diff options
| author | Joe Birr-Pixton <jpixton@gmail.com> | 2024-09-30 11:35:38 +0100 |
|---|---|---|
| committer | Joe Birr-Pixton <jpixton@gmail.com> | 2024-10-01 17:09:38 +0000 |
| commit | c1361b20dfa527ab3eb8064b1d2eb85d66afbc61 (patch) | |
| tree | fea21abb30ecd0d78612dbc6980074bb4f15ff2e | |
| parent | e8bbcd0ef41443bb73be63a1bc807b44128f78bf (diff) | |
rustls: use pki-types pem decoder in tests
| -rw-r--r-- | Cargo.lock | 1 | ||||
| -rw-r--r-- | rustls/Cargo.toml | 3 | ||||
| -rw-r--r-- | rustls/examples/internal/bench_impl.rs | 49 | ||||
| -rw-r--r-- | rustls/src/webpki/client_verifier.rs | 8 | ||||
| -rw-r--r-- | rustls/src/webpki/server_verifier.rs | 8 | ||||
| -rw-r--r-- | rustls/tests/common/mod.rs | 39 |
6 files changed, 39 insertions, 69 deletions
@@ -2111,7 +2111,6 @@ dependencies = [ "once_cell", "rcgen", "ring", - "rustls-pemfile", "rustls-pki-types", "rustls-post-quantum", "rustls-webpki", diff --git a/rustls/Cargo.toml b/rustls/Cargo.toml index 80da599e..5d7679b5 100644 --- a/rustls/Cargo.toml +++ b/rustls/Cargo.toml @@ -28,7 +28,7 @@ once_cell = { version = "1.16", default-features = false, features = ["alloc", " ring = { version = "0.17", optional = true } subtle = { version = "2.5.0", default-features = false } webpki = { package = "rustls-webpki", version = "0.102.8", features = ["alloc"], default-features = false } -pki-types = { package = "rustls-pki-types", version = "1.7", features = ["alloc"] } +pki-types = { package = "rustls-pki-types", version = "1.9", features = ["alloc"] } zeroize = "1.7" zlib-rs = { version = "0.3", optional = true } @@ -55,7 +55,6 @@ hex = "0.4" log = "0.4.8" num-bigint = "0.4.4" rcgen = { version = "0.13", default-features = false, features = ["aws_lc_rs", "pem"] } -rustls-pemfile = "2" rustls-post-quantum = { path = "../rustls-post-quantum" } serde = { version = "1", features = ["derive"] } serde_json = "1" diff --git a/rustls/examples/internal/bench_impl.rs b/rustls/examples/internal/bench_impl.rs index c028f451..a2bf5981 100644 --- a/rustls/examples/internal/bench_impl.rs +++ b/rustls/examples/internal/bench_impl.rs @@ -4,13 +4,14 @@ // etc. because it's unstable at the time of writing. use std::io::{self, Read, Write}; +use std::mem; use std::ops::{Deref, DerefMut}; use std::sync::Arc; use std::time::{Duration, Instant}; -use std::{fs, mem}; use clap::{Parser, ValueEnum}; -use pki_types::{CertificateDer, PrivateKeyDer}; +use pki_types::pem::PemObject; +use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; use rustls::client::{Resumption, UnbufferedClientConnection}; #[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] use rustls::crypto::aws_lc_rs as provider; @@ -617,10 +618,10 @@ fn make_client_config( resume: ResumptionParam, ) -> Arc<ClientConfig> { let mut root_store = RootCertStore::empty(); - let mut rootbuf = - io::BufReader::new(fs::File::open(params.key_type.path_for("ca.cert")).unwrap()); root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + CertificateDer::pem_file_iter(params.key_type.path_for("ca.cert")) + .unwrap() + .map(|result| result.unwrap()), ); let cfg = ClientConfig::builder_with_provider( @@ -759,39 +760,29 @@ impl KeyType { } fn get_chain(&self) -> Vec<CertificateDer<'static>> { - rustls_pemfile::certs(&mut io::BufReader::new( - fs::File::open(self.path_for("end.fullchain")).unwrap(), - )) - .map(|result| result.unwrap()) - .collect() + CertificateDer::pem_file_iter(self.path_for("end.fullchain")) + .unwrap() + .map(|result| result.unwrap()) + .collect() } fn get_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("end.key")).unwrap(), - )) - .next() - .unwrap() - .unwrap() - .into() + PrivatePkcs8KeyDer::from_pem_file(self.path_for("end.key")) + .unwrap() + .into() } fn get_client_chain(&self) -> Vec<CertificateDer<'static>> { - rustls_pemfile::certs(&mut io::BufReader::new( - fs::File::open(self.path_for("client.fullchain")).unwrap(), - )) - .map(|result| result.unwrap()) - .collect() + CertificateDer::pem_file_iter(self.path_for("client.fullchain")) + .unwrap() + .map(|result| result.unwrap()) + .collect() } fn get_client_key(&self) -> PrivateKeyDer<'static> { - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - fs::File::open(self.path_for("client.key")).unwrap(), - )) - .next() - .unwrap() - .unwrap() - .into() + PrivatePkcs8KeyDer::from_pem_file(self.path_for("client.key")) + .unwrap() + .into() } } diff --git a/rustls/src/webpki/client_verifier.rs b/rustls/src/webpki/client_verifier.rs