[crypto] app executes properly now

dd94ce88 · Przemyslaw Kaminski · 5dc1d983 · dd94ce88 · dd94ce88 · dd94ce88
Verified Commit dd94ce88 authored Mar 19, 2025 by Przemyslaw Kaminski
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 8 deletions

crawlerISTEX.cabal crawlerISTEX.cabal +3 -0

flake.nix flake.nix +0 -2

ISTEX.hs src/ISTEX.hs +30 -6

No files found.
--- a/crawlerISTEX.cabal
+++ b/crawlerISTEX.cabal
@@ -44,6 +44,7 @@ common defaults
    , servant >= 0.20 && < 0.21
    , servant-client >= 0.20 && < 0.21
    , text >= 2.0.2 && < 2.2
+  ghc-options: -Wall -Wunused-imports -Wunused-binds -Wmissing-signatures -Werror
 library
  import:
@@ -58,6 +59,8 @@ library
  build-depends:
      bytestring >= 0.11.5 && < 0.15
    , crypton-connection >= 0.4.2 && < 0.5
+    , crypton-x509-store >= 1.6 && < 1.7
+    , crypton-x509-system >= 1.6 && < 1.7
    , data-default-class >= 0.2 && < 0.3
    , tls >= 2.1.7 && < 2.4
  default-language: Haskell2010

--- a/flake.nix
+++ b/flake.nix
@@ -25,8 +25,6 @@
                # `cabal`, `hlint` and `haskell-language-server`
                shell.tools = {
                  cabal = {};
-                  hlint = {};
-                  haskell-language-server = {};
                };
              };
          })

--- a/src/ISTEX.hs
+++ b/src/ISTEX.hs
 module ISTEX where
+import Data.ByteString qualified as B
+import Data.Default.Class (def)
+import Data.Text (Text)
+import Data.X509.CertificateStore (CertificateStore)
 import ISTEX.Client
-import Network.HTTP.Client (newManager)
+import Network.Connection (TLSSettings(..))
-import Network.HTTP.Client.TLS (tlsManagerSettings)
+import Network.HTTP.Client (ManagerSettings, newManager)
+import Network.HTTP.Client.TLS (mkManagerSettings)
+import Network.TLS (ClientParams(..), EMSMode(AllowEMS), Supported(..), defaultParamsClient, sharedCAStore)
 import Servant.Client
+import System.X509 (getSystemCertificateStore)
-import Data.Text (Text)
 runIstexAPIClient :: ClientM (Documents) -> IO (Either ClientError Documents)
 runIstexAPIClient cmd = do
-  manager' <- newManager tlsManagerSettings
+  -- manager' <- newManager tlsManagerSettings
+  scs <- getSystemCertificateStore
+  manager' <- newManager $ getTLSManagerSettings scs
  runClientM cmd (mkClientEnv manager' $ BaseUrl Https "api.istex.fr" 443 "document")
+-- | https://gitlab.iscpif.fr/gargantext/haskell-gargantext/issues/456
+getTLSManagerSettings :: CertificateStore -> ManagerSettings
+getTLSManagerSettings scs = mkManagerSettings tlsSettings Nothing
+  where
+    tlsSettings = TLSSettings clientParams
+    -- See Network.Connection code on how `TLSSettings` is handled to make client params.
+    -- We need to change EMS and also apply system certificates, as they aren't in the defaults.
+    clientParams = (defaultParamsClient "" B.empty)
+      { clientSupported = supported
+      , clientShared    = def
+        { sharedCAStore = scs }
+      }
+    supported = def { supportedExtendedMainSecret = AllowEMS }
 getMetadataWith :: Text -> Maybe Int -> IO (Either ClientError Documents)
 getMetadataWith q n = do
  runIstexAPIClient $
@@ -25,7 +47,9 @@ type ErrorHandler = ClientError -> IO ()
 runIstexScrollAPIClient :: ClientM (ScrollResponse) -> IO (Either ClientError ScrollResponse)
 runIstexScrollAPIClient cmd = do
-  manager' <- newManager tlsManagerSettings
+  -- manager' <- newManager tlsManagerSettings
+  scs <- getSystemCertificateStore
+  manager' <- newManager $ getTLSManagerSettings scs
  runClientM cmd (mkClientEnv manager' $ BaseUrl Https "api.istex.fr" 443 "document")
 maxScrollPages :: Int
@@ -47,7 +71,7 @@ getMetadataScroll q scroll scrollId page = do
      scrollId
    case eRes of
      Left err -> pure $ Left err
-      Right res@(ScrollResponse { .. }) -> do
+      Right _res@(ScrollResponse { .. }) -> do
        eDocs <- getMetadataScroll q scroll _scroll_scrollId (page + 1)
        case eDocs of
          Left err -> pure $ Left err