bogo: switch to pki-types pem decoding

Inline functions that became ~trivial.

3 files changed, 19 insertions, 28 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 5d857fbc..8d204bd8 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -461,7 +461,6 @@ dependencies = [
  "base64",
  "env_logger",
  "rustls 0.23.13",
- "rustls-pemfile",
  "rustls-pki-types",
  "rustls-post-quantum",
 ]
diff --git a/bogo/Cargo.toml b/bogo/Cargo.toml
index f7e6df45..317c2868 100644
--- a/bogo/Cargo.toml
+++ b/bogo/Cargo.toml
@@ -6,7 +6,6 @@ edition = "2021"
 [dependencies]
 base64 = "0.22"
 env_logger = "0.10" # 0.11 requires 1.71 MSRV even as a dev-dep (due to manifest features)
-pki-types = { package = "rustls-pki-types", version = "1.7" }
+pki-types = { package = "rustls-pki-types", version = "1.9", features = ["std"] }
 rustls = { path = "../rustls", features = ["aws_lc_rs", "fips", "ring", "tls12"] }
-rustls-pemfile = "2"
 rustls-post-quantum = { path = "../rustls-post-quantum" }
diff --git a/bogo/src/main.rs b/bogo/src/main.rs
index 940f181f..cbdf9a08 100644
--- a/bogo/src/main.rs
+++ b/bogo/src/main.rs
@@ -5,11 +5,12 @@
 //
 
 use std::fmt::{Debug, Formatter};
-use std::io::{self, BufReader, Read, Write};
+use std::io::{self, Read, Write};
 use std::sync::Arc;
-use std::{env, fs, net, process, thread, time};
+use std::{env, net, process, thread, time};
 
 use base64::prelude::{Engine, BASE64_STANDARD};
+use pki_types::pem::PemObject;
 use pki_types::{CertificateDer, PrivateKeyDer, ServerName, UnixTime};
 use rustls::client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier};
 use rustls::client::{
@@ -263,24 +264,6 @@ impl SelectedProvider {
     }
 }
 
-fn load_cert(filename: &str) -> Vec<CertificateDer<'static>> {
-    let certfile = fs::File::open(filename).expect("cannot open certificate file");
-    let mut reader = BufReader::new(certfile);
-    rustls_pemfile::certs(&mut reader)
-        .map(|result| result.unwrap())
-        .collect()
-}
-
-fn load_key(filename: &str) -> PrivateKeyDer<'static> {
-    let keyfile = fs::File::open(filename).expect("cannot open private key file");
-    let mut reader = BufReader::new(keyfile);
-    let mut keys = rustls_pemfile::pkcs8_private_keys(&mut reader)
-        .map(|result| result.unwrap())
-        .collect::<Vec<_>>();
-    assert!(keys.len() == 1);
-    keys.pop().unwrap().into()
-}
-
 fn load_root_certs(filename: &str) -> Arc<RootCertStore> {
     let mut roots = RootCertStore::empty();
 
@@ -295,7 +278,11 @@ fn load_root_certs(filename: &str) -> Arc<RootCertStore> {
         filename => filename,
     };
 
-    roots.add_parsable_certificates(load_cert(filename));
+    roots.add_parsable_certificates(
+        CertificateDer::pem_file_iter(filename)
+            .unwrap()
+            .map(|item| item.unwrap()),
+    );
     Arc::new(roots)
 }
 
@@ -611,8 +598,11 @@ fn make_server_cfg(opts: &Options) -> Arc<ServerConfig> {
             server::WebPkiClientVerifier::no_client_auth()
         };
 
-    let cert = load_cert(&opts.cert_file);
-    let key = load_key(&opts.key_file);
+    let cert = CertificateDer::pem_file_iter(&opts.cert_file)
+        .unwrap()
+        .map(|cert| cert.unwrap())
+        .collect::<Vec<_>>();
+    let key = PrivateKeyDer::from_pem_file(&opts.key_file).unwrap();
 
     let mut provider = opts.provider.clone();
 
@@ -795,8 +785,11 @@ fn make_client_cfg(opts: &Options) -> Arc<ClientConfig> {
         .with_custom_certificate_verifier(Arc::new(DummyServerAuth::new(&opts.trusted_cert_file)));
 
     let mut cfg = if !opts.cert_file.is_empty() && !opts.key_file.is_empty() {
-        let cert = load_cert(&opts.cert_file);
-        let key = load_key(&opts.key_file);
+        let cert = CertificateDer::pem_file_iter(&opts.cert_file)
+            .unwrap()
+            .map(|item| item.unwrap())
+            .collect();
+        let key = PrivateKeyDer::from_pem_file(&opts.key_file).unwrap();
         cfg.with_client_auth_cert(cert, key)
             .unwrap()
     } else {