Remove redundant code

This commit is contained in:
Pierre HUBERT 2022-08-31 15:00:41 +02:00
parent 3cbbd72a14
commit c063cdcef6
10 changed files with 78 additions and 76 deletions

4
Cargo.lock generated
View File

@ -315,6 +315,8 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
name = "base"
version = "0.1.0"
dependencies = [
"rustls",
"rustls-pemfile",
"serde",
]
@ -1574,7 +1576,6 @@ dependencies = [
"log",
"reqwest",
"rustls",
"rustls-pemfile",
"tokio",
"tokio-tungstenite",
"urlencoding",
@ -1594,7 +1595,6 @@ dependencies = [
"futures",
"log",
"rustls",
"rustls-pemfile",
"serde",
"tokio",
"webpki",

View File

@ -5,3 +5,5 @@ edition = "2021"
[dependencies]
serde = { version = "1.0.144", features = ["derive"] }
rustls-pemfile = "1.0.1"
rustls = "0.20.6"

37
base/src/cert_utils.rs Normal file
View File

@ -0,0 +1,37 @@
use std::error::Error;
use std::io::{Cursor, ErrorKind};
use rustls::{Certificate, PrivateKey};
use rustls_pemfile::{read_one, Item};
/// Parse PEM certificates bytes into a [`rustls::Certificate`] structure
pub fn parse_pem_certificates(certs: &[u8]) -> Result<Vec<Certificate>, Box<dyn Error>> {
Ok(rustls_pemfile::certs(&mut Cursor::new(certs))?
.into_iter()
.map(Certificate)
.collect())
}
/// Parse PEM private key bytes into a [`rustls::PrivateKey`] structure
pub fn parse_pem_private_key(privkey: &[u8]) -> Result<PrivateKey, Box<dyn Error>> {
let key = match read_one(&mut Cursor::new(privkey))? {
None => {
Err(std::io::Error::new(
ErrorKind::Other,
"Failed to extract private key!",
))?;
unreachable!()
}
Some(Item::PKCS8Key(key)) => key,
Some(Item::RSAKey(key)) => key,
_ => {
Err(std::io::Error::new(
ErrorKind::Other,
"Unsupported private key type!",
))?;
unreachable!();
}
};
Ok(PrivateKey(key))
}

View File

@ -1,7 +1,4 @@
#[derive(serde::Serialize, serde::Deserialize, Copy, Clone, Debug)]
pub struct RelayedPort {
pub id: usize,
pub port: u16,
}
pub mod cert_utils;
mod structs;
pub type RemoteConfig = Vec<RelayedPort>;
pub use structs::{RelayedPort, RemoteConfig};

7
base/src/structs.rs Normal file
View File

@ -0,0 +1,7 @@
#[derive(serde::Serialize, serde::Deserialize, Copy, Clone, Debug)]
pub struct RelayedPort {
pub id: usize,
pub port: u16,
}
pub type RemoteConfig = Vec<RelayedPort>;

View File

@ -15,5 +15,4 @@ tokio-tungstenite = { version = "0.17.2", features = ["__rustls-tls", "rustls-tl
urlencoding = "2.1.0"
rustls = { version = "0.20.6" }
hyper-rustls = { version = "0.23.0", features = ["rustls-native-certs"] }
rustls-pemfile = { version = "1.0.1" }
bytes = "1.2.1"

View File

@ -1,14 +1,14 @@
use std::io::Cursor;
use std::sync::Arc;
use futures::{SinkExt, StreamExt};
use hyper_rustls::ConfigBuilderExt;
use rustls::{Certificate, PrivateKey, RootCertStore};
use rustls_pemfile::{read_one, Item};
use rustls::RootCertStore;
use tokio::io::{AsyncReadExt, AsyncWriteExt};
use tokio::net::{TcpListener, TcpStream};
use tokio_tungstenite::tungstenite::Message;
use base::cert_utils;
use crate::client_config::ClientConfig;
pub async fn relay_client(ws_url: String, listen_address: String, config: Arc<ClientConfig>) {
@ -46,11 +46,10 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
Some(cert) => {
log::debug!("Using custom root certificates");
let mut store = RootCertStore::empty();
rustls_pemfile::certs(&mut Cursor::new(cert))
.expect("Failed to parse root certificates!")
.into_iter()
.map(Certificate)
.for_each(|c| store.add(&c).expect("Failed to add certificate to chain!"));
cert_utils::parse_pem_certificates(&cert)
.unwrap()
.iter()
.for_each(|c| store.add(c).expect("Failed to add certificate to chain!"));
config.with_root_certificates(store)
}
@ -59,29 +58,14 @@ async fn relay_connection(ws_url: String, socket: TcpStream, conf: Arc<ClientCon
let config = match conf.get_client_keypair() {
None => config.with_no_client_auth(),
Some((certs, key)) => {
let certs = rustls_pemfile::certs(&mut Cursor::new(certs))
.expect("Failed to parse client certificates!")
.into_iter()
.map(Certificate)
.collect::<Vec<_>>();
let certs = cert_utils::parse_pem_certificates(certs)
.expect("Failed to parse client certificate!");
let key = match read_one(&mut Cursor::new(key))
.expect("Failed to read client private key!")
{
None => {
log::error!("Failed to extract private key!");
panic!();
}
Some(Item::PKCS8Key(key)) => key,
Some(Item::RSAKey(key)) => key,
_ => {
log::error!("Unsupported private key type!");
panic!();
}
};
let key = cert_utils::parse_pem_private_key(key)
.expect("Failed to parse client auth private key!");
config
.with_single_cert(certs, PrivateKey(key))
.with_single_cert(certs, key)
.expect("Failed to set client certificate!")
}
};

