isahc 2.0.0

The practical HTTP client that is fun to use.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340

use super::PathOrBlob;
use crate::{
    blob::Blob,
    config::setopt::{EasyHandle, SetOpt, SetOptError, SetOptProxy},
    handler::BlobOptions,
};
use curl_sys::{
    CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB,
    CURLOPT_SSLKEY_BLOB,
};
use std::path::PathBuf;

/// A cryptographic identity used to authenticate the client with a server.
///
/// Holds a X.509 certificate along with potentially other certificates in its
/// chain of trust and a corresponding private key. This collection of
/// certificates is used to authenticate the client to the server if the server
/// requests client authentication during the SSL/TLS handshake. This process is
/// also known as *mutual TLS* (mTLS).
#[derive(Clone, Debug)]
pub struct Identity {
    /// The format of the client certificate.
    format: CertFormat,

    /// The certificate data, either a path or a blob.
    data: PathOrBlob,

    /// Private key corresponding to the SSL/TLS certificate.
    private_key: Option<PrivateKey>,

    /// Password to decrypt the certificate file.
    password: Option<String>,
}

impl Identity {
    /// Use a PEM-encoded certificate stored in the given byte buffer.
    ///
    /// The certificate object takes ownership of the byte buffer. If a borrowed
    /// type is supplied, such as `&[u8]`, then the bytes will be copied.
    ///
    /// The certificate is not parsed or validated here. If the certificate is
    /// malformed or the format is not supported by the underlying SSL/TLS
    /// engine, an error will be returned when attempting to send a request
    /// using the offending certificate.
    pub fn from_pem<B>(bytes: B, private_key: Option<PrivateKey>) -> Self
    where
        B: AsRef<[u8]> + Send + Sync + 'static,
    {
        Self {
            format: CertFormat::Pem,
            data: PathOrBlob::Blob(Blob::new(bytes)),
            private_key,
            password: None,
        }
    }

    /// Use a DER-encoded certificate stored in the given byte buffer.
    ///
    /// The certificate object takes ownership of the byte buffer. If a borrowed
    /// type is supplied, such as `&[u8]`, then the bytes will be copied.
    ///
    /// The certificate is not parsed or validated here. If the certificate is
    /// malformed or the format is not supported by the underlying SSL/TLS
    /// engine, an error will be returned when attempting to send a request
    /// using the offending certificate.
    pub fn from_der<B>(bytes: B, private_key: Option<PrivateKey>) -> Self
    where
        B: AsRef<[u8]> + Send + Sync + 'static,
    {
        Self {
            format: CertFormat::Der,
            data: PathOrBlob::Blob(Blob::new(bytes)),
            private_key,
            password: None,
        }
    }

    /// Use a certificate and private key from a PKCS #12 archive stored in the
    /// given byte buffer.
    ///
    /// The certificate object takes ownership of the byte buffer. If a borrowed
    /// type is supplied, such as `&[u8]`, then the bytes will be copied.
    ///
    /// The certificate is not parsed or validated here. If the certificate is
    /// malformed or the format is not supported by the underlying SSL/TLS
    /// engine, an error will be returned when attempting to send a request
    /// using the offending certificate.
    pub fn from_pkcs12<B>(bytes: B, password: Option<String>) -> Self
    where
        B: AsRef<[u8]> + Send + Sync + 'static,
    {
        Self {
            format: CertFormat::Pkcs12,
            data: PathOrBlob::Blob(Blob::new(bytes)),
            private_key: None,
            password,
        }
    }

    /// Get a certificate from a PEM-encoded file.
    ///
    /// The certificate file is not loaded or validated here. If the file does
    /// not exist or the format is not supported by the underlying SSL/TLS
    /// engine, an error will be returned when attempting to send a request
    /// using the offending certificate.
    pub fn from_pem_file<P>(path: P, private_key: Option<PrivateKey>) -> Self
    where
        P: Into<PathBuf>,
    {
        Self {
            format: CertFormat::Pem,
            data: PathOrBlob::Path(path.into()),
            private_key,
            password: None,
        }
    }

    /// Get a certificate from a DER-encoded file.
    ///
    /// The certificate file is not loaded or validated here. If the file does
    /// not exist or the format is not supported by the underlying SSL/TLS
    /// engine, an error will be returned when attempting to send a request
    /// using the offending certificate.
    pub fn from_der_file<P>(path: P, private_key: Option<PrivateKey>) -> Self
    where
        P: Into<PathBuf>,
    {
        Self {
            format: CertFormat::Der,
            data: PathOrBlob::Path(path.into()),
            private_key,
            password: None,
        }
    }

    /// Get a certificate and private key from a PKCS #12-encoded file.
    ///
    /// The certificate file is not loaded or validated here. If the file does
    /// not exist or the format is not supported by the underlying SSL/TLS
    /// engine, an error will be returned when attempting to send a request
    /// using the offending certificate.
    pub fn from_pkcs12_file<P>(path: P, password: Option<String>) -> Self
    where
        P: Into<PathBuf>,
    {
        Self {
            format: CertFormat::Pkcs12,
            data: PathOrBlob::Path(path.into()),
            private_key: None,
            password,
        }
    }
}

impl SetOpt for Identity {
    fn set_opt(&self, easy: &mut EasyHandle) -> Result<(), SetOptError> {
        easy.ssl_cert_type(self.format.as_str())?;

        match &self.data {
            PathOrBlob::Path(path) => easy.ssl_cert(path.as_path()),
            PathOrBlob::Blob(bytes) => unsafe {
                easy.setopt_blob_nocopy(CURLOPT_SSLCERT_BLOB, bytes)
            },
        }?;

        if let Some(key) = self.private_key.as_ref() {
            key.set_opt(easy)?;
        }

        if let Some(password) = self.password.as_ref() {
            easy.key_password(password)?;
        }

