Jay/rustls-example
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify: optimal

Browse Source
This commit is contained in:
Jay 2024-08-06 17:48:17 +09:00
parent dbfc557cc5
commit 83d20abd80
Signed by: Jay
GPG Key ID: A40DB907D289BF5A
2 changed files with 67 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
src/bin/client.rs
View File

@ -41,9 +41,9 @@ enum Level {
Trace, Trace,
} }
impl Level { impl From<Level> for log::LevelFilter {
fn to_level_filter(&self) -> log::LevelFilter { fn from(level: Level) -> log::LevelFilter {
match self { match level {
Level::Off => log::LevelFilter::Off, Level::Off => log::LevelFilter::Off,
Level::Error => log::LevelFilter::Error, Level::Error => log::LevelFilter::Error,
Level::Warn => log::LevelFilter::Warn, Level::Warn => log::LevelFilter::Warn,
@ -54,6 +54,19 @@ impl Level {
} }
} }
// impl Level {
// fn to_level_filter(self) -> log::LevelFilter {
// match self {
// Level::Off => log::LevelFilter::Off,
// Level::Error => log::LevelFilter::Error,
// Level::Warn => log::LevelFilter::Warn,
// Level::Info => log::LevelFilter::Info,
// Level::Debug => log::LevelFilter::Debug,
// Level::Trace => log::LevelFilter::Trace,
// }
// }
// }
// 모든 인증서를 신뢰하는 인증서 검증기 (모든 인증서 PASS) // 모든 인증서를 신뢰하는 인증서 검증기 (모든 인증서 PASS)
#[derive(Debug)] #[derive(Debug)]
struct NoCertificateVerification; struct NoCertificateVerification;
@ -85,7 +98,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
_: &[u8], _: &[u8],
_: rustls::pki_types::UnixTime, _: rustls::pki_types::UnixTime,
) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> { ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
let ret_deserial = X509Certificate::from_der(&end_entity.iter().as_slice()); let ret_deserial = X509Certificate::from_der(end_entity.iter().as_slice());
let x509 = match ret_deserial { let x509 = match ret_deserial {
Ok((_, x509)) => x509, Ok((_, x509)) => x509,
_ => panic!("wtf"), _ => panic!("wtf"),
@ -105,7 +118,7 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
// end_entity // end_entity
for (idx, ica) in intermediates.iter().enumerate() { for (idx, ica) in intermediates.iter().enumerate() {
let ret_deserial = X509Certificate::from_der(&ica.iter().as_slice()); let ret_deserial = X509Certificate::from_der(ica.iter().as_slice());
let x509 = match ret_deserial { let x509 = match ret_deserial {
Ok((_, x509)) => x509, Ok((_, x509)) => x509,
_ => continue, _ => continue,
@ -114,12 +127,8 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
.subject() .subject()
.iter_common_name() .iter_common_name()
.next() .next()
.and_then(|cn| cn.as_str().ok()); .and_then(|cn| cn.as_str().ok())
let cn = match cn { .unwrap_or_default();
Some(name) => name,
_ => "",
};
info!("[{idx}] CN: {}, CA: {}", cn, x509.is_ca()); info!("[{idx}] CN: {}, CA: {}", cn, x509.is_ca());
} }
info!("verify cert done"); info!("verify cert done");
@ -127,31 +136,25 @@ impl rustls::client::danger::ServerCertVerifier for NoCertificateVerification {
} }
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> { fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
let mut ss = Vec::<rustls::SignatureScheme>::new(); vec![
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA1); rustls::SignatureScheme::RSA_PKCS1_SHA1,
ss.push(rustls::SignatureScheme::ECDSA_SHA1_Legacy); rustls::SignatureScheme::ECDSA_SHA1_Legacy,
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA256); rustls::SignatureScheme::RSA_PKCS1_SHA256,
ss.push(rustls::SignatureScheme::ECDSA_NISTP256_SHA256); rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA384); rustls::SignatureScheme::RSA_PKCS1_SHA384,
ss.push(rustls::SignatureScheme::ECDSA_NISTP384_SHA384); rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
ss.push(rustls::SignatureScheme::RSA_PKCS1_SHA512); rustls::SignatureScheme::RSA_PKCS1_SHA512,
ss.push(rustls::SignatureScheme::ECDSA_NISTP521_SHA512); rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
ss.push(rustls::SignatureScheme::RSA_PSS_SHA256); rustls::SignatureScheme::RSA_PSS_SHA256,
ss.push(rustls::SignatureScheme::RSA_PSS_SHA384); rustls::SignatureScheme::RSA_PSS_SHA384,
ss.push(rustls::SignatureScheme::RSA_PSS_SHA512); rustls::SignatureScheme::RSA_PSS_SHA512,
ss.push(rustls::SignatureScheme::ED25519); rustls::SignatureScheme::ED25519,
ss.push(rustls::SignatureScheme::ED448); rustls::SignatureScheme::ED448,
]
ss
} }
} }
fn initialize_log(options: &Cli) { fn initialize_log(options: &Cli) {
let level = match options.level {
Some(level) => level.to_level_filter(),
None => log::LevelFilter::Debug,
};
pretty_env_logger::formatted_timed_builder() pretty_env_logger::formatted_timed_builder()
.format(|buf, record| { .format(|buf, record| {
// We are reusing `anstyle` but there are `anstyle-*` crates to adapt it to your // We are reusing `anstyle` but there are `anstyle-*` crates to adapt it to your
@ -170,7 +173,7 @@ fn initialize_log(options: &Cli) {
) )
}) })
.format_timestamp_micros() .format_timestamp_micros()
.filter_level(level) .filter_level(options.level.unwrap_or(Level::Debug).into())
.init(); .init();
info!("Hi -"); info!("Hi -");
@ -191,12 +194,9 @@ fn load_use_certificate(crt_name: &str, store: &mut RootCertStore) {
.iter_common_name() .iter_common_name()
.next() .next()
.and_then(|cn| cn.as_str().ok()); .and_then(|cn| cn.as_str().ok());
match cn { if let Some(name) = cn {
Some(name) => {
info!("[{}] CA's CN: {}", i, name); info!("[{}] CA's CN: {}", i, name);
} }
None => (),
}
store.add(cert.clone()).unwrap(); store.add(cert.clone()).unwrap();
} }
_ => panic!("x509 parsing failed: {:?}", deserialized_cert), _ => panic!("x509 parsing failed: {:?}", deserialized_cert),
@ -217,6 +217,25 @@ fn main() -> Result<(), Box<dyn StdError>> {
load_use_certificate(&crt_name, &mut store); load_use_certificate(&crt_name, &mut store);
} }
if let Ok(certs) = rustls_native_certs::load_native_certs() {
let _ = certs
.iter()
.map(|cert| {
if let Err(e) = store.add(cert.clone()) {
error!("push cert error: {}", e.to_string());
}
})
.collect::<Vec<_>>();
}
if let Ok(certs) = rustls_native_certs::load_native_certs() {
certs.iter().for_each(|cert| {
if let Err(e) = store.add(cert.clone()) {
error!("push cert error: {}", e.to_string());
}
})
}
for cert in rustls_native_certs::load_native_certs()? { for cert in rustls_native_certs::load_native_certs()? {
if let Err(e) = store.add(cert) { if let Err(e) = store.add(cert) {
error!("push cert error: {}", e.to_string()); error!("push cert error: {}", e.to_string());
@ -240,8 +259,6 @@ fn main() -> Result<(), Box<dyn StdError>> {
let mut tls_conn = rustls::Stream::new(&mut conn, &mut sock); let mut tls_conn = rustls::Stream::new(&mut conn, &mut sock);
let mut rbuf: [u8; 1024] = [0; 1024]; let mut rbuf: [u8; 1024] = [0; 1024];
tls_conn.
let wstring = "Hello Rust!"; let wstring = "Hello Rust!";
let wsize = match tls_conn.write(wstring.as_bytes()) { let wsize = match tls_conn.write(wstring.as_bytes()) {
Ok(size) => size, Ok(size) => size,

