pierre/tcp-over-http
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add new test for invalid TLS configuration

Browse Source
This commit is contained in:
Pierre HUBERT
2022-09-02 10:18:20 +02:00
parent 40c1bfc938
commit 54214a3308
9 changed files with 181 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/tcp_relay_server/mod.rs
View File

@ -3,7 +3,7 @@ use std::sync::Arc;
use actix_web::web::Data;
use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
use crate::base::err_utils::encpasulate_error;
use crate::base::err_utils::{encpasulate_error, new_err};
use crate::base::{cert_utils, RelayedPort};
use crate::tcp_relay_server::relay_ws::relay_ws;
use crate::tcp_relay_server::server_config::ServerConfig;
@ -47,8 +47,7 @@ pub async fn config_route(req: HttpRequest, data: Data<Arc<ServerConfig>>) -> im
pub async fn run_app(mut config: ServerConfig) -> std::io::Result<()> {
// Check if no port are to be forwarded
if config.ports.is_empty() {
log::error!("No port to forward!");
std::process::exit(2);
return Err(new_err("No port to forward!"));
}
// Read tokens from file, if any
@ -61,13 +60,17 @@ pub async fn run_app(mut config: ServerConfig) -> std::io::Result<()> {
}
if !config.has_auth() {
log::error!("No authentication method specified!");
std::process::exit(3);
return Err(new_err("No authentication method specified!"));
}
if config.tls_cert.is_some() != config.tls_key.is_some() {
return Err(new_err("Incomplete server TLS configuration!"));
}
if config.has_tls_client_auth() && !config.has_tls_config() {
log::error!("Cannot provide client auth without TLS configuration!");
panic!();
return Err(new_err(
"Cannot provide client auth without TLS configuration!",
));
}
let args = Arc::new(config);
@ -75,16 +78,18 @@ pub async fn run_app(mut config: ServerConfig) -> std::io::Result<()> {
// Load TLS configuration, if any
let tls_config = if let (Some(cert), Some(key)) = (&args.tls_cert, &args.tls_key) {
// Load TLS certificate & private key
let cert_file = std::fs::read(cert).expect("Failed to read certificate file");
let key_file = std::fs::read(key).expect("Failed to read server private key");
let cert_file = std::fs::read(cert)
.map_err(|e| encpasulate_error(e, "Failed to read certificate file"))?;
let key_file = std::fs::read(key)
.map_err(|e| encpasulate_error(e, "Failed to read server private key"))?;
// Get certificates chain
let cert_chain =
cert_utils::parse_pem_certificates(&cert_file).expect("Failed to extract certificates");
let cert_chain = cert_utils::parse_pem_certificates(&cert_file)
.map_err(|e| encpasulate_error(e, "Failed to extract certificates"))?;
// Get private key
let key =
cert_utils::parse_pem_private_key(&key_file).expect("Failed to extract private key!");
let key = cert_utils::parse_pem_private_key(&key_file)
.map_err(|e| encpasulate_error(e, "Failed to extract private key!"))?;
let config = rustls::ServerConfig::builder().with_safe_defaults();