jetstream 16.0.0

Jetstream is a RPC framework for Rust, based on the 9P protocol and QUIC.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

# JetStream QUIC

[QUIC](https://www.rfc-editor.org/rfc/rfc9000.html) is a modern transport protocol that provides multiplexed connections over UDP with built-in TLS 1.3 encryption. JetStream QUIC provides the transport layer using [quinn](https://crates.io/crates/quinn).

## Features

- **ALPN-based Routing**: Route connections to different handlers based on ALPN protocol negotiation
- **TLS 1.3**: Built-in secure transport with rustls
- **0-RTT**: Support for zero round-trip connection resumption
- **mTLS Support**: Mutual TLS authentication for client certificate verification
- **Peer Identity**: Extract client certificate information (CN, fingerprint, SANs) in request handlers

## Architecture

The crate is organized around these core components:

- **`Server`**: The main QUIC server that accepts incoming connections
- **`Router`**: Routes connections to protocol handlers based on ALPN
- **`ProtocolHandler`**: Trait for implementing custom protocol handlers
- **`Client`**: QUIC client for connecting to servers

For HTTP/3 support, see [jetstream_http](http.md).

## Example

Here's a complete echo service example:

```rust
{{#include ../examples/echo.rs}}
```

## Defining a Service

Use the `#[service]` macro to define an RPC service:

```rust
use jetstream::prelude::*;
use jetstream_macros::service;

#[service]
pub trait Echo {
    async fn ping(&mut self) -> Result<()>;
    async fn echo(&mut self, message: String) -> Result<String>;
}
```

The macro generates:
- `EchoChannel` - Client-side channel for calling methods
- `EchoService` - Server-side wrapper for your implementation

## Implementing the Service

```rust
#[derive(Clone)]
struct EchoImpl;

impl Echo for EchoImpl {
    async fn ping(&mut self) -> Result<()> {
        Ok(())
    }

    async fn echo(&mut self, message: String) -> Result<String> {
        Ok(message)
    }
}
```

## Server Setup

```rust
use std::sync::Arc;
use jetstream_quic::{Server, Router};

// Create the service
let echo_service = echo_protocol::EchoService { inner: EchoImpl {} };

// Register with router
let mut router = Router::new();
router.register(Arc::new(echo_service));

// Create and run server
let server = Server::new_with_addr(cert, key, addr, router);
server.run().await;
```

## Client Setup

```rust
use jetstream_quic::{Client, QuicTransport};
use jetstream_rpc::Protocol;

// Create client
let alpn = vec![EchoChannel::VERSION.as_bytes().to_vec()];
let client = Client::new_with_mtls(ca_cert, client_cert, client_key, alpn)?;

// Connect
let connection = client.connect(addr, "localhost").await?;

// Open stream and create channel
let (send, recv) = connection.open_bi().await?;
let transport: QuicTransport<EchoChannel> = (send, recv).into();
let mut chan = EchoChannel::new(10, Box::new(transport));

// Call methods
chan.ping().await?;
let response = chan.echo("Hello".to_string()).await?;
```

## TLS Certificates

Generate development certificates:

```bash
cd certs
./generate_certs.sh
```

This generates:
- `ca.pem` / `ca.key` - Certificate Authority
- `server.pem` / `server.key` - Server certificate
- `client.pem` / `client.key` - Client certificate
- `client.p12` - PKCS12 bundle for browser import

For production, use certificates from a trusted CA or Let's Encrypt.

## Mutual TLS (mTLS)

JetStream QUIC supports mutual TLS authentication:

```rust
// Build a client certificate verifier from a CA cert
let mut root_store = rustls::RootCertStore::empty();
root_store.add(ca_cert).expect("Failed to add CA cert");
let client_verifier =
    rustls::server::WebPkiClientVerifier::builder(Arc::new(root_store))
        .allow_unauthenticated()
        .build()
        .expect("Failed to build client verifier");

let server = Server::new_with_mtls(
    server_cert,
    server_key,
    client_verifier,  // any Arc<dyn ClientCertVerifier>
    addr,
    router,
);
```

### Accessing Peer Certificate Info

```rust
use jetstream_rpc::context::{Context, Peer};

// In your service implementation or handler
if let Some(Peer::Tls(tls_peer)) = ctx.peer() {
    if let Some(leaf) = tls_peer.leaf() {
        println!("Client CN: {:?}", leaf.common_name);
        println!("Fingerprint: {}", leaf.fingerprint);
        println!("DNS SANs: {:?}", leaf.dns_names);
    }
}
```

## Dependencies

Add to your `Cargo.toml`:

```toml
[dependencies]
jetstream = "13"
jetstream_quic = "13"
jetstream_macros = "13"
tokio = { version = "1", features = ["full"] }
```

For more details, see the [jetstream_quic API documentation](doc/jetstream_quic/index.html).