moparisthebest/xmpp-proxy
1
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

Read private keys with any headers

Browse Source
This commit is contained in:
Travis Burtrum 2022-07-14 01:20:38 -04:00
parent 5e38d437a9
commit ca4dce14fd
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/main.rs
View File

@ -19,9 +19,11 @@ use tokio::net::TcpListener;
use tokio::task::JoinHandle; use tokio::task::JoinHandle;
#[cfg(feature = "rustls")] #[cfg(feature = "rustls")]
use rustls::{Certificate, ClientConfig, PrivateKey, ServerConfig}; use rustls::{
#[cfg(feature = "rustls-pemfile")] sign::{CertifiedKey, RsaSigningKey, SigningKey},
use rustls_pemfile::{certs, pkcs8_private_keys}; Certificate, ClientConfig, PrivateKey, ServerConfig, SignatureScheme,
};
#[cfg(feature = "tokio-rustls")] #[cfg(feature = "tokio-rustls")]
use tokio_rustls::{ use tokio_rustls::{
webpki::{DnsNameRef, TlsServerTrustAnchors, TrustAnchor}, webpki::{DnsNameRef, TlsServerTrustAnchors, TrustAnchor},
@ -29,8 +31,6 @@ use tokio_rustls::{
}; };
use anyhow::{anyhow, bail, Result}; use anyhow::{anyhow, bail, Result};
use rustls::sign::CertifiedKey;
use rustls::SignatureScheme;
mod slicesubsequence; mod slicesubsequence;
use slicesubsequence::*; use slicesubsequence::*;
@ -214,21 +214,26 @@ impl Config {
} }
} }
#[cfg(any(feature = "outgoing", feature = "incoming"))] #[cfg(feature = "rustls-pemfile")]
fn certs_key(&self) -> Result<rustls::sign::CertifiedKey> { fn certs_key(&self) -> Result<rustls::sign::CertifiedKey> {
let mut tls_key: Vec<PrivateKey> = pkcs8_private_keys(&mut BufReader::new(File::open(&self.tls_key)?)) use rustls_pemfile::{certs, read_all, Item};
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
.map(|mut keys| keys.drain(..).map(PrivateKey).collect())?; let tls_key = read_all(&mut BufReader::new(File::open(&self.tls_key)?))
if tls_key.is_empty() { .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))?
bail!("invalid key"); .into_iter()
} .flat_map(|item| match item {
let tls_key = tls_key.remove(0); Item::RSAKey(der) => RsaSigningKey::new(&PrivateKey(der)).ok().map(Arc::new).map(|r| r as Arc<dyn SigningKey>),
Item::PKCS8Key(der) => rustls::sign::any_supported_type(&PrivateKey(der)).ok(),
Item::ECKey(der) => rustls::sign::any_supported_type(&PrivateKey(der)).ok(),
_ => None,
})
.next()
.ok_or_else(|| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))?;
let tls_certs = certs(&mut BufReader::new(File::open(&self.tls_cert)?)) let tls_certs = certs(&mut BufReader::new(File::open(&self.tls_cert)?))
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert")) .map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
.map(|mut certs| certs.drain(..).map(Certificate).collect())?; .map(|mut certs| certs.drain(..).map(Certificate).collect())?;
let tls_key = rustls::sign::any_supported_type(&tls_key)?;
Ok(rustls::sign::CertifiedKey::new(tls_certs, tls_key)) Ok(rustls::sign::CertifiedKey::new(tls_certs, tls_key))
} }