feat: integrate TOFU certificate validation into the main struct

This allows users to use the TOFU flow directly through the high-level  API by providing a store implementation in the

- Update  to automatically establish TOFU-validated SSL connections when a store is provided in the configuration
- Add the  field to the  struct to support Trust On First Use (TOFU) validation. Also change  to allow injecting custom store implementations through the builder pattern

Author: lucasdbr05

src/client.rs

@@ -110,16 +110,25 @@ impl ClientType {
     pub fn from_config(url: &str, config: &Config) -> Result<Self, Error> {
         if url.starts_with("ssl://") {
             let url = url.replacen("ssl://", "", 1);
-            let client = match config.socks5() {
-                Some(socks5) => RawClient::new_proxy_ssl(
+            let client = match (config.socks5(), config.tofu_store()) {
+                (Some(socks5), _) => RawClient::new_proxy_ssl(
                     url.as_str(),
                     config.validate_domain(),
                     socks5,
                     config.timeout(),
                 )?,
-                None => {
-                    RawClient::new_ssl(url.as_str(), config.validate_domain(), config.timeout())?
-                }
+
+                (None, Some(tofu_store)) => RawClient::new_ssl_with_tofu(
+                    url.as_str(),
+                    tofu_store.clone(),
+                    config.timeout(),
+                )?,
+
+                (None, None) => RawClient::new_ssl(
+                    url.as_str(),
+                    config.validate_domain(),
+                    config.timeout(),
+                )?,
             };
 
             Ok(ClientType::SSL(client))

src/config.rs

@@ -1,4 +1,6 @@
 use std::time::Duration;
+use std::sync::Arc;
+use crate::tofu::TofuStore;
 
 /// Configuration for an electrum client
 ///
@@ -16,6 +18,8 @@ pub struct Config {
     retry: u8,
     /// when ssl, validate the domain, default true
     validate_domain: bool,
+    /// TOFU store for certificate validation
+    tofu_store: Option<Arc<dyn TofuStore>>,
 }
 
 /// Configuration for Socks5
@@ -72,6 +76,12 @@ impl ConfigBuilder {
         self
     }
 
+    /// Sets the TOFU store
+    pub fn tofu_store<S: TofuStore + 'static>(mut self, store: Arc<S>) -> Self {
+        self.config.tofu_store = Some(store);
+        self
+    }
+
     /// Return the config and consume the builder
     pub fn build(self) -> Config {
         self.config
@@ -131,6 +141,13 @@ impl Config {
         self.validate_domain
     }
 
+    /// Get the TOFU store
+    ///
+    /// Set this with [`ConfigBuilder::tofu_store`]
+    pub fn tofu_store(&self) -> &Option<Arc<dyn TofuStore>> {
+        &self.tofu_store
+    }
+
     /// Convenience method for calling [`ConfigBuilder::new`]
     pub fn builder() -> ConfigBuilder {
         ConfigBuilder::new()
@@ -144,6 +161,7 @@ impl Default for Config {
             timeout: None,
             retry: 1,
             validate_domain: true,
+            tofu_store: None,
         }
     }
 }

src/raw_client.rs

@@ -48,6 +48,8 @@ use crate::api::ElectrumApi;
 use crate::batch::Batch;
 use crate::types::*;
 
+use crate::TofuStore;
+
 macro_rules! impl_batch_call {
     ( $self:expr, $data:expr, $call:ident ) => {{
         impl_batch_call!($self, $data, $call, )
@@ -302,9 +304,9 @@ impl RawClient<ElectrumSslStream> {
     /// Creates a new SSL client with TOFU (Trust On First Use) certificate validation.
     /// This method establishes an SSL connection and verify certificates. On first connection, 
     /// the certificate is stored. On subsequent onnections, the certificate must match the stored one.
-    pub fn new_ssl_with_tofu<S: crate::TofuStore + 'static>(
+    pub fn new_ssl_with_tofu(
         socket_addrs: &dyn ToSocketAddrsDomain,
-        tofu_store: std::sync::Arc<S>,
+        tofu_store: std::sync::Arc<dyn TofuStore>,
         stream: TcpStream,
     ) -> Result<Self, Error> {
         let mut builder =
@@ -420,10 +422,10 @@ mod danger {
     }
 
     impl TofuVerifier {
-        pub fn new<S: TofuStore + 'static>(
+        pub fn new(
             provider: CryptoProvider,
             host: String,
-            tofu_store: Arc<S>,
+            tofu_store: Arc<dyn TofuStore>,
         ) -> Self {
             Self {
                 provider,
@@ -628,9 +630,9 @@ impl RawClient<ElectrumSslStream> {
     /// Create a new SSL client with TOFU (Trust On First Use) certificate validation.
     /// This method establishes an SSL connection and verify certificates. On first connection, 
     /// the certificate is stored. On subsequent connections, the certificate must match the stored one.
-    pub fn new_ssl_with_tofu<A: ToSocketAddrsDomain + Clone, S: crate::TofuStore + 'static>(
+    pub fn new_ssl_with_tofu<A: ToSocketAddrsDomain + Clone>(
         socket_addrs: A,
-        tofu_store: std::sync::Arc<S>,
+        tofu_store: std::sync::Arc<dyn TofuStore>,
         timeout: Option<Duration>,
     ) -> Result<Self, Error> {