Remove redundant code
This commit is contained in:
parent
3cbbd72a14
commit
c063cdcef6
4
Cargo.lock
generated
4
Cargo.lock
generated
@ -315,6 +315,8 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
|
|||||||
name = "base"
|
name = "base"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
|
"rustls",
|
||||||
|
"rustls-pemfile",
|
||||||
"serde",
|
"serde",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -1574,7 +1576,6 @@ dependencies = [
|
|||||||
"log",
|
"log",
|
||||||
"reqwest",
|
"reqwest",
|
||||||
"rustls",
|
"rustls",
|
||||||
"rustls-pemfile",
|
|
||||||
"tokio",
|
"tokio",
|
||||||
"tokio-tungstenite",
|
"tokio-tungstenite",
|
||||||
"urlencoding",
|
"urlencoding",
|
||||||
@ -1594,7 +1595,6 @@ dependencies = [
|
|||||||
"futures",
|
"futures",
|
||||||
"log",
|
"log",
|
||||||
"rustls",
|
"rustls",
|
||||||
"rustls-pemfile",
|
|
||||||
"serde",
|
"serde",
|
||||||
"tokio",
|
"tokio",
|
||||||
"webpki",
|
"webpki",
|
||||||
|
@ -5,3 +5,5 @@ edition = "2021"
|
|||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
serde = { version = "1.0.144", features = ["derive"] }
|
serde = { version = "1.0.144", features = ["derive"] }
|
||||||
|
rustls-pemfile = "1.0.1"
|
||||||
|
rustls = "0.20.6"
|
37
base/src/cert_utils.rs
Normal file
37
base/src/cert_utils.rs
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
use std::error::Error;
|
||||||
|
use std::io::{Cursor, ErrorKind};
|
||||||
|
|
||||||
|
use rustls::{Certificate, PrivateKey};
|
||||||
|
use rustls_pemfile::{read_one, Item};
|
||||||
|
|
||||||
|
/// Parse PEM certificates bytes into a [`rustls::Certificate`] structure
|
||||||
|
pub fn parse_pem_certificates(certs: &[u8]) -> Result<Vec<Certificate>, Box<dyn Error>> {
|
||||||
|
Ok(rustls_pemfile::certs(&mut Cursor::new(certs))?
|
||||||
|
.into_iter()
|
||||||
|
.map(Certificate)
|
||||||
|
.collect())
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Parse PEM private key bytes into a [`rustls::PrivateKey`] structure
|
||||||
|
pub fn parse_pem_private_key(privkey: &[u8]) -> Result<PrivateKey, Box<dyn Error>> {
|
||||||
|
let key = match read_one(&mut Cursor::new(privkey))? {
|
||||||
|
None => {
|
||||||
|
Err(std::io::Error::new(
|
||||||
|
ErrorKind::Other,
|
||||||
|
"Failed to extract private key!",
|
||||||
|
))?;
|
||||||
|
unreachable!()
|
||||||
|
}
|
||||||
|
Some(Item::PKCS8Key(key)) => key,
|
||||||
|
Some(Item::RSAKey(key)) => key,
|
||||||
|
_ => {
|
||||||
|
Err(std::io::Error::new(
|
||||||
|
ErrorKind::Other,
|
||||||
|
"Unsupported private key type!",
|
||||||
|
))?;
|
||||||
|
unreachable!();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(PrivateKey(key))
|
||||||
|
}
|
@ -1,7 +1,4 @@
|
|||||||
#[derive(serde::Serialize, serde::Deserialize, Copy, Clone, Debug)]
|
pub mod cert_utils;
|
||||||
pub struct RelayedPort {
|
mod structs;
|
||||||
pub id: usize,
|
|
||||||
pub port: u16,
|
|
||||||
}
|
|
||||||
|
|
||||||
pub type RemoteConfig = Vec<RelayedPort>;
|
pub use structs::{RelayedPort, RemoteConfig};
|
||||||
|
7
base/src/structs.rs
Normal file
7
base/src/structs.rs
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
#[derive(serde::Serialize, serde::Deserialize, Copy, Clone, Debug)]
|
||||||
|
pub struct RelayedPort {
|
||||||
|
pub id: usize,
|
||||||
|
pub port: u16,
|
||||||
|
}
|
||||||
|
|
||||||
|
pub type RemoteConfig = Vec<RelayedPort>;
|
@ -15,5 +15,4 @@ tokio-tungstenite = { version = "0.17.2", features = ["__rustls-tls", "rustls-tl
|
|||||||
urlencoding = "2.1.0"
|
urlencoding = "2.1.0"
|
||||||
rustls = { version = "0.20.6" }