View File

@ -16,5 +16,4 @@ serde = { version = "1.0.144", features = ["derive"] }
tokio = { version = "1", features = ["full"] }
futures = "0.3.24"
rustls = "0.20.6"
rustls-pemfile = "1.0.1"
webpki = "0.22.0"

View File

@ -1,14 +1,10 @@
use std::fs::File;
use std::io::BufReader;
use std::sync::Arc;
use actix_web::web::Data;
use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer, Responder};
use clap::Parser;
use rustls::{Certificate, PrivateKey};
use rustls_pemfile::{certs, read_one, Item};
use base::RelayedPort;
use base::{cert_utils, RelayedPort};
use tcp_relay_server::relay_ws::relay_ws;
use tcp_relay_server::server_config::ServerConfig;
use tcp_relay_server::tls_cert_client_verifier::CustomCertClientVerifier;
@ -80,29 +76,16 @@ async fn main() -> std::io::Result<()> {
// Load TLS configuration, if any
let tls_config = if let (Some(cert), Some(key)) = (&args.tls_cert, &args.tls_key) {
// Load TLS certificate & private key
let cert_file = &mut BufReader::new(File::open(cert).unwrap());
let key_file = &mut BufReader::new(File::open(key).unwrap());
let cert_file = std::fs::read(cert).expect("Failed to read certificate file");
let key_file = std::fs::read(key).expect("Failed to read server private key");
// Get certificates chain
let cert_chain = certs(cert_file)
.unwrap()
.into_iter()
.map(Certificate)
.collect();
let cert_chain =
cert_utils::parse_pem_certificates(&cert_file).expect("Failed to extract certificates");
// Get private key
let key = match read_one(key_file).expect("Failed to read private key!") {
None => {
log::error!("Failed to extract private key!");
panic!();
}
Some(Item::PKCS8Key(key)) => key,
Some(Item::RSAKey(key)) => key,
_ => {
log::error!("Unsupported private key type!");
panic!();
}
};
let key =
cert_utils::parse_pem_private_key(&key_file).expect("Failed to extract private key!");
let config = rustls::ServerConfig::builder().with_safe_defaults();
@ -113,7 +96,7 @@ async fn main() -> std::io::Result<()> {
};
let config = config
.with_single_cert(cert_chain, PrivateKey(key))
.with_single_cert(cert_chain, key)
.expect("Failed to load TLS certificate!");
Some(config)

View File

@ -1,11 +1,10 @@
use std::fs::File;
use std::io::BufReader;
use std::sync::Arc;
use std::time::SystemTime;
use rustls::server::{AllowAnyAuthenticatedClient, ClientCertVerified, ClientCertVerifier};
use rustls::{Certificate, DistinguishedNames, Error, RootCertStore};
use rustls_pemfile::certs;
use base::cert_utils::parse_pem_certificates;
use crate::server_config::ServerConfig;
@ -19,16 +18,11 @@ impl CustomCertClientVerifier {
.tls_client_auth_root_cert
.as_deref()
.expect("No root certificates for client authentication provided!");
let cert_file = &mut BufReader::new(
File::open(cert_path)
.expect("Failed to read root certificates for client authentication!"),
);
let cert_file = std::fs::read(cert_path)
.expect("Failed to read root certificates for client authentication!");
let root_certs = certs(cert_file)
.unwrap()
.into_iter()
.map(Certificate)
.collect::<Vec<_>>();
let root_certs = parse_pem_certificates(&cert_file)
.expect("Failed to read root certificates for server authentication!");
if root_certs.is_empty() {
log::error!("No certificates found for client authentication!");