implement client builder for native-tls

Author: ton-anywhere

bitreq/src/client.rs

@@ -9,21 +9,21 @@
 use std::collections::{hash_map, HashMap, VecDeque};
 use std::sync::{Arc, Mutex};
 
-#[cfg(feature = "tokio-rustls")]
+#[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
 use crate::connection::tls_config::{TlsConfig, TlsConfigBuilder};
 use crate::connection::AsyncConnection;
 use crate::request::{OwnedConnectionParams as ConnectionKey, ParsedRequest};
 use crate::{Error, Request, Response};
 
 #[derive(Clone)]
 pub(crate) struct ClientConfig {
-    #[cfg(feature = "tokio-rustls")]
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     pub(crate) tls: Option<TlsConfig>,
 }
 
 pub struct ClientBuilder {
     capacity: usize,
-    #[cfg(feature = "tokio-rustls")]
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     tls_config: Option<TlsConfigBuilder>,
 }
 
@@ -48,7 +48,7 @@ impl ClientBuilder {
     pub fn new() -> Self {
         Self {
             capacity: 10,
-            #[cfg(feature = "tokio-rustls")]
+            #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
             tls_config: None,
         }
     }
@@ -59,8 +59,8 @@ impl ClientBuilder {
         self
     }
 
-    #[cfg(feature = "tokio-rustls")]
     /// Builds the `Client` with the configured settings.
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     pub fn build(self) -> Result<Client, Error> {
         let build_config = if let Some(builder) = self.tls_config {
             let tls_config = builder.build()?;
@@ -81,7 +81,7 @@ impl ClientBuilder {
     }
 
     /// Builds the `Client` with the configured settings.
-    #[cfg(not(feature = "tokio-rustls"))]
+    #[cfg(not(any(feature = "tokio-rustls", feature = "tokio-native-tls")))]
     pub fn build(self) -> Result<Client, Error> {
         Ok(Client {
             r#async: Arc::new(Mutex::new(ClientImpl {
@@ -111,7 +111,7 @@ impl ClientBuilder {
     /// # Ok(())
     /// # }
     /// ```
-    #[cfg(feature = "tokio-rustls")]
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     pub fn with_root_certificate<T: Into<Vec<u8>>>(mut self, cert_der: T) -> Result<Self, Error> {
         let cert_der = cert_der.into();
         if let Some(ref mut tls_config) = self.tls_config {
@@ -126,7 +126,7 @@ impl ClientBuilder {
 
     /// Disables default root certificates for TLS connections.
     /// Returns [`Error::InvalidTlsConfig`] if TLS has not been configured.
-    #[cfg(feature = "tokio-rustls")]
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     pub fn disable_default_certificates(mut self) -> Result<Self, Error> {
         match self.tls_config {
             Some(ref mut tls_config) => tls_config.disable_default_certificates()?,

bitreq/src/connection.rs

@@ -33,7 +33,7 @@ type UnsecuredStream = TcpStream;
 
 #[cfg(any(feature = "rustls", feature = "native-tls"))]
 mod rustls_stream;
-#[cfg(feature = "tokio-rustls")]
+#[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
 pub(crate) mod tls_config;
 #[cfg(any(feature = "rustls", feature = "native-tls"))]
 type SecuredStream = rustls_stream::SecuredStream;
@@ -304,20 +304,8 @@ impl AsyncConnection {
         }))))
     }
 
-    // =======
-    /// Temp method. Required to compile
-    #[cfg(all(feature = "tokio-native-tls", not(feature = "tokio-rustls")))]
-    async fn wrap_async_stream(
-        socket: AsyncTcpStream,
-        host: &str,
-        _client_config: &Option<Arc<ClientConfig>>,
-    ) -> Result<AsyncHttpStream, Error> {
-        rustls_stream::wrap_async_stream(socket, host).await
-    }
-    // =======
-
     /// Call the correct wrapper function depending on whether client_configs are present
-    #[cfg(feature = "tokio-rustls")]
+    #[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
     async fn wrap_async_stream(
         socket: AsyncTcpStream,
         host: &str,

