/rust/registry/src/index.crates.io-1949cf8c6b5b557f/hyper-rustls-0.27.7/src/connector.rs

Source
use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;
use std::task::{Context, Poll};
use std::{fmt, io};

use http::Uri;
use hyper::rt;
use hyper_util::client::legacy::connect::Connection;
use hyper_util::rt::TokioIo;
use pki_types::ServerName;
use tokio_rustls::TlsConnector;
use tower_service::Service;

use crate::stream::MaybeHttpsStream;

pub(crate) mod builder;

type BoxError = Box<dyn std::error::Error + Send + Sync>;

/// A Connector for the `https` scheme.
#[derive(Clone)]
pub struct HttpsConnector<T> {
    force_https: bool,
    http: T,
    tls_config: Arc<rustls::ClientConfig>,
    server_name_resolver: Arc<dyn ResolveServerName + Sync + Send>,
}

impl<T> HttpsConnector<T> {
    /// Creates a [`crate::HttpsConnectorBuilder`] to configure a `HttpsConnector`.
    ///
    /// This is the same as [`crate::HttpsConnectorBuilder::new()`].
    pub fn builder() -> builder::ConnectorBuilder<builder::WantsTlsConfig> {
        builder::ConnectorBuilder::new()
    }

    /// Force the use of HTTPS when connecting.
    ///
    /// If a URL is not `https` when connecting, an error is returned.
    pub fn enforce_https(&mut self) {
        self.force_https = true;
    }
}

impl<T> Service<Uri> for HttpsConnector<T>
where
    T: Service<Uri>,
    T::Response: Connection + rt::Read + rt::Write + Send + Unpin + 'static,
    T::Future: Send + 'static,
    T::Error: Into<BoxError>,
{
    type Response = MaybeHttpsStream<T::Response>;
    type Error = BoxError;

    #[allow(clippy::type_complexity)]
    type Future =
        Pin<Box<dyn Future<Output = Result<MaybeHttpsStream<T::Response>, BoxError>> + Send>>;

    fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
        match self.http.poll_ready(cx) {
            Poll::Ready(Ok(())) => Poll::Ready(Ok(())),
            Poll::Ready(Err(e)) => Poll::Ready(Err(e.into())),
            Poll::Pending => Poll::Pending,
        }
    }

    fn call(&mut self, dst: Uri) -> Self::Future {
        // dst.scheme() would need to derive Eq to be matchable;
        // use an if cascade instead
        match dst.scheme() {
            Some(scheme) if scheme == &http::uri::Scheme::HTTP && !self.force_https => {
                let future = self.http.call(dst);
                return Box::pin(async move {
                    Ok(MaybeHttpsStream::Http(future.await.map_err(Into::into)?))
                });
            }
            Some(scheme) if scheme != &http::uri::Scheme::HTTPS => {
                let message = format!("unsupported scheme {scheme}");
                return Box::pin(async move {
                    Err(io::Error::new(io::ErrorKind::Other, message).into())
                });
            }
            Some(_) => {}
            None => {
                return Box::pin(async move {
                    Err(io::Error::new(io::ErrorKind::Other, "missing scheme").into())
                })
            }
        };

        let cfg = self.tls_config.clone();
        let hostname = match self.server_name_resolver.resolve(&dst) {
            Ok(hostname) => hostname,
            Err(e) => {
                return Box::pin(async move { Err(e) });
            }
        };

        let connecting_future = self.http.call(dst);
        Box::pin(async move {
            let tcp = connecting_future
                .await
                .map_err(Into::into)?;
            Ok(MaybeHttpsStream::Https(TokioIo::new(
                TlsConnector::from(cfg)
                    .connect(hostname, TokioIo::new(tcp))
                    .await
                    .map_err(|e| io::Error::new(io::ErrorKind::Other, e))?,
            )))
        })
    }
}

impl<H, C> From<(H, C)> for HttpsConnector<H>
where
    C: Into<Arc<rustls::ClientConfig>>,
{
    fn from((http, cfg): (H, C)) -> Self {
        Self {
            force_https: false,
            http,
            tls_config: cfg.into(),
            server_name_resolver: Arc::new(DefaultServerNameResolver::default()),
        }
    }
}

impl<T> fmt::Debug for HttpsConnector<T> {
    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
        f.debug_struct("HttpsConnector")
            .field("force_https", &self.force_https)
            .finish()
    }
}