|
rustls = { version = "0.20.6" }
|
||||||
hyper-rustls = { version = "0.23.0", features = ["rustls-native-certs"] }
|
hyper-rustls = { version = "0.23.0", features = ["rustls-native-certs"] }
|
||||||
rustls-pemfile = { version = "1.0.1" }
|
|
||||||
bytes = "1.2.1"
|
bytes = "1.2.1"
|
@ -1,14 +1,14 @@
|
|||||||
use std::io::Cursor;
|
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
use futures::{SinkExt, StreamExt};
|
use futures::{SinkExt, StreamExt};
|
||||||
use hyper_rustls::ConfigBuilderExt;
|
use hyper_rustls::ConfigBuilderExt;
|
||||||
use rustls::{Certificate, PrivateKey, RootCertStore};
|
use rustls::RootCertStore;
|
||||||
use rustls_pemfile::{read_one, Item};
|
|
||||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||||
use tokio::net::{TcpListener, TcpStream};
|
use tokio::net::{TcpListener, TcpStream};
|
||||||
use tokio_tungstenite::tungstenite::Message;
|
use tokio_tungstenite::tungstenite::Message;
|
||||||
|
|
||||||
|
use base::cert_utils;
|
||||||
|
|
||||||
use crate::client_config::ClientConfig;
|
use crate::client_config::ClientConfig;
|
||||||
|
|
||||||
pub async fn relay_client(ws_url: String, listen_address: String, config: Arc<ClientConfig>) {
|
pub async fn relay_client(ws_url: String, listen_address: String, config: Arc<ClientConfig>) {
|
||||||
@ -46,11 +46,10 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
|
|||||||
Some(cert) => {
|
Some(cert) => {
|
||||||
log::debug!("Using custom root certificates");
|
log::debug!("Using custom root certificates");
|
||||||
let mut store = RootCertStore::empty();
|
let mut store = RootCertStore::empty();
|
||||||
rustls_pemfile::certs(&mut Cursor::new(cert))
|
cert_utils::parse_pem_certificates(&cert)
|
||||||
.expect("Failed to parse root certificates!")
|
.unwrap()
|
||||||
.into_iter()
|
.iter()
|
||||||
.map(Certificate)
|
.for_each(|c| store.add(c).expect("Failed to add certificate to chain!"));
|
||||||
.for_each(|c| store.add(&c).expect("Failed to add certificate to chain!"));
|
|
||||||
|
|
||||||
config.with_root_certificates(store)
|
config.with_root_certificates(store)
|
||||||
}
|
}
|
||||||
@ -59,29 +58,14 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
|
|||||||
let config = match conf.get_client_keypair() {
|
let config = match conf.get_client_keypair() {
|
||||||
None => config.with_no_client_auth(),
|
None => config.with_no_client_auth(),
|
||||||
Some((certs, key)) => {
|
Some((certs, key)) => {
|
||||||
let certs = rustls_pemfile::certs(&mut Cursor::new(certs))
|
let certs = cert_utils::parse_pem_certificates(certs)
|
||||||
.expect("Failed to parse client certificates!")
|
.expect("Failed to parse client certificate!");
|
||||||
.into_iter()
|
|
||||||
.map(Certificate)
|
|
||||||
.collect::<Vec<_>>();
|
|
||||||
|
|
||||||
let key = match read_one(&mut Cursor::new(key))
|
let key = cert_utils::parse_pem_private_key(key)
|
||||||
.expect("Failed to read client private key!")
|
.expect("Failed to parse client auth private key!");
|
||||||
{
|
|
||||||
None => {
|
|
||||||
log::error!("Failed to extract private key!");
|
|
||||||
panic!();
|
|
||||||
}
|
|
||||||
Some(Item::PKCS8Key(key)) => key,
|
|
||||||
Some(Item::RSAKey(key)) => key,
|
|
||||||
_ => {
|
|
||||||
log::error!("Unsupported private key type!");
|
|
||||||
panic!();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
config
|
config
|
||||||
.with_single_cert(certs, PrivateKey(key))
|
.with_single_cert(certs, key)
|
||||||
.expect("Failed to set client certificate!")
|
.expect("Failed to set client certificate!")
