From 58ac5e7fe8a8e3f3430e9d908bbb52ab67c67e29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20Frosteg=C3=A5rd?= Date: Sun, 3 Apr 2022 19:46:05 +0200 Subject: [PATCH] ws: use create_rustls_config from aquatic_common --- aquatic_ws/Cargo.toml | 2 +- aquatic_ws/src/common.rs | 2 -- aquatic_ws/src/lib.rs | 37 +++++--------------------------- aquatic_ws/src/workers/socket.rs | 5 +++-- 4 files changed, 9 insertions(+), 37 deletions(-) diff --git a/aquatic_ws/Cargo.toml b/aquatic_ws/Cargo.toml index af02221..c1e1b70 100644 --- a/aquatic_ws/Cargo.toml +++ b/aquatic_ws/Cargo.toml @@ -21,7 +21,7 @@ cpu-pinning = ["aquatic_common/cpu-pinning"] [dependencies] aquatic_cli_helpers = "0.2.0" -aquatic_common = "0.2.0" +aquatic_common = { version = "0.2.0", features = ["rustls-config"] } aquatic_toml_config = "0.2.0" aquatic_ws_protocol = "0.2.0" diff --git a/aquatic_ws/src/common.rs b/aquatic_ws/src/common.rs index 2d2f834..006ceb8 100644 --- a/aquatic_ws/src/common.rs +++ b/aquatic_ws/src/common.rs @@ -5,8 +5,6 @@ use aquatic_common::CanonicalSocketAddr; pub use aquatic_common::ValidUntil; -pub type TlsConfig = futures_rustls::rustls::ServerConfig; - #[derive(Default, Clone)] pub struct State { pub access_list: Arc, diff --git a/aquatic_ws/src/lib.rs b/aquatic_ws/src/lib.rs index 9e3deab..ad8028d 100644 --- a/aquatic_ws/src/lib.rs +++ b/aquatic_ws/src/lib.rs @@ -2,10 +2,9 @@ pub mod common; pub mod config; pub mod workers; -use std::fs::File; -use std::io::BufReader; use std::sync::{atomic::AtomicUsize, Arc}; +use aquatic_common::rustls_config::create_rustls_config; use glommio::{channels::channel_mesh::MeshBuilder, prelude::*}; use signal_hook::{consts::SIGUSR1, iterator::Signals}; @@ -63,7 +62,10 @@ fn run_workers(config: Config, state: State) -> anyhow::Result<()> { let num_bound_sockets = Arc::new(AtomicUsize::new(0)); - let tls_config = Arc::new(create_tls_config(&config).unwrap()); + let tls_config = Arc::new(create_rustls_config( + &config.network.tls_certificate_path, + &config.network.tls_private_key_path, + )?); let mut executors = Vec::new(); @@ -150,32 +152,3 @@ fn run_workers(config: Config, state: State) -> anyhow::Result<()> { Ok(()) } - -fn create_tls_config(config: &Config) -> anyhow::Result { - let certs = { - let f = File::open(&config.network.tls_certificate_path)?; - let mut f = BufReader::new(f); - - rustls_pemfile::certs(&mut f)? - .into_iter() - .map(|bytes| rustls::Certificate(bytes)) - .collect() - }; - - let private_key = { - let f = File::open(&config.network.tls_private_key_path)?; - let mut f = BufReader::new(f); - - rustls_pemfile::pkcs8_private_keys(&mut f)? - .first() - .map(|bytes| rustls::PrivateKey(bytes.clone())) - .ok_or(anyhow::anyhow!("No private keys in file"))? - }; - - let tls_config = rustls::ServerConfig::builder() - .with_safe_defaults() - .with_no_client_auth() - .with_single_cert(certs, private_key)?; - - Ok(tls_config) -} diff --git a/aquatic_ws/src/workers/socket.rs b/aquatic_ws/src/workers/socket.rs index 4557f78..7c121d4 100644 --- a/aquatic_ws/src/workers/socket.rs +++ b/aquatic_ws/src/workers/socket.rs @@ -8,6 +8,7 @@ use std::sync::Arc; use std::time::{Duration, Instant}; use aquatic_common::access_list::{create_access_list_cache, AccessListArcSwap, AccessListCache}; +use aquatic_common::rustls_config::RustlsConfig; use aquatic_common::CanonicalSocketAddr; use aquatic_ws_protocol::*; use async_tungstenite::WebSocketStream; @@ -49,7 +50,7 @@ struct ConnectionReference { pub async fn run_socket_worker( config: Config, state: State, - tls_config: Arc, + tls_config: Arc, in_message_mesh_builder: MeshBuilder<(ConnectionMeta, InMessage), Partial>, out_message_mesh_builder: MeshBuilder<(ConnectionMeta, OutMessage), Partial>, num_bound_sockets: Arc, @@ -214,7 +215,7 @@ async fn run_connection( out_message_receiver: LocalReceiver<(ConnectionMeta, OutMessage)>, out_message_consumer_id: ConsumerId, connection_id: ConnectionId, - tls_config: Arc, + tls_config: Arc, stream: TcpStream, ) -> anyhow::Result<()> { let peer_addr = stream