feat:tofu certificate validation

examples/tofu.rs

@@ -0,0 +1,43 @@
+extern crate electrum_client;
+
+use electrum_client::{Client, ConfigBuilder, ElectrumApi, TofuStore};
+use std::collections::HashMap;
+use std::sync::{Arc, Mutex};
+
+/// A simple in-memory implementation of TofuStore for demonstration purposes.
+#[derive(Debug, Default)]
+struct MyTofuStore {
+    certs: Mutex<HashMap<String, Vec<u8>>>,
+}
+
+impl TofuStore for MyTofuStore {
+    fn get_certificate(
+        &self,
+        host: &str,
+    ) -> Result<Option<Vec<u8>>, Box<dyn std::error::Error + Send + Sync>> {
+        let certs = self.certs.lock().unwrap();
+        Ok(certs.get(host).cloned())
+    }
+
+    fn set_certificate(
+        &self,
+        host: &str,
+        cert: Vec<u8>,
+    ) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
+        let mut certs = self.certs.lock().unwrap();
+        certs.insert(host.to_string(), cert);
+        Ok(())
+    }
+}
+
+fn main() {
+    let store = Arc::new(MyTofuStore::default());
+    let config = ConfigBuilder::new().tofu_store(store).build();
+
+    let client =
+        Client::from_config("ssl://electrum.blockstream.info:50002", config).unwrap();
+    let res = client.server_features();
+    println!("{:#?}", res);
+}
+
+

src/client.rs

@@ -110,16 +110,25 @@ impl ClientType {
     pub fn from_config(url: &str, config: &Config) -> Result<Self, Error> {
         if url.starts_with("ssl://") {
             let url = url.replacen("ssl://", "", 1);
-            let client = match config.socks5() {
-                Some(socks5) => RawClient::new_proxy_ssl(
+            let client = match (config.socks5(), config.tofu_store()) {
+                (Some(socks5), _) => RawClient::new_proxy_ssl(
                     url.as_str(),
                     config.validate_domain(),
                     socks5,
                     config.timeout(),
                 )?,
-                None => {
-                    RawClient::new_ssl(url.as_str(), config.validate_domain(), config.timeout())?
-                }
+
+                (None, Some(tofu_store)) => RawClient::new_ssl_with_tofu(
+                    url.as_str(),
+                    tofu_store.clone(),
+                    config.timeout(),
+                )?,
+
+                (None, None) => RawClient::new_ssl(
+                    url.as_str(),
+                    config.validate_domain(),
+                    config.timeout(),
+                )?,
             };
 
             Ok(ClientType::SSL(client))

src/config.rs

@@ -1,4 +1,6 @@
 use std::time::Duration;
+use std::sync::Arc;
+use crate::tofu::TofuStore;
 
 /// Configuration for an electrum client
 ///
@@ -16,6 +18,8 @@ pub struct Config {
     retry: u8,
     /// when ssl, validate the domain, default true
     validate_domain: bool,
+    /// TOFU store for certificate validation
+    tofu_store: Option<Arc<dyn TofuStore>>,
 }
 
 /// Configuration for Socks5
@@ -72,6 +76,12 @@ impl ConfigBuilder {
         self
     }
 
+    /// Sets the TOFU store
+    pub fn tofu_store<S: TofuStore + 'static>(mut self, store: Arc<S>) -> Self {
+        self.config.tofu_store = Some(store);
+        self
+    }
+
     /// Return the config and consume the builder
     pub fn build(self) -> Config {
         self.config
@@ -131,6 +141,13 @@ impl Config {
         self.validate_domain
     }
 
+    /// Get the TOFU store
+    ///
+    /// Set this with [`ConfigBuilder::tofu_store`]
+    pub fn tofu_store(&self) -> &Option<Arc<dyn TofuStore>> {
+        &self.tofu_store
+    }
+
     /// Convenience method for calling [`ConfigBuilder::new`]
     pub fn builder() -> ConfigBuilder {
         ConfigBuilder::new()
@@ -144,6 +161,7 @@ impl Default for Config {
             timeout: None,
             retry: 1,
             validate_domain: true,
+            tofu_store: None,
         }
     }
 }

src/lib.rs

@@ -81,3 +81,6 @@ pub use batch::Batch;
 pub use client::*;
 pub use config::{Config, ConfigBuilder, Socks5Config};
 pub use types::*;
+
+mod tofu;
+pub use tofu::TofuStore;