Remove redundant code
This commit is contained in:
parent
3cbbd72a14
commit
c063cdcef6
4
Cargo.lock
generated
4
Cargo.lock
generated
@ -315,6 +315,8 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
|
||||
name = "base"
|
||||
version = "0.1.0"
|
||||
dependencies = [
|
||||
"rustls",
|
||||
"rustls-pemfile",
|
||||
"serde",
|
||||
]
|
||||
|
||||
@ -1574,7 +1576,6 @@ dependencies = [
|
||||
"log",
|
||||
"reqwest",
|
||||
"rustls",
|
||||
"rustls-pemfile",
|
||||
"tokio",
|
||||
"tokio-tungstenite",
|
||||
"urlencoding",
|
||||
@ -1594,7 +1595,6 @@ dependencies = [
|
||||
"futures",
|
||||
"log",
|
||||
"rustls",
|
||||
"rustls-pemfile",
|
||||
"serde",
|
||||
"tokio",
|
||||
"webpki",
|
||||
|
@ -5,3 +5,5 @@ edition = "2021"
|
||||
|
||||
[dependencies]
|
||||
serde = { version = "1.0.144", features = ["derive"] }
|
||||
rustls-pemfile = "1.0.1"
|
||||
rustls = "0.20.6"
|
37
base/src/cert_utils.rs
Normal file
37
base/src/cert_utils.rs
Normal file
@ -0,0 +1,37 @@
|
||||
use std::error::Error;
|
||||
use std::io::{Cursor, ErrorKind};
|
||||
|
||||
use rustls::{Certificate, PrivateKey};
|
||||
use rustls_pemfile::{read_one, Item};
|
||||
|
||||
/// Parse PEM certificates bytes into a [`rustls::Certificate`] structure
|
||||
pub fn parse_pem_certificates(certs: &[u8]) -> Result<Vec<Certificate>, Box<dyn Error>> {
|
||||
Ok(rustls_pemfile::certs(&mut Cursor::new(certs))?
|
||||
.into_iter()
|
||||
.map(Certificate)
|
||||
.collect())
|
||||
}
|
||||
|
||||
/// Parse PEM private key bytes into a [`rustls::PrivateKey`] structure
|
||||
pub fn parse_pem_private_key(privkey: &[u8]) -> Result<PrivateKey, Box<dyn Error>> {
|
||||
let key = match read_one(&mut Cursor::new(privkey))? {
|
||||
None => {
|
||||
Err(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Failed to extract private key!",
|
||||
))?;
|
||||
unreachable!()
|
||||
}
|
||||
Some(Item::PKCS8Key(key)) => key,
|
||||
Some(Item::RSAKey(key)) => key,
|
||||
_ => {
|
||||
Err(std::io::Error::new(
|
||||
ErrorKind::Other,
|
||||
"Unsupported private key type!",
|
||||
))?;
|
||||
unreachable!();
|
||||
}
|
||||
};
|
||||
|
||||
Ok(PrivateKey(key))
|
||||
}
|
@ -1,7 +1,4 @@
|
||||
#[derive(serde::Serialize, serde::Deserialize, Copy, Clone, Debug)]
|
||||
pub struct RelayedPort {
|
||||
pub id: usize,
|
||||
pub port: u16,
|
||||
}
|
||||
pub mod cert_utils;
|
||||
mod structs;
|
||||
|
||||
pub type RemoteConfig = Vec<RelayedPort>;
|
||||
pub use structs::{RelayedPort, RemoteConfig};
|
||||
|
7
base/src/structs.rs
Normal file
7
base/src/structs.rs
Normal file
@ -0,0 +1,7 @@
|
||||
#[derive(serde::Serialize, serde::Deserialize, Copy, Clone, Debug)]
|
||||
pub struct RelayedPort {
|
||||
pub id: usize,
|
||||
pub port: u16,
|
||||
}
|
||||
|
||||
pub type RemoteConfig = Vec<RelayedPort>;
|
