From 21e7091bf740d0e8cf6419d7e6939e5b16037dbf Mon Sep 17 00:00:00 2001
From: agokarn <arthig@microsoft.com>
Date: Mon, 28 Oct 2024 23:26:39 +0000
Subject: [PATCH] Delete OHTTP client and gateway code.

---
 Cargo.toml                   |   3 -
 bhttp/Cargo.toml             |   1 +
 ohttp-client-cli/Cargo.toml  |  23 ------
 ohttp-client-cli/src/main.rs |  51 -------------
 ohttp-client/Cargo.toml      |  27 -------
 ohttp-client/src/main.rs     | 135 ----------------------------------
 ohttp-server/.gitignore      |   3 -
 ohttp-server/Cargo.toml      |  26 -------
 ohttp-server/README.md       |  59 ---------------
 ohttp-server/ca.sh           |  64 ----------------
 ohttp-server/src/main.rs     | 137 -----------------------------------
 11 files changed, 1 insertion(+), 528 deletions(-)
 delete mode 100644 ohttp-client-cli/Cargo.toml
 delete mode 100644 ohttp-client-cli/src/main.rs
 delete mode 100644 ohttp-client/Cargo.toml
 delete mode 100644 ohttp-client/src/main.rs
 delete mode 100644 ohttp-server/.gitignore
 delete mode 100644 ohttp-server/Cargo.toml
 delete mode 100644 ohttp-server/README.md
 delete mode 100755 ohttp-server/ca.sh
 delete mode 100644 ohttp-server/src/main.rs

diff --git a/Cargo.toml b/Cargo.toml
index 0621518..81677de 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,7 +4,4 @@ members = [
   "bhttp",
   "bhttp-convert",
   "ohttp",
-  "ohttp-client",
-  "ohttp-client-cli",
-  "ohttp-server",
 ]
diff --git a/bhttp/Cargo.toml b/bhttp/Cargo.toml
index 8c89536..2d5f06b 100644
--- a/bhttp/Cargo.toml
+++ b/bhttp/Cargo.toml
@@ -16,6 +16,7 @@ read-bhttp = []
 write-bhttp = []
 read-http = ["url"]
 write-http = []
+stream = []
 
 [dependencies]
 thiserror = "1"
diff --git a/ohttp-client-cli/Cargo.toml b/ohttp-client-cli/Cargo.toml
deleted file mode 100644
index 4f530f6..0000000
--- a/ohttp-client-cli/Cargo.toml
+++ /dev/null
@@ -1,23 +0,0 @@
-[package]
-name = "ohttp-client-cli"
-version = "0.5.3"
-authors = ["Martin Thomson <mt@lowentropy.net>"]
-edition = "2021"
-
-[features]
-default = ["rust-hpke"]
-nss = ["ohttp/nss"]
-rust-hpke = ["ohttp/rust-hpke"]
-
-[dependencies]
-env_logger = {version = "0.10", default-features = false}
-hex = "0.4"
-
-[dependencies.bhttp]
-path= "../bhttp"
-features = ["bhttp", "http"]
-
-[dependencies.ohttp]
-path= "../ohttp"
-features = ["client"]
-default-features = false
diff --git a/ohttp-client-cli/src/main.rs b/ohttp-client-cli/src/main.rs
deleted file mode 100644
index 7acc0f1..0000000
--- a/ohttp-client-cli/src/main.rs
+++ /dev/null
@@ -1,51 +0,0 @@
-#![deny(warnings, clippy::pedantic)]
-
-use bhttp::{Message, Mode};
-use ohttp::{init, ClientRequest};
-use std::io::{self, BufRead, Write};
-
-fn main() {
-    init();
-    env_logger::try_init().unwrap();
-
-    let mut input = io::BufReader::new(io::stdin());
-    print!("Config: ");
-    io::stdout().flush().unwrap();
-    let mut cfg = String::new();
-    input.read_line(&mut cfg).unwrap();
-    let config = hex::decode(cfg.trim()).unwrap();
-    let client = ClientRequest::from_encoded_config(&config).unwrap();
-
-    println!("Request (HTTP/1.1, terminate with \"END\"):");
-    io::stdout().flush().unwrap();
-    let mut request_buf = String::new();
-    loop {
-        let mut line = String::new();
-        input.read_line(&mut line).unwrap();
-        if line.trim() == "END" {
-            break;
-        }
-        request_buf.push_str(line.trim_end());
-        request_buf.push_str("\r\n");
-    }
-
