takproto 0.4.2 - Docs.rs

//! Example demonstrating certificate validation options
//!
//! **WARNING**: These options disable security features and should only be used
//! in development/testing environments or trusted networks.
//!
//! Usage:
//! ```
//! # Accept self-signed certificates
//! cargo run --example insecure_connection --features openssl-p12 -- \
//!     <server:port> <server_name> <p12_file> <password> --accept-invalid-certs
//!
//! # Disable hostname verification
//! cargo run --example insecure_connection --features openssl-p12 -- \
//!     <server:port> <server_name> <p12_file> <password> --disable-hostname-verification
//!
//! # Both (very insecure!)
//! cargo run --example insecure_connection --features openssl-p12 -- \
//!     <server:port> <server_name> <p12_file> <password> --accept-invalid-certs --disable-hostname-verification
//! ```

use takproto::helpers::{color, colors, contact, remarks};
use takproto::{CotEventBuilder, TakClient, TlsConfigBuilder};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let args: Vec<String> = std::env::args().collect();
    if args.len() < 5 {
        eprintln!(
            "Usage: {} <server:port> <server_name> <p12_file> <password> [OPTIONS]",
            args[0]
        );
        eprintln!("\nOptions:");
        eprintln!("  --accept-invalid-certs          Accept self-signed/invalid certificates");
        eprintln!("  --disable-hostname-verification  Skip hostname verification");
        eprintln!("\nWARNING: These options reduce security. Use only in development/testing!");
        std::process::exit(1);
    }

    let server_addr = &args[1];
    let server_name = &args[2];
    let p12_file = &args[3];
    let password = &args[4];

    // Parse flags
    let accept_invalid = args.contains(&"--accept-invalid-certs".to_string());
    let disable_hostname = args.contains(&"--disable-hostname-verification".to_string());

    println!("Configuration:");
    println!("  Server: {}", server_addr);
    println!("  P12 file: {}", p12_file);
    println!("  Accept invalid certs: {}", accept_invalid);
    println!("  Disable hostname verification: {}", disable_hostname);

    if accept_invalid || disable_hostname {
        println!("\n⚠️  WARNING: Insecure TLS options enabled!");
    }

    // Build TLS config with validation options
    let mut builder = TlsConfigBuilder::new().with_p12(p12_file, password)?;

    if accept_invalid {
        builder = builder.danger_accept_invalid_certs(true);
    }

    if disable_hostname {
        builder = builder.danger_disable_hostname_verification(true);
    }

    let tls_config = builder.build()?;
    println!("✓ TLS configuration created");

    // Connect to TAK server
    println!("\nConnecting to {}...", server_addr);
    let mut client = TakClient::connect_tls(server_addr, server_name, tls_config).await?;
    println!("✓ Connected to TAK server");

    // Negotiate protocol
    println!("Negotiating protocol...");
    client.negotiate_protocol(1, 60).await?;
    println!("✓ Protocol negotiated");

    // Create and send a position report
    let event = CotEventBuilder::new()
        .uid("RUST-TAK-INSECURE-DEMO")
        .cot_type("a-f-G-U-C")
        .lat_lon(37.7749, -122.4194)
        .hae(10.0)
        .ce_le(9.9, 9.9)
        .how("m-g")
        .stale_minutes(5)
        .with_contact(contact("INSECURE-DEMO", Some("192.168.1.100:4242")))
        .with_xml_detail(&format!(
            "{}\n{}",
            remarks("Test with custom validation options"),
            color(colors::YELLOW)
        ))
        .build()?;

    println!("Sending position report...");
    client.send_cot_event(event).await?;
    println!("✓ Position report sent successfully!");

    println!("\n✅ Demo complete!");

    Ok(())
}