Module data_ref 

Data-reference fetching + hash verification (feature = “client”).

DataRef tells a consumer where a piece of underlying data lives; this module fetches it and verifies its integrity against the producer-signed content_hash (RFC-ACDP-0002 §6).

Three pieces:

• DataRefFetcher — trait that abstracts the fetch strategy. Native async-fn-in-trait, so impl DataRefFetcher works directly in generic positions. Wrap a custom impl in Box<dyn …> only if your call site needs dynamic dispatch.
• HttpsDataRefFetcher — concrete fetcher for https://… URIs. The default acdp_safe_http::SsrfPolicy is HTTPS-only; http:// is rejected at the URL boundary before any socket activity. A test SSRF policy with allow_http: true may relax this. Caps response size at 16 MiB and has a 30 s timeout. Structured locators are NOT handled — they need protocol-specific knowledge.
• fetch_and_verify_data_ref — convenience helper that wires a fetcher to the declared content_hash, returning bytes only after the SHA-256 matches.

Embedded refs

fetch_and_verify_data_ref short-circuits embedded refs without touching the fetcher — the bytes are already in the body. The embedded-hash check (RFC-ACDP-0003 §2.1 step 3) is the acdp_validation::verify_embedded_hash entry point.

Structs

HttpsDataRefFetcher

Default HTTPS-only fetcher.

Constants

DEFAULT_MAX_BYTES

Default response-size cap for an HTTPS data-ref fetch.

Traits

DataRefFetcher

Pluggable fetch strategy for a DataRef. Implementations are responsible for SSRF defenses and response-size caps on URI fetches; structured locators are protocol-specific and likely need their own trait impl per scheme (kafka.offset, ipfs.cid, …).

Functions

fetch_and_verify_data_ref

Convenience: fetch a DataRef and verify its declared content_hash.