1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251

//! Verifiable presentation.
//!
//! We borrow the term "presentation" from the
//! [W3C Verifiable Credentials Data Model](https://www.w3.org/TR/vc-data-model/#presentations-0).
//!
//! > Data derived from one or more verifiable credentials, issued by one or
//! > more issuers, that is shared with a specific verifier. A verifiable
//! > presentation is a tamper-evident presentation encoded in such a way that
//! > authorship of the data can be trusted after a process of cryptographic
//! > verification. Certain types of verifiable presentations might contain data
//! > that is synthesized from, but do not contain, the original verifiable
//! > credentials (for example, zero-knowledge proofs).
//!
//! Instead of a credential, a presentation in this context is a proof of an
//! attestation from a Notary along with additional selectively disclosed
//! information about the TLS connection such as the server's identity and the
//! application data communicated with the server.
//!
//! A presentation is self-contained and can be verified by a Verifier without
//! needing access to external data. The Verifier need only check that the key
//! used to sign the attestation, referred to as a [`VerifyingKey`], is from a
//! Notary they trust. See an [example](crate#verifying-a-presentation) in the
//! crate level documentation.

use std::fmt;

use serde::{Deserialize, Serialize};

use crate::{
    attestation::{Attestation, AttestationError, AttestationProof},
    connection::{ConnectionInfo, ServerIdentityProof, ServerIdentityProofError, ServerName},
    signing::VerifyingKey,
    transcript::{PartialTranscript, TranscriptProof, TranscriptProofError},
    CryptoProvider,
};

/// A verifiable presentation.
///
/// See the [module level documentation](crate::presentation) for more
/// information.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct Presentation {
    attestation: AttestationProof,
    identity: Option<ServerIdentityProof>,
    transcript: Option<TranscriptProof>,
}

impl Presentation {
    /// Creates a new builder.
    pub fn builder<'a>(
        provider: &'a CryptoProvider,
        attestation: &'a Attestation,
    ) -> PresentationBuilder<'a> {
        PresentationBuilder::new(provider, attestation)
    }

    /// Returns the verifying key.
    pub fn verifying_key(&self) -> &VerifyingKey {
        self.attestation.verifying_key()
    }

    /// Verifies the presentation.
    pub fn verify(
        self,
        provider: &CryptoProvider,
    ) -> Result<PresentationOutput, PresentationError> {
        let Self {
            attestation,
            identity,
            transcript,
        } = self;

        let attestation = attestation.verify(provider)?;

        let server_name = identity
            .map(|identity| {
                identity.verify_with_provider(
                    provider,
                    attestation.body.connection_info().time,
                    attestation.body.server_ephemeral_key(),
                    attestation.body.cert_commitment(),
                )
            })
            .transpose()?;

        let transcript = transcript
            .map(|transcript| transcript.verify_with_provider(provider, &attestation.body))
            .transpose()?;

        let connection_info = attestation.body.connection_info().clone();

        Ok(PresentationOutput {
            attestation,
            server_name,
            connection_info,
            transcript,
        })
    }
}

/// Output of a verified [`Presentation`].
#[derive(Debug)]
#[non_exhaustive]
pub struct PresentationOutput {
    /// Verified attestation.
    pub attestation: Attestation,
    /// Authenticated server name.
    pub server_name: Option<ServerName>,
    /// Connection information.
    pub connection_info: ConnectionInfo,
    /// Authenticated transcript data.
    pub transcript: Option<PartialTranscript>,
}

/// Builder for [`Presentation`].
pub struct PresentationBuilder<'a> {
    provider: &'a CryptoProvider,
    attestation: &'a Attestation,
    identity_proof: Option<ServerIdentityProof>,
    transcript_proof: Option<TranscriptProof>,
}

impl<'a> PresentationBuilder<'a> {
    pub(crate) fn new(provider: &'a CryptoProvider, attestation: &'a Attestation) -> Self {
        Self {
            provider,
            attestation,
            identity_proof: None,
            transcript_proof: None,
        }
    }

    /// Includes a server identity proof.
    pub fn identity_proof(&mut self, proof: ServerIdentityProof) -> &mut Self {
        self.identity_proof = Some(proof);
        self
    }

    /// Includes a transcript proof.
    pub fn transcript_proof(&mut self, proof: TranscriptProof) -> &mut Self {
        self.transcript_proof = Some(proof);
        self
    }

    /// Builds the presentation.
    pub fn build(self) -> Result<Presentation, PresentationBuilderError> {
        let attestation = AttestationProof::new(self.provider, self.attestation)?;

        Ok(Presentation {
            attestation,
            identity: self.identity_proof,
            transcript: self.transcript_proof,
        })
    }
}

/// Error for [`PresentationBuilder`].
#[derive(Debug, thiserror::Error)]
pub struct PresentationBuilderError {
    kind: BuilderErrorKind,
    source: Option<Box<dyn std::error::Error + Send + Sync>>,
}

#[derive(Debug)]
enum BuilderErrorKind {
    Attestation,
}

impl fmt::Display for PresentationBuilderError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("presentation builder error: ")?;

        match self.kind {
            BuilderErrorKind::Attestation => f.write_str("attestation error")?,
        }

        if let Some(source) = &self.source {
            write!(f, " caused by: {}", source)?;
        }

        Ok(())
    }
}

impl From<AttestationError> for PresentationBuilderError {
    fn from(error: AttestationError) -> Self {
        Self {
            kind: BuilderErrorKind::Attestation,
            source: Some(Box::new(error)),
        }
    }
}

/// Error for [`Presentation`].
#[derive(Debug, thiserror::Error)]
pub struct PresentationError {
    kind: ErrorKind,
    source: Option<Box<dyn std::error::Error + Send + Sync>>,
}

#[derive(Debug)]
enum ErrorKind {
    Attestation,
    Identity,
    Transcript,
}

impl fmt::Display for PresentationError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("presentation error: ")?;

        match self.kind {
            ErrorKind::Attestation => f.write_str("attestation error")?,
            ErrorKind::Identity => f.write_str("server identity error")?,
            ErrorKind::Transcript => f.write_str("transcript error")?,
        }

        if let Some(source) = &self.source {
            write!(f, " caused by: {}", source)?;
        }

        Ok(())
    }
}

impl From<AttestationError> for PresentationError {
    fn from(error: AttestationError) -> Self {
        Self {
            kind: ErrorKind::Attestation,
            source: Some(Box::new(error)),
        }
    }
}

impl From<ServerIdentityProofError> for PresentationError {
    fn from(error: ServerIdentityProofError) -> Self {
        Self {
            kind: ErrorKind::Identity,
            source: Some(Box::new(error)),
        }
    }
}

impl From<TranscriptProofError> for PresentationError {
    fn from(error: TranscriptProofError) -> Self {
        Self {
            kind: ErrorKind::Transcript,
            source: Some(Box::new(error)),
        }
    }
}