net: Demonstrate how to use Tor.

  - Fixes #104.

3 files changed, 59 insertions, 0 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 8f9e5c81..f5172834 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2203,6 +2203,7 @@ dependencies = [
  "serde_urlencoded",
  "tokio",
  "tokio-native-tls",
+ "tokio-socks",
  "tower-service",
  "url",
  "wasm-bindgen",
@@ -2865,6 +2866,18 @@ dependencies = [
 ]
 
 [[package]]
+name = "tokio-socks"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51165dfa029d2a65969413a6cc96f354b86b464498702f174a4efa13608fd8c0"
+dependencies = [
+ "either",
+ "futures-util",
+ "thiserror",
+ "tokio",
+]
+
+[[package]]
 name = "tokio-util"
 version = "0.7.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
diff --git a/net/Cargo.toml b/net/Cargo.toml
index 6e5af8c4..ea1df2cd 100644
--- a/net/Cargo.toml
+++ b/net/Cargo.toml
@@ -44,6 +44,7 @@ trust-dns-resolver = { version = "0.22", features = ["dnssec-openssl"]}
 [dev-dependencies]
 rand = { version = "0.8", default-features = false, features = [ "getrandom" ] }
 hyper = { version = "0.14", features = [ "server" ] }
+reqwest = { version = "0.11", features = ["socks"] }
 
 [lib]
 bench = false
diff --git a/net/examples/tor-hkp-get.rs b/net/examples/tor-hkp-get.rs
new file mode 100644
index 00000000..959918d2
--- /dev/null
+++ b/net/examples/tor-hkp-get.rs
@@ -0,0 +1,45 @@
+use std::{
+    env,
+    io,
+    time::Duration,
+};
+
+use sequoia_openpgp::{
+    self as openpgp,
+    Fingerprint,
+    Result,
+    serialize::Serialize,
+};
+
+use sequoia_net::KeyServer;
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let handle: Fingerprint = env::args()
+        .nth(1).expect("Usage: tor-hkp-get <FINGERPRINT>")
+        .parse()?;
+
+    // Select a fresh circuit by providing a random username/password
+    // combination to Tor.
+    let mut nonce = [0; 4];
+    openpgp::crypto::random(&mut nonce[..]);
+    let nonce = openpgp::fmt::hex::encode(&nonce);
+    let proxy_url = format!("socks5h://anonymous:{}@127.0.0.1:9050", nonce);
+
+    // Create a reqwest::Client with appropriate timeouts for Tor, and
+    // set the local Tor client as SOCKS5 proxy.
+    let client = reqwest::Client::builder()
+	.connect_timeout(Duration::new(10, 0))
+	.timeout(Duration::new(10, 0))
+        .proxy(reqwest::Proxy::all(proxy_url)?)
+        .build()?;
+
+    // Connect to keys.openpgp.org over Tor.
+    let keyserver = KeyServer::with_client(
+        "hkp://zkaan2xfbuxia2wpf7ofnkbz6r5zdbbvxbunvp5g2iebopbfc4iqmbad.onion",
+        client)?;
+
+    // Finally, get the requested certificate.
+    keyserver.get(handle).await?.armored().serialize(&mut io::stdout())?;
+    Ok(())
+}