From cdef6f51f38ceddb86dfcb4fb6a7df9c9ae27616 Mon Sep 17 00:00:00 2001
From: Pete Gadomski <pete.gadomski@gmail.com>
Date: Wed, 18 Dec 2024 09:53:15 -0700
Subject: [PATCH] feat: allow tls (#15)

---
 Cargo.lock        | 199 ++++++++++++++++++++++++++++++++++++++++++++++
 Cargo.toml        |   4 +-
 src/lib.rs        |   8 +-
 tests/conftest.py |  15 ++--
 4 files changed, 216 insertions(+), 10 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 1d500b3..ca25286 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -119,6 +119,12 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
 
+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
 [[package]]
 name = "bb8"
 version = "0.8.6"
@@ -232,6 +238,12 @@ dependencies = [
  "windows-targets",
 ]
 
+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.7"
@@ -277,6 +289,29 @@ dependencies = [
  "typenum",
 ]
 
+[[package]]
+name = "der"
+version = "0.7.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
+dependencies = [
+ "const-oid",
+ "der_derive",
+ "flagset",
+ "zeroize",
+]
+
+[[package]]
+name = "der_derive"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "digest"
 version = "0.10.7"
@@ -311,6 +346,12 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7"
 
+[[package]]
+name = "flagset"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec"
+
 [[package]]
 name = "fluent-uri"
 version = "0.1.4"
@@ -912,12 +953,15 @@ name = "pgstac"
 version = "0.2.2"
 source = "git+https://github.com/stac-utils/stac-rs#87ce7cd4cfea052c841e2a2b329098b797228202"
 dependencies = [
+ "rustls",
  "serde",
  "serde_json",
  "stac",
  "stac-api",
  "thiserror 2.0.4",
  "tokio-postgres",
+ "tokio-postgres-rustls",
+ "webpki-roots",
 ]
 
 [[package]]
@@ -1222,12 +1266,58 @@ version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
+[[package]]
+name = "ring"
+version = "0.17.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "getrandom",
+ "libc",
+ "spin",
+ "untrusted",
+ "windows-sys",
+]
+
 [[package]]
 name = "rustc-demangle"
 version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
 
+[[package]]
+name = "rustls"
+version = "0.23.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5065c3f250cbd332cd894be57c40fa52387247659b14a2d6041d121547903b1b"
+dependencies = [
+ "once_cell",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "rustls-pki-types"
+version = "1.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37"
+
+[[package]]
+name = "rustls-webpki"
+version = "0.102.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
+dependencies = [
+ "ring",
+ "rustls-pki-types",
+ "untrusted",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.18"
@@ -1333,6 +1423,22 @@ dependencies = [
  "windows-sys",
 ]
 
+[[package]]
+name = "spin"
+version = "0.9.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
+
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.0"
@@ -1511,6 +1617,27 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
+[[package]]
+name = "tls_codec"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a"
+dependencies = [
+ "tls_codec_derive",
+ "zeroize",
+]
+
+[[package]]
+name = "tls_codec_derive"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "tokio"
 version = "1.42.0"
@@ -1553,6 +1680,31 @@ dependencies = [
  "whoami",
 ]
 
+[[package]]
+name = "tokio-postgres-rustls"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27d684bad428a0f2481f42241f821db42c54e2dc81d8c00db8536c506b0a0144"
+dependencies = [
+ "const-oid",
+ "ring",
+ "rustls",
+ "tokio",
+ "tokio-postgres",
+ "tokio-rustls",
+ "x509-cert",
+]
+
+[[package]]
+name = "tokio-rustls"
+version = "0.26.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37"
+dependencies = [
+ "rustls",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-util"
 version = "0.7.13"
@@ -1642,6 +1794,12 @@ version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce"
 
+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "url"
 version = "2.5.4"
@@ -1749,6 +1907,15 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.26.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d642ff16b7e79272ae451b7322067cdc17cadf68c23264be9d94a32319efe7e"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "whoami"
 version = "1.5.2"
@@ -1866,6 +2033,18 @@ version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51"
 
+[[package]]
+name = "x509-cert"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94"
+dependencies = [
+ "const-oid",
+ "der",
+ "spki",
+ "tls_codec",
+]
+
 [[package]]
 name = "yoke"
 version = "0.7.5"
@@ -1932,6 +2111,26 @@ dependencies = [
  "synstructure",
 ]
 
