rd
: Don't downgrade to HTTP #7
1 changed files with 24 additions and 106 deletions
|
@ -15,17 +15,16 @@ impl ResourceDescriptor {
|
||||||
///
|
///
|
||||||
/// In order, this method attempts:
|
/// In order, this method attempts:
|
||||||
///
|
///
|
||||||
/// 1. HTTPS [XRD](ResourceDescriptorJRD::get)
|
/// 1. [XRD](ResourceDescriptorJRD::get)
|
||||||
/// 2. HTTPS [JRD](ResourceDescriptorJRD::get)
|
/// 2. [JRD](ResourceDescriptorJRD::get)
|
||||||
/// 3. HTTPS [JRD](ResourceDescriptorJRD::get) with .json path suffix
|
/// 3. [JRD](ResourceDescriptorJRD::get) with .json path suffix
|
||||||
/// 4. HTTP [XRD](ResourceDescriptorJRD::get)
|
|
||||||
/// 5. HTTP [JRD](ResourceDescriptorJRD::get)
|
|
||||||
/// 6. HTTP [JRD](ResourceDescriptorJRD::get) with .json path suffix
|
|
||||||
///
|
///
|
||||||
/// # Notes
|
/// # Notes
|
||||||
///
|
///
|
||||||
/// This follows redirects until the redirect chain is 10 hops; see [`reqwest::redirect`] for more info.
|
/// This follows redirects until the redirect chain is 10 hops; see [`reqwest::redirect`] for more info.
|
||||||
///
|
///
|
||||||
|
/// Only the protocol specified in the passed [`reqwest::Url`] is used to fetch the [`ResourceDescriptor`]; despite the specification allowing servers to use only one between HTTP and HTTPS, no implicit downgrade is ever performed to prevent MITM attacks.
|
||||||
|
///
|
||||||
/// # Examples
|
/// # Examples
|
||||||
///
|
///
|
||||||
/// ```
|
/// ```
|
||||||
|
@ -53,121 +52,51 @@ impl ResourceDescriptor {
|
||||||
log::trace!("Unsetting URL fragment...");
|
log::trace!("Unsetting URL fragment...");
|
||||||
url.set_fragment(None);
|
url.set_fragment(None);
|
||||||
|
|
||||||
log::trace!("Setting URL scheme to HTTPS...");
|
log::trace!("Attempting XRD retrieval...");
|
||||||
url.set_scheme("https")
|
let xrd = match ResourceDescriptorXRD::get(client, url.clone()).await {
|
||||||
.map_err(UrlManipulation)?;
|
|
||||||
|
|
||||||
log::trace!("Cloning URL for HTTPS XRD retrieval...");
|
|
||||||
let https_xrd_url = url.clone();
|
|
||||||
|
|
||||||
log::trace!("Attempting HTTPS XRD retrieval...");
|
|
||||||
let https_xrd = match ResourceDescriptorXRD::get(client, https_xrd_url).await {
|
|
||||||
Ok(data) => {
|
Ok(data) => {
|
||||||
log::trace!("HTTPS XRD retrieval was successful, returning...");
|
log::trace!("XRD retrieval was successful, returning...");
|
||||||
return Ok(Self::XRD(data))
|
return Ok(Self::XRD(data))
|
||||||
}
|
}
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
log::warn!("HTTPS XRD retrieval failed.");
|
log::warn!("XRD retrieval failed.");
|
||||||
err
|
err
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
log::trace!("Cloning URL for HTTPS JRD retrieval...");
|
log::trace!("Attempting JRD retrieval...");
|
||||||
let https_jrd_url = url.clone();
|
let jrd = match ResourceDescriptorJRD::get(client, url.clone()).await {
|
||||||
|
|
||||||
log::trace!("Attempting HTTPS JRD retrieval...");
|
|
||||||
let https_jrd = match ResourceDescriptorJRD::get(client, https_jrd_url).await {
|
|
||||||
Ok(data) => {
|
Ok(data) => {
|
||||||
log::trace!("HTTPS JRD retrieval was successful, returning...");
|
log::trace!("JRD retrieval was successful, returning...");
|
||||||
return Ok(Self::JRD(data))
|
return Ok(Self::JRD(data))
|
||||||
}
|
}
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
log::warn!("HTTPS JRD retrieval failed.");
|
log::warn!("JRD retrieval failed.");
|
||||||
err
|
err
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
log::trace!("Cloning URL for HTTPS JRD .json retrieval...");
|
log::trace!("Altering URL path for JRD .json retrieval...");
|
||||||
let mut https_jrdj_url = url.clone();
|
url.set_path(
|
||||||
|
&format!("{}.json", url.path())
|
||||||
log::trace!("Altering URL path for HTTPS JRD .json retrieval...");
|
|
||||||
https_jrdj_url.set_path(
|
|
||||||
&format!("{}.json", https_jrdj_url.path())
|
|
||||||
);
|
);
|
||||||
|
|
||||||
log::trace!("Attempting HTTPS JRD .json retrieval...");
|
log::trace!("Attempting JRD .json retrieval...");
|
||||||
let https_jrdj = match ResourceDescriptorJRD::get(client, https_jrdj_url).await {
|
