tough 0.22.0

The Update Framework (TUF) repository client
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153

// Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: MIT OR Apache-2.0

use crate::{error, transport::TransportStream, TransportError};
use aws_lc_rs::digest::{Context, SHA256};
use futures::StreamExt;
use futures_core::Stream;
use std::{convert::TryInto, path::Path, task::Poll};
use tokio::fs;
use url::Url;

pub(crate) struct DigestAdapter {
    url: Url,
    stream: TransportStream,
    hash: Vec<u8>,
    digest: Context,
}

impl DigestAdapter {
    pub(crate) fn sha256(stream: TransportStream, hash: &[u8], url: Url) -> TransportStream {
        Box::pin(Self {
            url,
            stream,
            hash: hash.to_owned(),
            digest: Context::new(&SHA256),
        })
    }
}

impl Stream for DigestAdapter {
    type Item = <TransportStream as Stream>::Item;

    fn poll_next(
        mut self: std::pin::Pin<&mut Self>,
        cx: &mut std::task::Context<'_>,
    ) -> Poll<Option<Self::Item>> {
        let poll = self.stream.as_mut().poll_next(cx);
        match &poll {
            Poll::Ready(Some(Ok(bytes))) => {
                self.digest.update(bytes);
            }
            Poll::Ready(None) => {
                let result = &self.digest.clone().finish();
                if result.as_ref() != self.hash.as_slice() {
                    let mismatch_err = error::HashMismatchSnafu {
                        context: self.url.to_string(),
                        calculated: hex::encode(result),
                        expected: hex::encode(&self.hash),
                    }
                    .build();
                    return Poll::Ready(Some(Err(TransportError::new_with_cause(
                        crate::TransportErrorKind::Other,
                        self.url.clone(),
                        mismatch_err,
                    ))));
                }
            }
            Poll::Ready(Some(Err(_))) | Poll::Pending => (),
        }

        poll
    }
}

/// Create a new stream from `stream`. The new stream returns an error for the item that exceeds the
/// total byte count of `max_size`.
/// * `stream` - The original stream.
/// * `max_size` - Size limit in bytes.
/// * `specifier` - Error message to use.
pub(crate) fn max_size_adapter(
    stream: TransportStream,
    url: Url,
    max_size: u64,
    specifier: &'static str,
) -> TransportStream {
    let mut size: u64 = 0;
    let stream = stream.map(move |chunk| {
        if let Ok(bytes) = &chunk {
            size = size.saturating_add(bytes.len().try_into().unwrap_or(u64::MAX));
        }
        if size > max_size {
            let size_err = error::MaxSizeExceededSnafu {
                max_size,
                specifier,
            }
            .build();
            return Err(TransportError::new_with_cause(
                crate::TransportErrorKind::Other,
                url.clone(),
                size_err,
            ));
        }
        chunk
    });

    Box::pin(stream)
}

/// Async analogue of `std::path::Path::is_file`
pub async fn is_file(path: impl AsRef<Path>) -> bool {
    fs::metadata(path).await.is_ok_and(|m| m.is_file())
}

/// Async analogue of `std::path::Path::is_dir`
pub async fn is_dir(path: impl AsRef<Path>) -> bool {
    fs::metadata(path).await.is_ok_and(|m| m.is_dir())
}

#[cfg(test)]
mod tests {
    use crate::{
        io::{max_size_adapter, DigestAdapter},
        transport::IntoVec,
    };
    use bytes::Bytes;
    use futures::stream;
    use hex_literal::hex;
    use url::Url;

    #[tokio::test]
    async fn test_max_size_adapter() {
        let url = Url::parse("file:///").unwrap();

        let stream = stream::iter("hello".as_bytes().chunks(2).map(Bytes::from).map(Ok));
        let stream = max_size_adapter(Box::pin(stream), url.clone(), 5, "test");
        let buf = stream.into_vec().await.expect("consuming entire stream");
        assert_eq!(buf, b"hello");

        let stream = stream::iter("hello".as_bytes().chunks(2).map(Bytes::from).map(Ok));
        let stream = max_size_adapter(Box::pin(stream), url, 4, "test");
        assert!(stream.into_vec().await.is_err());
    }

    #[tokio::test]
    async fn test_digest_adapter() {
        let stream = stream::iter("hello".as_bytes().chunks(2).map(Bytes::from).map(Ok));
        let stream = DigestAdapter::sha256(
            Box::pin(stream),
            &hex!("2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824"),
            Url::parse("file:///").unwrap(),
        );
        let buf = stream.into_vec().await.expect("consuming entire stream");
        assert_eq!(buf, b"hello");

        let stream = stream::iter("hello".as_bytes().chunks(2).map(Bytes::from).map(Ok));
        let stream = DigestAdapter::sha256(
            Box::pin(stream),
            &hex!("0ebdc3317b75839f643387d783535adc360ca01f33c75f7c1e7373adcd675c0b"),
            Url::parse("file:///").unwrap(),
        );
        assert!(stream.into_vec().await.is_err());
    }
}