch implementation

Author: piotr-roslaniec

notary/src/errors.rs

@@ -90,14 +90,6 @@ pub enum NotaryServerError {
   #[error(transparent)]
   ProofError(#[from] ProofError),
 
-  // TODO: Update to contain feedback
-  #[error("Manifest-request mismatch")]
-  ManifestRequestMismatch,
-
-  // TODO: Update to contain feedback
-  #[error("Manifest-response mismatch")]
-  ManifestResponseMismatch,
-
   #[error("Manifest is missing")]
   ManifestMissing,
 

notary/src/tee.rs

@@ -244,9 +244,8 @@ pub fn create_tee_proof(
   response: &NotaryResponse,
   State(state): State<Arc<SharedState>>,
 ) -> Result<TeeProof, NotaryServerError> {
-  let values = get_legal_notarization_values(manifest, request, response)?;
   // TODO(#543): Use these values in the proof
-  debug!("Extracted values for notarization={:?}", values);
+  let result = get_legal_notarization_values(manifest, request, response)?;
 
   let manifest_hash = manifest.to_keccak_digest()?;
   let to_sign = VerifyOutput {
@@ -268,14 +267,13 @@ fn get_legal_notarization_values(
   request: &ManifestRequest,
   response: &NotaryResponse,
 ) -> Result<ExtractionValues, NotaryServerError> {
-  // Validate manifest first
-  manifest.validate()?;
+  let result = manifest.validate_with(request, response)?;
 
-  // Check if request matches manifest requirements
-  if !manifest.request.is_subset_of(request) {
-    return Err(NotaryServerError::ManifestRequestMismatch);
+  if !result.is_success() {
+    info!("Manifest validation failed: {:?}", result.errors());
   }
 
-  // Check if response matches manifest and extract values
-  response.match_and_extract(&manifest.response)?.ok_or(NotaryServerError::ManifestResponseMismatch)
+  info!("Extracted values for notarization={:?}", result.values());
+
+  Ok(result.values())
 }

web-prover-core/src/http.rs

@@ -21,7 +21,8 @@ pub use web_proof_circuits_witness_generator::json::JsonKey;
 
 use crate::{
   errors::ManifestError,
-  parser::{DataFormat, ExtractionValues, ExtractorConfig},
+  manifest::ManifestValidationResult,
+  parser::{DataFormat, ExtractionResult, ExtractorConfig},
   template,
   template::TemplateVar,
 };
@@ -154,27 +155,29 @@ impl NotaryResponse {
   pub fn match_and_extract(
     &self,
     other: &ManifestResponse,
-  ) -> Result<Option<ExtractionValues>, ManifestError> {
+  ) -> Result<ExtractionResult, ManifestError> {
+    let mut result = ExtractionResult::default();
+
     // Check basic response properties
-    if self.response.status != other.status
-      || self.response.version != other.version
-      || self.response.message != other.message
-    {
-      debug!("Exact matches for status, version, or message do not match");
-      return Ok(None);
+    if self.response.status != other.status {
+      result.report_error(&format!(
+        "Status mismatch: expected={}, actual={}",
+        other.status, self.response.status
+      ));
     }
-
-    // Check headers
-    if !self.headers_match(other) {
-      return Ok(None);
+    if self.response.version != other.version {
+      result.report_error(&format!(
+        "Version mismatch: expected={}, actual={}",
+        other.version, self.response.version
+      ));
+    }
+    if self.response.message != other.message {
+      result.report_error(&format!(
+        "Message mismatch: expected={}, actual={}",
+        other.version, self.response.version
+      ));
     }
 
-    // Check body
-    self.body_matches(other)
-  }
-
-  /// Helper method to check if headers match
-  fn headers_match(&self, other: &ManifestResponse) -> bool {
     for (key, other_value) in &other.headers {
       match self
         .response
@@ -184,51 +187,58 @@ impl NotaryResponse {
       {
         Some(actual_value) if actual_value.to_lowercase() == other_value.to_lowercase() => continue,
         Some(actual_value) => {
-          debug!(
-            "Header mismatch for key: {}: expected={}, actual={}",
-            key, other_value, actual_value
-          );
-          return false;
+          result.report_error(&format!(
+            "Header mismatch: expected={}, actual={}",
+            other_value, actual_value
+          ));
         },
         None => {
-          debug!("Header key not present in self: {}", key);
-          return false;
+          result.report_error(&format!("Header missing: {}", key));
         },
       }
     }
-    true
+
+    // Check body
+    let body_result = self.body_matches(other)?;
+    result.merge(body_result);
+
+    // Return combined result
+    Ok(result)
   }
 
   /// Helper method to check if body matches and extract values
-  fn body_matches(
-    &self,
-    other: &ManifestResponse,
-  ) -> Result<Option<ExtractionValues>, ManifestError> {
+  fn body_matches(&self, other: &ManifestResponse) -> Result<ExtractionResult, ManifestError> {
     match &self.notary_response_body.body {
       Some(body) => {
-        let result = other.body.0.extract_and_validate(body)?;
+        let mut body_result = other.body.0.extract_and_validate(body)?;
 
-        if !result.errors.is_empty() {
-          debug!("Response body does not match: {:?}", result.errors);
-          return Ok(None);
+        if !body_result.errors.is_empty() {
+          debug!("Response body does not match: {:?}", body_result.errors);
+          body_result.report_error("Response body does not match");
+          return Ok(body_result);
         }
 
