Skip to content

Commit

Permalink
Merge branch 'master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@arctic-hen7
arctic-hen7 authored Jan 1, 2022
2 parents 03796be + 3ff2eaf commit 5a2c5c8
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 43 deletions.
3 changes: 2 additions & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ tower-service = "0.3"
tokio-tungstenite = { version = "0.15", optional = true }
percent-encoding = "2.1"
pin-project = "1.0"
tokio-rustls = { version = "0.22", optional = true }
tokio-rustls = { version = "0.23", optional = true }
rustls-pemfile = "0.2"

[dev-dependencies]
pretty_env_logger = "0.4"
Expand Down
29 changes: 12 additions & 17 deletions src/reject.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
//! #[derive(Debug)]
//! struct InvalidParameter;
//!
//! impl reject::Reject for InvalidParameter {};
//! impl reject::Reject for InvalidParameter {}
//!
//! // Custom rejection handler that maps rejections into responses.
//! async fn handle_rejection(err: Rejection) -> Result<impl Reply, std::convert::Infallible> {
Expand All @@ -42,23 +42,18 @@
//! }
//! }
//!
//! #[tokio::main]
//! async fn main() {
//!
//! // Filter on `/:id`, but reject with InvalidParameter if the `id` is `0`.
//! // Recover from this rejection using a custom rejection handler.
//! let route = warp::path::param()
//! .and_then(|id: u32| async move {
//! if id == 0 {
//! Err(warp::reject::custom(InvalidParameter))
//! } else {
//! Ok("id is valid")
//! }
//! })
//! .recover(handle_rejection);
//!
//! warp::serve(route).run(([127, 0, 0, 1], 3030)).await;
//! }
//! // Filter on `/:id`, but reject with InvalidParameter if the `id` is `0`.
//! // Recover from this rejection using a custom rejection handler.
//! let route = warp::path::param()
//! .and_then(|id: u32| async move {
//! if id == 0 {
//! Err(warp::reject::custom(InvalidParameter))
//! } else {
//! Ok("id is valid")
//! }
//! })
//! .recover(handle_rejection);
//! ```
use std::any::Any;
Expand Down
55 changes: 30 additions & 25 deletions src/tls.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ use hyper::server::conn::{AddrIncoming, AddrStream};

use crate::transport::Transport;
use tokio_rustls::rustls::{
AllowAnyAnonymousOrAuthenticatedClient, AllowAnyAuthenticatedClient, NoClientAuth,
RootCertStore, ServerConfig, TLSError,
server::{AllowAnyAnonymousOrAuthenticatedClient, AllowAnyAuthenticatedClient, NoClientAuth},
Certificate, Error as TlsError, PrivateKey, RootCertStore, ServerConfig,
};

/// Represents errors that can occur building the TlsConfig
Expand All @@ -32,7 +32,7 @@ pub(crate) enum TlsConfigError {
/// An error from an empty key
EmptyKey,
/// An error from an invalid key
InvalidKey(TLSError),
InvalidKey(TlsError),
}

impl fmt::Display for TlsConfigError {
Expand Down Expand Up @@ -169,8 +169,11 @@ impl TlsConfigBuilder {

pub(crate) fn build(mut self) -> Result<ServerConfig, TlsConfigError> {
let mut cert_rdr = BufReader::new(self.cert);
let cert = tokio_rustls::rustls::internal::pemfile::certs(&mut cert_rdr)
.map_err(|()| TlsConfigError::CertParseError)?;
let cert = rustls_pemfile::certs(&mut cert_rdr)
.map_err(|_e| TlsConfigError::CertParseError)?
.into_iter()
.map(Certificate)
.collect();

let key = {
// convert it to Vec<u8> to allow reading it again if key is RSA
Expand All @@ -183,21 +186,17 @@ impl TlsConfigBuilder {
return Err(TlsConfigError::EmptyKey);
}

let mut pkcs8 = tokio_rustls::rustls::internal::pemfile::pkcs8_private_keys(
&mut key_vec.as_slice(),
)
.map_err(|()| TlsConfigError::Pkcs8ParseError)?;
let mut pkcs8 = rustls_pemfile::pkcs8_private_keys(&mut key_vec.as_slice())
.map_err(|_e| TlsConfigError::Pkcs8ParseError)?;

if !pkcs8.is_empty() {
pkcs8.remove(0)
PrivateKey(pkcs8.remove(0))
} else {
let mut rsa = tokio_rustls::rustls::internal::pemfile::rsa_private_keys(
&mut key_vec.as_slice(),
)
.map_err(|()| TlsConfigError::RsaParseError)?;
let mut rsa = rustls_pemfile::rsa_private_keys(&mut key_vec.as_slice())
.map_err(|_e| TlsConfigError::RsaParseError)?;

if !rsa.is_empty() {
rsa.remove(0)
PrivateKey(rsa.remove(0))
} else {
return Err(TlsConfigError::EmptyKey);
}
Expand All @@ -207,13 +206,18 @@ impl TlsConfigBuilder {
fn read_trust_anchor(
trust_anchor: Box<dyn Read + Send + Sync>,
) -> Result<RootCertStore, TlsConfigError> {
let mut reader = BufReader::new(trust_anchor);
let trust_anchors = {
let mut reader = BufReader::new(trust_anchor);
rustls_pemfile::certs(&mut reader).map_err(TlsConfigError::Io)?
};

let mut store = RootCertStore::empty();
if let Ok((0, _)) | Err(()) = store.add_pem_file(&mut reader) {
Err(TlsConfigError::CertParseError)
} else {
Ok(store)
let (added, _skipped) = store.add_parsable_certificates(&trust_anchors);
if added == 0 {
return Err(TlsConfigError::CertParseError);
}

Ok(store)
}

let client_auth = match self.client_auth {
Expand All @@ -226,11 +230,12 @@ impl TlsConfigBuilder {
}
};

let mut config = ServerConfig::new(client_auth);
config
.set_single_cert_with_ocsp_and_sct(cert, key, self.ocsp_resp, Vec::new())
.map_err(|err| TlsConfigError::InvalidKey(err))?;
config.set_protocols(&["h2".into(), "http/1.1".into()]);
let mut config = ServerConfig::builder()
.with_safe_defaults()
.with_client_cert_verifier(client_auth.into())
.with_single_cert_with_ocsp_and_sct(cert, key, self.ocsp_resp, Vec::new())
.map_err(TlsConfigError::InvalidKey)?;
config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
Ok(config)
}
}
Expand Down

0 comments on commit 5a2c5c8

Please sign in to comment.