Inline extraction of certificate chain & private key

Since both are keying off of the `tls_files` fields, it seems
to make sense to handle both together.
This commit is contained in:
Dirkjan Ochtman 2021-12-01 14:04:46 +01:00 committed by masalachai
parent 8839eb4a11
commit 7ff8547840
1 changed files with 8 additions and 27 deletions

View File

@ -35,9 +35,6 @@
//!
//! // Get EPP service extensions
//! let service_extensions = registry.ext_uris().unwrap();
//!
//! // Get client certificate and private key
//! let tls = registry.tls_files().unwrap();
//! ```
use std::collections::HashMap;
@ -96,31 +93,15 @@ impl EppClientConnection {
}
/// Returns the parsed client certificate and private key for client TLS auth
pub fn tls_files(&self) -> Result<Option<(Vec<Certificate>, PrivateKey)>, Error> {
match (self.client_certificate()?, self.key()?) {
(Some(certificates), Some(key)) => Ok(Some((certificates, key))),
_ => Ok(None),
}
}
/// Parses the client certificate chain
fn client_certificate(&self) -> Result<Option<Vec<Certificate>>, Error> {
let certs_file = match &self.tls_files {
Some(files) => &files.cert_chain,
let (certs_file, key_file) = match &self.tls_files {
Some(files) => (&files.cert_chain, &files.key),
None => return Ok(None),
};
Ok(Some(
rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
let certs = rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
.into_iter()
.map(Certificate)
.collect::<Vec<_>>(),
))
}
/// Parses the client private key
fn key(&self) -> Result<Option<PrivateKey>, Error> {
let key_file = match &self.tls_files {
Some(files) => &files.key,
None => return Ok(None),
};
.collect::<Vec<_>>();
let mut r = BufReader::new(File::open(key_file).unwrap());
@ -128,7 +109,7 @@ impl EppClientConnection {
if rsa_keys.len() > 1 {
warn!("Multiple RSA keys found in PEM file {}", key_file);
} else if let Some(key) = rsa_keys.pop() {
return Ok(Some(rustls::PrivateKey(key)));
return Ok(Some((certs, rustls::PrivateKey(key))));
}
r.seek(SeekFrom::Start(0))?;
@ -137,7 +118,7 @@ impl EppClientConnection {
if pkcs8_keys.len() > 1 {
warn!("Multiple PKCS8 keys found in PEM file {}", key_file);
} else if let Some(key) = pkcs8_keys.pop() {
return Ok(Some(rustls::PrivateKey(key)));
return Ok(Some((certs, rustls::PrivateKey(key))));
}
Err(Error::Other("No private key found in PEM file".to_owned()))