inferadb 0.1.5

Official Rust SDK for InferaDB
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

//! TLS configuration for secure connections.

use std::path::PathBuf;

/// Configuration for TLS/SSL connections.
///
/// By default, the SDK uses system root certificates and validates
/// server certificates. This configuration allows customization for
/// enterprise environments.
///
/// ## Example: Custom CA
///
/// ```rust
/// use inferadb::TlsConfig;
///
/// let config = TlsConfig::new()
///     .with_ca_cert_file("/path/to/ca.crt");
/// ```
///
/// ## Example: Client Certificate (mTLS)
///
/// ```rust
/// use inferadb::TlsConfig;
///
/// let config = TlsConfig::new()
///     .with_client_cert_file("/path/to/client.crt")
///     .with_client_key_file("/path/to/client.key");
/// ```
#[derive(Debug, Clone, Default)]
pub struct TlsConfig {
    /// Custom CA certificate file path.
    pub ca_cert_file: Option<PathBuf>,

    /// Custom CA certificate PEM data.
    pub ca_cert_pem: Option<String>,

    /// Client certificate file path (for mTLS).
    pub client_cert_file: Option<PathBuf>,

    /// Client key file path (for mTLS).
    pub client_key_file: Option<PathBuf>,

    /// Whether to skip certificate verification.
    ///
    /// **WARNING**: This is insecure and should only be used for local development.
    pub skip_verification: bool,
}

impl TlsConfig {
    /// Creates a new TLS configuration with default settings.
    pub fn new() -> Self {
        Self::default()
    }

    /// Sets the CA certificate file path.
    #[must_use]
    pub fn with_ca_cert_file(mut self, path: impl Into<PathBuf>) -> Self {
        self.ca_cert_file = Some(path.into());
        self
    }

    /// Sets the CA certificate PEM data directly.
    #[must_use]
    pub fn with_ca_cert_pem(mut self, pem: impl Into<String>) -> Self {
        self.ca_cert_pem = Some(pem.into());
        self
    }

    /// Sets the client certificate file path for mTLS.
    #[must_use]
    pub fn with_client_cert_file(mut self, path: impl Into<PathBuf>) -> Self {
        self.client_cert_file = Some(path.into());
        self
    }

    /// Sets the client key file path for mTLS.
    #[must_use]
    pub fn with_client_key_file(mut self, path: impl Into<PathBuf>) -> Self {
        self.client_key_file = Some(path.into());
        self
    }

    /// Returns `true` if mTLS is configured.
    pub fn is_mtls_configured(&self) -> bool {
        self.client_cert_file.is_some() && self.client_key_file.is_some()
    }

    /// Returns `true` if custom CA is configured.
    pub fn has_custom_ca(&self) -> bool {
        self.ca_cert_file.is_some() || self.ca_cert_pem.is_some()
    }

    /// Disables certificate verification (insecure, for development only).
    ///
    /// **WARNING**: This makes connections vulnerable to man-in-the-middle attacks.
    /// Only use this for local development with self-signed certificates.
    #[must_use]
    pub fn insecure(mut self) -> Self {
        self.skip_verification = true;
        self
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_default() {
        let config = TlsConfig::new();
        assert!(config.ca_cert_file.is_none());
        assert!(!config.is_mtls_configured());
        assert!(!config.has_custom_ca());
    }

    #[test]
    fn test_ca_cert_file() {
        let config = TlsConfig::new().with_ca_cert_file("/path/to/ca.crt");
        assert!(config.has_custom_ca());
        assert_eq!(config.ca_cert_file, Some(PathBuf::from("/path/to/ca.crt")));
    }

    #[test]
    fn test_ca_cert_pem() {
        let config = TlsConfig::new().with_ca_cert_pem("-----BEGIN CERTIFICATE-----");
        assert!(config.has_custom_ca());
    }

    #[test]
    fn test_mtls() {
        let config = TlsConfig::new()
            .with_client_cert_file("/path/to/client.crt")
            .with_client_key_file("/path/to/client.key");
        assert!(config.is_mtls_configured());
    }

    #[test]
    fn test_partial_mtls() {
        // Only cert, no key
        let config = TlsConfig::new().with_client_cert_file("/path/to/client.crt");
        assert!(!config.is_mtls_configured());
    }

    #[test]
    fn test_insecure() {
        let config = TlsConfig::new().insecure();
        assert!(config.skip_verification);
    }
}