-        if result.values.len() != other.body.0.extractors.len() {
+        if body_result.values.len() != other.body.0.extractors.len() {
           debug!("Not all extractors were matched");
-          return Ok(None);
+          body_result.report_error("Not all extractors were matched");
+          return Ok(body_result);
         }
 
         debug!("Client response matches");
-        Ok(Some(result.values))
+        Ok(body_result)
       },
       None if other.body.0.extractors.is_empty() => {
         // If we get here, there was a match but no data
         debug!("Client response matches (no data in response body)");
-        Ok(Some(HashMap::new()))
+        let mut result = ExtractionResult::default();
+        result.report_error("No data in response body");
+        Ok(result)
       },
       None => {
         debug!("No data to match against");
-        Ok(None)
+        let mut result = ExtractionResult::default();
+        result.report_error("No data to match against");
+        Ok(result)
       },
     }
   }
@@ -502,34 +512,60 @@ impl ManifestRequest {
   /// - All headers in `self` must exist in `other` with matching values.
   /// - All vars in `self` must exist in `other` with matching constraints.
   /// - All remaining fields like `method`, `url`, and `body` must also match.
-  pub fn is_subset_of(&self, other: &ManifestRequest) -> bool {
+  pub fn is_subset_of(
+    &self,
+    other: &ManifestRequest,
+  ) -> Result<ManifestValidationResult, ManifestError> {
+    let mut result = ManifestValidationResult::default();
+
     // Check if all headers in `self` exist in `other` with the same value
     for (key, value) in &self.headers {
       let expected_header =
         other.headers.get(key).or_else(|| other.headers.get(&key.to_lowercase()));
       if expected_header != Some(value) {
-        return false;
+        result.report_error(&format!("Header mismatch: expected={}, actual={}", value, key));
       }
     }
 
-    // TODO: Not sure how to handle `vars` now, so disabling this
-    // Check if all vars in `self` exist in `other` with the same or compatible constraints
-    // for (key, var) in &self.vars {
-    //   match other.vars.get(key) {
-    //     Some(other_var) =>
-    //       if var != other_var {
-    //         return false;
-    //       },
-    //     None => {
-    //       return false;
-    //     },
-    //   }
-    // }
-
-    // TODO: Notice that we match body exactly below
-    // TODO: What to do with the body? Ominous
-    // self.method == other.method && self.url == other.url && self.body == other.body
-    self.method == other.method && self.url == other.url
+    for (key, var) in &self.vars {
+      match other.vars.get(key) {
+        Some(other_var) =>
+          if var != other_var {
+            result.report_error(&format!("Var mismatch: expected={}, actual={}", var, key));
+          },
+        None => {
+          result.report_error(&format!("Var missing: {}", key));
+        },
+      }
+    }
+
+    if self.method != other.method {
+      result.report_error(&format!(
+        "Method mismatch: expected={}, actual={}",
+        other.method, self.method
+      ));
+    }
+
+    if self.url != other.url {
+      result.report_error(&format!("URL mismatch: expected={}, actual={}", other.url, self.url));
+    }
+
+    if self.version != other.version {
+      result.report_error(&format!(
+        "Version mismatch: expected={}, actual={}",
+        other.version, self.version
+      ));
+    }
+
+    if self.body != other.body {
+      result.report_error(&format!(
+        "Body mismatch: expected={:?}, actual={:?}",
+        other.body.clone(),
+        self.body.clone()
+      ));
+    }
+
+    Ok(result)
   }
 }
 
@@ -553,7 +589,7 @@ pub mod tests {
             url: "https://example.com".to_string(),
             version: "HTTP/1.1".to_string(),
             headers: std::collections::HashMap::from([
-                ("Authorization".to_string(), "Bearer <TOKEN>".to_string()),
+                ("Authorization".to_string(), "Bearer <%TOKEN%>".to_string()),
                 ("User-Agent".to_string(), "test-agent".to_string()),
             ]),
             body: None,
@@ -590,7 +626,20 @@ pub mod tests {
             headers: std::collections::HashMap::from([
                 ("Content-Type".to_string(), "application/json".to_string())
             ]),
-            body: ManifestResponseBody::default(),
+            body: ManifestResponseBody {
+                0: ExtractorConfig {
+                    format: DataFormat::Json,
+                    extractors: vec![crate::parser::Extractor {
+                      id: "dummy".to_string(),
+                      description: "Dummy extractor".to_string(),
+                      selector: vec![],
+                      extractor_type: crate::parser::ExtractorType::String,
+                      required: true,
+                      predicates: vec![],
+                      attribute: None,
+                    }],
+                },
+            },
         };
 
         // Override default fields with provided arguments
@@ -664,12 +713,12 @@ pub mod tests {
 
     // Is a perfect match with itself
     let matching_result = notary_response.match_and_extract(&response).unwrap();
-    assert!(matching_result.is_some());
-    assert_eq!(matching_result.unwrap().get("testKey").unwrap(), &json!(3));
+    assert!(matching_result.is_success());
+    assert_eq!(matching_result.values.get("testKey").unwrap(), &json!(3));
 
     // Fails if it doesn't match directly
     let non_matching_response = response!(status: "201".to_string());
-    assert!(notary_response.match_and_extract(&non_matching_response).unwrap().is_none());
+    assert!(!notary_response.match_and_extract(&non_matching_response).unwrap().is_success());
 
     // Superset case
     let response_superset = {
@@ -683,7 +732,7 @@ pub mod tests {
       ));
       res
     };
-    assert!(response_superset.match_and_extract(&response).unwrap().is_some());
+    assert!(response_superset.match_and_extract(&response).unwrap().is_success());
   }
 
   #[test]
@@ -786,7 +835,7 @@ pub mod tests {
             )],
         })
     );
-    assert!(!base_response.match_and_extract(&other_response).unwrap().is_some());
+    assert!(!base_response.match_and_extract(&other_response).unwrap().is_success());
   }
 
   #[test]