diff options
author | Joe Birr-Pixton <jpixton@gmail.com> | 2024-09-30 12:26:01 +0100 |
---|---|---|
committer | Joe Birr-Pixton <jpixton@gmail.com> | 2024-10-01 17:09:38 +0000 |
commit | ce10e59bb5add6b6856ed7462f82cc8bd6d9f59e (patch) | |
tree | 03356490b874e566dc942438f1dcd0828cc114e6 | |
parent | 5a04f5e4b491129550196cd8bc1b8119c646e661 (diff) |
examples: use pki-types pem decoder
-rw-r--r-- | Cargo.lock | 1 | ||||
-rw-r--r-- | examples/Cargo.toml | 3 | ||||
-rw-r--r-- | examples/src/bin/ech-client.rs | 9 | ||||
-rw-r--r-- | examples/src/bin/simple_0rtt_client.rs | 11 | ||||
-rw-r--r-- | examples/src/bin/simple_0rtt_server.rs | 15 | ||||
-rw-r--r-- | examples/src/bin/simpleserver.rs | 16 | ||||
-rw-r--r-- | examples/src/bin/tlsclient-mio.rs | 34 | ||||
-rw-r--r-- | examples/src/bin/tlsserver-mio.rs | 33 | ||||
-rw-r--r-- | examples/src/bin/unbuffered-server.rs | 25 |
9 files changed, 52 insertions, 95 deletions
@@ -2179,7 +2179,6 @@ dependencies = [ "mio 0.8.11", "rcgen", "rustls 0.23.13", - "rustls-pemfile", "rustls-pki-types", "serde", "serde_derive", diff --git a/examples/Cargo.toml b/examples/Cargo.toml index b7fa4e67..7286c419 100644 --- a/examples/Cargo.toml +++ b/examples/Cargo.toml @@ -13,10 +13,9 @@ env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest hickory-resolver = { version = "0.25.0-alpha.1", features = ["dns-over-https-rustls", "webpki-roots"] } log = { version = "0.4.4" } mio = { version = "0.8", features = ["net", "os-poll"] } -pki-types = { package = "rustls-pki-types", version = "1", features = ["std"] } +pki-types = { package = "rustls-pki-types", version = "1.9", features = ["std"] } rcgen = { version = "0.13", features = ["pem", "aws_lc_rs"], default-features = false } rustls = { path = "../rustls", features = [ "logging" ]} -rustls-pemfile = "2" serde = "1.0" serde_derive = "1.0" tokio = { version = "1.34.0", features = ["io-util", "macros", "net", "rt"]} diff --git a/examples/src/bin/ech-client.rs b/examples/src/bin/ech-client.rs index dc9d2d7e..e0524a10 100644 --- a/examples/src/bin/ech-client.rs +++ b/examples/src/bin/ech-client.rs @@ -35,7 +35,8 @@ use rustls::client::{EchConfig, EchGreaseConfig, EchStatus}; use rustls::crypto::aws_lc_rs; use rustls::crypto::aws_lc_rs::hpke::ALL_SUPPORTED_SUITES; use rustls::crypto::hpke::Hpke; -use rustls::pki_types::ServerName; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, ServerName}; use rustls::RootCertStore; fn main() { @@ -78,10 +79,10 @@ fn main() { let root_store = match args.cafile { Some(file) => { let mut root_store = RootCertStore::empty(); - let certfile = fs::File::open(file).expect("Cannot open CA file"); - let mut reader = BufReader::new(certfile); root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut reader).map(|result| result.unwrap()), + CertificateDer::pem_file_iter(file) + .expect("Cannot open CA file") + .map(|result| result.unwrap()), ); root_store } diff --git a/examples/src/bin/simple_0rtt_client.rs b/examples/src/bin/simple_0rtt_client.rs index 57d1f8c4..0872e4a2 100644 --- a/examples/src/bin/simple_0rtt_client.rs +++ b/examples/src/bin/simple_0rtt_client.rs @@ -9,13 +9,14 @@ //! Note that `unwrap()` is used to deal with networking errors; this is not something //! that is sensible outside of example code. +use std::env; use std::io::{BufRead, BufReader, Write}; use std::net::TcpStream; use std::str::FromStr; use std::sync::Arc; -use std::{env, fs}; -use rustls::pki_types::ServerName; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, ServerName}; use rustls::RootCertStore; fn start_connection(config: &Arc<rustls::ClientConfig>, domain_name: &str, port: u16) { @@ -82,10 +83,10 @@ fn main() { let mut root_store = RootCertStore::empty(); if let Some(cafile) = args.next() { - let certfile = fs::File::open(cafile).expect("Cannot open CA file"); - let mut reader = BufReader::new(certfile); root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut reader).map(|result| result.unwrap()), + CertificateDer::pem_file_iter(cafile) + .expect("Cannot open CA file") + .map(|result| result.unwrap()), ); } else { root_store.extend( diff --git a/examples/src/bin/simple_0rtt_server.rs b/examples/src/bin/simple_0rtt_server.rs index 1d606d74..1256c57f 100644 --- a/examples/src/bin/simple_0rtt_server.rs +++ b/examples/src/bin/simple_0rtt_server.rs @@ -13,12 +13,14 @@ //! that is sensible outside of example code. use std::error::Error as StdError; -use std::fs::File; -use std::io::{BufReader, Read, Write}; +use std::io::{Read, Write}; use std::net::TcpListener; use std::sync::Arc; use std::{env, io}; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; + fn main() -> Result<(), Box<dyn StdError>> { let mut args = env::args(); args.next(); @@ -29,11 +31,12 @@ fn main() -> Result<(), Box<dyn StdError>> { .next() .expect("missing private key file argument"); - let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(cert_file)?)) - .collect::<Result<Vec<_>, _>>()?; + let certs = CertificateDer::pem_file_iter(cert_file) + .expect("cannot open certificate file") + .map(|cert| cert.unwrap()) + .collect::<Vec<_>>(); let private_key = - rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(private_key_file)?))? - .unwrap(); + PrivateKeyDer::from_pem_file(private_key_file).expect("cannot open private key file"); let mut config = rustls::ServerConfig::builder() .with_no_client_auth() diff --git a/examples/src/bin/simpleserver.rs b/examples/src/bin/simpleserver.rs index 3a8130b1..f3fa54a1 100644 --- a/examples/src/bin/simpleserver.rs +++ b/examples/src/bin/simpleserver.rs @@ -9,11 +9,13 @@ use std::env; use std::error::Error as StdError; -use std::fs::File; -use std::io::{BufReader, Read, Write}; +use std::io::{Read, Write}; use std::net::TcpListener; use std::sync::Arc; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; + fn main() -> Result<(), Box<dyn StdError>> { let mut args = env::args(); args.next(); @@ -24,11 +26,11 @@ fn main() -> Result<(), Box<dyn StdError>> { .next() .expect("missing private key file argument"); - let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(cert_file)?)) - .collect::<Result<Vec<_>, _>>()?; - let private_key = - rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(private_key_file)?))? - .unwrap(); + let certs = CertificateDer::pem_file_iter(cert_file) + .unwrap() + .map(|cert| cert.unwrap()) + .collect(); + let private_key = PrivateKeyDer::from_pem_file(private_key_file).unwrap(); let config = rustls::ServerConfig::builder() .with_no_client_auth() .with_single_cert(certs, private_key)?; diff --git a/examples/src/bin/tlsclient-mio.rs b/examples/src/bin/tlsclient-mio.rs index 55325073..4f727da2 100644 --- a/examples/src/bin/tlsclient-mio.rs +++ b/examples/src/bin/tlsclient-mio.rs @@ -19,14 +19,15 @@ //! //! [mio]: https://docs.rs/mio/latest/mio/ -use std::io::{self, BufReader, Read, Write}; +use std::io::{self, Read, Write}; use std::net::ToSocketAddrs; use std::sync::Arc; -use std::{fs, process, str}; +use std::{process, str}; use clap::Parser; use mio::net::TcpStream; use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; +use rustls::pki_types::pem::PemObject; use rustls::pki_types::{CertificateDer, PrivateKeyDer, ServerName}; use rustls::RootCertStore; @@ -317,31 +318,14 @@ fn lookup_versions(versions: &[String]) -> Vec<&'static rustls::SupportedProtoco } fn load_certs(filename: &str) -> Vec<CertificateDer<'static>> { - let certfile = fs::File::open(filename).expect("cannot open certificate file"); - let mut reader = BufReader::new(certfile); - rustls_pemfile::certs(&mut reader) + CertificateDer::pem_file_iter(filename) + .expect("cannot open certificate file") .map(|result| result.unwrap()) .collect() } fn load_private_key(filename: &str) -> PrivateKeyDer<'static> { - let keyfile = fs::File::open(filename).expect("cannot open private key file"); - let mut reader = BufReader::new(keyfile); - - loop { - match rustls_pemfile::read_one(&mut reader).expect("cannot parse private key .pem file") { - Some(rustls_pemfile::Item::Pkcs1Key(key)) => return key.into(), - Some(rustls_pemfile::Item::Pkcs8Key(key)) => return key.into(), - Some(rustls_pemfile::Item::Sec1Key(key)) => return key.into(), - None => break, - _ => {} - } - } - - panic!( - "no keys found in {:?