let jrdj = match ResourceDescriptorJRD::get(client, url.clone()).await {
|
||||||
Ok(data) => {
|
Ok(data) => {
|
||||||
log::trace!("HTTPS JRD .json retrieval was successful, returning...");
|
log::trace!("JRD .json retrieval was successful, returning...");
|
||||||
return Ok(Self::JRD(data))
|
return Ok(Self::JRD(data))
|
||||||
}
|
}
|
||||||
Err(err) => {
|
Err(err) => {
|
||||||
log::warn!("HTTPS JRD .json retrieval failed.");
|
log::warn!("JRD .json retrieval failed.");
|
||||||
err
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
log::trace!("Setting URL scheme to HTTP...");
|
|
||||||
url.set_scheme("http")
|
|
||||||
.map_err(UrlManipulation)?;
|
|
||||||
|
|
||||||
log::trace!("Cloning URL for HTTP XRD retrieval...");
|
|
||||||
let http_xrd_url = url.clone();
|
|
||||||
|
|
||||||
log::trace!("Attempting HTTP XRD retrieval...");
|
|
||||||
let http_xrd = match ResourceDescriptorXRD::get(client, http_xrd_url).await {
|
|
||||||
Ok(data) => {
|
|
||||||
log::trace!("HTTP XRD retrieval was successful, returning...");
|
|
||||||
return Ok(Self::XRD(data))
|
|
||||||
}
|
|
||||||
Err(err) => {
|
|
||||||
log::warn!("HTTP XRD retrieval failed.");
|
|
||||||
err
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
log::trace!("Cloning URL for HTTP JRD retrieval...");
|
|
||||||
let http_jrd_url = url.clone();
|
|
||||||
|
|
||||||
log::trace!("Attempting HTTP JRD retrieval...");
|
|
||||||
let http_jrd = match ResourceDescriptorJRD::get(client, http_jrd_url).await {
|
|
||||||
Ok(data) => {
|
|
||||||
log::trace!("HTTP JRD retrieval was successful, returning...");
|
|
||||||
return Ok(Self::JRD(data))
|
|
||||||
}
|
|
||||||
Err(err) => {
|
|
||||||
log::warn!("HTTP JRD retrieval failed.");
|
|
||||||
err
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
log::trace!("Cloning URL for HTTP JRD .json retrieval...");
|
|
||||||
let mut http_jrdj_url = url.clone();
|
|
||||||
|
|
||||||
log::trace!("Altering URL path for HTTPS JRD .json retrieval...");
|
|
||||||
http_jrdj_url.set_path(
|
|
||||||
&format!("{}.json", http_jrdj_url.path())
|
|
||||||
);
|
|
||||||
|
|
||||||
log::trace!("Attempting HTTP JRD .json retrieval...");
|
|
||||||
let http_jrdj = match ResourceDescriptorJRD::get(client, http_jrdj_url).await {
|
|
||||||
Ok(data) => {
|
|
||||||
log::trace!("HTTP JRD .json retrieval was successful, returning...");
|
|
||||||
return Ok(Self::JRD(data))
|
|
||||||
}
|
|
||||||
Err(err) => {
|
|
||||||
log::warn!("HTTP JRD .json retrieval failed.");
|
|
||||||
err
|
err
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
Err(Fetch(GetFetchFailures {
|
Err(Fetch(GetFetchFailures {
|
||||||
https_xrd,
|
xrd,
|
||||||
https_jrd,
|
jrd,
|
||||||
https_jrdj,
|
jrdj,
|
||||||
http_xrd,
|
|
||||||
http_jrd,
|
|
||||||
http_jrdj,
|
|
||||||
}))
|
}))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -262,7 +191,7 @@ pub enum GetError {
|
||||||
Fetch(GetFetchFailures),
|
Fetch(GetFetchFailures),
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Request errors occurred during [`ResourceDescriptor::discover_http`] or [`ResourceDescriptor::discover`].
|
/// Request errors occurred during [`ResourceDescriptor::get`].
|
||||||
#[derive(Debug, Error)]
|
#[derive(Debug, Error)]
|
||||||
#[error("all attempts of fetching the resource descriptor document failed")]
|
#[error("all attempts of fetching the resource descriptor document failed")]
|
||||||
pub struct GetFetchFailures {
|
pub struct GetFetchFailures {
|
||||||
|
@ -275,14 +204,3 @@ pub struct GetFetchFailures {
|
||||||
/// JRD with .json extension retrieval.
|
/// JRD with .json extension retrieval.
|
||||||
pub jrdj: GetJRDError,
|
pub jrdj: GetJRDError,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Request errors occurred during [`ResourceDescriptor::discover`].
|
|
||||||
#[derive(Debug, Error)]
|
|
||||||
#[error("all attempts of fetching the resource descriptor document failed with all protocols")]
|
|
||||||
pub struct GetFetchFailuresMultiprotocol {
|
|
||||||
/// HTTPS.
|
|
||||||
pub https: GetFetchFailures,
|
|
||||||
|
|
||||||
/// HTTP.
|
|
||||||
pub http: GetFetchFailures,
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue