Inline extraction of certificate chain & private key
Since both are keying off of the `tls_files` fields, it seems to make sense to handle both together.
This commit is contained in:
parent
8839eb4a11
commit
7ff8547840
|
@ -35,9 +35,6 @@
|
||||||
//!
|
//!
|
||||||
//! // Get EPP service extensions
|
//! // Get EPP service extensions
|
||||||
//! let service_extensions = registry.ext_uris().unwrap();
|
//! let service_extensions = registry.ext_uris().unwrap();
|
||||||
//!
|
|
||||||
//! // Get client certificate and private key
|
|
||||||
//! let tls = registry.tls_files().unwrap();
|
|
||||||
//! ```
|
//! ```
|
||||||
|
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
@ -96,31 +93,15 @@ impl EppClientConnection {
|
||||||
}
|
}
|
||||||
/// Returns the parsed client certificate and private key for client TLS auth
|
/// Returns the parsed client certificate and private key for client TLS auth
|
||||||
pub fn tls_files(&self) -> Result<Option<(Vec<Certificate>, PrivateKey)>, Error> {
|
pub fn tls_files(&self) -> Result<Option<(Vec<Certificate>, PrivateKey)>, Error> {
|
||||||
match (self.client_certificate()?, self.key()?) {
|
let (certs_file, key_file) = match &self.tls_files {
|
||||||
(Some(certificates), Some(key)) => Ok(Some((certificates, key))),
|
Some(files) => (&files.cert_chain, &files.key),
|
||||||
_ => Ok(None),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/// Parses the client certificate chain
|
|
||||||
fn client_certificate(&self) -> Result<Option<Vec<Certificate>>, Error> {
|
|
||||||
let certs_file = match &self.tls_files {
|
|
||||||
Some(files) => &files.cert_chain,
|
|
||||||
None => return Ok(None),
|
None => return Ok(None),
|
||||||
};
|
};
|
||||||
|
|
||||||
Ok(Some(
|
let certs = rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
|
||||||
rustls_pemfile::certs(&mut BufReader::new(File::open(certs_file)?))?
|
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.map(Certificate)
|
.map(Certificate)
|
||||||
.collect::<Vec<_>>(),
|
.collect::<Vec<_>>();
|
||||||
))
|
|
||||||
}
|
|
||||||
/// Parses the client private key
|
|
||||||
fn key(&self) -> Result<Option<PrivateKey>, Error> {
|
|
||||||
let key_file = match &self.tls_files {
|
|
||||||
Some(files) => &files.key,
|
|
||||||
None => return Ok(None),
|
|
||||||
};
|
|
||||||
|
|
||||||
let mut r = BufReader::new(File::open(key_file).unwrap());
|
let mut r = BufReader::new(File::open(key_file).unwrap());
|
||||||
|
|
||||||
|
@ -128,7 +109,7 @@ impl EppClientConnection {
|
||||||
if rsa_keys.len() > 1 {
|
if rsa_keys.len() > 1 {
|
||||||
warn!("Multiple RSA keys found in PEM file {}", key_file);
|
warn!("Multiple RSA keys found in PEM file {}", key_file);
|
||||||
} else if let Some(key) = rsa_keys.pop() {
|
} else if let Some(key) = rsa_keys.pop() {
|
||||||
return Ok(Some(rustls::PrivateKey(key)));
|
return Ok(Some((certs, rustls::PrivateKey(key))));
|
||||||
}
|
}
|
||||||
|
|
||||||
r.seek(SeekFrom::Start(0))?;
|
r.seek(SeekFrom::Start(0))?;
|
||||||
|
@ -137,7 +118,7 @@ impl EppClientConnection {
|
||||||
if pkcs8_keys.len() > 1 {
|
if pkcs8_keys.len() > 1 {
|
||||||
warn!("Multiple PKCS8 keys found in PEM file {}", key_file);
|
warn!("Multiple PKCS8 keys found in PEM file {}", key_file);
|
||||||
} else if let Some(key) = pkcs8_keys.pop() {
|
} else if let Some(key) = pkcs8_keys.pop() {
|
||||||
return Ok(Some(rustls::PrivateKey(key)));
|
return Ok(Some((certs, rustls::PrivateKey(key))));
|
||||||
}
|
}
|
||||||
|
|
||||||
Err(Error::Other("No private key found in PEM file".to_owned()))
|
Err(Error::Other("No private key found in PEM file".to_owned()))
|
||||||
|
|
Loading…
Reference in New Issue