zcash_client_backend: Add internal HTTP GET support to tor::Client

Cargo.toml

@@ -84,6 +84,15 @@ bs58 = { version = "0.5", features = ["check"] }
 byteorder = "1"
 hex = "0.4"
 percent-encoding = "2.1.0"
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+
+# HTTP
+hyper = "1"
+http-body-util = "0.1"
+hyper-util = { version = "0.1.1", features = ["tokio"] }
+tokio-rustls = "0.24"
+webpki-roots = "0.25"
 
 # Logging and metrics
 memuse = "0.2.1"

supply-chain/config.toml

@@ -388,10 +388,6 @@ criteria = "safe-to-deploy"
 version = "0.9.0"
 criteria = "safe-to-deploy"
 
-[[exemptions.digest]]
-version = "0.10.7"
-criteria = "safe-to-deploy"
-
 [[exemptions.directories]]
 version = "5.0.1"
 criteria = "safe-to-deploy"
@@ -588,10 +584,18 @@ criteria = "safe-to-deploy"
 version = "0.14.27"
 criteria = "safe-to-deploy"
 
+[[exemptions.hyper]]
+version = "1.3.1"
+criteria = "safe-to-deploy"
+
 [[exemptions.hyper-timeout]]
 version = "0.4.1"
 criteria = "safe-to-deploy"
 
+[[exemptions.hyper-util]]
+version = "0.1.5"
+criteria = "safe-to-deploy"
+
 [[exemptions.iana-time-zone]]
 version = "0.1.60"
 criteria = "safe-to-deploy"

supply-chain/imports.lock

@@ -365,6 +365,11 @@ who = "Benjamin Bouvier <public@benj.me>"
 criteria = "safe-to-deploy"
 version = "0.1.3"
 
+[[audits.bytecode-alliance.audits.digest]]
+who = "Benjamin Bouvier <public@benj.me>"
+criteria = "safe-to-deploy"
+delta = "0.9.0 -> 0.10.3"
+
 [[audits.bytecode-alliance.audits.ed25519]]
 who = "Alex Crichton <alex@alexcrichton.com>"
 criteria = "safe-to-deploy"
@@ -424,6 +429,29 @@ criteria = "safe-to-deploy"
 delta = "0.2.9 -> 1.0.0"
 notes = "Minor changes leading up to the 1.0.0 release and nothing fundamentally new here."
 
+[[audits.bytecode-alliance.audits.http-body]]
+who = "Pat Hickey <phickey@fastly.com>"
+criteria = "safe-to-deploy"
+version = "1.0.0-rc.2"
+
+[[audits.bytecode-alliance.audits.http-body]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+delta = "1.0.0-rc.2 -> 1.0.0"
+notes = "Only minor changes made for a stable release."
+
+[[audits.bytecode-alliance.audits.http-body-util]]
+who = "Pat Hickey <phickey@fastly.com>"
+criteria = "safe-to-deploy"
+version = "0.1.0-rc.2"
+notes = "only one use of unsafe related to pin projection. unclear to me why pin_project! is used in many modules of the project, but the expanded output of that macro is inlined in either.rs"
+
+[[audits.bytecode-alliance.audits.http-body-util]]
+who = "Alex Crichton <alex@alexcrichton.com>"
+criteria = "safe-to-deploy"
+delta = "0.1.0-rc.2 -> 0.1.0"
+notes = "Minor documentation updates an additions, nothing major."
+
 [[audits.bytecode-alliance.audits.iana-time-zone-haiku]]
 who = "Dan Gohman <dev@sunfishcode.online>"
 criteria = "safe-to-deploy"
@@ -547,6 +575,12 @@ criteria = "safe-to-deploy"
 version = "1.1.4"
 notes = "uses unsafe to implement thread local storage of objects"
 
+[[audits.bytecode-alliance.audits.tokio-rustls]]
+who = "Pat Hickey <phickey@fastly.com>"
+criteria = "safe-to-deploy"
+version = "0.24.0"
+notes = "no unsafe, no build, no ambient capabilities"
+
 [[audits.bytecode-alliance.audits.tracing-subscriber]]
 who = "Pat Hickey <phickey@fastly.com>"
 criteria = "safe-to-deploy"
@@ -1352,6 +1386,11 @@ who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-deploy"
 version = "0.2.2"
 
+[[audits.isrg.audits.digest]]
+who = "David Cook <dcook@divviup.org>"
+criteria = "safe-to-deploy"
+delta = "0.10.6 -> 0.10.7"
+
 [[audits.isrg.audits.either]]
 who = "David Cook <dcook@divviup.org>"
 criteria = "safe-to-deploy"
@@ -1674,6 +1713,12 @@ otherwise the unsafety is documented and left to the caller to verify.
 """
 aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
 
+[[audits.mozilla.audits.digest]]
+who = "Mike Hommey <mh+mozilla@glandium.org>"
+criteria = "safe-to-deploy"
+delta = "0.10.3 -> 0.10.6"
+aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"
+
 [[audits.mozilla.audits.displaydoc]]
 who = "Makoto Kato <m_kato@ga2.so-net.ne.jp>"
 criteria = "safe-to-deploy"

zcash_client_backend/Cargo.toml

@@ -99,6 +99,8 @@ nom = "7"
 #    `hyper::Error`, `hyper::http::Error`, `serde_json::Error`. We could avoid this with
 #    changes to error handling.
 arti-client = { workspace = true, optional = true }
+hyper = { workspace = true, optional = true, features = ["client", "http1"] }
+serde_json = { workspace = true, optional = true }
 
 # Dependencies used internally:
 # (Breaking upgrades to these are usually backwards-compatible, but check MSRVs.)
@@ -117,6 +119,14 @@ rayon.workspace = true
 tokio = { workspace = true, optional = true, features = ["fs"] }
 tor-rtcompat = { workspace = true, optional = true }
 
+# - HTTP through Tor
+http-body-util = { workspace = true, optional = true }
+hyper-util = { workspace = true, optional = true }
+rand = { workspace = true, optional = true }
+serde = { workspace = true, optional = true }
+tokio-rustls = { workspace = true, optional = true }
+webpki-roots = { workspace = true, optional = true }
+
 [build-dependencies]
 tonic-build = { workspace = true, features = ["prost"] }
 which = "4"
@@ -162,8 +172,16 @@ sync = [
 ## operations.
 tor = [
     "dep:arti-client",
+    "dep:futures-util",
+    "dep:http-body-util",
+    "dep:hyper",
+    "dep:hyper-util",
+    "dep:serde",
+    "dep:serde_json",
     "dep:tokio",
+    "dep:tokio-rustls",
     "dep:tor-rtcompat",
+    "dep:webpki-roots",
 ]
 
 ## Exposes APIs that are useful for testing, such as `proptest` strategies.