bitreq/src/connection/rustls_stream.rs

@@ -14,7 +14,7 @@ use std::sync::OnceLock;
 use native_tls::{HandshakeError, TlsConnector, TlsStream};
 #[cfg(feature = "rustls")]
 use rustls::{self, ClientConfig, ClientConnection, RootCertStore, ServerName, StreamOwned};
-#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+#[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
 use tokio_native_tls::TlsConnector as AsyncTlsConnector;
 #[cfg(feature = "tokio-rustls")]
 use tokio_rustls::{client::TlsStream, TlsConnector};
@@ -28,7 +28,7 @@ use super::HttpStream;
     all(feature = "rustls", feature = "tokio-rustls")
 ))]
 use super::{AsyncHttpStream, AsyncTcpStream};
-#[cfg(all(feature = "rustls", feature = "tokio-rustls"))]
+#[cfg(any(feature = "tokio-rustls", feature = "tokio-native-tls"))]
 use crate::connection::tls_config::TlsConfig;
 use crate::Error;
 
@@ -189,22 +189,10 @@ pub(super) fn wrap_stream(tcp: TcpStream, host: &str) -> Result<HttpStream, Erro
     Ok(HttpStream::Secured(Box::new(tls), None))
 }
 
-#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
+#[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
 pub type AsyncSecuredStream = tokio_native_tls::TlsStream<tokio::net::TcpStream>;
 
-// =======
-// Temp method, required for compilation
 #[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
-pub(super) async fn wrap_async_stream_with_configs(
-    tcp: AsyncTcpStream,
-    host: &str,
-    _client_configs: Option<()>,
-) -> Result<AsyncHttpStream, Error> {
-    wrap_async_stream(tcp, host).await
-}
-// =======
-
-#[cfg(all(feature = "native-tls", not(feature = "rustls"), feature = "tokio-native-tls"))]
 pub(super) async fn wrap_async_stream(
     tcp: AsyncTcpStream,
     host: &str,
@@ -228,3 +216,22 @@ pub(super) async fn wrap_async_stream(
 
     Ok(AsyncHttpStream::Secured(Box::new(tls)))
 }
+
+#[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
+pub(super) async fn wrap_async_stream_with_configs(
+    tcp: AsyncTcpStream,
+    host: &str,
+    tls_config: TlsConfig,
+) -> Result<AsyncHttpStream, Error> {
+    #[cfg(feature = "log")]
+    log::trace!("Setting up TLS parameters for {host}.");
+
+    let async_connector = tls_config.connector;
+
+    #[cfg(feature = "log")]
+    log::trace!("Establishing TLS session to {host}.");
+
+    let tls = async_connector.connect(host, tcp).await?;
+
+    Ok(AsyncHttpStream::Secured(Box::new(tls)))
+}

bitreq/src/connection/tls_config.rs

@@ -1,7 +1,11 @@
 use std::sync::Arc;
 
+#[cfg(not(feature = "rustls"))]
+use native_tls::{Certificate, TlsConnector, TlsConnectorBuilder};
 #[cfg(feature = "rustls")]
 use rustls::RootCertStore;
+#[cfg(not(feature = "rustls"))]
+use tokio_native_tls::TlsConnector as AsyncTlsConnector;
 #[cfg(feature = "rustls-webpki")]
 use webpki_roots::TLS_SERVER_ROOTS;
 
@@ -13,7 +17,12 @@ pub(crate) struct TlsConfigBuilder {
     pub(crate) disable_default: bool,
 }
 
-#[cfg(feature = "tokio-rustls")]
+#[cfg(not(feature = "rustls"))]
+pub(crate) struct TlsConfigBuilder {
+    pub(crate) inner: TlsConnectorBuilder,
+}
+
+#[cfg(feature = "rustls")]
 impl TlsConfigBuilder {
     pub(crate) fn new(cert_der: Option<Vec<u8>>) -> Result<Self, Error> {
         let mut tls_config = Self { inner: RootCertStore::empty(), disable_default: false };
@@ -71,8 +80,47 @@ impl TlsConfigBuilder {
     }
 }
 
