From 83d20abd80a4b5b3f556736c4e8380649e9827d0 Mon Sep 17 00:00:00 2001 From: Jay Date: Tue, 6 Aug 2024 17:48:17 +0900 Subject: [PATCH] Modify: optimal --- src/bin/client.rs | 97 ++++++++++++++++++++++++++++------------------- src/main.rs | 21 +++++----- 2 files changed, 67 insertions(+), 51 deletions(-) diff --git a/src/bin/client.rs b/src/bin/client.rs index 5b2024c..8a4151d 100644 --- a/src/bin/client.rs +++ b/src/bin/client.rs @@ -41,9 +41,9 @@ enum Level { Trace, } -impl Level { - fn to_level_filter(&self) -> log::LevelFilter { - match self { +impl From for log::LevelFilter { + fn from(level: Level) -> log::LevelFilter { + match level { Level::Off => log::LevelFilter::Off, Level::Error => log::LevelFilter::Error, Level::Warn => log::LevelFilter::Warn, @@ -54,6 +54,19 @@ impl Level { } } +// impl Level { +// fn to_level_filter(self) -> log::LevelFilter { +// match self { +// Level::Off => log::LevelFilter::Off, +// Level::Error => log::LevelFilter::Error, +// Level::Warn => log::LevelFilter::Warn, +// Level::Info => log::LevelFilter::Info, +// Level::Debug => log::LevelFilter::Debug, +// Level::Trace => log::LevelFilter::Trace, +// } +// } +// } + // 모든 인증서를 신뢰하는 인증서 검증기 (모든 인증서 PASS) #[derive(Debug)] struct NoCertificateVerification; @@ -85,7 +98,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { _: &[u8], _: rustls::pki_types::UnixTime, ) -> Result { - let ret_deserial = X509Certificate::from_der(&end_entity.iter().as_slice()); + let ret_deserial = X509Certificate::from_der(end_entity.iter().as_slice()); let x509 = match ret_deserial { Ok((_, x509)) => x509, _ => panic!("wtf"), @@ -105,7 +118,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { // end_entity for (idx, ica) in intermediates.iter().enumerate() { - let ret_deserial = X509Certificate::from_der(&ica.iter().as_slice()); + let ret_deserial = X509Certificate::from_der(ica.iter().as_slice()); let x509 = match ret_deserial { Ok((_, x509)) => x509, _ => continue, @@ -114,12 +127,8 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { .subject() .iter_common_name() .next() - .and_then(|cn| cn.as_str().ok()); - let cn = match cn { - Some(name) => name, - _ => "", - }; - + .and_then(|cn| cn.as_str().ok()) + .unwrap_or_default(); info!("[{idx}] CN: {}, CA: {}", cn, x509.is_ca()); } info!("verify cert done"); @@ -127,31 +136,25 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification { } fn supported_verify_schemes(&self) -> Vec { - let mut ss = Vec::::new(); - ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA1); - ss.push(rustls::SignatureScheme::ECDSA_SHA1_Legacy); - ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA256); - ss.push(rustls::SignatureScheme::ECDSA_NISTP256_SHA256); - ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA384); - ss.push(rustls::SignatureScheme::ECDSA_NISTP384_SHA384); - ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA512); - ss.push(rustls::SignatureScheme::ECDSA_NISTP521_SHA512); - ss.push(rustls::SignatureScheme::RSA_PSS_SHA256); - ss.push(rustls::SignatureScheme::RSA_PSS_SHA384); - ss.push(rustls::SignatureScheme::RSA_PSS_SHA512); - ss.push(rustls::SignatureScheme::ED25519); - ss.push(rustls::SignatureScheme::ED448); - - ss + vec![ + rustls::SignatureScheme::RSA_PKCS1_SHA1, + rustls::SignatureScheme::ECDSA_SHA1_Legacy, + rustls::SignatureScheme::RSA_PKCS1_SHA256, + rustls::SignatureScheme::ECDSA_NISTP256_SHA256, + rustls::SignatureScheme::RSA_PKCS1_SHA384, + rustls::SignatureScheme::ECDSA_NISTP384_SHA384, + rustls::SignatureScheme::RSA_PKCS1_SHA512, + rustls::SignatureScheme::ECDSA_NISTP521_SHA512, + rustls::SignatureScheme::RSA_PSS_SHA256, + rustls::SignatureScheme::RSA_PSS_SHA384, + rustls::SignatureScheme::RSA_PSS_SHA512, + rustls::SignatureScheme::ED25519, + rustls::SignatureScheme::ED448, + ] } } fn initialize_log(options: &Cli) { - let level = match options.level { - Some(level) => level.to_level_filter(), - None => log::LevelFilter::Debug, - }; - pretty_env_logger::formatted_timed_builder() .format(|buf, record| { // We are reusing `anstyle` but there are `anstyle-*` crates to adapt it to your @@ -170,7 +173,7 @@ fn initialize_log(options: &Cli) { ) }) .format_timestamp_micros() - .filter_level(level) + .filter_level(options.level.unwrap_or(Level::Debug).into()) .init(); info!("Hi -"); @@ -191,11 +194,8 @@ fn load_use_certificate(crt_name: &str, store: &mut RootCertStore) { .iter_common_name() .next() .and_then(|cn| cn.as_str().ok()); - match cn { - Some(name) => { - info!("[{}] CA's CN: {}", i, name); - } - None => (), + if let Some(name) = cn { + info!("[{}] CA's CN: {}", i, name); } store.add(cert.clone()).unwrap(); } @@ -217,6 +217,25 @@ fn main() -> Result<(), Box> { load_use_certificate(&crt_name, &mut store); } + if let Ok(certs) = rustls_native_certs::load_native_certs() { + let _ = certs + .iter() + .map(|cert| { + if let Err(e) = store.add(cert.clone()) { + error!("push cert error: {}", e.to_string()); + } + }) + .collect::>(); + } + + if let Ok(certs) = rustls_native_certs::load_native_certs() { + certs.iter().for_each(|cert| { + if let Err(e) = store.add(cert.clone()) { + error!("push cert error: {}", e.to_string()); + } + }) + } + for cert in rustls_native_certs::load_native_certs()? { if let Err(e) = store.add(cert) { error!("push cert error: {}", e.to_string()); @@ -240,8 +259,6 @@ fn main() -> Result<(), Box> { let mut tls_conn = rustls::Stream::new(&mut conn, &mut sock); let mut rbuf: [u8; 1024] = [0; 1024]; - tls_conn. - let wstring = "Hello Rust!"; let wsize = match tls_conn.write(wstring.as_bytes()) { Ok(size) => size, diff --git a/src/main.rs b/src/main.rs index 42f4cd9..d601d67 100644 --- a/src/main.rs +++ b/src/main.rs @@ -40,7 +40,7 @@ enum Level { } impl Level { - fn to_level_filter(&self) -> log::LevelFilter { + fn to_level_filter(self) -> log::LevelFilter { match self { Level::Off => log::LevelFilter::Off, Level::Error => log::LevelFilter::Error, @@ -91,23 +91,22 @@ fn initialize_log(options: &Cli) { fn parse_args() -> Vec { let cli = Cli::parse(); - let mut key_path = Vec::::new(); - key_path.push(cli.cert.clone()); - key_path.push(cli.key.clone()); - initialize_log(&cli); - key_path + vec![cli.cert.clone(), cli.key.clone()] } fn main() -> Result<(), Box> { let key_path = parse_args(); - let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Cert as usize][0..])?)) - .collect::, _>>()?; - let private_key = - rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Pkey as usize][0..])?))? - .unwrap(); + let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open( + &key_path[KeyPath::Cert as usize][0..], + )?)) + .collect::, _>>()?; + let private_key = rustls_pemfile::private_key(&mut BufReader::new(&mut File::open( + &key_path[KeyPath::Pkey as usize][0..], + )?))? + .unwrap(); let config = rustls::ServerConfig::builder() .with_no_client_auth() .with_single_cert(certs, private_key)?;