-    let req = Message::read_http(&mut io::Cursor::new(request_buf.as_bytes())).unwrap();
-    let mut request = Vec::new();
-    req.write_bhttp(Mode::KnownLength, &mut request).unwrap();
-    let (enc_request, client_response) = client.encapsulate(&request).unwrap();
-
-    println!("Encapsulated Request: {}", hex::encode(enc_request));
-
-    print!("Encapsulated Response: ");
-    io::stdout().flush().unwrap();
-    let mut rsp = String::new();
-    input.read_line(&mut rsp).unwrap();
-    let enc_response = hex::decode(rsp.trim()).unwrap();
-    let dec_response = client_response.decapsulate(&enc_response).unwrap();
-
-    let response = Message::read_bhttp(&mut io::Cursor::new(&dec_response[..])).unwrap();
-    println!("Response:");
-    response.write_http(&mut io::stdout()).unwrap();
-    println!("END");
-    io::stdout().flush().unwrap();
-}
diff --git a/ohttp-client/Cargo.toml b/ohttp-client/Cargo.toml
deleted file mode 100644
index 7677608..0000000
--- a/ohttp-client/Cargo.toml
+++ /dev/null
@@ -1,27 +0,0 @@
-[package]
-name = "ohttp-client"
-version = "0.5.3"
-authors = ["Martin Thomson <mt@lowentropy.net>"]
-edition = "2021"
-
-[features]
-default = ["rust-hpke"]
-nss = ["ohttp/nss"]
-rust-hpke = ["ohttp/rust-hpke"]
-
-[dependencies]
-env_logger = {version = "0.10", default-features = false}
-hex = "0.4"
-reqwest = { version = "0.11", default-features = false, features = ["rustls-tls"] }
-rustls = { version = "0.21.6", features = ["dangerous_configuration"] }
-structopt = "0.3"
-tokio = { version = "1", features = ["full"] }
-
-[dependencies.bhttp]
-path= "../bhttp"
-features = ["bhttp", "http"]
-
-[dependencies.ohttp]
-path= "../ohttp"
-features = ["client"]
-default-features = false
diff --git a/ohttp-client/src/main.rs b/ohttp-client/src/main.rs
deleted file mode 100644
index 1d71dc2..0000000
--- a/ohttp-client/src/main.rs
+++ /dev/null
@@ -1,135 +0,0 @@
-#![deny(warnings, clippy::pedantic)]
-
-use bhttp::{Message, Mode};
-use std::{fs::File, io, io::Read, ops::Deref, path::PathBuf, str::FromStr};
-use structopt::StructOpt;
-
-type Res<T> = Result<T, Box<dyn std::error::Error>>;
-
-#[derive(Debug)]
-struct HexArg(Vec<u8>);
-impl FromStr for HexArg {
-    type Err = hex::FromHexError;
-
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        hex::decode(s).map(HexArg)
-    }
-}
-impl Deref for HexArg {
-    type Target = [u8];
-    fn deref(&self) -> &Self::Target {
-        &self.0
-    }
-}
-
-#[derive(Debug, StructOpt)]
-#[structopt(name = "ohttp-client", about = "Make an oblivious HTTP request.")]
-struct Args {
-    /// The URL of an oblivious proxy resource.
-    /// If you use an oblivious request resource, this also works, though
-    /// you don't get any of the privacy guarantees.
-    url: String,
-    /// A hexadecimal version of the key configuration for the target URL.
-    config: HexArg,
-
-    /// Where to read request content.
-    /// If you omit this, input is read from `stdin`.
-    #[structopt(long, short = "i")]
-    input: Option<PathBuf>,
-
-    /// Where to write response content.
-    /// If you omit this, output is written to `stdout`.
-    #[structopt(long, short = "o")]
-    output: Option<PathBuf>,
-
-    /// Read and write as binary HTTP messages instead of text.
-    #[structopt(long, short = "b")]
-    binary: bool,
-
-    /// When creating message/bhttp, use the indeterminate-length form.
-    #[structopt(long, short = "n", alias = "indefinite")]
-    indeterminate: bool,
-
-    /// Enable override for the trust store.