+#[cfg(not(feature = "rustls"))]
+impl TlsConfigBuilder {
+    pub(crate) fn new(cert_der: Option<Vec<u8>>) -> Result<Self, Error> {
+        let builder = TlsConnector::builder();
+        let mut tls_config = Self { inner: builder };
+
+        if let Some(cert_der) = cert_der {
+            tls_config.append_certificate(cert_der)?;
+        }
+
+        Ok(tls_config)
+    }
+
+    pub(crate) fn append_certificate(&mut self, cert_der: Vec<u8>) -> Result<&mut Self, Error> {
+        let certificate = Certificate::from_der(&cert_der)?;
+        self.inner.add_root_certificate(certificate);
+
+        Ok(self)
+    }
+
+    pub(crate) fn disable_default_certificates(&mut self) -> Result<&mut Self, Error> {
+        self.inner.disable_built_in_roots(true);
+        Ok(self)
+    }
+
+    pub(crate) fn build(self) -> Result<TlsConfig, Error> {
+        let connector = self.inner.build()?;
+        let async_connector = AsyncTlsConnector::from(connector);
+
+        Ok(TlsConfig { connector: Arc::new(async_connector) })
+    }
+}
+
 #[derive(Clone)]
 #[cfg(feature = "rustls")]
 pub(crate) struct TlsConfig {
     pub(crate) certificates: Arc<RootCertStore>,
 }
+
+#[derive(Clone)]
+#[cfg(not(feature = "rustls"))]
+pub(crate) struct TlsConfig {
+    pub(crate) connector: Arc<AsyncTlsConnector>,
+}

bitreq/src/error.rs

@@ -28,6 +28,9 @@ pub enum Error {
     #[cfg(feature = "native-tls")]
     /// Ran into a native-tls error while creating the connection.
     NativeTlsCreateConnection(native_tls::Error),
+    #[cfg(feature = "native-tls")]
+    /// Ran into a native-tls error while appending a certificate.
+    NativeTlsAppendCert,
     #[cfg(any(feature = "rustls", feature = "native-tls"))]
     /// The current TLS configuration is invalid.
     InvalidTlsConfig,
@@ -114,6 +117,8 @@ impl fmt::Display for Error {
             RustlsAppendCert(err) => write!(f, "error appending certificate: {}", err),
             #[cfg(feature = "native-tls")]
             NativeTlsCreateConnection(err) => write!(f, "error creating native-tls connection: {}", err),
+            #[cfg(feature = "native-tls")]
+            NativeTlsAppendCert => write!(f, "error appending certificate"),
             #[cfg(any(feature = "rustls", feature = "native-tls"))]
             InvalidTlsConfig => write!(f, "error disabling default certificates. Must have custom cert."),
             MalformedChunkLength => write!(f, "non-usize chunk length with transfer-encoding: chunked"),
@@ -159,6 +164,8 @@ impl error::Error for Error {
             RustlsCreateConnection(err) => Some(err),
             #[cfg(feature = "rustls")]
             RustlsAppendCert(err) => Some(err),
+            #[cfg(feature = "native-tls")]
+            NativeTlsCreateConnection(err) => Some(err),
             _ => None,
         }
     }

bitreq/tests/main.rs

@@ -52,6 +52,15 @@ async fn test_https_with_client_builder() {
     assert_eq!(response.status_code, 200);
 }
 
+#[tokio::test]
+#[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
+async fn test_https_with_client_builder() {
+    setup();
+    let client = bitreq::Client::builder().build().unwrap();
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
 #[tokio::test]
 #[cfg(feature = "tokio-rustls")]
 async fn test_https_with_client_builder_and_cert() {
@@ -66,6 +75,39 @@ async fn test_https_with_client_builder_and_cert() {
     assert_eq!(response.status_code, 200);
 }
 
+#[tokio::test]
+#[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
+async fn test_https_with_client_builder_and_cert() {
+    setup();
+    let cert_der = include_bytes!("test_cert.der");
+    let client = bitreq::Client::builder()
+        .with_root_certificate(cert_der.as_slice())
+        .unwrap()
+        .build()
+        .unwrap();
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
+#[tokio::test]
+#[cfg(all(feature = "tokio-native-tls", not(feature = "rustls")))]
+async fn test_https_with_multiple_certs() {
+    setup();
+    let cert_der = include_bytes!("test_cert.der");
+    let ca_der = include_bytes!("ca_cert.der");
+
+    let client = bitreq::Client::builder()
+        .with_root_certificate(cert_der.as_slice())
+        .unwrap()
+        .with_root_certificate(ca_der.as_slice())
+        .unwrap()
+        .build()
+        .unwrap();
+
+    let response = client.send_async(bitreq::get("https://example.com")).await.unwrap();
+    assert_eq!(response.status_code, 200);
+}
+
 #[tokio::test]
 #[cfg(feature = "tokio-rustls")]
 async fn test_https_with_multiple_certs() {