/// The default server name resolver, which uses the hostname in the URI.
#[derive(Default)]
pub struct DefaultServerNameResolver(());

impl ResolveServerName for DefaultServerNameResolver {
    fn resolve(
        &self,
        uri: &Uri,
    ) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>> {
        let mut hostname = uri.host().unwrap_or_default();

        // Remove square brackets around IPv6 address.
        if let Some(trimmed) = hostname
            .strip_prefix('[')
            .and_then(|h| h.strip_suffix(']'))
        {
            hostname = trimmed;
        }

        ServerName::try_from(hostname.to_string()).map_err(|e| Box::new(e) as _)
    }
}

/// A server name resolver which always returns the same fixed name.
pub struct FixedServerNameResolver {
    name: ServerName<'static>,
}

impl FixedServerNameResolver {
    /// Creates a new resolver returning the specified name.
    pub fn new(name: ServerName<'static>) -> Self {
        Self { name }
    }
}

impl ResolveServerName for FixedServerNameResolver {
    fn resolve(
        &self,
        _: &Uri,
    ) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>> {
        Ok(self.name.clone())
    }
}

impl<F, E> ResolveServerName for F
where
    F: Fn(&Uri) -> Result<ServerName<'static>, E>,
    E: Into<Box<dyn std::error::Error + Sync + Send>>,
{
    fn resolve(
        &self,
        uri: &Uri,
    ) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>> {
        self(uri).map_err(Into::into)
    }
}

/// A trait implemented by types that can resolve a [`ServerName`] for a request.
pub trait ResolveServerName {
    /// Maps a [`Uri`] into a [`ServerName`].
    fn resolve(
        &self,
        uri: &Uri,
    ) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>>;
}

#[cfg(all(
    test,
    any(feature = "ring", feature = "aws-lc-rs"),
    any(
        feature = "rustls-native-certs",
        feature = "webpki-roots",
        feature = "rustls-platform-verifier",
    )
))]
mod tests {
    use std::future::poll_fn;

    use http::Uri;
    use hyper_util::rt::TokioIo;
    use tokio::net::TcpStream;
    use tower_service::Service;

    use super::*;
    use crate::{ConfigBuilderExt, HttpsConnectorBuilder, MaybeHttpsStream};

    #[tokio::test]
    async fn connects_https() {
        connect(Allow::Any, Scheme::Https)
            .await
            .unwrap();
    }

    #[tokio::test]
    async fn connects_http() {
        connect(Allow::Any, Scheme::Http)
            .await
            .unwrap();
    }

    #[tokio::test]
    async fn connects_https_only() {
        connect(Allow::Https, Scheme::Https)
            .await
            .unwrap();
    }

    #[tokio::test]
    async fn enforces_https_only() {
        let message = connect(Allow::Https, Scheme::Http)
            .await
            .unwrap_err()
            .to_string();

        assert_eq!(message, "unsupported scheme http");
    }

    async fn connect(
        allow: Allow,
        scheme: Scheme,
    ) -> Result<MaybeHttpsStream<TokioIo<TcpStream>>, BoxError> {
        let config_builder = rustls::ClientConfig::builder();
        cfg_if::cfg_if! {
            if #[cfg(feature = "rustls-platform-verifier")] {
                let config_builder = config_builder.try_with_platform_verifier()?;
            } else if #[cfg(feature = "rustls-native-certs")] {
                let config_builder = config_builder.with_native_roots().unwrap();
            } else if #[cfg(feature = "webpki-roots")] {
                let config_builder = config_builder.with_webpki_roots();
            }
        }
        let config = config_builder.with_no_client_auth();