@ -15,5 +15,4 @@ tokio-tungstenite = { version = "0.17.2", features = ["__rustls-tls", "rustls-tl
|
||||
urlencoding = "2.1.0"
|
||||
rustls = { version = "0.20.6" }
|
||||
hyper-rustls = { version = "0.23.0", features = ["rustls-native-certs"] }
|
||||
rustls-pemfile = { version = "1.0.1" }
|
||||
bytes = "1.2.1"
|
@ -1,14 +1,14 @@
|
||||
use std::io::Cursor;
|
||||
use std::sync::Arc;
|
||||
|
||||
use futures::{SinkExt, StreamExt};
|
||||
use hyper_rustls::ConfigBuilderExt;
|
||||
use rustls::{Certificate, PrivateKey, RootCertStore};
|
||||
use rustls_pemfile::{read_one, Item};
|
||||
use rustls::RootCertStore;
|
||||
use tokio::io::{AsyncReadExt, AsyncWriteExt};
|
||||
use tokio::net::{TcpListener, TcpStream};
|
||||
use tokio_tungstenite::tungstenite::Message;
|
||||
|
||||
use base::cert_utils;
|
||||
|
||||
use crate::client_config::ClientConfig;
|
||||
|
||||
pub async fn relay_client(ws_url: String, listen_address: String, config: Arc<ClientConfig>) {
|
||||
@ -46,11 +46,10 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
|
||||
Some(cert) => {
|
||||
log::debug!("Using custom root certificates");
|
||||
let mut store = RootCertStore::empty();
|
||||
rustls_pemfile::certs(&mut Cursor::new(cert))
|
||||
.expect("Failed to parse root certificates!")
|
||||
.into_iter()
|
||||
.map(Certificate)
|
||||
.for_each(|c| store.add(&c).expect("Failed to add certificate to chain!"));
|
||||
cert_utils::parse_pem_certificates(&cert)
|
||||
.unwrap()
|
||||
.iter()
|
||||
.for_each(|c| store.add(c).expect("Failed to add certificate to chain!"));
|
||||
|
||||
config.with_root_certificates(store)
|
||||
}
|
||||
@ -59,29 +58,14 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
|
||||
let config = match conf.get_client_keypair() {
|
||||
None => config.with_no_client_auth(),
|
||||
Some((certs, key)) => {
|
||||
let certs = rustls_pemfile::certs(&mut Cursor::new(certs))
|
||||
.expect("Failed to parse client certificates!")
|
||||
.into_iter()
|
||||
.map(Certificate)
|
||||
.collect::<Vec<_>>();
|
||||
let certs = cert_utils::parse_pem_certificates(certs)
|
||||
.expect("Failed to parse client certificate!");
|
||||
|
||||
let key = match read_one(&mut Cursor::new(key))
|
||||
.expect("Failed to read client private key!")
|
||||
{
|
||||
None => {
|
||||
log::error!("Failed to extract private key!");
|
||||
panic!();
|
||||
}
|
||||
Some(Item::PKCS8Key(key)) => key,
|
||||
Some(Item::RSAKey(key)) => key,
|
||||
_ => {
|
||||
log::error!("Unsupported private key type!");
|
||||
panic!();
|
||||
}
|
||||
};
|
||||
let key = cert_utils::parse_pem_private_key(key)
|
||||
.expect("Failed to parse client auth private key!");
|
||||
|
||||
config
|
||||
.with_single_cert(certs, PrivateKey(key))
|
||||
.with_single_cert(certs, key)
|
||||
.expect("Failed to set client certificate!")
