diff options
author | Joe Birr-Pixton <jpixton@gmail.com> | 2024-09-30 11:19:55 +0100 |
---|---|---|
committer | Joe Birr-Pixton <jpixton@gmail.com> | 2024-10-01 17:09:38 +0000 |
commit | e8bbcd0ef41443bb73be63a1bc807b44128f78bf (patch) | |
tree | 6e826c5cf8a88f89851cb9c24a946237dc4f0294 | |
parent | df96abda886db90bf22c0a4966f85ff58123beab (diff) |
bogo: switch to pki-types pem decoding
Inline functions that became ~trivial.
-rw-r--r-- | Cargo.lock | 1 | ||||
-rw-r--r-- | bogo/Cargo.toml | 3 | ||||
-rw-r--r-- | bogo/src/main.rs | 43 |
3 files changed, 19 insertions, 28 deletions
@@ -461,7 +461,6 @@ dependencies = [ "base64", "env_logger", "rustls 0.23.13", - "rustls-pemfile", "rustls-pki-types", "rustls-post-quantum", ] diff --git a/bogo/Cargo.toml b/bogo/Cargo.toml index f7e6df45..317c2868 100644 --- a/bogo/Cargo.toml +++ b/bogo/Cargo.toml @@ -6,7 +6,6 @@ edition = "2021" [dependencies] base64 = "0.22" env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features) -pki-types = { package = "rustls-pki-types", version = "1.7" } +pki-types = { package = "rustls-pki-types", version = "1.9", features = ["std"] } rustls = { path = "../rustls", features = ["aws_lc_rs", "fips", "ring", "tls12"] } -rustls-pemfile = "2" rustls-post-quantum = { path = "../rustls-post-quantum" } diff --git a/bogo/src/main.rs b/bogo/src/main.rs index 940f181f..cbdf9a08 100644 --- a/bogo/src/main.rs +++ b/bogo/src/main.rs @@ -5,11 +5,12 @@ // use std::fmt::{Debug, Formatter}; -use std::io::{self, BufReader, Read, Write}; +use std::io::{self, Read, Write}; use std::sync::Arc; -use std::{env, fs, net, process, thread, time}; +use std::{env, net, process, thread, time}; use base64::prelude::{Engine, BASE64_STANDARD}; +use pki_types::pem::PemObject; use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime}; use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}; use rustls::client::{ @@ -263,24 +264,6 @@ impl SelectedProvider { } } -fn load_cert(filename: &str) -> Vec<CertificateDer<'static>> { - let certfile = fs::File::open(filename).expect("cannot open certificate file"); - let mut reader = BufReader::new(certfile); - rustls_pemfile::certs(&mut reader) - .map(|result| result.unwrap()) - .collect() -} - -fn load_key(filename: &str) -> PrivateKeyDer<'static> { - let keyfile = fs::File::open(filename).expect("cannot open private key file"); - let mut reader = BufReader::new(keyfile); - let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader) - .map(|result| result.unwrap()) - .collect::<Vec<_>>(); - assert!(keys.len() == 1); - keys.pop().unwrap().into() -} - fn load_root_certs(filename: &str) -> Arc<RootCertStore> { let mut roots = RootCertStore::empty(); @@ -295,7 +278,11 @@ fn load_root_certs(filename: &str) -> Arc<RootCertStore> { filename => filename, }; - roots.add_parsable_certificates(load_cert(filename)); + roots.add_parsable_certificates( + CertificateDer::pem_file_iter(filename) + .unwrap() + .map(|item| item.unwrap()), + ); Arc::new(roots) } @@ -611,8 +598,11 @@ fn make_server_cfg(opts: &Options) -> Arc<ServerConfig> { server::WebPkiClientVerifier::no_client_auth() }; - let cert = load_cert(&opts.cert_file); - let key = load_key(&opts.key_file); + let cert = CertificateDer::pem_file_iter(&opts.cert_file) + .unwrap() + .map(|cert| cert.unwrap()) + .collect::<Vec<_>>(); + let key = PrivateKeyDer::from_pem_file(&opts.key_file).unwrap(); let mut provider = opts.provider.clone(); @@ -795,8 +785,11 @@ fn make_client_cfg(opts: &Options) -> Arc<ClientConfig> { .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new(&opts.trusted_cert_file))); let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() { - let cert = load_cert(&opts.cert_file); - let key = load_key(&opts.key_file); + let cert = CertificateDer::pem_file_iter(&opts.cert_file) + .unwrap() + .map(|item| item.unwrap()) + .collect(); + let key = PrivateKeyDer::from_pem_file(&opts.key_file).unwrap(); cfg.with_client_auth_cert(cert, key) .unwrap() } else { |