diff options
Diffstat (limited to 'crates/common/src/config')
-rw-r--r-- | crates/common/src/config/jmap/settings.rs | 41 | ||||
-rw-r--r-- | crates/common/src/config/mod.rs | 38 |
2 files changed, 37 insertions, 42 deletions
diff --git a/crates/common/src/config/jmap/settings.rs b/crates/common/src/config/jmap/settings.rs index 700a5464..78f4c4a0 100644 --- a/crates/common/src/config/jmap/settings.rs +++ b/crates/common/src/config/jmap/settings.rs @@ -9,7 +9,6 @@ use std::{str::FromStr, time::Duration}; use jmap_proto::request::capability::BaseCapabilities; use mail_parser::HeaderName; use nlp::language::Language; -use store::rand::{distributions::Alphanumeric, thread_rng, Rng}; use utils::config::{cron::SimpleCron, utils::ParseValue, Config, Rate}; #[derive(Default, Clone)] @@ -63,13 +62,6 @@ pub struct JmapConfig { pub web_socket_timeout: Duration, pub web_socket_heartbeat: Duration, - pub oauth_key: String, - pub oauth_expiry_user_code: u64, - pub oauth_expiry_auth_code: u64, - pub oauth_expiry_token: u64, - pub oauth_expiry_refresh_token: u64, - pub oauth_expiry_refresh_token_renew: u64, - pub oauth_max_auth_attempts: u32, pub fallback_admin: Option<(String, String)>, pub master_user: Option<(String, String)>, @@ -321,39 +313,6 @@ impl JmapConfig { rate_anonymous: config .property_or_default::<Option<Rate>>("jmap.rate-limit.anonymous", "100/1m") .unwrap_or_default(), - oauth_key: config - .value("oauth.key") - .map(|s| s.to_string()) - .unwrap_or_else(|| { - thread_rng() - .sample_iter(Alphanumeric) - .take(64) - .map(char::from) - .collect::<String>() - }), - oauth_expiry_user_code: config - .property_or_default::<Duration>("oauth.expiry.user-code", "30m") - .unwrap_or_else(|| Duration::from_secs(30 * 60)) - .as_secs(), - oauth_expiry_auth_code: config - .property_or_default::<Duration>("oauth.expiry.auth-code", "10m") - .unwrap_or_else(|| Duration::from_secs(10 * 60)) - .as_secs(), - oauth_expiry_token: config - .property_or_default::<Duration>("oauth.expiry.token", "1h") - .unwrap_or_else(|| Duration::from_secs(60 * 60)) - .as_secs(), - oauth_expiry_refresh_token: config - .property_or_default::<Duration>("oauth.expiry.refresh-token", "30d") - .unwrap_or_else(|| Duration::from_secs(30 * 24 * 60 * 60)) - .as_secs(), - oauth_expiry_refresh_token_renew: config - .property_or_default::<Duration>("oauth.expiry.refresh-token-renew", "4d") - .unwrap_or_else(|| Duration::from_secs(4 * 24 * 60 * 60)) - .as_secs(), - oauth_max_auth_attempts: config - .property_or_default("oauth.auth.max-attempts", "3") - .unwrap_or(10), event_source_throttle: config .property_or_default("jmap.event-source.throttle", "1s") .unwrap_or_else(|| Duration::from_secs(1)), diff --git a/crates/common/src/config/mod.rs b/crates/common/src/config/mod.rs index 79b7c059..443f5253 100644 --- a/crates/common/src/config/mod.rs +++ b/crates/common/src/config/mod.rs @@ -8,12 +8,14 @@ use std::sync::Arc; use arc_swap::ArcSwap; use directory::{Directories, Directory}; +use ring::signature::{EcdsaKeyPair, RsaKeyPair}; use store::{BlobBackend, BlobStore, FtsStore, LookupStore, Store, Stores}; use telemetry::Metrics; use utils::config::Config; use crate::{ - expr::*, listener::tls::AcmeProviders, manager::config::ConfigManager, Core, Network, Security, + auth::oauth::config::OAuthConfig, expr::*, listener::tls::AcmeProviders, + manager::config::ConfigManager, Core, Network, Security, }; use self::{ @@ -163,6 +165,7 @@ impl Core { smtp: SmtpConfig::parse(config).await, jmap: JmapConfig::parse(config), imap: ImapConfig::parse(config), + oauth: OAuthConfig::parse(config), acme: AcmeProviders::parse(config), metrics: Metrics::parse(config), storage: Storage { @@ -186,3 +189,36 @@ impl Core { ArcSwap::from_pointee(self) } } + +pub fn build_rsa_keypair(pem: &str) -> Result<RsaKeyPair, String> { + match rustls_pemfile::read_one(&mut pem.as_bytes()) { + Ok(Some(rustls_pemfile::Item::Pkcs1Key(key))) => { + RsaKeyPair::from_der(key.secret_pkcs1_der()) + .map_err(|err| format!("Failed to parse PKCS1 RSA key: {err}")) + } + Ok(Some(rustls_pemfile::Item::Pkcs8Key(key))) => { + RsaKeyPair::from_pkcs8(key.secret_pkcs8_der()) + .map_err(|err| format!("Failed to parse PKCS8 RSA key: {err}")) + } + Err(err) => Err(format!("Failed to read PEM: {err}")), + Ok(Some(key)) => Err(format!("Unsupported key type: {key:?}")), + Ok(None) => Err("No RSA key found in PEM".to_string()), + } +} + +pub fn build_ecdsa_pem( + alg: &'static ring::signature::EcdsaSigningAlgorithm, + pem: &str, +) -> Result<EcdsaKeyPair, String> { + match rustls_pemfile::read_one(&mut pem.as_bytes()) { + Ok(Some(rustls_pemfile::Item::Pkcs8Key(key))) => EcdsaKeyPair::from_pkcs8( + alg, + key.secret_pkcs8_der(), + &ring::rand::SystemRandom::new(), + ) + .map_err(|err| format!("Failed to parse PKCS8 ECDSA key: {err}")), + Err(err) => Err(format!("Failed to read PEM: {err}")), + Ok(Some(key)) => Err(format!("Unsupported key type: {key:?}")), + Ok(None) => Err("No ECDSA key found in PEM".to_string()), + } +} |