-    #[structopt(long)]
-    trust: Option<PathBuf>,
-}
-
-impl Args {
-    fn mode(&self) -> Mode {
-        if self.indeterminate {
-            Mode::IndeterminateLength
-        } else {
-            Mode::KnownLength
-        }
-    }
-}
-
-#[tokio::main]
-async fn main() -> Res<()> {
-    let args = Args::from_args();
-    ::ohttp::init();
-    env_logger::try_init().unwrap();
-
-    let request = if let Some(infile) = &args.input {
-        let mut r = io::BufReader::new(File::open(infile)?);
-        if args.binary {
-            Message::read_bhttp(&mut r)?
-        } else {
-            Message::read_http(&mut r)?
-        }
-    } else {
-        let mut buf = Vec::new();
-        std::io::stdin().read_to_end(&mut buf)?;
-        let mut r = io::Cursor::new(buf);
-        if args.binary {
-            Message::read_bhttp(&mut r)?
-        } else {
-            Message::read_http(&mut r)?
-        }
-    };
-
-    let mut request_buf = Vec::new();
-    request.write_bhttp(Mode::KnownLength, &mut request_buf)?;
-    let ohttp_request = ohttp::ClientRequest::from_encoded_config_list(&args.config)?;
-    let (enc_request, ohttp_response) = ohttp_request.encapsulate(&request_buf)?;
-    println!("Request: {}", hex::encode(&enc_request));
-
-    let client = match &args.trust {
-        Some(pem) => {
-            let mut buf = Vec::new();
-            File::open(pem)?.read_to_end(&mut buf)?;
-            let cert = reqwest::Certificate::from_pem(buf.as_slice())?;
-            reqwest::ClientBuilder::new()
-                .danger_accept_invalid_certs(true)
-                .add_root_certificate(cert)
-                .build()?
-        }
-        None => reqwest::ClientBuilder::new().build()?,
-    };
-
-    let enc_response = client
-        .post(&args.url)
-        .header("content-type", "message/ohttp-req")
-        .body(enc_request)
-        .send()
-        .await?
-        .error_for_status()?
-        .bytes()
-        .await?;
-    println!("Response: {}", hex::encode(&enc_response));
-    let response_buf = ohttp_response.decapsulate(&enc_response)?;
-    let response = Message::read_bhttp(&mut std::io::Cursor::new(&response_buf[..]))?;
-
-    let mut output: Box<dyn io::Write> = if let Some(outfile) = &args.output {
-        Box::new(File::open(outfile)?)
-    } else {
-        Box::new(std::io::stdout())
-    };
-    if args.binary {
-        response.write_bhttp(args.mode(), &mut output)?;
-    } else {
-        response.write_http(&mut output)?;
-    }
-    Ok(())
-}
diff --git a/ohttp-server/.gitignore b/ohttp-server/.gitignore
deleted file mode 100644
index bb750da..0000000
--- a/ohttp-server/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-ca.crt
-server.key
-server.crt
diff --git a/ohttp-server/Cargo.toml b/ohttp-server/Cargo.toml
deleted file mode 100644
index 026df48..0000000
--- a/ohttp-server/Cargo.toml
+++ /dev/null
@@ -1,26 +0,0 @@
-[package]
-name = "ohttp-server"
-version = "0.5.3"
-authors = ["Martin Thomson <mt@lowentropy.net>"]
-edition = "2021"
-
-[features]
-default = ["rust-hpke"]
-nss = ["ohttp/nss"]
-rust-hpke = ["ohttp/rust-hpke"]
-
-[dependencies]
-env_logger = {version = "0.10", default-features = false}
-hex = "0.4"
-structopt = "0.3"
-tokio = { version = "1", features = ["full"] }
-warp = { version = "0.3", features = ["tls"] }
-
-[dependencies.bhttp]
-path= "../bhttp"
-features = ["bhttp", "write-http"]
-
-[dependencies.ohttp]
-path= "../ohttp"
-features = ["server"]
-default-features = false
diff --git a/ohttp-server/README.md b/ohttp-server/README.md
deleted file mode 100644
index dd65189..0000000
--- a/ohttp-server/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# Test Server
-
-Note: you will need to set `[DY]LD_LIBRARY_PATH` as noted in the top-level
-readme or these won't run.
-
-In order to run this as a test server with a dummy name, you need to generate a
-certificate. `rustls` is very particular, so this needs to be right. You'll
-need the `openssl` utility for this.
-
-```sh
-./ohttp-server/ca.sh
-```
-
-You can pass this a domain name if you like, but it uses `localhost` by
-default, which is usually OK for testing.
-
-This will create keys and certificates in the right places for the server to
-find them without you passing any arguments to it.
