fix up tls. works on android

Signed-off-by: George Mulhearn <[email protected]>
hyperledger · Dec 1, 2024 · 25c10ee · 25c10ee
1 parent fd2c009
commit 25c10ee
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 59 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/aries/messages/src/msg_types/protocols/did_exchange.rs b/aries/messages/src/msg_types/protocols/did_exchange.rs
@@ -63,7 +63,6 @@ mod tests {
 
     #[test]
     fn test_protocol_didexchange_v1_1() {
-        let x = Protocol::from(DidExchangeTypeV1::new_v1_1());
         test_utils::test_serde(
             Protocol::from(DidExchangeTypeV1::new_v1_1()),
             json!("https://didcomm.org/didexchange/1.1"),

diff --git a/did_core/did_methods/did_cheqd/Cargo.toml b/did_core/did_methods/did_cheqd/Cargo.toml
@@ -16,17 +16,21 @@ tonic = { version = "0.12.3", default-features = false, features = [
     "codegen",
     "prost",
     "channel",
-    "tls-native-roots",
 ] }
 prost = { version = "0.13.3", default-features = false }
 prost-types = "0.13.3"
+native-tls = { version = "0.2.12", features = ["alpn"] }
+hyper-tls = "0.6.0"
+hyper-util = { version = "0.1.10", features = ["client-legacy", "http2"] }
+http-body-util = "0.1.2"
 async-trait = "0.1.68"
 serde_json = "1.0.96"
 serde = { version = "1.0.160", features = ["derive"] }
 thiserror = "1.0.40"
 tokio = { version = "1.38.0" }
 chrono = { version = "0.4.24", default-features = false }
 url = { version = "2.3.1", default-features = false }
+bytes = "1.8.0"
 
 [dev-dependencies]
 tokio = { version = "1.38.0", default-features = false, features = [

diff --git a/did_core/did_methods/did_cheqd/src/resolution/resolver.rs b/did_core/did_methods/did_cheqd/src/resolution/resolver.rs
@@ -1,15 +1,22 @@
-use std::{collections::HashMap, error::Error};
+use std::{collections::HashMap, str::FromStr};
 
 use async_trait::async_trait;
+use bytes::Bytes;
 use did_resolver::{
     did_doc::schema::did_doc::DidDocument,
     did_parser_nom::Did,
     error::GenericError,
     shared_types::did_document_metadata::DidDocumentMetadata,
     traits::resolvable::{resolution_output::DidResolutionOutput, DidResolvable},
 };
+use http_body_util::combinators::UnsyncBoxBody;
+use hyper_tls::HttpsConnector;
+use hyper_util::{
+    client::legacy::{connect::HttpConnector, Client},
+    rt::TokioExecutor,
+};
 use tokio::sync::Mutex;
-use tonic::transport::{Channel, Endpoint};
+use tonic::{transport::Uri, Status};
 
 use crate::{
     error::{DidCheqdError, DidCheqdResult},
@@ -60,10 +67,12 @@ impl NetworkConfiguration {
     }
 }
 
+type HyperClient = Client<HttpsConnector<HttpConnector>, UnsyncBoxBody<Bytes, Status>>;
+
 #[derive(Clone)]
 struct CheqdGrpcClient {
-    did: DidQueryClient<Channel>,
-    _resources: ResourceQueryClient<Channel>,
+    did: DidQueryClient<HyperClient>,
+    _resources: ResourceQueryClient<HyperClient>,
 }
 
 pub struct DidCheqdResolver {
@@ -105,14 +114,16 @@ impl DidCheqdResolver {
             .find(|n| n.namespace == network)
             .ok_or(DidCheqdError::NetworkNotSupported(network.to_owned()))?;
 
-        // initialize new
-        let conn = Endpoint::new(network_config.grpc_url.clone())
-            .map_err(|e| DidCheqdError::BadConfiguration(format!("{e} {:?}", e.source())))?
-            .connect()
-            .await?;
+        let client = native_tls_hyper_client()?;
+        let origin = Uri::from_str(&network_config.grpc_url).map_err(|e| {
+            DidCheqdError::BadConfiguration(format!(
+                "GRPC URL is not a URI: {} {e}",
+                network_config.grpc_url
+            ))
+        })?;
 
-        let did_client = DidQueryClient::new(conn.clone());
-        let resource_client = ResourceQueryClient::new(conn);
+        let did_client = DidQueryClient::with_origin(client.clone(), origin.clone());
+        let resource_client = ResourceQueryClient::with_origin(client, origin);
 
         let client = CheqdGrpcClient {
             did: did_client,
@@ -124,7 +135,13 @@ impl DidCheqdResolver {
         Ok(client)
     }
 
+    /// Resolve a cheqd DID.
     pub async fn resolve_did(&self, did: &Did) -> DidCheqdResult<DidResolutionOutput> {
+        let method = did.method();
+        if method != Some("cheqd") {
+            return Err(DidCheqdError::MethodNotSupported(format!("{method:?}")));
+        }
+
         let network = did.namespace().unwrap_or(MAINNET_NAMESPACE);
         let mut client = self.client_for_network(network).await?;
         let did = did.did().to_owned();
@@ -151,3 +168,22 @@ impl DidCheqdResolver {
         Ok(output_builder.build())
     }
 }
+
+/// Assembles a hyper client which:
+/// * uses native TLS
+/// * supports HTTP2 only (gRPC)
+fn native_tls_hyper_client() -> DidCheqdResult<HyperClient> {
+    let tls = native_tls::TlsConnector::builder()
+        .request_alpns(&["h2"])
+        .build()
+        .map_err(|e| {
+            DidCheqdError::BadConfiguration(format!("Failed to build TlsConnector: {e}"))
+        })?;
+    let mut http = HttpConnector::new();
+    http.enforce_http(false);
+    let connector = HttpsConnector::from((http, tls.into()));
+
+    Ok(Client::builder(TokioExecutor::new())
+        .http2_only(true)
+        .build(connector))
+}