From 1263da5e109f0af8699eb4283e2c1548a7b28bbc Mon Sep 17 00:00:00 2001
From: Yan Chen <48968912+chenyan-dfinity@users.noreply.github.com>
Date: Sat, 13 Jan 2024 17:06:52 -0800
Subject: [PATCH] fix

---
 Cargo.lock                                    |  4 ++
 .../frontend/ic-certified-assets/Cargo.toml   |  4 ++
 .../frontend/ic-certified-assets/src/lib.rs   |  2 +-
 .../frontend/ic-certified-assets/src/tests.rs | 43 +++++++++----------
 4 files changed, 30 insertions(+), 23 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 65f518e34e..da7be89f4a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2719,12 +2719,16 @@ dependencies = [
 name = "ic-certified-assets"
 version = "0.2.5"
 dependencies = [
+ "anyhow",
  "base64 0.13.1",
  "candid",
+ "candid_parser",
  "hex",
  "ic-cdk",
  "ic-certification 2.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "ic-certification-testing",
  "ic-crypto-tree-hash",
+ "ic-http-certification",
  "ic-representation-independent-hash",
  "ic-response-verification",
  "ic-response-verification-test-utils",
diff --git a/src/canisters/frontend/ic-certified-assets/Cargo.toml b/src/canisters/frontend/ic-certified-assets/Cargo.toml
index 07ad41fdc0..1a7d539b9e 100644
--- a/src/canisters/frontend/ic-certified-assets/Cargo.toml
+++ b/src/canisters/frontend/ic-certified-assets/Cargo.toml
@@ -27,6 +27,10 @@ serde_cbor.workspace = true
 sha2.workspace = true
 
 [dev-dependencies]
+ic-http-certification = "2.2.0"
+candid_parser.workspace = true
+anyhow.workspace = true
 ic-response-verification-test-utils = { git = "https://github.com/dfinity/response-verification.git", rev = "c3390a34bbd8582840ccc9deeebd6f08135b7c4f" }
+ic-certification-testing = { git = "https://github.com/dfinity/response-verification.git", rev = "c3390a34bbd8582840ccc9deeebd6f08135b7c4f" }
 ic-crypto-tree-hash = { git = "https://github.com/dfinity/ic.git", rev = "1290256484f59c3d950c5e9a098e97383b248ad6" }
 
diff --git a/src/canisters/frontend/ic-certified-assets/src/lib.rs b/src/canisters/frontend/ic-certified-assets/src/lib.rs
index 6218966603..80ddeba765 100644
--- a/src/canisters/frontend/ic-certified-assets/src/lib.rs
+++ b/src/canisters/frontend/ic-certified-assets/src/lib.rs
@@ -410,7 +410,7 @@ pub fn post_upgrade(stable_state: StableState, args: Option<AssetCanisterArgs>)
 
 #[test]
 fn candid_interface_compatibility() {
-    use candid::utils::{service_compatible, CandidSource};
+    use candid_parser::utils::{service_compatible, CandidSource};
     use std::path::PathBuf;
 
     candid::export_service!();
diff --git a/src/canisters/frontend/ic-certified-assets/src/tests.rs b/src/canisters/frontend/ic-certified-assets/src/tests.rs
index 88fb797277..8dc8974901 100644
--- a/src/canisters/frontend/ic-certified-assets/src/tests.rs
+++ b/src/canisters/frontend/ic-certified-assets/src/tests.rs
@@ -10,11 +10,10 @@ use crate::types::{
 };
 use crate::url_decode::{url_decode, UrlDecodeError};
 use candid::{Nat, Principal};
+use ic_certification_testing::CertificateBuilder;
 use ic_crypto_tree_hash::Digest;
-use ic_response_verification::ResponseVerificationError;
 use ic_response_verification_test_utils::{
-    base64_encode, create_canister_id, get_current_timestamp, CanisterData, CertificateBuilder,
-    CertificateData,
+    base64_encode, create_canister_id, get_current_timestamp,
 };
 use serde_bytes::ByteBuf;
 use std::collections::HashMap;
@@ -34,21 +33,20 @@ pub fn verify_response(
     state: &State,
     request: &HttpRequest,
     response: &HttpResponse,
-) -> Result<bool, ResponseVerificationError> {
+) -> anyhow::Result<bool> {
     let mut response = response.clone();
     let current_time = get_current_timestamp();
     let canister_id = create_canister_id("rdmx6-jaaaa-aaaaa-aaadq-cai");
     let min_requested_verification_version = request.get_certificate_version();
 