-
-```sh
-cargo run --bin ohttp-server
-```
-
-This will listen on `127.0.0.1` port 9443 by default. The client chokes on IPv6
-addresses in URLs, so don't bother with those (thanks `hyper`). The server only
-serves responses to `POST` requests at a path of `/`; anything else gets 406 or
-404 status codes in response.
-
-When it starts up the server prints a single line like this:
-
-```
-Config: 002d0000200109ed5f13a5eb012834f66cd133f114f143f0e3f7b899dc3f9dbfee9668496800080001000100010003
-```
-
-This is needed by the client, see below.
-
-# Using the Client
-
-The client takes two arguments:
-
-1. the URL of the server (ideally, this is a proxy that will forward requests
-   to the server, but in testing, you can go directly and forego privacy)
-
-2. the server configuration (this is the string the server printed out above),
-   encoded in hexadecimal
-
-```
-cargo run --bin ohttp-client -- --trust ./ohttp-server/ca.crt \
-  'https://localhost:9443/' -i ./examples/request.txt \
-  002d0000200109ed5f13a5eb012834f66cd133f114f143f0e3f7b899dc3f9dbfee9668496800080001000100010003
-```
-
-The client needs to be told about the CA file that the script above created or
-it will refuse to connect. Run the client with the `--trust` option pointing at
-the CA file created above, as shown here.
-
-If you provide the wrong configuration to the client, the server will response
-with a 422 response if the keys are bad, 400 otherwise.
-
diff --git a/ohttp-server/ca.sh b/ohttp-server/ca.sh
deleted file mode 100755
index 88729a9..0000000
--- a/ohttp-server/ca.sh
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/bash
-cert=server.crt
-certPk=server.key
-ca=ca.crt
-caPk=ca.key
-
-host="${1:-localhost}"
-certValidityDays=30
-bits=2048
-
-cd "$(dirname "$0")"
-
-# Create CA
-trap 'rm -f 01.pem server.csr ca.db ca.db.* ca.srl ca.srl.* ca.key' EXIT
-openssl req -newkey rsa:$bits -keyout "${caPk}" -x509 -new -nodes -out "${ca}" \
-  -subj "/OU=Unknown/O=Unknown/L=Unknown/ST=unknown/C=AU" -days "${certValidityDays}"
-
-# Create Cert Signing Request
-openssl req -new -newkey rsa:$bits -nodes -keyout "${certPk}" -out server.csr \
-  -subj "/CN=${host}/C=AU" -addext "subjectAltName = DNS:${host}"
-
-function print_cfg() {
-  touch ./ca.db
-  echo 01 > ./ca.srl
-  echo "[ ca ]
-default_ca = CA_default
-
-[ CA_default ]
-dir = .
-certificate = \$dir
-new_certs_dir = \$dir
-database = \$dir/ca.db
-certificate = \$dir/${ca}
-private_key = \$dir/${caPk}
-serial = \$dir/ca.srl
-name_opt = ca_default
-cert_opt = ca_default
-default_days = 90
-default_md = sha256
-preserve = no
-policy = policy_lax
-copy_extensions = copy
-x509_extensions = server_cert
-
-[ policy_lax ]
-countryName             = optional
-stateOrProvinceName     = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-[ server_cert ]
-basicConstraints = CA:FALSE
-nsCertType = server
-keyUsage = digitalSignature, keyEncipherment
-"
-}
-
-# Sign Cert
-openssl ca -batch -utf8 -config <(print_cfg) -in server.csr -out "${cert}"
-
-# Print Cert
-openssl x509 -in "$cert" -text -noout
diff --git a/ohttp-server/src/main.rs b/ohttp-server/src/main.rs
deleted file mode 100644
index 41f0cc8..0000000
--- a/ohttp-server/src/main.rs
+++ /dev/null
@@ -1,137 +0,0 @@
-#![deny(warnings, clippy::pedantic)]
-
-use std::{
-    io::Cursor,
-    net::SocketAddr,
-    path::PathBuf,
-    sync::{Arc, Mutex},
-};
-
-use bhttp::{Message, Mode, StatusCode};
-use ohttp::{
-    hpke::{Aead, Kdf, Kem},
-    KeyConfig, Server as OhttpServer, SymmetricSuite,
-};
-use structopt::StructOpt;
-use warp::Filter;
-
-type Res<T> = Result<T, Box<dyn std::error::Error>>;
-
-#[derive(Debug, StructOpt)]
-#[structopt(name = "ohttp-server", about = "Serve oblivious HTTP requests.")]
