areq 0.1.0-alpha5

Async runtime-agnostic HTTP requests
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

//! The http client over TLS.

use {
    crate::proto::{Error, Handshake, Session},
    futures_lite::prelude::*,
    futures_rustls::{
        TlsConnector,
        client::TlsStream,
        pki_types::ServerName,
        rustls::{ClientConfig, RootCertStore},
    },
    std::{io, sync::Arc},
    url::Host,
};

pub use crate::negotiate::{Negotiate, Select};

pub struct Tls<N> {
    inner: N,
    connector: TlsConnector,
}

impl<N> Tls<N> {
    #[cfg(feature = "webpki-roots")]
    #[cfg_attr(docsrs, doc(cfg(feature = "webpki-roots")))]
    pub fn with_webpki_roots(inner: N) -> Self
    where
        N: Negotiate + 'static,
    {
        use std::{
            any::{Any, TypeId},
            collections::BTreeMap,
            sync::Mutex,
        };

        struct Configs(Mutex<BTreeMap<TypeId, Arc<ClientConfig>>>);

        impl Configs {
            const fn new() -> Self {
                Self(Mutex::new(BTreeMap::new()))
            }

            fn get<N>(&self, inner: &N) -> Arc<ClientConfig>
            where
                N: Negotiate + 'static,
            {
                let init = || {
                    let root = RootCertStore {
                        roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(),
                    };

                    let mut conf = ClientConfig::builder()
                        .with_root_certificates(root)
                        .with_no_client_auth();

                    conf.alpn_protocols.extend(inner.support().map(Vec::from));
                    Arc::new(conf)
                };

                self.0
                    .lock()
                    .expect("lock configs")
                    .entry(inner.type_id())
                    .or_insert_with(init)
                    .clone()
            }
        }

        static CONFS: Configs = Configs::new();

        let connector = TlsConnector::from(CONFS.get(&inner));
        Self::with_connector(inner, connector)
    }

    pub fn with_cert(inner: N, cert: &[u8]) -> Result<Self, Error>
    where
        N: Negotiate,
    {
        let conf = read_tls_config(cert, &inner)?;
        let connector = TlsConnector::from(Arc::new(conf));
        Ok(Self::with_connector(inner, connector))
    }

    pub fn with_connector(inner: N, connector: TlsConnector) -> Self {
        Self { inner, connector }
    }
}

impl<I, B, N> Handshake<I, B> for Tls<N>
where
    I: AsyncRead + AsyncWrite + Unpin,
    N: Negotiate<Handshake: Handshake<TlsStream<I>, B>>,
{
    type Client = <N::Handshake as Handshake<TlsStream<I>, B>>::Client;

    async fn handshake(
        self,
        se: Session<I>,
    ) -> Result<(Self::Client, impl Future<Output = ()>), Error> {
        let Session { addr, io } = se;

        let name = as_server_name(&addr.host)?.to_owned();
        let tls = self.connector.connect(name, io).await?;

        let (_, conn) = tls.get_ref();
        let proto = conn
            .alpn_protocol()
            // if the remote server doesn't specify a protocol,
            // fall back to the first supported one by default
            .unwrap_or_else(|| self.inner.support().next().unwrap_or_default());

        let handshake = self
            .inner
            .negotiate(proto)
            .ok_or_else(|| Error::UnsupportedProtocol(Box::from(proto)))?;

        let se = Session { addr, io: tls };
        let (client, conn) = handshake.handshake(se).await?;
        Ok((client, conn))
    }
}

fn as_server_name(host: &Host) -> Result<ServerName<'_>, Error> {
    match host {
        Host::Domain(domain) => {
            ServerName::try_from(domain.as_str()).map_err(|_| Error::InvalidHost)
        }
        Host::Ipv4(ip) => Ok(ServerName::from(*ip)),
        Host::Ipv6(ip) => Ok(ServerName::from(*ip)),
    }
}

fn read_tls_config<N>(mut cert: &[u8], inner: &N) -> Result<ClientConfig, io::Error>
where
    N: Negotiate,
{
    let mut root = RootCertStore::empty();
    for cert in rustls_pemfile::certs(&mut cert) {
        root.add(cert?).map_err(io::Error::other)?;
    }

    let mut conf = ClientConfig::builder()
        .with_root_certificates(root)
        .with_no_client_auth();

    conf.alpn_protocols.extend(inner.support().map(Vec::from));
    Ok(conf)
}