instant-labs
/
instant-epp
mirror of https://github.com/instant-labs/instant-epp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Inline extraction of certificate chain & private key 

Since both are keying off of the `tls_files` fields, it seems
to make sense to handle both together.
This commit is contained in:
Dirkjan Ochtman 2021-12-01 14:04:46 +01:00 committed by masalachai
parent 8839eb4a11
commit 7ff8547840
1 changed files with 8 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
epp-client/src/config.rs
View File

@ -35,9 +35,6 @@
//! //!
//! // Get EPP service extensions //! // Get EPP service extensions
//! let service_extensions = registry.ext_uris().unwrap(); //! let service_extensions = registry.ext_uris().unwrap();
//!
//! // Get client certificate and private key
//! let tls = registry.tls_files().unwrap();
//! ``` //! ```
use std::collections::HashMap; use std::collections::HashMap;
@ -96,31 +93,15 @@ impl EppClientConnection {
} }
/// Returns the parsed client certificate and private key for client TLS auth /// Returns the parsed client certificate and private key for client TLS auth
pub fn tls_files(&self) -> Result<Option<(Vec<Certificate>, PrivateKey)>, Error> { pub fn tls_files(&self) -> Result<Option<(Vec<Certificate>, PrivateKey)>, Error> {
match (self.client_certificate()?, self.key()?) { let (certs_file, key_file) = match &self.tls_files {
(Some(certificates), Some(key)) => Ok(Some((certificates, key))), Some(files) => (&files.cert_chain, &files.key),
_ => Ok(None),
}
}
/// Parses the client certificate chain
fn client_certificate(&self) -> Result<Option<Vec<Certificate>>, Error> {
let certs_file = match &self.tls_files {
Some(files) => &files.cert_chain,
None => return Ok(None), None => return Ok(None),
}; };
Ok(Some( let certs = rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))? .into_iter()
.into_iter() .map(Certificate)
.map(Certificate) .collect::<Vec<_>>();
.collect::<Vec<_>>(),
))
}
/// Parses the client private key
fn key(&self) -> Result<Option<PrivateKey>, Error> {
let key_file = match &self.tls_files {
Some(files) => &files.key,
None => return Ok(None),
};
let mut r = BufReader::new(File::open(key_file).unwrap()); let mut r = BufReader::new(File::open(key_file).unwrap());
@ -128,7 +109,7 @@ impl EppClientConnection {
if rsa_keys.len() > 1 { if rsa_keys.len() > 1 {
warn!("Multiple RSA keys found in PEM file {}", key_file); warn!("Multiple RSA keys found in PEM file {}", key_file);
} else if let Some(key) = rsa_keys.pop() { } else if let Some(key) = rsa_keys.pop() {
return Ok(Some(rustls::PrivateKey(key))); return Ok(Some((certs, rustls::PrivateKey(key))));
} }
r.seek(SeekFrom::Start(0))?; r.seek(SeekFrom::Start(0))?;
@ -137,7 +118,7 @@ impl EppClientConnection {
if pkcs8_keys.len() > 1 { if pkcs8_keys.len() > 1 {
warn!("Multiple PKCS8 keys found in PEM file {}", key_file); warn!("Multiple PKCS8 keys found in PEM file {}", key_file);
} else if let Some(key) = pkcs8_keys.pop() { } else if let Some(key) = pkcs8_keys.pop() {
return Ok(Some(rustls::PrivateKey(key))); return Ok(Some((certs, rustls::PrivateKey(key))));
} }
Err(Error::Other("No private key found in PEM file".to_owned())) Err(Error::Other("No private key found in PEM file".to_owned()))