From e5ffac17b30dd191c7d69e40d16009402ef18055 Mon Sep 17 00:00:00 2001
From: Dirkjan Ochtman <dirkjan@ochtman.nl>
Date: Mon, 11 Dec 2023 14:45:15 +0100
Subject: [PATCH] Upgrade to tokio-rustls 0.25

---
 Cargo.toml    |  7 ++++---
 src/client.rs | 52 ++++++++++++++++++++++-----------------------------
 src/common.rs | 10 ----------
 3 files changed, 26 insertions(+), 43 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index bf11b18..6113456 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,17 +9,18 @@ repository = "https://github.com/InstantDomain/instant-epp"
 
 [features]
 default = ["rustls"]
-rustls = ["tokio-rustls", "rustls-native-certs"]
+rustls = ["tokio-rustls", "rustls-pki-types", "rustls-native-certs"]
 
 [dependencies]
 async-trait = "0.1.52"
 celes = "2.1"
 chrono = { version = "0.4.23", features = ["serde"] }
 instant-xml = { version = "0.4", features = ["chrono"] }
-rustls-native-certs = { version = "0.6.3", optional = true }
+rustls-native-certs = { version = "0.7", optional = true }
+rustls-pki-types = { version = "1", optional = true }
 serde = { version = "1.0", features = ["derive"] }
 tokio = { version = "1.0", features = ["io-util", "net", "time"] }
-tokio-rustls = { version = "0.24", optional = true }
+tokio-rustls = { version = "0.25", optional = true }
 tracing = "0.1.29"
 
 [dev-dependencies]
diff --git a/src/client.rs b/src/client.rs
index 188a390..f85921a 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -1,10 +1,10 @@
 use std::time::Duration;
 
+#[cfg(feature = "rustls")]
+use rustls_pki_types::{CertificateDer, PrivateKeyDer};
 use tracing::{debug, error};
 
 use crate::common::NoExtension;
-#[cfg(feature = "rustls")]
-use crate::common::{Certificate, PrivateKey};
 pub use crate::connection::Connector;
 use crate::connection::EppConnection;
 use crate::error::Error;
@@ -82,7 +82,7 @@ impl EppClient<RustlsConnector> {
     pub async fn connect(
         registry: String,
         server: (String, u16),
-        identity: Option<(Vec<Certificate>, PrivateKey)>,
+        identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
         timeout: Duration,
     ) -> Result<Self, Error> {
         let connector = RustlsConnector::new(server, identity).await?;
@@ -215,60 +215,52 @@ mod rustls_connector {
     use std::time::Duration;
 
     use async_trait::async_trait;
+    use rustls_pki_types::{CertificateDer, PrivateKeyDer, ServerName};
     use tokio::net::lookup_host;
     use tokio::net::TcpStream;
     use tokio_rustls::client::TlsStream;
-    use tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName};
+    use tokio_rustls::rustls::{ClientConfig, RootCertStore};
     use tokio_rustls::TlsConnector;
     use tracing::info;
 
-    use crate::common::{Certificate, PrivateKey};
     use crate::connection::{self, Connector};
     use crate::error::Error;
 
     pub struct RustlsConnector {
         inner: TlsConnector,
-        domain: ServerName,
+        domain: ServerName<'static>,
         server: (String, u16),
     }
 
     impl RustlsConnector {
         pub async fn new(
             server: (String, u16),
-            identity: Option<(Vec<Certificate>, PrivateKey)>,
+            identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
         ) -> Result<Self, Error> {
             let mut roots = RootCertStore::empty();
             for cert in rustls_native_certs::load_native_certs()? {
-                roots
-                    .add(&tokio_rustls::rustls::Certificate(cert.0))
-                    .map_err(|err| {
-                        Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
-                    })?;
+                roots.add(cert).map_err(|err| {
+                    Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
+                })?;
             }
 
-            let builder = ClientConfig::builder()
-                .with_safe_defaults()
-                .with_root_certificates(roots);
+            let builder = ClientConfig::builder().with_root_certificates(roots);
 
             let config = match identity {
-                Some((certs, key)) => {
-                    let certs = certs
-                        .into_iter()
-                        .map(|cert| tokio_rustls::rustls::Certificate(cert.0))
-                        .collect();
-                    builder
-                        .with_client_auth_cert(certs, tokio_rustls::rustls::PrivateKey(key.0))
-                        .map_err(|e| Error::Other(e.into()))?
-                }
+                Some((certs, key)) => builder
+                    .with_client_auth_cert(certs, key)
+                    .map_err(|e| Error::Other(e.into()))?,
                 None => builder.with_no_client_auth(),
             };
 
-            let domain = server.0.as_str().try_into().map_err(|_| {
-                io::Error::new(
-                    io::ErrorKind::InvalidInput,
-                    format!("Invalid domain: {}", server.0),
-                )
-            })?;
+            let domain = ServerName::try_from(server.0.as_str())
+                .map_err(|_| {
+                    io::Error::new(
+                        io::ErrorKind::InvalidInput,
+                        format!("invalid domain: {}", server.0),
+                    )
+                })?
+                .to_owned();
 
             Ok(Self {
                 inner: TlsConnector::from(Arc::new(config)),
diff --git a/src/common.rs b/src/common.rs
index c05aa04..ed95339 100644
--- a/src/common.rs
+++ b/src/common.rs
@@ -72,13 +72,3 @@ pub struct Services<'a> {
     #[xml(rename = "svcExtension")]
     pub svc_ext: Option<ServiceExtension<'a>>,
 }
-
-/// This type contains a single DER-encoded X.509 certificate.
-///
-/// The rustls-pemfile crate can be used to parse a PEM file.
-pub struct Certificate(pub Vec<u8>);
-
-/// This type contains a DER-encoded ASN.1 private key in PKCS#8 or PKCS#1 format.
-///
-/// The rustls-pemfile crate can be used to parse a PEM file in these formats.
-pub struct PrivateKey(pub Vec<u8>);