17
src/main.rs
View File

@ -40,7 +40,7 @@ enum Level {
} }
impl Level { impl Level {
fn to_level_filter(&self) -> log::LevelFilter { fn to_level_filter(self) -> log::LevelFilter {
match self { match self {
Level::Off => log::LevelFilter::Off, Level::Off => log::LevelFilter::Off,
Level::Error => log::LevelFilter::Error, Level::Error => log::LevelFilter::Error,
@ -91,22 +91,21 @@ fn initialize_log(options: &Cli) {
fn parse_args() -> Vec<String> { fn parse_args() -> Vec<String> {
let cli = Cli::parse(); let cli = Cli::parse();
let mut key_path = Vec::<String>::new();
key_path.push(cli.cert.clone());
key_path.push(cli.key.clone());
initialize_log(&cli); initialize_log(&cli);
key_path vec![cli.cert.clone(), cli.key.clone()]
} }
fn main() -> Result<(), Box<dyn StdError>> { fn main() -> Result<(), Box<dyn StdError>> {
let key_path = parse_args(); let key_path = parse_args();
let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Cert as usize][0..])?)) let certs = rustls_pemfile::certs(&mut BufReader::new(&mut File::open(
&key_path[KeyPath::Cert as usize][0..],
)?))
.collect::<Result<Vec<_>, _>>()?; .collect::<Result<Vec<_>, _>>()?;
let private_key = let private_key = rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(
rustls_pemfile::private_key(&mut BufReader::new(&mut File::open(&key_path[KeyPath::Pkey as usize][0..])?))? &key_path[KeyPath::Pkey as usize][0..],
)?))?
.unwrap(); .unwrap();
let config = rustls::ServerConfig::builder() let config = rustls::ServerConfig::builder()
.with_no_client_auth() .with_no_client_auth()