     // inject certificate into IC-Certificate header with 'certificate=::'
-    let (_cert, root_key, cert_cbor) =
-        CertificateBuilder::new(CertificateData::CanisterData(CanisterData {
-            canister_id,
-            certified_data: Digest(state.root_hash()),
-        }))
-        .with_time(current_time)
-        .build();
-    let replacement_cert_value = base64_encode(&cert_cbor);
+    let data = CertificateBuilder::new(
+        &canister_id.to_string(),
+        Digest(state.root_hash()).as_bytes(),
+    )?
+    .with_time(current_time)
+    .build()?;
+    let replacement_cert_value = base64_encode(&data.cbor_encoded_certificate);
     let (_, header_value) = response
         .headers
         .iter_mut()
@@ -60,26 +58,27 @@ pub fn verify_response(
     );
 
     // actual verification
-    let request = ic_response_verification::types::Request {
+    let request = ic_http_certification::http::HttpRequest {
         method: request.method.clone(),
         url: request.url.clone(),
         headers: request.headers.clone(),
+        body: request.body[..].into(),
     };
-    let response = ic_response_verification::types::Response {
+    let response = ic_http_certification::http::HttpResponse {
         status_code: response.status_code,
         headers: response.headers,
         body: response.body[..].into(),
     };
-    ic_response_verification::verify_request_response_pair(
+    Ok(ic_response_verification::verify_request_response_pair(
         request,
         response,
         canister_id.as_ref(),
         current_time,
         MAX_CERT_TIME_OFFSET_NS,
-        &root_key,
+        &data.root_key,
         min_requested_verification_version.try_into().unwrap(),
     )
-    .map(|res| res.passed)
+    .map(|res| res.response.is_some())?)
 }
 
 fn certified_http_request(state: &State, request: HttpRequest) -> HttpResponse {
@@ -962,7 +961,7 @@ fn uses_streaming_for_multichunk_assets() {
             .http_request_streaming_callback(StreamingCallbackToken {
                 key: "/index.html".to_string(),
                 content_encoding: "identity".to_string(),
-                index: Nat::from(1),
+                index: Nat::from(1u8),
                 sha256: None,
             })
             .unwrap_err(),
@@ -1005,7 +1004,7 @@ fn get_and_get_chunk_for_multichunk_assets() {
         .get_chunk(GetChunkArg {
             key: "/index.html".to_string(),
             content_encoding: "identity".to_string(),
-            index: Nat::from(1),
+            index: Nat::from(1u8),
             sha256: chunk_0.sha256,
         })
         .unwrap();
@@ -1017,7 +1016,7 @@ fn get_and_get_chunk_for_multichunk_assets() {
             .get_chunk(GetChunkArg {
                 key: "/index.html".to_string(),
                 content_encoding: "identity".to_string(),
-                index: Nat::from(1),
+                index: Nat::from(1u8),
                 sha256: None,
             })
             .unwrap_err(),
@@ -3347,7 +3346,7 @@ mod validate_commit_proposed_batch {
         let time_now = 100_000_000_000;
 
         match state.validate_commit_proposed_batch(CommitProposedBatchArguments {
-            batch_id: 1.into(),
+            batch_id: 1u8.into(),
             evidence: Default::default(),
         }) {
             Err(err) if err.contains("batch not found") => (),
@@ -3356,7 +3355,7 @@ mod validate_commit_proposed_batch {
 
         match state.commit_proposed_batch(
             CommitProposedBatchArguments {
-                batch_id: 1.into(),
+                batch_id: 1u8.into(),
                 evidence: Default::default(),
             },
             time_now,