        Ok(())
    }
}

impl SetOptProxy for Identity {
    fn set_opt_proxy(&self, easy: &mut EasyHandle) -> Result<(), SetOptError> {
        easy.proxy_sslcert_type(self.format.as_str())?;

        match &self.data {
            PathOrBlob::Path(path) => easy.proxy_sslcert(path.to_str().unwrap()),
            PathOrBlob::Blob(bytes) => unsafe {
                easy.setopt_blob_nocopy(CURLOPT_PROXY_SSLCERT_BLOB, bytes)
            },
        }?;

        if let Some(key) = self.private_key.as_ref() {
            key.set_opt_proxy(easy)?;
        }

        if let Some(password) = self.password.as_ref() {
            easy.proxy_key_password(password)?;
        }

        Ok(())
    }
}

/// A private key file.
#[derive(Clone, Debug)]
pub struct PrivateKey {
    /// The format of the private key.
    format: CertFormat,

    /// The certificate data, either a path or a blob.
    data: PathOrBlob,

    /// Password to decrypt the key file.
    password: Option<String>,
}

impl PrivateKey {
    /// Use a PEM-encoded private key.
    ///
    /// The private key can be supplied as any type which can be referenced as
    /// contiguous bytes. This could be a simple [`String`], or a pre-parsed PEM
    /// object that allows access to its underlying bytes. The `PrivateKey`
    /// object takes ownership of the bytes regardless.
    ///
    /// The key is not parsed or validated here. If the key is malformed or the
    /// format is not supported by the underlying SSL/TLS engine, an error will
    /// be returned when attempting to send a request using the offending key.
    pub fn from_pem<B, P>(bytes: B, password: P) -> Self
    where
        B: AsRef<[u8]> + Send + Sync + 'static,
        P: Into<Option<String>>,
    {
        Self {
            format: CertFormat::Pem,
            data: PathOrBlob::Blob(Blob::new(bytes)),
            password: password.into(),
        }
    }

    /// Use a DER-encoded private key.
    ///
    /// The private key can be supplied as any type which can be referenced as
    /// contiguous bytes. This could be a simple `Vec<u8>`, or a pre-parsed DER
    /// object that allows access to its underlying bytes. The `PrivateKey`
    /// object takes ownership of the bytes regardless.
    ///
    /// The key is not parsed or validated here. If the key is malformed or the
    /// format is not supported by the underlying SSL/TLS engine, an error will
    /// be returned when attempting to send a request using the offending key.
    pub fn from_der<B, P>(bytes: B, password: P) -> Self
    where
        B: AsRef<[u8]> + Send + Sync + 'static,
        P: Into<Option<String>>,
    {
        Self {
            format: CertFormat::Der,
            data: PathOrBlob::Blob(Blob::new(bytes)),
            password: password.into(),
        }
    }

    /// Get a PEM-encoded private key file.
    ///
    /// The key file is not loaded or validated here. If the file does not exist
    /// or the format is not supported by the underlying SSL/TLS engine, an
    /// error will be returned when attempting to send a request using the
    /// offending key.
    pub fn from_pem_file(path: impl Into<PathBuf>, password: impl Into<Option<String>>) -> Self {
        Self {
            format: CertFormat::Pem,
            data: PathOrBlob::Path(path.into()),
            password: password.into(),
        }
    }

    /// Get a DER-encoded private key file.
    ///
    /// The key file is not loaded or validated here. If the file does not exist
    /// or the format is not supported by the underlying SSL/TLS engine, an
    /// error will be returned when attempting to send a request using the
    /// offending key.
    pub fn from_der_file(path: impl Into<PathBuf>, password: impl Into<Option<String>>) -> Self {
        Self {
            format: CertFormat::Der,
            data: PathOrBlob::Path(path.into()),
            password: password.into(),
        }
    }
}

impl SetOpt for PrivateKey {
    fn set_opt(&self, easy: &mut EasyHandle) -> Result<(), SetOptError> {
        easy.ssl_key_type(self.format.as_str())?;

        match &self.data {
            PathOrBlob::Path(path) => easy.ssl_key(path.as_path()),
            PathOrBlob::Blob(blob) => unsafe { easy.setopt_blob_nocopy(CURLOPT_SSLKEY_BLOB, blob) },
        }?;

        if let Some(password) = self.password.as_ref() {
            easy.key_password(password)?;
        }

        Ok(())
    }
}

impl SetOptProxy for PrivateKey {
    fn set_opt_proxy(&self, easy: &mut EasyHandle) -> Result<(), SetOptError> {
        easy.proxy_sslkey_type(self.format.as_str())?;

        match &self.data {
            PathOrBlob::Path(path) => easy.proxy_sslkey(path.to_str().unwrap()),
            PathOrBlob::Blob(blob) => unsafe {
                easy.setopt_blob_nocopy(CURLOPT_PROXY_SSLKEY_BLOB, blob)
            },
        }?;

        if let Some(password) = self.password.as_ref() {
            easy.proxy_key_password(password)?;
        }

        Ok(())
    }
}

/// Possible formats for certificates supported by curl.
#[derive(Clone, Copy, Debug)]
enum CertFormat {
    Pem,
    Der,
    Pkcs12,
}

impl CertFormat {
    fn as_str(&self) -> &'static str {
        match self {
            CertFormat::Pem => "PEM",
            CertFormat::Der => "DER",
            CertFormat::Pkcs12 => "P12",
        }
    }
}