        let builder = HttpsConnectorBuilder::new().with_tls_config(config);
        let mut service = match allow {
            Allow::Https => builder.https_only(),
            Allow::Any => builder.https_or_http(),
        }
        .enable_http1()
        .build();

        poll_fn(|cx| service.poll_ready(cx)).await?;
        service
            .call(Uri::from_static(match scheme {
                Scheme::Https => "https://google.com",
                Scheme::Http => "http://google.com",
            }))
            .await
    }

    enum Allow {
        Https,
        Any,
    }

    enum Scheme {
        Https,
        Http,
    }
}

Coverage Report

Created: 2026-01-15 06:51

Line	Count	Source
1		use std::future::Future;
2		use std::pin::Pin;
3		use std::sync::Arc;
4		use std::task::{Context, Poll};
5		use std::{fmt, io};
6
7		use http::Uri;
8		use hyper::rt;
9		use hyper_util::client::legacy::connect::Connection;
10		use hyper_util::rt::TokioIo;
11		use pki_types::ServerName;
12		use tokio_rustls::TlsConnector;
13		use tower_service::Service;
14
15		use crate::stream::MaybeHttpsStream;
16
17		pub(crate) mod builder;
18
19		type BoxError = Box<dyn std::error::Error + Send + Sync>;
20
21		/// A Connector for the `https` scheme.
22		#[derive(Clone)]
23		pub struct HttpsConnector<T> {
24		force_https: bool,
25		http: T,
26		tls_config: Arc<rustls::ClientConfig>,
27		server_name_resolver: Arc<dyn ResolveServerName + Sync + Send>,
28		}
29
30		impl<T> HttpsConnector<T> {
31		/// Creates a [`crate::HttpsConnectorBuilder`] to configure a `HttpsConnector`.
32		///
33		/// This is the same as [`crate::HttpsConnectorBuilder::new()`].
34	0	pub fn builder() -> builder::ConnectorBuilder<builder::WantsTlsConfig> {
35	0	builder::ConnectorBuilder::new()
36	0	}
37
38		/// Force the use of HTTPS when connecting.
39		///
40		/// If a URL is not `https` when connecting, an error is returned.
41	0	pub fn enforce_https(&mut self) {
42	0	self.force_https = true;
43	0	}
44		}
45
46		impl<T> Service<Uri> for HttpsConnector<T>
47		where
48		T: Service<Uri>,
49		T::Response: Connection + rt::Read + rt::Write + Send + Unpin + 'static,
50		T::Future: Send + 'static,
51		T::Error: Into<BoxError>,
52		{
53		type Response = MaybeHttpsStream<T::Response>;
54		type Error = BoxError;
55
56		#[allow(clippy::type_complexity)]
57		type Future =
58		Pin<Box<dyn Future<Output = Result<MaybeHttpsStream<T::Response>, BoxError>> + Send>>;
59
60	0	fn poll_ready(&mut self, cx: &mut Context<'_>) -> Poll<Result<(), Self::Error>> {
61	0	match self.http.poll_ready(cx) {
62	0	Poll::Ready(Ok(())) => Poll::Ready(Ok(())),
63	0	Poll::Ready(Err(e)) => Poll::Ready(Err(e.into())),
64	0	Poll::Pending => Poll::Pending,
65		}
66	0	}
67
68	0	fn call(&mut self, dst: Uri) -> Self::Future {
69		// dst.scheme() would need to derive Eq to be matchable;
70		// use an if cascade instead
71	0	match dst.scheme() {
72	0	Some(scheme) if scheme == &http::uri::Scheme::HTTP && !self.force_https => {
73	0	let future = self.http.call(dst);
74	0	return Box::pin(async move {
75	0	Ok(MaybeHttpsStream::Http(future.await.map_err(Into::into)?))
76	0	}); Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call::{closure#0} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call::{closure#0} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call::{closure#0}
77		}
78	0	Some(scheme) if scheme != &http::uri::Scheme::HTTPS => {
79	0	let message = format!("unsupported scheme {scheme}");
80	0	return Box::pin(async move {
81	0	Err(io::Error::new(io::ErrorKind::Other, message).into())
82	0	}); Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call::{closure#1} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call::{closure#1} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call::{closure#1}
