chore(sdk): ca certificate passed as Certificate object to dapi-clien…

…t, not bytes
dashpay · Dec 3, 2024 · 6447dae · 6447dae
1 parent d15438e
commit 6447dae
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/packages/rs-dapi-client/src/dapi_client.rs b/packages/rs-dapi-client/src/dapi_client.rs
@@ -106,8 +106,8 @@ impl DapiClient {
     ///
     /// # Returns
     /// [DapiClient] with CA certificate set.
-    pub fn with_ca_certificate(mut self, pem_ca_cert: &[u8]) -> Self {
-        self.ca_certificate = Some(Certificate::from_pem(pem_ca_cert));
+    pub fn with_ca_certificate(mut self, ca_cert: Certificate) -> Self {
+        self.ca_certificate = Some(ca_cert);
 
         self
     }

diff --git a/packages/rs-sdk/src/sdk.rs b/packages/rs-sdk/src/sdk.rs
@@ -10,6 +10,7 @@ use crate::platform::{Fetch, Identifier};
 use arc_swap::{ArcSwapAny, ArcSwapOption};
 use dapi_grpc::mock::Mockable;
 use dapi_grpc::platform::v0::{Proof, ResponseMetadata};
+use dapi_grpc::tonic::transport::Certificate;
 use dpp::bincode;
 use dpp::bincode::error::DecodeError;
 use dpp::dashcore::Network;
@@ -750,7 +751,7 @@ pub struct SdkBuilder {
     pub(crate) cancel_token: CancellationToken,
 
     /// CA certificate to use for TLS connections.
-    ca_certificate: Option<Vec<u8>>,
+    ca_certificate: Option<Certificate>,
 }
 
 impl Default for SdkBuilder {
@@ -838,8 +839,8 @@ impl SdkBuilder {
     /// Used mainly for testing purposes and local networks.
     ///
     /// If not set, uses standard system CA certificates.
-    pub fn with_ca_certificate(mut self, pem_certificate: &[u8]) -> Self {
-        self.ca_certificate = Some(pem_certificate.to_vec());
+    pub fn with_ca_certificate(mut self, pem_certificate: Certificate) -> Self {
+        self.ca_certificate = Some(pem_certificate);
         self
     }
 
@@ -851,8 +852,21 @@ impl SdkBuilder {
         self,
         certificate_file_path: impl AsRef<std::path::Path>,
     ) -> std::io::Result<Self> {
-        let pem = std::fs::read(certificate_file_path).expect("failed to read file");
-        Ok(self.with_ca_certificate(&pem))
+        let pem = std::fs::read(certificate_file_path)?;
+
+        // parse the certificate and check if it's valid
+        let mut verified_pem = std::io::BufReader::new(pem.as_slice());
+        rustls_pemfile::certs(&mut verified_pem)
+            .next()
+            .ok_or_else(|| {
+                std::io::Error::new(
+                    std::io::ErrorKind::InvalidData,
+                    "No valid certificates found in the file",
+                )
+            })??;
+
+        let cert = Certificate::from_pem(pem);
+        Ok(self.with_ca_certificate(cert))
     }
 
     /// Configure request settings.
@@ -984,7 +998,7 @@ impl SdkBuilder {
             Some(addresses) => {
                 let mut dapi = DapiClient::new(addresses, self.settings);
                 if let Some(pem) = self.ca_certificate {
-                    dapi = dapi.with_ca_certificate(&pem);
+                    dapi = dapi.with_ca_certificate(pem);
                 }
 
                 #[cfg(feature = "mocks")]

diff --git a/packages/rs-sdk/tests/fetch/config.rs b/packages/rs-sdk/tests/fetch/config.rs
@@ -49,7 +49,7 @@ pub struct Config {
     #[serde(default)]
     pub platform_ssl: bool,
 
-    /// When platform_ssl is true, use the PEM-encoded CA certificate from provided absolute path to verify the server
+    /// When platform_ssl is true, use the PEM-encoded CA certificate from provided absolute path to verify the server certificate.
     #[serde(default)]
     pub platform_ca_cert_path: Option<PathBuf>,