test implementation of secure dns for websocket connection establishm…

…ent. depends on #5355
nymtech · Jan 23, 2025 · 7e8dc07 · 7e8dc07
1 parent 04fd197
commit 7e8dc07
Show file tree

Hide file tree

Showing 9 changed files with 334 additions and 5 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -254,6 +254,7 @@ handlebars = "3.5.5"
 headers = "0.4.0"
 hex = "0.4.3"
 hex-literal = "0.3.3"
+hickory-resolver = "0.24.2"
 hkdf = "0.12.3"
 hmac = "0.12.1"
 http = "1"

diff --git a/common/client-core/Cargo.toml b/common/client-core/Cargo.toml
@@ -40,6 +40,7 @@ nym-crypto = { path = "../crypto" }
 nym-explorer-client = { path = "../../explorer-api/explorer-client" }
 nym-gateway-client = { path = "../client-libs/gateway-client" }
 nym-gateway-requests = { path = "../gateway-requests" }
+nym-http-api-client = { path = "../http-api-client" }
 nym-metrics = { path = "../nym-metrics" }
 nym-nonexhaustive-delayqueue = { path = "../nonexhaustive-delayqueue" }
 nym-sphinx = { path = "../nymsphinx" }

diff --git a/common/client-core/src/init/helpers.rs b/common/client-core/src/init/helpers.rs
@@ -3,6 +3,7 @@
 
 use crate::error::ClientCoreError;
 use crate::init::types::RegistrationResult;
+use crate::init::websockets::connect_async;
 use futures::{SinkExt, StreamExt};
 use log::{debug, info, trace, warn};
 use nym_crypto::asymmetric::identity;
@@ -23,7 +24,6 @@ use tokio::time::sleep;
 #[cfg(not(target_arch = "wasm32"))]
 use tokio::time::Instant;
 #[cfg(not(target_arch = "wasm32"))]
-use tokio_tungstenite::connect_async;
 #[cfg(not(target_arch = "wasm32"))]
 use tokio_tungstenite::{MaybeTlsStream, WebSocketStream};
 #[cfg(target_arch = "wasm32")]

diff --git a/common/client-core/src/init/mod.rs b/common/client-core/src/init/mod.rs
@@ -26,6 +26,7 @@ use serde::Serialize;
 
 pub mod helpers;
 pub mod types;
+pub mod websockets;
 
 // helpers for error wrapping
 

diff --git a/common/client-core/src/init/websockets.rs b/common/client-core/src/init/websockets.rs
@@ -0,0 +1,26 @@
+use nym_http_api_client::dns::HickoryDnsResolver;
+use tokio::net::TcpStream;
+use tokio_tungstenite::{MaybeTlsStream, WebSocketStream};
+use tungstenite::{
+    error::{Error, UrlError},
+    handshake::client::Response,
+};
+
+#[cfg(not(target_arch = "wasm32"))]
+pub(crate) async fn connect_async(
+    endpoint: &str,
+) -> Result<(WebSocketStream<MaybeTlsStream<TcpStream>>, Response), Error> {
+    use std::net::SocketAddr;
+
+    let resolver = HickoryDnsResolver::default();
+
+    let sock_addrs: Vec<SocketAddr> = resolver
+        .resolve_str(endpoint)
+        .await
+        .map_err(|_| UrlError::NoPathOrQuery)? // failed to resolve
+        .collect();
+
+    let stream = TcpStream::connect(&sock_addrs[..]).await?;
+
+    tokio_tungstenite::client_async_tls(endpoint, stream).await
+}
diff --git a/common/http-api-client/Cargo.toml b/common/http-api-client/Cargo.toml
@@ -12,6 +12,8 @@ license.workspace = true
 
 [dependencies]
 async-trait = { workspace = true }
+once_cell = { workspace = true }
+hickory-resolver = { workspace = true, features = ["dns-over-https-rustls", "webpki-roots"] }
 reqwest = { workspace = true, features = ["json"] }
 http.workspace = true
 url = { workspace = true }
@@ -26,3 +28,6 @@ nym-bin-common = { path = "../bin-common" }
 [target."cfg(target_arch = \"wasm32\")".dependencies.wasmtimer]
 workspace = true
 features = ["tokio"]
+
+[dev-dependencies]
+tokio = { workspace = true, features=["rt", "macros"] }