Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(sdk)!: allow setting CA cert to use when connecting to dapi servers #1924

Open
wants to merge 418 commits into
base: master
Choose a base branch
from
Open

feat(sdk)!: allow setting CA cert to use when connecting to dapi servers #1924

wants to merge 418 commits into from
+257,376 −96,355

Conversation

lklimek
Copy link
Contributor

@lklimek lklimek commented Jul 3, 2024
edited

Issue being fixed or feature implemented

To intercept traffic, I use mitmproxy.
However, it doesn't support http/3 without tls, and to work with tls I need to set ca certificate inside SDK.

What was done?

Developers can use SdkBuilder::with_ca_certificate to provide CA certificate to use when verifying DAPI certificates.

Added CA cert to DapiClient and AppliedRequestSettings.

This means that AppliedRequestSettings no longer implements Copy trait.

How Has This Been Tested?

  1. Setup local devnet with mitm proxy running with ssl/tls support
  2. In packages/rs-sdk/tests/.env set DASH_SDK_PLATFORM_SSL=true but no SSL cert
  3. Test using cargo test -p dash-sdk --no-default-features -F network-testing test_data_contract_read_not_found; result: error
  4. In packages/rs-sdk/tests/.env set DASH_SDK_PLATFORM_CA_CERT_PATH=/path/to/mitmproxy/cacrt.pem
  5. Run the test again using cargo test -p dash-sdk --no-default-features -F network-testing test_data_contract_read_not_found; result: OK

Breaking Changes

AppliedRequestSettings have one additional field that must be filled (can be None).

AppliedRequestSettings no longer implement Copy trait.

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added or updated relevant unit/integration/functional/e2e tests
  • I have added "!" to the title and described breaking changes in the corresponding section if my code contains any
  • I have made corresponding changes to the documentation if needed

For repository code-owners and collaborators only

  • I have assigned this pull request to a milestone

pauldelucia and others added 30 commits May 7, 2024 19:06
@pauldelucia
feat: use all current identities for strategy test state transitions (#…
c7a1b0f 
…1820)
@QuantumExplorer
refactor(platform)!: document creation/update/deletion does not refet…
2b56263 
…ch contract (#1840)
@lklimek
refactor(sdk)!: don't return Arc in SdkBuilder (#1838)
63d06f6
@pauldelucia
Merge branch 'v1.0-dev' into feat/public-document-price-update
ddc9c0c
@pauldelucia
feat: make start identities number u16
fbdfef5
@shumkov
chore: observability and security for HTTP gateway (#1825)
e624e02
@pauldelucia
feat: put index serialization behind feature
1185bc5
@pauldelucia
Merge branch 'v1.0-dev' into feat/public-document-price-update
76836ac
@pauldelucia
chore: updates needed for compatibility with nfts in the tui (#1833)
26abf50
@pauldelucia
Merge remote-tracking branch 'origin' into feat/make-start-identities…
3c2c524 
…-u16
@pauldelucia
feat: make start identities number u16 (#1841)
b34de38
@shumkov
chore(release): update changelog and bump version to 1.0.0-dev.13 (#1842
54623e2 
)
@shumkov
refactor: rename DataContractConfig.validate_config_update (#1843)
ed36e73
@shumkov
refactor: rename validate to full_validation (#1845)
7e5b932
@pshenmic
feat(dashmate): check for DKG before stopping node (#1683)
e1a6191
@shumkov
fix!: data contract transition validation issues (#1835)
c04d6ac
@shumkov
chore(release): update changelog and bump version to 1.0.0-dev.14 (#1847
e80854c 
)
@pauldelucia
feat: implement mempool document counter in strategy tests
fc5c7b8
@pauldelucia
change to 10 eligible identities and add warning if there are 0
f15725b
@QuantumExplorer
docs(drive-abci): added some comments on the initial core height and …
3e163aa 
…quorums (#1849)
@pauldelucia
feat: implement mempool document counter in strategy tests (#1848)
74f552f
@pauldelucia
fix: select random identities for strategy documents
48a1511
@shumkov @pauldelucia
chore(drive): state transition observability (#1846)
d7b4541 
Co-authored-by: Paul DeLucia <[email protected]>
@shumkov
chore(release): update changelog and bump version to 1.0.0-dev.15 (#1855
46b8b3e 
)
@pauldelucia
fix: improve efficiency of identity random sampling
afb16a8
@fominok @lklimek
feat(dpp): random documents based on JSON schema (#1710)
ff8e7c5 
Co-authored-by: lklimek <[email protected]>
@pauldelucia
fix: only clone the eligible identities
9e5d088
@pauldelucia
Merge branch 'v1.0-dev' into fix/select-random-identities-for-strateg…
fa37fab 
…y-documents
@pauldelucia
feat: use all eligible identities and slightly more robust checking
f85d9cb
@shumkov
chore: chose capable identities for random documents
4ae93ab
@lklimek lklimek changed the base branch from v1.0-dev to v1.1-dev August 19, 2024 11:37
@lklimek lklimek marked this pull request as ready for review August 19, 2024 11:54
fominok
fominok reviewed Aug 19, 2024
View reviewed changes
packages/rs-sdk/src/sdk.rs
///
/// This is a convenience method that reads the certificate from a file and sets it using
/// [SdkBuilder::with_ca_certificate()].
pub fn with_ca_certificate_file(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a better approach would be to have just a single with_ca_certificate and expect an actual certificate value, users can figure out where and how to get it as long as it can be constructed

lklimek and others added 10 commits August 20, 2024 18:52
@lklimek lklimek modified the milestones: v1.1.0, v1.2.0 Aug 23, 2024
@shumkov shumkov changed the base branch from v1.1-dev to master August 25, 2024 07:39
@shumkov shumkov requested a review from antouhou as a code owner August 25, 2024 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fominok fominok fominok left review comments

@shumkov shumkov Awaiting requested review from shumkov shumkov is a code owner

@QuantumExplorer QuantumExplorer Awaiting requested review from QuantumExplorer QuantumExplorer is a code owner

@antouhou antouhou Awaiting requested review from antouhou

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.2.0
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@lklimek @fominok @pauldelucia @QuantumExplorer @shumkov @pshenmic @thephez @ogabrielides @ktechmidas