index 8049617f..42d38c8c 100644 --- a/rustls/src/webpki/client_verifier.rs +++ b/rustls/src/webpki/client_verifier.rs @@ -433,6 +433,7 @@ test_for_each_provider! { use crate::server::VerifierBuilderError; use crate::RootCertStore; + use pki_types::pem::PemObject; use pki_types::{CertificateDer, CertificateRevocationListDer}; use std::prelude::v1::*; @@ -442,12 +443,7 @@ test_for_each_provider! { fn load_crls(crls_der: &[&[u8]]) -> Vec<CertificateRevocationListDer<'static>> { crls_der .iter() - .map(|pem_bytes| { - rustls_pemfile::crls(&mut &pem_bytes[..]) - .next() - .unwrap() - .unwrap() - }) + .map(|pem_bytes| CertificateRevocationListDer::from_pem_slice(pem_bytes).unwrap()) .collect() } diff --git a/rustls/src/webpki/server_verifier.rs b/rustls/src/webpki/server_verifier.rs index 1159821c..c27fef60 100644 --- a/rustls/src/webpki/server_verifier.rs +++ b/rustls/src/webpki/server_verifier.rs @@ -305,6 +305,7 @@ test_for_each_provider! { use std::{vec, println}; use std::prelude::v1::*; + use pki_types::pem::PemObject; use pki_types::{CertificateDer, CertificateRevocationListDer}; use super::{VerifierBuilderError, WebPkiServerVerifier}; @@ -313,12 +314,7 @@ test_for_each_provider! { fn load_crls(crls_der: &[&[u8]]) -> Vec<CertificateRevocationListDer<'static>> { crls_der .iter() - .map(|pem_bytes| { - rustls_pemfile::crls(&mut &pem_bytes[..]) - .next() - .unwrap() - .unwrap() - }) + .map(|pem_bytes| CertificateRevocationListDer::from_pem_slice(pem_bytes).unwrap()) .collect() } diff --git a/rustls/tests/common/mod.rs b/rustls/tests/common/mod.rs index 38b963ab..8eb48148 100644 --- a/rustls/tests/common/mod.rs +++ b/rustls/tests/common/mod.rs @@ -6,8 +6,10 @@ use std::ops::DerefMut; use std::sync::Arc; use once_cell::sync::OnceCell; +use pki_types::pem::PemObject; use pki_types::{ - CertificateDer, CertificateRevocationListDer, PrivateKeyDer, ServerName, UnixTime, + CertificateDer, CertificateRevocationListDer, PrivateKeyDer, PrivatePkcs8KeyDer, ServerName, + UnixTime, }; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ServerCertVerifierBuilder, WebPkiServerVerifier}; @@ -303,22 +305,19 @@ impl KeyType { } pub fn get_chain(&self) -> Vec<CertificateDer<'static>> { - rustls_pemfile::certs(&mut io::BufReader::new(self.bytes_for("end.fullchain"))) + CertificateDer::pem_slice_iter(self.bytes_for("end.fullchain")) .map(|result| result.unwrap()) .collect() } pub fn get_key(&self) -> PrivateKeyDer<'static> { - PrivateKeyDer::Pkcs8( - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new(self.bytes_for("end.key"))) - .next() - .unwrap() - .unwrap(), - ) + PrivatePkcs8KeyDer::from_pem_slice(self.bytes_for("end.key")) + .unwrap() + .into() } pub fn get_client_chain(&self) -> Vec<CertificateDer<'static>> { - rustls_pemfile::certs(&mut io::BufReader::new(self.bytes_for("client.fullchain"))) + CertificateDer::pem_slice_iter(self.bytes_for("client.fullchain")) .map(|result| result.unwrap()) .collect() } @@ -340,22 +339,15 @@ impl KeyType { } pub fn get_client_key(&self) -> PrivateKeyDer<'static> { - PrivateKeyDer::Pkcs8( - rustls_pemfile::pkcs8_private_keys(&mut io::BufReader::new( - self.bytes_for("client.key"), - )) - .next() + PrivatePkcs8KeyDer::from_pem_slice(self.bytes_for("client.key")) .unwrap() - .unwrap(), - ) + .into() } fn get_crl(&self, role: &str, r#type: &str) -> CertificateRevocationListDer<'static> { - rustls_pemfile::crls(&mut io::BufReader::new( + CertificateRevocationListDer::from_pem_slice( self.bytes_for(&format!("{role}.{type}.crl.pem")), - )) - .map(|result| result.unwrap()) - .next() // We only expect one CRL. + ) .unwrap() } @@ -528,9 +520,8 @@ pub fn finish_client_config( config: rustls::ConfigBuilder<ClientConfig, rustls::WantsVerifier>, ) -> ClientConfig { let mut root_store = RootCertStore::empty(); - let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + CertificateDer::pem_slice_iter(kt.bytes_for("ca.cert")).map(|result| result.unwrap()), ); config @@ -543,10 +534,8 @@ pub fn finish_client_config_with_creds( config: rustls::ConfigBuilder<ClientConfig, rustls::WantsVerifier>, ) -> ClientConfig { let mut root_store = RootCertStore::empty(); - let mut rootbuf = io::BufReader::new(kt.bytes_for("ca.cert")); - // Passing a reference here just for testing. root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut rootbuf).map(|result| result.unwrap()), + CertificateDer::pem_slice_iter(kt.bytes_for("ca.cert")).map(|result| result.unwrap()), ); config |