83		}
84	0	Some(_) => {}
85		None => {
86	0	return Box::pin(async move {
87	0	Err(io::Error::new(io::ErrorKind::Other, "missing scheme").into())
88	0	}) Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call::{closure#2} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call::{closure#2} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call::{closure#2}
89		}
90		};
91
92	0	let cfg = self.tls_config.clone();
93	0	let hostname = match self.server_name_resolver.resolve(&dst) {
94	0	Ok(hostname) => hostname,
95	0	Err(e) => {
96	0	return Box::pin(async move { Err(e) }); Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call::{closure#3} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call::{closure#3} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call::{closure#3}
97		}
98		};
99
100	0	let connecting_future = self.http.call(dst);
101	0	Box::pin(async move {
102	0	let tcp = connecting_future
103	0	.await
104	0	.map_err(Into::into)?;
105	0	Ok(MaybeHttpsStream::Https(TokioIo::new(
106	0	TlsConnector::from(cfg)
107	0	.connect(hostname, TokioIo::new(tcp))
108	0	.await
109	0	.map_err(\|e\| io::Error::new(io::ErrorKind::Other, e))?, Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call::{closure#4}::{closure#0} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call::{closure#4}::{closure#0} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call::{closure#4}::{closure#0}
110		)))
111	0	}) Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call::{closure#4} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call::{closure#4} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call::{closure#4}
112	0	} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as tower_service::Service<http::uri::Uri>>::call Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as tower_service::Service<http::uri::Uri>>::call Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as tower_service::Service<http::uri::Uri>>::call
113		}
114
115		impl<H, C> From<(H, C)> for HttpsConnector<H>
116		where
117		C: Into<Arc<rustls::ClientConfig>>,
118		{
119	0	fn from((http, cfg): (H, C)) -> Self {
120	0	Self {
121	0	force_https: false,
122	0	http,
123	0	tls_config: cfg.into(),
124	0	server_name_resolver: Arc::new(DefaultServerNameResolver::default()),
125	0	}
126	0	} Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>> as core::convert::From<(tower::util::service_fn::ServiceFn<<reqwest::connect::ConnectorService>::connect_local_transport::{closure#0}::{closure#0}>, alloc::sync::Arc<rustls::client::client_conn::ClientConfig>)>>::from Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>> as core::convert::From<(hyper_util::client::legacy::connect::http::HttpConnector<reqwest::dns::resolve::DynResolver>, alloc::sync::Arc<rustls::client::client_conn::ClientConfig>)>>::from Unexecuted instantiation: <hyper_rustls::connector::HttpsConnector<_> as core::convert::From<(_, _)>>::from
127		}
128
129		impl<T> fmt::Debug for HttpsConnector<T> {
130	0	fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
131	0	f.debug_struct("HttpsConnector")
132	0	.field("force_https", &self.force_https)
133	0	.finish()
134	0	}
135		}
136
137		/// The default server name resolver, which uses the hostname in the URI.
138		#[derive(Default)]
139		pub struct DefaultServerNameResolver(());
140
141		impl ResolveServerName for DefaultServerNameResolver {
142	0	fn resolve(
143	0	&self,
144	0	uri: &Uri,
145	0	) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>> {
146	0	let mut hostname = uri.host().unwrap_or_default();
147
148		// Remove square brackets around IPv6 address.
149	0	if let Some(trimmed) = hostname
150	0	.strip_prefix('[')
