add mtls client functionality

DeciSym · Apr 23, 2024 · c12a541 · c12a541
1 parent c738b63
commit c12a541
Show file tree

Hide file tree

Showing 5 changed files with 116 additions and 23 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/lib/oxigraph/Cargo.toml b/lib/oxigraph/Cargo.toml
@@ -44,11 +44,11 @@ siphasher.workspace = true
 sparesults = { workspace = true, features = ["rdf-star"] }
 spargebra = { workspace = true, features = ["rdf-star", "sep-0002", "sep-0006"] }
 sparopt = { workspace = true, features = ["rdf-star", "sep-0002", "sep-0006"] }
-hdt = { version = "0.1.4", default-features = false }
+hdt = { version = "0.2.0", default-features = false }
 thiserror.workspace = true
 http = "1.1.0"
 serde = { version = "1.0.197", features = ["derive"] }
-reqwest = { version = "0.12.3", features = ["json", "blocking"] }
+reqwest = { version = "0.12.4", features = ["json", "blocking", "rustls-tls"] }
 serde_json = "1.0.116"
 
 [target.'cfg(not(target_family = "wasm"))'.dependencies]

diff --git a/lib/oxigraph/src/sparql/dataset.rs b/lib/oxigraph/src/sparql/dataset.rs
@@ -104,6 +104,8 @@ pub struct RemoteDataset {
     authority: http::uri::Authority,
     // list of filepaths
     files: Vec<String>,
+    // http client options for communicating with remote server
+    options: Option<RemoteClientOptions>,
 }
 
 #[derive(Debug, Serialize, Deserialize, Clone)]
@@ -120,6 +122,12 @@ pub struct Bgp {
     pub object: Option<String>,
 }
 
+#[derive(Debug, Clone)]
+pub struct RemoteClientOptions {
+    pub ca_cert: reqwest::Certificate,
+    pub client_pem: reqwest::Identity,
+}
+
 impl RemoteDataset {
     fn remote_query(
         &self,
@@ -128,9 +136,28 @@ impl RemoteDataset {
         o: Option<&str>,
     ) -> Box<dyn Iterator<Item = (String, String, String)> + '_> {
         // TODO follow Gitter chat for update async support
-        let client = reqwest::blocking::Client::new();
+        let client = if self.options.is_some() {
+            let opts = self.options.as_ref().unwrap().clone();
+            let builder = reqwest::blocking::Client::builder().use_rustls_tls();
+            builder
+                .tls_built_in_root_certs(false)
+                .add_root_certificate(opts.ca_cert)
+                .identity(opts.client_pem)
+                .https_only(true)
+                .min_tls_version(reqwest::tls::Version::TLS_1_3)
+                .danger_accept_invalid_certs(true)
+                .build()
+                .expect("invalid certs provided")
+        } else {
+            reqwest::blocking::Client::new()
+        };
+
         let authority = self.authority.as_str();
-        let url = format!("http://{authority}/query");
+        let url = if self.options.is_some() {
+            format!("https://{authority}/query")
+        } else {
+            format!("http://{authority}/query")
+        };
         let res = match client
             .post(url)
             .json(&Bgp {
@@ -214,7 +241,7 @@ impl Clone for HDTDatasetView {
 }
 
 impl HDTDatasetView {
-    pub fn new(paths: Vec<String>) -> Self {
+    pub fn new(paths: Vec<String>, options: &Option<RemoteClientOptions>) -> Self {
         let mut hdts: Vec<HDTDataset> = Vec::new();
         let mut remotes: HashMap<String, RemoteDataset> = HashMap::new();
         for path in paths.iter() {
@@ -248,6 +275,7 @@ impl HDTDatasetView {
                         RemoteDataset {
                             authority: uri.authority().unwrap().clone(),
                             files,
+                            options: options.clone(),
                         },
                     );
                 } else {
@@ -256,6 +284,7 @@ impl HDTDatasetView {
                         RemoteDataset {
                             authority: uri.authority().unwrap().clone(),
                             files: vec![file],
+                            options: options.clone(),
                         },
                     );
                 }

diff --git a/oxhdt-sys/src/lib.rs b/oxhdt-sys/src/lib.rs
@@ -11,7 +11,7 @@ use std::rc::Rc;
 #[allow(dead_code)]
 fn hdt_query(hdt_path: &str, sparql_query: &str) -> Result<QueryResults, EvaluationError> {
     // Open the HDT file.
-    let dataset = Rc::new(HDTDatasetView::new(vec![hdt_path.to_string()]));
+    let dataset = Rc::new(HDTDatasetView::new(vec![hdt_path.to_string()], &None));
     let sparql_query = sparql_query;
 
     // SPARQL query
@@ -34,7 +34,7 @@ fn rdf_test_runner(query_path: &str, data_path: &str, result_path: &str) -> bool
     let query = Query::parse(&rq, None).expect("Failed to parse the test query string");
 
     // The test data in HDT format
-    let data = Rc::new(HDTDatasetView::new(vec![data_path.to_string()]));
+    let data = Rc::new(HDTDatasetView::new(vec![data_path.to_string()], &None));
 
     // The expected results in XML format
     // let f = File::open(result_path).expect("Failed to open the expected results from file");

diff --git a/oxhdt-sys/src/main.rs b/oxhdt-sys/src/main.rs
@@ -15,7 +15,7 @@ fn main() {
     // Open the HDT file.
     let dataset = Rc::new(HDTDatasetView::new(vec![
         "oxhdt-sys/tests/resources/test.hdt".to_string(),
-    ]));
+    ], &None));
 
     // Test
     println!();