async-tungstenite 0.34.1

Async binding for Tungstenite, the Lightweight stream-based WebSocket implementation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

use real_futures_rustls::rustls::ClientConfig;
use real_futures_rustls::{client::TlsStream, TlsConnector};
use rustls_pki_types::ServerName;

use tungstenite::client::{uri_mode, IntoClientRequest};
use tungstenite::error::TlsError;
use tungstenite::handshake::client::Request;
use tungstenite::stream::Mode;
use tungstenite::Error;

use std::convert::TryFrom;

use crate::stream::Stream as StreamSwitcher;
use crate::{client_async_with_config, domain, Response, WebSocketConfig, WebSocketStream};

/// A stream that might be protected with TLS.
pub type MaybeTlsStream<S> = StreamSwitcher<S, TlsStream<S>>;

pub type AutoStream<S> = MaybeTlsStream<S>;

pub type Connector = TlsConnector;

async fn wrap_stream<S>(
    socket: S,
    domain: String,
    connector: Option<Connector>,
    mode: Mode,
) -> Result<AutoStream<S>, Error>
where
    S: 'static + futures_io::AsyncRead + futures_io::AsyncWrite + Unpin,
{
    match mode {
        Mode::Plain => Ok(StreamSwitcher::Plain(socket)),
        Mode::Tls => {
            let stream = {
                let connector = if let Some(connector) = connector {
                    connector
                } else {
                    #[cfg(feature = "futures-rustls-manual-roots")]
                    log::error!("futures-rustls-manual-roots was selected, but no connector was provided! No certificates can be verified in this state.");

                    let config_builder = ClientConfig::builder();

                    let config_builder = {
                        #[cfg(feature = "futures-rustls-native-certs")]
                        {
                            use real_futures_rustls::rustls::RootCertStore;

                            let mut root_store = RootCertStore::empty();
                            let mut native_certs = rustls_native_certs::load_native_certs();
                            if let Some(err) = native_certs.errors.drain(..).next() {
                                return Err(
                                    std::io::Error::new(std::io::ErrorKind::Other, err).into()
                                );
                            }
                            let native_certs = native_certs.certs;
                            let total_number = native_certs.len();
                            let (number_added, number_ignored) =
                                root_store.add_parsable_certificates(native_certs);
                            log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})");
                            config_builder.with_root_certificates(root_store)
                        }
                        #[cfg(feature = "futures-rustls-platform-verifier")]
                        {
                            use rustls_platform_verifier::BuilderVerifierExt;
                            config_builder
                                .with_platform_verifier()
                                .map_err(|err| Error::Tls(TlsError::Rustls(err.into())))?
                        }
                        #[cfg(feature = "futures-rustls-manual-roots")]
                        {
                            use real_futures_rustls::rustls::RootCertStore;

                            config_builder.with_root_certificates(RootCertStore::empty())
                        }
                        #[cfg(all(
                            feature = "futures-rustls-webpki-roots",
                            not(feature = "futures-rustls-native-certs"),
                            not(feature = "futures-rustls-platform-verifier"),
                            not(feature = "futures-rustls-manual-roots")
                        ))]
                        {
                            use real_futures_rustls::rustls::RootCertStore;

                            let mut root_store = RootCertStore::empty();
                            root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
                            config_builder.with_root_certificates(root_store)
                        }
                    };
                    TlsConnector::from(std::sync::Arc::new(config_builder.with_no_client_auth()))
                };
                let domain = ServerName::try_from(domain)
                    .map_err(|_| Error::Tls(TlsError::InvalidDnsName))?;
                connector.connect(domain, socket).await?
            };
            Ok(StreamSwitcher::Tls(stream))
        }
    }
}

/// Creates a WebSocket handshake from a request and a stream,
/// upgrading the stream to TLS if required and using the given
/// connector and WebSocket configuration.
pub async fn client_async_tls_with_connector_and_config<R, S>(
    request: R,
    stream: S,
    connector: Option<Connector>,
    config: Option<WebSocketConfig>,
) -> Result<(WebSocketStream<AutoStream<S>>, Response), Error>
where
    R: IntoClientRequest + Unpin,
    S: 'static + futures_io::AsyncRead + futures_io::AsyncWrite + Unpin,
    AutoStream<S>: Unpin,
{
    let request: Request = request.into_client_request()?;

    let domain = domain(&request)?;

    // Make sure we check domain and mode first. URL must be valid.
    let mode = uri_mode(request.uri())?;

    let stream = wrap_stream(stream, domain, connector, mode).await?;
    client_async_with_config(request, stream, config).await
}