Struct CustomTransportBuilder 

pub struct CustomTransportBuilder { /* private fields */ }

Builder for a TransportConfig with multi-root trust chains and optional mTLS client certificate (bd:JMAP-6r7c.65).

CustomCaTransport is single-root and has no mTLS support; the builder is the richer-configuration counterpart. Common cases:

• Private PKI with root + intermediate. Add both via add_root_pem (single cert) or add_roots_pem_bundle (bundle of roots + intermediates).
• Mutual TLS. Add a client cert + key via with_client_cert.
• Both. Compose freely; the builder is chainable.

Like CustomCaTransport, the resulting transport replaces the bundled webpki-roots with the configured trust roots. A “hybrid” deployment that wants both the bundled public roots AND custom roots is not currently supported; implement TransportConfig directly with the additive behaviour (reqwest::ClientBuilder::add_root_certificate is additive by default — a hand-rolled impl that omits .tls_built_in_root_certs(false) keeps the bundled roots).

Usage

use jmap_base_client::auth::CustomTransportBuilder;

let transport = CustomTransportBuilder::new()
    .add_root_pem(&std::fs::read("ca-root.pem")?)?
    .add_root_pem(&std::fs::read("ca-intermediate.pem")?)?
    .with_client_cert(
        std::fs::read("client.pem")?,
        std::fs::read("client.key.pem")?,
    )
    .build();

let client = JmapClient::new(
    transport,
    BearerAuth::new(token)?,
    "https://internal-jmap.corp",
    ClientConfig::default(),
)?;

Implementations

impl CustomTransportBuilder

pub fn new() -> Self

Construct an empty builder. A builder with no trust roots and no client identity will produce a transport that rejects every TLS connection (no trust roots configured); add at least one root before build.

pub fn add_root_der(self, der: Vec<u8>) -> Self

Add a DER-encoded trust-root certificate.

Validation of the DER bytes is deferred to build (same posture as CustomCaTransport::new). Invalid DER surfaces as ClientError::Http at JmapClient::new time.

pub fn add_root_pem(self, pem: &[u8]) -> Result<Self, ClientError>

Add a PEM-encoded trust-root certificate. The first PEM-framed certificate in pem is consumed; embedded chains require add_roots_pem_bundle.

Errors

Returns ClientError::InvalidArgument if pem does not contain a recognisable PEM-framed certificate.

pub fn add_roots_pem_bundle( self, pem_bundle: &[u8], ) -> Result<Self, ClientError>

Add every PEM-framed certificate in a multi-cert bundle.

A typical private-PKI deployment ships a bundle containing the root plus one or more intermediates as concatenated PEM blocks. This method iterates each -----BEGIN CERTIFICATE----- block in input order and adds each to the trust set.

Errors

Returns ClientError::InvalidArgument if no PEM-framed certificate is found in the bundle.

pub fn with_client_cert(self, cert_pem: Vec<u8>, key_pem: Vec<u8>) -> Self

Configure a client certificate + private key for mutual TLS.

Replaces any previously-configured client identity. The two PEM byte slices are stored verbatim and concatenated at build time into a single PEM bundle that reqwest::Identity::from_pem consumes.

cert_pem may contain a single client cert or a cert + intermediates chain. key_pem carries the private key (PKCS#1 or PKCS#8, RSA or ECDSA — whatever reqwest’s rustls build supports).

pub fn build(self) -> BuilderTransport

Consume the builder and return a TransportConfig implementation that produces a reqwest::Client configured with the accumulated trust roots and optional client identity.

Behaves identically to CustomCaTransport::build_client for single-root use; the additional functionality (multi-root + mTLS) kicks in when the builder was configured with more than one root or a client identity.

Trait Implementations

impl Default for CustomTransportBuilder

fn default() -> CustomTransportBuilder

Returns the “default value” for a type.