151	0	.and_then(\|h\| h.strip_suffix(']'))
152	0	{
153	0	hostname = trimmed;
154	0	}
155
156	0	ServerName::try_from(hostname.to_string()).map_err(\|e\| Box::new(e) as _)
157	0	}
158		}
159
160		/// A server name resolver which always returns the same fixed name.
161		pub struct FixedServerNameResolver {
162		name: ServerName<'static>,
163		}
164
165		impl FixedServerNameResolver {
166		/// Creates a new resolver returning the specified name.
167	0	pub fn new(name: ServerName<'static>) -> Self {
168	0	Self { name }
169	0	}
170		}
171
172		impl ResolveServerName for FixedServerNameResolver {
173	0	fn resolve(
174	0	&self,
175	0	_: &Uri,
176	0	) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>> {
177	0	Ok(self.name.clone())
178	0	}
179		}
180
181		impl<F, E> ResolveServerName for F
182		where
183		F: Fn(&Uri) -> Result<ServerName<'static>, E>,
184		E: Into<Box<dyn std::error::Error + Sync + Send>>,
185		{
186	0	fn resolve(
187	0	&self,
188	0	uri: &Uri,
189	0	) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>> {
190	0	self(uri).map_err(Into::into)
191	0	}
192		}
193
194		/// A trait implemented by types that can resolve a [`ServerName`] for a request.
195		pub trait ResolveServerName {
196		/// Maps a [`Uri`] into a [`ServerName`].
197		fn resolve(
198		&self,
199		uri: &Uri,
200		) -> Result<ServerName<'static>, Box<dyn std::error::Error + Sync + Send>>;
201		}
202
203		#[cfg(all(
204		test,
205		any(feature = "ring", feature = "aws-lc-rs"),
206		any(
207		feature = "rustls-native-certs",
208		feature = "webpki-roots",
209		feature = "rustls-platform-verifier",
210		)
211		))]
212		mod tests {
213		use std::future::poll_fn;
214
215		use http::Uri;
216		use hyper_util::rt::TokioIo;
217		use tokio::net::TcpStream;
218		use tower_service::Service;
219
220		use super::*;
221		use crate::{ConfigBuilderExt, HttpsConnectorBuilder, MaybeHttpsStream};
222
223		#[tokio::test]
224		async fn connects_https() {
225		connect(Allow::Any, Scheme::Https)
226		.await
227		.unwrap();
228		}
229
230		#[tokio::test]
231		async fn connects_http() {
232		connect(Allow::Any, Scheme::Http)
233		.await
234		.unwrap();
235		}
236
237		#[tokio::test]
238		async fn connects_https_only() {
239		connect(Allow::Https, Scheme::Https)
240		.await
241		.unwrap();
242		}
243
244		#[tokio::test]
245		async fn enforces_https_only() {
246		let message = connect(Allow::Https, Scheme::Http)
247		.await
248		.unwrap_err()
249		.to_string();
250
251		assert_eq!(message, "unsupported scheme http");
252		}
253
254		async fn connect(
255		allow: Allow,
256		scheme: Scheme,
257		) -> Result<MaybeHttpsStream<TokioIo<TcpStream>>, BoxError> {
258		let config_builder = rustls::ClientConfig::builder();
259		cfg_if::cfg_if! {
260		if #[cfg(feature = "rustls-platform-verifier")] {
261		let config_builder = config_builder.try_with_platform_verifier()?;
262		} else if #[cfg(feature = "rustls-native-certs")] {
263		let config_builder = config_builder.with_native_roots().unwrap();
264		} else if #[cfg(feature = "webpki-roots")] {
265		let config_builder = config_builder.with_webpki_roots();
266		}
267		}
268		let config = config_builder.with_no_client_auth();
269
270		let builder = HttpsConnectorBuilder::new().with_tls_config(config);
271		let mut service = match allow {
272		Allow::Https => builder.https_only(),
273		Allow::Any => builder.https_or_http(),
274		}
275		.enable_http1()
276		.build();
277
278		poll_fn(\|cx\| service.poll_ready(cx)).await?;
279		service
280		.call(Uri::from_static(match scheme {
281		Scheme::Https => "https://google.com",
282		Scheme::Http => "http://google.com",
283		}))
284		.await
285		}
286
287		enum Allow {
288		Https,
289		Any,
290		}
291
292		enum Scheme {
293		Https,
294		Http,
295		}
296		}