Move client certificate setup into epp_connect()

2021-12-01 14:15:08 +01:00 · 2021-12-01 14:15:08 +01:00 · d1cf43af46
parent 7ff8547840
commit d1cf43af46
2 changed files with 42 additions and 44 deletions
--- a/epp-client/src/config.rs
+++ b/epp-client/src/config.rs
@ -38,15 +38,9 @@
 //! ```

 use std::collections::HashMap;
-use std::fs::File;
-use std::io::{BufReader, Seek, SeekFrom};

-use rustls::{Certificate, PrivateKey};
-use rustls_pemfile;
 use serde::{Deserialize, Serialize};

-use crate::error::Error;
-
 /// Paths to the client certificate and client key PEM files
 #[derive(Serialize, Deserialize, Debug)]
 pub struct EppClientTlsFiles {
@ -91,36 +85,4 @@ impl EppClientConnection {
    pub fn ext_uris(&self) -> Option<&Vec<String>> {
        self.ext_uris.as_ref()
    }
-    /// Returns the parsed client certificate and private key for client TLS auth
-    pub fn tls_files(&self) -> Result<Option<(Vec<Certificate>, PrivateKey)>, Error> {
-        let (certs_file, key_file) = match &self.tls_files {
-            Some(files) => (&files.cert_chain, &files.key),
-            None => return Ok(None),
-        };
-
-        let certs = rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
-            .into_iter()
-            .map(Certificate)
-            .collect::<Vec<_>>();
-
-        let mut r = BufReader::new(File::open(key_file).unwrap());
-
-        let mut rsa_keys = rustls_pemfile::rsa_private_keys(&mut r).unwrap();
-        if rsa_keys.len() > 1 {
-            warn!("Multiple RSA keys found in PEM file {}", key_file);
-        } else if let Some(key) = rsa_keys.pop() {
-            return Ok(Some((certs, rustls::PrivateKey(key))));
-        }
-
-        r.seek(SeekFrom::Start(0))?;
-
-        let mut pkcs8_keys = rustls_pemfile::pkcs8_private_keys(&mut r).unwrap();
-        if pkcs8_keys.len() > 1 {
-            warn!("Multiple PKCS8 keys found in PEM file {}", key_file);
-        } else if let Some(key) = pkcs8_keys.pop() {
-            return Ok(Some((certs, rustls::PrivateKey(key))));
-        }
-
-        Err(Error::Other("No private key found in PEM file".to_owned()))
-    }
 }
--- a/epp-client/src/connection/registry.rs
+++ b/epp-client/src/connection/registry.rs
@ -1,10 +1,15 @@
 //! Manages registry connections and reading/writing to them

-use rustls::{OwnedTrustAnchor, RootCertStore};
 use std::convert::TryInto;
+use std::fs::File;
+use std::io::{BufReader, Seek, SeekFrom};
 use std::sync::Arc;
 use std::{error::Error, io as stdio, net::ToSocketAddrs};
 use std::{io, str, u32};
+
+use rustls::{Certificate, PrivateKey};
+use rustls::{OwnedTrustAnchor, RootCertStore};
+use rustls_pemfile;
 use tokio::{io::AsyncReadExt, io::AsyncWriteExt, net::TcpStream};
 use tokio_rustls::{client::TlsStream, rustls::ClientConfig, TlsConnector};

@ -137,11 +142,42 @@ pub async fn epp_connect(
        .with_safe_defaults()
        .with_root_certificates(roots);

-    let config = match registry_creds.tls_files()? {
-        Some((cert_chain, key)) => match builder.with_single_cert(cert_chain, key) {
-            Ok(config) => config,
-            Err(e) => return Err(format!("Failed to set client TLS credentials: {}", e).into()),
-        },
+    let config = match &registry_creds.tls_files {
+        Some(files) => {
+            let (certs_file, key_file) = (&files.cert_chain, &files.key);
+            let certs = rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
+                .into_iter()
+                .map(Certificate)
+                .collect::<Vec<_>>();
+
+            let mut key;
+            let mut r = BufReader::new(File::open(key_file).unwrap());
+            let mut rsa_keys = rustls_pemfile::rsa_private_keys(&mut r).unwrap();
+            if rsa_keys.len() > 1 {
+                warn!("Multiple RSA keys found in PEM file {}", key_file);
+            }
+            key = rsa_keys.pop();
+
+            if key.is_none() {
+                r.seek(SeekFrom::Start(0))?;
+                let mut pkcs8_keys = rustls_pemfile::pkcs8_private_keys(&mut r).unwrap();
+                if pkcs8_keys.len() > 1 {
+                    warn!("Multiple PKCS8 keys found in PEM file {}", key_file);
+                }
+                key = pkcs8_keys.pop();
+            }
+
+            match key {
+                Some(key) => builder
+                    .with_single_cert(certs, PrivateKey(key))
+                    .map_err(|e| error::Error::Other(e.to_string()))?,
+                None => {
+                    return Err(error::Error::Other(
+                        "No private key found in PEM file".to_owned(),
+                    ))
+                }
+            }
+        }
        None => builder.with_no_client_auth(),
    };