+[[package]]
+name = "zeroize"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
+dependencies = [
+ "zeroize_derive",
+]
+
+[[package]]
+name = "zeroize_derive"
+version = "1.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "zerovec"
 version = "0.10.4"
diff --git a/Cargo.toml b/Cargo.toml
index b8fff79..3c9baed 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -12,7 +12,9 @@ crate-type = ["cdylib"]
 bb8 = "0.8.6"
 bb8-postgres = "0.8.1"
 geojson = "0.24.1"
-pgstac = { version = "0.2.2", git = "https://github.com/stac-utils/stac-rs" }
+pgstac = { version = "0.2.2", git = "https://github.com/stac-utils/stac-rs", features = [
+    "tls",
+] }
 pyo3 = "0.23.2"
 pyo3-async-runtimes = { version = "0.23.0", features = [
     "tokio",
diff --git a/src/lib.rs b/src/lib.rs
index 4655426..80bf45b 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -2,7 +2,7 @@
 
 use bb8::{Pool, RunError};
 use bb8_postgres::PostgresConnectionManager;
-use pgstac::Pgstac;
+use pgstac::{make_unverified_tls, MakeRustlsConnect, Pgstac};
 use pyo3::{
     create_exception,
     exceptions::{PyException, PyValueError},
@@ -18,7 +18,7 @@ use tokio_postgres::{Config, NoTls};
 create_exception!(pgstacrs, PgstacError, PyException);
 create_exception!(pgstacrs, StacError, PyException);
 
-type PgstacPool = Pool<PostgresConnectionManager<NoTls>>;
+type PgstacPool = Pool<PostgresConnectionManager<MakeRustlsConnect>>;
 
 #[derive(Debug, Error)]
 enum Error {
@@ -68,7 +68,7 @@ impl Client {
         let config: Config = params
             .parse()
             .map_err(|err: <Config as FromStr>::Err| PyValueError::new_err(err.to_string()))?;
-        let manager = PostgresConnectionManager::new(config.clone(), NoTls);
+        let manager = PostgresConnectionManager::new(config.clone(), make_unverified_tls());
         pyo3_async_runtimes::tokio::future_into_py(py, async move {
             {
                 // Quick connection to get better errors, bb8 will just time out
@@ -308,7 +308,7 @@ impl Client {
     fn run<'a, F, T>(
         &self,
         py: Python<'a>,
-        f: impl FnOnce(Pool<PostgresConnectionManager<NoTls>>) -> F + Send + 'static,
+        f: impl FnOnce(Pool<PostgresConnectionManager<MakeRustlsConnect>>) -> F + Send + 'static,
     ) -> PyResult<Bound<'a, PyAny>>
     where
         F: Future<Output = Result<T>> + Send,
diff --git a/tests/conftest.py b/tests/conftest.py
index a77ce0e..f25fc66 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -1,6 +1,6 @@
 import json
 from pathlib import Path
-from typing import Any, AsyncIterator, Iterator, cast
+from typing import Any, Iterator, cast
 
 import pytest
 from pgstacrs import Client
@@ -38,7 +38,7 @@ def pgstac(
 
 
 @pytest.fixture
-async def client(pgstac: PostgreSQLExecutor) -> AsyncIterator[Client]:
+def database_janitor(pgstac: PostgreSQLExecutor) -> Iterator[DatabaseJanitor]:
     with DatabaseJanitor(
         user=pgstac.user,
         host=pgstac.host,
@@ -48,9 +48,14 @@ async def client(pgstac: PostgreSQLExecutor) -> AsyncIterator[Client]:
         dbname="pypgstac_test",
         template_dbname=pgstac.template_dbname,
     ) as database_janitor:
-        yield await Client.open(
-            f"user={database_janitor.user} host={database_janitor.host} port={database_janitor.port} dbname={database_janitor.dbname} password={database_janitor.password}"
-        )
+        yield database_janitor
+
+
+@pytest.fixture
+async def client(database_janitor: DatabaseJanitor) -> Client:
+    return await Client.open(
+        f"user={database_janitor.user} host={database_janitor.host} port={database_janitor.port} dbname={database_janitor.dbname} password={database_janitor.password}"
+    )
 
 
 @pytest.fixture