instant-labs
/
instant-epp
mirror of https://github.com/instant-labs/instant-epp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade to tokio-rustls 0.25

This commit is contained in:
Dirkjan Ochtman 2023-12-11 14:45:15 +01:00
parent 26c4bb4d4c
commit e5ffac17b3
3 changed files with 26 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.toml
View File

@ -9,17 +9,18 @@ repository = "https://github.com/InstantDomain/instant-epp"
[features] [features]
default = ["rustls"] default = ["rustls"]
rustls = ["tokio-rustls", "rustls-native-certs"] rustls = ["tokio-rustls", "rustls-pki-types", "rustls-native-certs"]
[dependencies] [dependencies]
async-trait = "0.1.52" async-trait = "0.1.52"
celes = "2.1" celes = "2.1"
chrono = { version = "0.4.23", features = ["serde"] } chrono = { version = "0.4.23", features = ["serde"] }
instant-xml = { version = "0.4", features = ["chrono"] } instant-xml = { version = "0.4", features = ["chrono"] }
rustls-native-certs = { version = "0.6.3", optional = true } rustls-native-certs = { version = "0.7", optional = true }
rustls-pki-types = { version = "1", optional = true }
serde = { version = "1.0", features = ["derive"] } serde = { version = "1.0", features = ["derive"] }
tokio = { version = "1.0", features = ["io-util", "net", "time"] } tokio = { version = "1.0", features = ["io-util", "net", "time"] }
tokio-rustls = { version = "0.24", optional = true } tokio-rustls = { version = "0.25", optional = true }
tracing = "0.1.29" tracing = "0.1.29"
[dev-dependencies] [dev-dependencies]

42
src/client.rs
View File

@ -1,10 +1,10 @@
use std::time::Duration; use std::time::Duration;
#[cfg(feature = "rustls")]
use rustls_pki_types::{CertificateDer, PrivateKeyDer};
use tracing::{debug, error}; use tracing::{debug, error};
use crate::common::NoExtension; use crate::common::NoExtension;
#[cfg(feature = "rustls")]
use crate::common::{Certificate, PrivateKey};
pub use crate::connection::Connector; pub use crate::connection::Connector;
use crate::connection::EppConnection; use crate::connection::EppConnection;
use crate::error::Error; use crate::error::Error;
@ -82,7 +82,7 @@ impl EppClient<RustlsConnector> {
pub async fn connect( pub async fn connect(
registry: String, registry: String,
server: (String, u16), server: (String, u16),
identity: Option<(Vec<Certificate>, PrivateKey)>, identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
timeout: Duration, timeout: Duration,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
let connector = RustlsConnector::new(server, identity).await?; let connector = RustlsConnector::new(server, identity).await?;
@ -215,60 +215,52 @@ mod rustls_connector {
use std::time::Duration; use std::time::Duration;
use async_trait::async_trait; use async_trait::async_trait;
use rustls_pki_types::{CertificateDer, PrivateKeyDer, ServerName};
use tokio::net::lookup_host; use tokio::net::lookup_host;
use tokio::net::TcpStream; use tokio::net::TcpStream;
use tokio_rustls::client::TlsStream; use tokio_rustls::client::TlsStream;
use tokio_rustls::rustls::{ClientConfig, RootCertStore, ServerName}; use tokio_rustls::rustls::{ClientConfig, RootCertStore};
use tokio_rustls::TlsConnector; use tokio_rustls::TlsConnector;
use tracing::info; use tracing::info;
use crate::common::{Certificate, PrivateKey};
use crate::connection::{self, Connector}; use crate::connection::{self, Connector};
use crate::error::Error; use crate::error::Error;
pub struct RustlsConnector { pub struct RustlsConnector {
inner: TlsConnector, inner: TlsConnector,
domain: ServerName, domain: ServerName<'static>,
server: (String, u16), server: (String, u16),
} }
impl RustlsConnector { impl RustlsConnector {
pub async fn new( pub async fn new(
server: (String, u16), server: (String, u16),
identity: Option<(Vec<Certificate>, PrivateKey)>, identity: Option<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>)>,
) -> Result<Self, Error> { ) -> Result<Self, Error> {
let mut roots = RootCertStore::empty(); let mut roots = RootCertStore::empty();
for cert in rustls_native_certs::load_native_certs()? { for cert in rustls_native_certs::load_native_certs()? {
roots roots.add(cert).map_err(|err| {
.add(&tokio_rustls::rustls::Certificate(cert.0))
.map_err(|err| {
Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static> Box::new(err) as Box<dyn std::error::Error + Send + Sync + 'static>
})?; })?;
} }
let builder = ClientConfig::builder() let builder = ClientConfig::builder().with_root_certificates(roots);
.with_safe_defaults()
.with_root_certificates(roots);
let config = match identity { let config = match identity {
Some((certs, key)) => { Some((certs, key)) => builder
let certs = certs .with_client_auth_cert(certs, key)
.into_iter() .map_err(|e| Error::Other(e.into()))?,
.map(|cert| tokio_rustls::rustls::Certificate(cert.0))
.collect();
builder
.with_client_auth_cert(certs, tokio_rustls::rustls::PrivateKey(key.0))
.map_err(|e| Error::Other(e.into()))?
}
None => builder.with_no_client_auth(), None => builder.with_no_client_auth(),
}; };
let domain = server.0.as_str().try_into().map_err(|_| { let domain = ServerName::try_from(server.0.as_str())
.map_err(|_| {
io::Error::new( io::Error::new(
io::ErrorKind::InvalidInput, io::ErrorKind::InvalidInput,
format!("Invalid domain: {}", server.0), format!("invalid domain: {}", server.0),
) )
})?; })?
.to_owned();
Ok(Self { Ok(Self {
inner: TlsConnector::from(Arc::new(config)), inner: TlsConnector::from(Arc::new(config)),

10
src/common.rs
View File

@ -72,13 +72,3 @@ pub struct Services<'a> {
#[xml(rename = "svcExtension")] #[xml(rename = "svcExtension")]
pub svc_ext: Option<ServiceExtension<'a>>, pub svc_ext: Option<ServiceExtension<'a>>,
} }
/// This type contains a single DER-encoded X.509 certificate.
///
/// The rustls-pemfile crate can be used to parse a PEM file.
pub struct Certificate(pub Vec<u8>);
/// This type contains a DER-encoded ASN.1 private key in PKCS#8 or PKCS#1 format.
///
/// The rustls-pemfile crate can be used to parse a PEM file in these formats.
pub struct PrivateKey(pub Vec<u8>);