|
||||
}
|
||||
};
|
||||
|
@ -16,5 +16,4 @@ serde = { version = "1.0.144", features = ["derive"] }
|
||||
tokio = { version = "1", features = ["full"] }
|
||||
futures = "0.3.24"
|
||||
rustls = "0.20.6"
|
||||
rustls-pemfile = "1.0.1"
|
||||
webpki = "0.22.0"
|
@ -1,14 +1,10 @@
|
||||
use std::fs::File;
|
||||
use std::io::BufReader;
|
||||
use std::sync::Arc;
|
||||
|
||||
use actix_web::web::Data;
|
||||
use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
|
||||
use clap::Parser;
|
||||
use rustls::{Certificate, PrivateKey};
|
||||
use rustls_pemfile::{certs, read_one, Item};
|
||||
|
||||
use base::RelayedPort;
|
||||
use base::{cert_utils, RelayedPort};
|
||||
use tcp_relay_server::relay_ws::relay_ws;
|
||||
use tcp_relay_server::server_config::ServerConfig;
|
||||
use tcp_relay_server::tls_cert_client_verifier::CustomCertClientVerifier;
|
||||
@ -80,29 +76,16 @@ async fn main() -> std::io::Result<()> {
|
||||
// Load TLS configuration, if any
|
||||
let tls_config = if let (Some(cert), Some(key)) = (&args.tls_cert, &args.tls_key) {
|
||||
// Load TLS certificate & private key
|
||||
let cert_file = &mut BufReader::new(File::open(cert).unwrap());
|
||||
let key_file = &mut BufReader::new(File::open(key).unwrap());
|
||||
let cert_file = std::fs::read(cert).expect("Failed to read certificate file");
|
||||
let key_file = std::fs::read(key).expect("Failed to read server private key");
|
||||
|
||||
// Get certificates chain
|
||||
let cert_chain = certs(cert_file)
|
||||
.unwrap()
|
||||
.into_iter()
|
||||
.map(Certificate)
|
||||
.collect();
|
||||
let cert_chain =
|
||||
cert_utils::parse_pem_certificates(&cert_file).expect("Failed to extract certificates");
|
||||
|
||||
// Get private key
|
||||
let key = match read_one(key_file).expect("Failed to read private key!") {
|
||||
None => {
|
||||
log::error!("Failed to extract private key!");
|
||||
panic!();
|
||||
}
|
||||
Some(Item::PKCS8Key(key)) => key,
|
||||
Some(Item::RSAKey(key)) => key,
|
||||
_ => {
|
||||
log::error!("Unsupported private key type!");
|
||||
panic!();
|
||||
}
|
||||
};
|
||||
let key =
|
||||
cert_utils::parse_pem_private_key(&key_file).expect("Failed to extract private key!");
|
||||
|
||||
let config = rustls::ServerConfig::builder().with_safe_defaults();
|
||||
|
||||
@ -113,7 +96,7 @@ async fn main() -> std::io::Result<()> {
|
||||
};
|
||||
|
||||
let config = config
|
||||
.with_single_cert(cert_chain, PrivateKey(key))
|
||||
.with_single_cert(cert_chain, key)
|
||||
.expect("Failed to load TLS certificate!");
|
||||
|
||||
Some(config)
|
||||
|
@ -1,11 +1,10 @@
|
||||
use std::fs::File;
|
||||
use std::io::BufReader;
|
||||
use std::sync::Arc;
|
||||
use std::time::SystemTime;
|
||||
|
||||
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
|
||||
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
|
||||
use rustls_pemfile::certs;
|
||||
|
||||
use base::cert_utils::parse_pem_certificates;
|
||||
|
||||
use crate::server_config::ServerConfig;
|
||||
|
||||
@ -19,16 +18,11 @@ impl CustomCertClientVerifier {
|
||||
.tls_client_auth_root_cert
|
||||
.as_deref()
|
||||
.expect("No root certificates for client authentication provided!");
|
||||
let cert_file = &mut BufReader::new(
|
||||
File::open(cert_path)
|
||||
.expect("Failed to read root certificates for client authentication!"),
|
||||
);
|
||||
let cert_file = std::fs::read(cert_path)
|
||||
.expect("Failed to read root certificates for client authentication!");
|
||||
|
||||
let root_certs = certs(cert_file)
|
||||
.unwrap()
|
||||
.into_iter()
|
||||
.map(Certificate)
|
||||
.collect::<Vec<_>>();
|
||||
let root_certs = parse_pem_certificates(&cert_file)
|
||||
.expect("Failed to read root certificates for server authentication!");
|
||||
|
||||
if root_certs.is_empty() {
|
||||
log::error!("No certificates found for client authentication!");
|
||||
|
Loading…
Reference in New Issue
Block a user