Jay/rustls-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify: optimal

Browse Source
This commit is contained in:
Jay 2024-08-06 17:48:17 +09:00
parent dbfc557cc5
commit 83d20abd80
Signed by: Jay
GPG Key ID: A40DB907D289BF5A
2 changed files with 67 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

97
src/bin/client.rs
View File

@ -41,9 +41,9 @@ enum Level {
Trace,
}
impl Level {
fn to_level_filter(&self) -> log::LevelFilter {
match self {
impl From<Level> for log::LevelFilter {
fn from(level: Level) -> log::LevelFilter {
match level {
Level::Off => log::LevelFilter::Off,
Level::Error => log::LevelFilter::Error,
Level::Warn => log::LevelFilter::Warn,
@ -54,6 +54,19 @@ impl Level {
}
}
// impl Level {
// fn to_level_filter(self) -> log::LevelFilter {
// match self {
// Level::Off => log::LevelFilter::Off,
// Level::Error => log::LevelFilter::Error,
// Level::Warn => log::LevelFilter::Warn,
// Level::Info => log::LevelFilter::Info,
// Level::Debug => log::LevelFilter::Debug,
// Level::Trace => log::LevelFilter::Trace,
// }
// }
// }
// 모든 인증서를 신뢰하는 인증서 검증기 (모든 인증서 PASS)
#[derive(Debug)]
struct NoCertificateVerification;
@ -85,7 +98,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
_: &[u8],
_: rustls::pki_types::UnixTime,
) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
let ret_deserial = X509Certificate::from_der(&end_entity.iter().as_slice());
let ret_deserial = X509Certificate::from_der(end_entity.iter().as_slice());
let x509 = match ret_deserial {
Ok((_, x509)) => x509,
_ => panic!("wtf"),
@ -105,7 +118,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
// end_entity
for (idx, ica) in intermediates.iter().enumerate() {
let ret_deserial = X509Certificate::from_der(&ica.iter().as_slice());
let ret_deserial = X509Certificate::from_der(ica.iter().as_slice());
let x509 = match ret_deserial {
Ok((_, x509)) => x509,
_ => continue,
@ -114,12 +127,8 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
.subject()
.iter_common_name()
.next()
.and_then(|cn| cn.as_str().ok());
let cn = match cn {
Some(name) => name,
_ => "",
};
.and_then(|cn| cn.as_str().ok())
.unwrap_or_default();
info!("[{idx}] CN: {}, CA: {}", cn, x509.is_ca());
}
info!("verify cert done");
@ -127,31 +136,25 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
}
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
let mut ss = Vec::<rustls::SignatureScheme>::new();
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA1);
ss.push(rustls::SignatureScheme::ECDSA_SHA1_Legacy);
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA256);
ss.push(rustls::SignatureScheme::ECDSA_NISTP256_SHA256);
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA384);
ss.push(rustls::SignatureScheme::ECDSA_NISTP384_SHA384);
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA512);
ss.push(rustls::SignatureScheme::ECDSA_NISTP521_SHA512);
ss.push(rustls::SignatureScheme::RSA_PSS_SHA256);
ss.push(rustls::SignatureScheme::RSA_PSS_SHA384);
ss.push(rustls::SignatureScheme::RSA_PSS_SHA512);
ss.push(rustls::SignatureScheme::ED25519);
ss.push(rustls::SignatureScheme::ED448);
ss
vec![
rustls::SignatureScheme::RSA_PKCS1_SHA1,
rustls::SignatureScheme::ECDSA_SHA1_Legacy,
rustls::SignatureScheme::RSA_PKCS1_SHA256,
rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
rustls::SignatureScheme::RSA_PKCS1_SHA384,
rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
rustls::SignatureScheme::RSA_PKCS1_SHA512,
rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
rustls::SignatureScheme::RSA_PSS_SHA256,
rustls::SignatureScheme::RSA_PSS_SHA384,
rustls::SignatureScheme::RSA_PSS_SHA512,
rustls::SignatureScheme::ED25519,
rustls::SignatureScheme::ED448,
]
}
}
fn initialize_log(options: &Cli) {
let level = match options.level {
Some(level) => level.to_level_filter(),
None => log::LevelFilter::Debug,
};
pretty_env_logger::formatted_timed_builder()
.format(|buf, record| {
// We are reusing `anstyle` but there are `anstyle-*` crates to adapt it to your
@ -170,7 +173,7 @@ fn initialize_log(options: &Cli) {
)
})
.format_timestamp_micros()
.filter_level(level)
.filter_level(options.level.unwrap_or(Level::Debug).into())
.init();
info!("Hi -");
@ -191,11 +194,8 @@ fn load_use_certificate(crt_name: &str, store: &mut RootCertStore) {
.iter_common_name()
.next()
.and_then(|cn| cn.as_str().ok());
match cn {
Some(name) => {
info!("[{}] CA's CN: {}", i, name);
}
None => (),
if let Some(name) = cn {
info!("[{}] CA's CN: {}", i, name);
}
store.add(cert.clone()).unwrap();
}
@ -217,6 +217,25 @@ fn main() -> Result<(), Box<dyn StdError>> {
load_use_certificate(&crt_name, &mut store);
}
if let Ok(certs) = rustls_native_certs::load_native_certs() {
let _ = certs
.iter()
.map(|cert| {
if let Err(e) = store.add(cert.clone()) {
error!("push cert error: {}", e.to_string());
}
})
.collect::<Vec<_>>();
}
if let Ok(certs) = rustls_native_certs::load_native_certs() {
certs.iter().for_each(|cert| {
if let Err(e) = store.add(cert.clone()) {
error!("push cert error: {}", e.to_string());
}
})
}
for cert in rustls_native_certs::load_native_certs()? {
if let Err(e) = store.add(cert) {
error!("push cert error: {}", e.to_string());
@ -240,8 +259,6 @@ fn main() -> Result<(), Box<dyn StdError>> {
let mut tls_conn = rustls::Stream::new(&mut conn, &mut sock);
let mut rbuf: [u8; 1024] = [0; 1024];
tls_conn.
let wstring = "Hello Rust!";
let wsize = match tls_conn.write(wstring.as_bytes()) {
Ok(size) => size,

21
src/main.rs
View File

@ -40,7 +40,7 @@ enum Level {
}
impl Level {
fn to_level_filter(&self) -> log::LevelFilter {
fn to_level_filter(self) -> log::LevelFilter {
match self {
Level::Off => log::LevelFilter::Off,
Level::Error => log::LevelFilter::Error,
@ -91,23 +91,22 @@ fn initialize_log(options: &Cli) {
fn parse_args() -> Vec<String> {
let cli = Cli::parse();
let mut key_path = Vec::<String>::new();
key_path.push(cli.cert.clone());
key_path.push(cli.key.clone());
initialize_log(&cli);
key_path
vec![cli.cert.clone(), cli.key.clone()]
}
fn main() -> Result<(), Box<dyn StdError>> {
let key_path = parse_args();
let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Cert as usize][0..])?))
.collect::<Result<Vec<_>, _>>()?;
let private_key =
rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Pkey as usize][0..])?))?
.unwrap();
let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(
&key_path[KeyPath::Cert as usize][0..],
)?))
.collect::<Result<Vec<_>, _>>()?;
let private_key = rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(
&key_path[KeyPath::Pkey as usize][0..],
)?))?
.unwrap();
let config = rustls::ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(certs, private_key)?;