Response verification on the Internet Computer is the process of verifying that an HTTP-compatible canister response from a replica has gone through consensus with other replicas hosting the same canister. It is the counterpart to HTTP Certification.
The ic-response-verification and @dfinity/response-verification packages encapsulate this verification protocol. It is used by ICX Proxy and the local HTTP Proxy and may be used by other implementations of the HTTP Gateway Protocol in the future.
import initResponseVerification, {
verifyRequestResponsePair,
ResponseVerificationError,
ResponseVerificationErrorCode,
} from '@dfinity/response-verification';
// this is necessary for web, but not for NodeJS consumers
await initResponseVerification();
try {
const result = verifyRequestResponsePair(
request,
response,
canister_id,
current_time_ns,
max_cert_time_offset_ns,
fromHex(IC_ROOT_KEY),
);
// do something with the result
// `result.passed` will be true if verification succeeds, false otherwise, and
// `result.response` will contain the certified response object if verification was successful.
} catch (error) {
if (error instanceof ResponseVerificationError) {
switch (error.code) {
case ResponseVerificationErrorCode.MalformedCbor:
// the cbor returned from the replica was malformed.
// ...
break;
case ResponseVerificationErrorCode.MalformedCertificate:
// the certificate returned from the replica was malformed.
// ...
break;
// Other error cases...
}
}
}