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
@ -16,5 +16,4 @@ serde = { version = "1.0.144", features = ["derive"] }
|
|||||||
tokio = { version = "1", features = ["full"] }
|
tokio = { version = "1", features = ["full"] }
|
||||||
futures = "0.3.24"
|
futures = "0.3.24"
|
||||||
rustls = "0.20.6"
|
rustls = "0.20.6"
|
||||||
rustls-pemfile = "1.0.1"
|
|
||||||
webpki = "0.22.0"
|
webpki = "0.22.0"
|
@ -1,14 +1,10 @@
|
|||||||
use std::fs::File;
|
|
||||||
use std::io::BufReader;
|
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
|
|
||||||
use actix_web::web::Data;
|
use actix_web::web::Data;
|
||||||
use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
|
use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
|
||||||
use clap::Parser;
|
use clap::Parser;
|
||||||
use rustls::{Certificate, PrivateKey};
|
|
||||||
use rustls_pemfile::{certs, read_one, Item};
|
|
||||||
|
|
||||||
use base::RelayedPort;
|
use base::{cert_utils, RelayedPort};
|
||||||
use tcp_relay_server::relay_ws::relay_ws;
|
use tcp_relay_server::relay_ws::relay_ws;
|
||||||
use tcp_relay_server::server_config::ServerConfig;
|
use tcp_relay_server::server_config::ServerConfig;
|
||||||
use tcp_relay_server::tls_cert_client_verifier::CustomCertClientVerifier;
|
use tcp_relay_server::tls_cert_client_verifier::CustomCertClientVerifier;
|
||||||
@ -80,29 +76,16 @@ async fn main() -> std::io::Result<()> {
|
|||||||
// Load TLS configuration, if any
|
// Load TLS configuration, if any
|
||||||
let tls_config = if let (Some(cert), Some(key)) = (&args.tls_cert, &args.tls_key) {
|
let tls_config = if let (Some(cert), Some(key)) = (&args.tls_cert, &args.tls_key) {
|
||||||
// Load TLS certificate & private key
|
// Load TLS certificate & private key
|
||||||
let cert_file = &mut BufReader::new(File::open(cert).unwrap());
|
let cert_file = std::fs::read(cert).expect("Failed to read certificate file");
|
||||||
let key_file = &mut BufReader::new(File::open(key).unwrap());
|
let key_file = std::fs::read(key).expect("Failed to read server private key");
|
||||||
|
|
||||||
// Get certificates chain
|
// Get certificates chain
|
||||||
let cert_chain = certs(cert_file)
|
let cert_chain =
|
||||||
.unwrap()
|
cert_utils::parse_pem_certificates(&cert_file).expect("Failed to extract certificates");
|
||||||
.into_iter()
|
|
||||||
.map(Certificate)
|
|
||||||
.collect();
|
|
||||||
|
|
||||||
// Get private key
|
// Get private key
|
||||||
let key = match read_one(key_file).expect("Failed to read private key!") {
|
let key =
|
||||||
None => {
|
cert_utils::parse_pem_private_key(&key_file).expect("Failed to extract private key!");
|
||||||
log::error!("Failed to extract private key!");
|
|
||||||
panic!();
|
|
||||||
}
|
|
||||||
Some(Item::PKCS8Key(key)) => key,
|
|
||||||
Some(Item::RSAKey(key)) => key,
|
|
||||||
_ => {
|
|
||||||
log::error!("Unsupported private key type!");
|
|
||||||
panic!();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
let config = rustls::ServerConfig::builder().with_safe_defaults();
|
let config = rustls::ServerConfig::builder().with_safe_defaults();
|
||||||
|
|
||||||
@ -113,7 +96,7 @@ async fn main() -> std::io::Result<()> {
|
|||||||
};
|
};
|
||||||
|
|
||||||
let config = config
|
let config = config
|
||||||
.with_single_cert(cert_chain, PrivateKey(key))
|
.with_single_cert(cert_chain, key)
|
||||||
.expect("Failed to load TLS certificate!");
|
.expect("Failed to load TLS certificate!");
|
||||||
|
|
||||||
Some(config)
|
Some(config)
|
||||||
|
@ -1,11 +1,10 @@
|
|||||||
use std::fs::File;
|
|
||||||
use std::io::BufReader;
|
|
||||||
use std::sync::Arc;
|
use std::sync::Arc;
|
||||||
use std::time::SystemTime;
|
use std::time::SystemTime;
|
||||||
|
|
||||||
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
|
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
|
||||||
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
|
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
|
||||||
use rustls_pemfile::certs;
|
|
||||||
|
use base::cert_utils::parse_pem_certificates;
|
||||||
|
|
||||||
use crate::server_config::ServerConfig;
|
use crate::server_config::ServerConfig;
|
||||||
|
|
||||||
@ -19,16 +18,11 @@ impl CustomCertClientVerifier {
|
|||||||
.tls_client_auth_root_cert
|
.tls_client_auth_root_cert
|
||||||
.as_deref()
|
.as_deref()
|
||||||
.expect("No root certificates for client authentication provided!");
|
.expect("No root certificates for client authentication provided!");
|
||||||
let cert_file = &mut BufReader::new(
|
let cert_file = std::fs::read(cert_path)
|
||||||
File::open(cert_path)
|
.expect("Failed to read root certificates for client authentication!");
|
||||||
.expect("Failed to read root certificates for client authentication!"),
|
|
||||||
);
|
|
||||||
|
|
||||||
let root_certs = certs(cert_file)
|
let root_certs = parse_pem_certificates(&cert_file)
|
||||||
.unwrap()
|
.expect("Failed to read root certificates for server authentication!");
|
||||||
.into_iter()
|
|
||||||
.map(Certificate)
|
|
||||||
.collect::<Vec<_>>();
|
|
||||||
|
|
||||||
if root_certs.is_empty() {
|
if root_certs.is_empty() {
|
||||||
log::error!("No certificates found for client authentication!");
|
log::error!("No certificates found for client authentication!");
|
||||||
|
Loading…
Reference in New Issue
Block a user