-struct Args {
-    /// The address to bind to.
-    #[structopt(default_value = "127.0.0.1:9443")]
-    address: SocketAddr,
-
-    /// When creating message/bhttp, use the indeterminate-length form.
-    #[structopt(long, short = "n", alias = "indefinite")]
-    indeterminate: bool,
-
-    /// Certificate to use for serving.
-    #[structopt(long, short = "c", default_value = concat!(env!("CARGO_MANIFEST_DIR"), "/server.crt"))]
-    certificate: PathBuf,
-
-    /// Key for the certificate to use for serving.
-    #[structopt(long, short = "k", default_value = concat!(env!("CARGO_MANIFEST_DIR"), "/server.key"))]
-    key: PathBuf,
-}
-
-impl Args {
-    fn mode(&self) -> Mode {
-        if self.indeterminate {
-            Mode::IndeterminateLength
-        } else {
-            Mode::KnownLength
-        }
-    }
-}
-
-fn generate_reply(
-    ohttp_ref: &Arc<Mutex<OhttpServer>>,
-    enc_request: &[u8],
-    mode: Mode,
-) -> Res<Vec<u8>> {
-    let ohttp = ohttp_ref.lock().unwrap();
-    let (request, server_response) = ohttp.decapsulate(enc_request)?;
-    let bin_request = Message::read_bhttp(&mut Cursor::new(&request[..]))?;
-
-    let mut bin_response = Message::response(StatusCode::OK);
-    bin_response.write_content(b"Received:\r\n---8<---\r\n");
-    let mut tmp = Vec::new();
-    bin_request.write_http(&mut tmp)?;
-    bin_response.write_content(&tmp);
-    bin_response.write_content(b"--->8---\r\n");
-
-    let mut response = Vec::new();
-    bin_response.write_bhttp(mode, &mut response)?;
-    let enc_response = server_response.encapsulate(&response)?;
-    Ok(enc_response)
-}
-
-#[allow(clippy::unused_async)]
-async fn serve(
-    body: warp::hyper::body::Bytes,
-    ohttp: Arc<Mutex<OhttpServer>>,
-    mode: Mode,
-) -> Result<impl warp::Reply, std::convert::Infallible> {
-    match generate_reply(&ohttp, &body[..], mode) {
-        Ok(resp) => Ok(warp::http::Response::builder()
-            .header("Content-Type", "message/ohttp-res")
-            .body(resp)),
-        Err(e) => {
-            if let Ok(oe) = e.downcast::<::ohttp::Error>() {
-                Ok(warp::http::Response::builder()
-                    .status(422)
-                    .body(Vec::from(format!("Error: {oe:?}").as_bytes())))
-            } else {
-                Ok(warp::http::Response::builder()
-                    .status(400)
-                    .body(Vec::from(&b"Request error"[..])))
-            }
-        }
-    }
-}
-
-fn with_ohttp(
-    ohttp: Arc<Mutex<OhttpServer>>,
-) -> impl Filter<Extract = (Arc<Mutex<OhttpServer>>,), Error = std::convert::Infallible> + Clone {
-    warp::any().map(move || Arc::clone(&ohttp))
-}
-
-#[tokio::main]
-async fn main() -> Res<()> {
-    let args = Args::from_args();
-    ::ohttp::init();
-    env_logger::try_init().unwrap();
-
-    let config = KeyConfig::new(
-        0,
-        Kem::X25519Sha256,
-        vec![
-            SymmetricSuite::new(Kdf::HkdfSha256, Aead::Aes128Gcm),
-            SymmetricSuite::new(Kdf::HkdfSha256, Aead::ChaCha20Poly1305),
-        ],
-    )?;
-    let ohttp = OhttpServer::new(config)?;
-    println!(
-        "Config: {}",
-        hex::encode(KeyConfig::encode_list(&[ohttp.config()])?)
-    );
-    let mode = args.mode();
-
-    let filter = warp::post()
-        .and(warp::path::end())
-        .and(warp::body::bytes())
-        .and(with_ohttp(Arc::new(Mutex::new(ohttp))))
-        .and(warp::any().map(move || mode))
-        .and_then(serve);
-    warp::serve(filter)
-        .tls()
-        .cert_path(args.certificate)
-        .key_path(args.key)
-        .run(args.address)
-        .await;
-
-    Ok(())
-}