stakpak_shared/
tls_client.rs

1use std::time::Duration;
2
3use reqwest::{Client, header::HeaderMap, redirect::Policy};
4use rustls_platform_verifier::BuilderVerifierExt;
5
6pub struct TlsClientConfig {
7    pub headers: HeaderMap,
8    pub timeout: Duration,
9    pub redirect_policy: Policy,
10}
11
12impl Default for TlsClientConfig {
13    fn default() -> Self {
14        Self {
15            headers: HeaderMap::new(),
16            timeout: Duration::from_secs(30),
17            redirect_policy: Policy::limited(10),
18        }
19    }
20}
21
22impl TlsClientConfig {
23    pub fn with_headers(mut self, headers: HeaderMap) -> Self {
24        self.headers = headers;
25        self
26    }
27
28    pub fn with_timeout(mut self, timeout: Duration) -> Self {
29        self.timeout = timeout;
30        self
31    }
32
33    pub fn with_redirect_policy(mut self, redirect_policy: Policy) -> Self {
34        self.redirect_policy = redirect_policy;
35        self
36    }
37}
38
39pub fn create_tls_client(config: TlsClientConfig) -> Result<Client, String> {
40    // needed to use OS-provided CA certificates with Rustls
41    let arc_crypto_provider = std::sync::Arc::new(rustls::crypto::ring::default_provider());
42    let tls_config = rustls::ClientConfig::builder_with_provider(arc_crypto_provider)
43        .with_safe_default_protocol_versions()
44        .expect("Failed to build client TLS config")
45        .with_platform_verifier()
46        .with_no_client_auth();
47
48    let client = Client::builder()
49        .use_preconfigured_tls(tls_config)
50        .default_headers(config.headers)
51        .timeout(config.timeout)
52        .redirect(config.redirect_policy)
53        .build()
54        .expect("Failed to create HTTP client");
55
56    Ok(client)
57}