} (encrypted keys not supported)", - filename - ); + PrivateKeyDer::from_pem_file(filename).expect("cannot read private key file") } mod danger { @@ -412,10 +396,10 @@ fn make_config(args: &Args) -> Arc<rustls::ClientConfig> { let mut root_store = RootCertStore::empty(); if let Some(cafile) = args.cafile.as_ref() { - let certfile = fs::File::open(cafile).expect("Cannot open CA file"); - let mut reader = BufReader::new(certfile); root_store.add_parsable_certificates( - rustls_pemfile::certs(&mut reader).map(|result| result.unwrap()), + CertificateDer::pem_file_iter(cafile) + .expect("Cannot open CA file") + .map(|result| result.unwrap()), ); } else { root_store.extend( diff --git a/examples/src/bin/tlsserver-mio.rs b/examples/src/bin/tlsserver-mio.rs index ba5f46f5..4358ae2e 100644 --- a/examples/src/bin/tlsserver-mio.rs +++ b/examples/src/bin/tlsserver-mio.rs @@ -20,7 +20,7 @@ //! [mio]: https://docs.rs/mio/latest/mio/ use std::collections::HashMap; -use std::io::{self, BufReader, Read, Write}; +use std::io::{self, Read, Write}; use std::path::{Path, PathBuf}; use std::sync::Arc; use std::{fs, net}; @@ -29,6 +29,7 @@ use clap::{Parser, Subcommand}; use log::{debug, error}; use mio::net::{TcpListener, TcpStream}; use rustls::crypto::{aws_lc_rs as provider, CryptoProvider}; +use rustls::pki_types::pem::PemObject; use rustls::pki_types::{CertificateDer, CertificateRevocationListDer, PrivateKeyDer}; use rustls::server::WebPkiClientVerifier; use rustls::RootCertStore; @@ -520,31 +521,14 @@ fn lookup_versions(versions: &[String]) -> Vec<&'static rustls::SupportedProtoco } fn load_certs(filename: &Path) -> Vec<CertificateDer<'static>> { - let certfile = fs::File::open(filename).expect("cannot open certificate file"); - let mut reader = BufReader::new(certfile); - rustls_pemfile::certs(&mut reader) + CertificateDer::pem_file_iter(filename) + .expect("cannot open certificate file") .map(|result| result.unwrap()) .collect() } fn load_private_key(filename: &Path) -> PrivateKeyDer<'static> { - let keyfile = fs::File::open(filename).expect("cannot open private key file"); - let mut reader = BufReader::new(keyfile); - - loop { - match rustls_pemfile::read_one(&mut reader).expect("cannot parse private key .pem file") { - Some(rustls_pemfile::Item::Pkcs1Key(key)) => return key.into(), - Some(rustls_pemfile::Item::Pkcs8Key(key)) => return key.into(), - Some(rustls_pemfile::Item::Sec1Key(key)) => return key.into(), - None => break, - _ => {} - } - } - - panic!( - "no keys found in {:?} (encrypted keys not supported)", - filename - ); + PrivateKeyDer::from_pem_file(filename).expect("cannot read private key file") } fn load_ocsp(filename: Option<&Path>) -> Vec<u8> { @@ -565,12 +549,7 @@ fn load_crls( ) -> Vec<CertificateRevocationListDer<'static>> { filenames .map(|filename| { - let mut der = Vec::new(); - fs::File::open(filename) - .expect("cannot open CRL file") - .read_to_end(&mut der) - .unwrap(); - CertificateRevocationListDer::from(der) + CertificateRevocationListDer::from_pem_file(filename).expect("cannot read CRL file") }) .collect() } diff --git a/examples/src/bin/unbuffered-server.rs b/examples/src/bin/unbuffered-server.rs index b5a35d8b..8e0fe339 100644 --- a/examples/src/bin/unbuffered-server.rs +++ b/examples/src/bin/unbuffered-server.rs @@ -3,12 +3,12 @@ use std::env; use std::error::Error; -use std::fs::File; -use std::io::{self, BufReader, Read, Write}; +use std::io::{self, Read, Write}; use std::net::{TcpListener, TcpStream}; use std::path::Path; use std::sync::Arc; +use pki_types::pem::PemObject; use pki_types::{CertificateDer, PrivateKeyDer}; use rustls::server::UnbufferedServerConnection; use rustls::unbuffered::{ @@ -16,7 +16,6 @@ use rustls::unbuffered::{ UnbufferedStatus, }; use rustls::ServerConfig; -use rustls_pemfile::Item; fn main() -> Result<(), Box<dyn Error>> { let mut args = env::args(); @@ -248,24 +247,14 @@ fn send_tls( } fn load_certs(path: impl AsRef<Path>) -> Result<Vec<CertificateDer<'static>>, io::Error> { - let mut reader = BufReader::new(File::open(path)?); - rustls_pemfile::certs(&mut reader).collect() + Ok(CertificateDer::pem_file_iter(path) + .expect("cannot open certificate file") + .map(|cert| cert.unwrap()) + .collect()) } fn load_private_key(path: impl AsRef<Path>) -> Result<PrivateKeyDer<'static>, io::Error> { - let mut reader = BufReader::new(File::open(&path)?); - - loop { - match rustls_pemfile::read_one(&mut reader)? { - Some(Item::Pkcs1Key(key)) => return Ok(key.into()), - Some(Item::Pkcs8Key(key)) => return Ok(key.into()), - Some(Item::Sec1Key(key)) => return Ok(key.into()), - None => break, - _ => continue, - } - } - - panic!("no keys found in {}", path.as_ref().display()) + Ok(PrivateKeyDer::from_pem_file(path).expect("cannot open private key file")) } const KB: usize = 1024; |