Properly load either RSA or PKCS8 formatted keys
Just my luck that a serious integration test ended up requiring PKCS8 formatted keys
This commit is contained in:
parent
704b86316e
commit
961becb0be
|
@ -517,7 +517,7 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "hotdog"
|
||||
version = "0.1.3"
|
||||
version = "0.1.4"
|
||||
dependencies = [
|
||||
"async-std",
|
||||
"async-tls",
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "hotdog"
|
||||
version = "0.1.3"
|
||||
version = "0.1.4"
|
||||
authors = ["R. Tyler Croy <rtyler+hotdog@brokenco.de>"]
|
||||
edition = "2018"
|
||||
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDcHwdD3FKdlCHc
|
||||
wWkvnKx8YHayYBC3yC8kzzsLh/ze5nOgJRau7PfypKZ471IjMy9xZwF1Z9zM2LvM
|
||||
5ckmb9eSPfBmbFrGr5XuPTkJVvv9HJjdBJwFY8+R5uRKHNhADNCb0fVseCSQyJbW
|
||||
OH31cY7GHXqUVKDShIqeSRLkDYh/0pNIuwNA5ldz/Ih3h+Ws1XiAEA307GUfaPXc
|
||||
PsDuwp+3TPZbeGsoDiUYQyu/qjDyc/uGRFcdPtblYE3PO9Y2KFyv7nUXocqokS8k
|
||||
7G61oQcWXfWvmU8qUFmJ4UcO9RaTaxvz+JgmgoY1jZ1/bJ6qGAkG/9QWEq9TjRgf
|
||||
YhKAM377D/thhjFGwRAnQHIYpCuxeD2ayHGTgSE0xyztTTNI8RZdYeuRQn+gYfAG
|
||||
pxQT4Py6uLyQTAHIgRhljUKIO29Y0/8uefYzswh0+U9FHNwkvcMw1YkQE/9VuMyp
|
||||
oXjG3gw1EDk3Q0vv14V8liq/Mnql6piqxd8RynRy9EKxyBNN9xfS9lITf79fFyQ3
|
||||
1TGlL77O3hshM7rH35RhFmDWqX1dkRgLKL04ZbX429+V+Rkj+BrFyqCoCXoGi/Vk
|
||||
KnRcqblsr+3v9ukDbG5ucExTMH0cRMR5A7d3tgcp+Fy8Ohsqt/MCfcOS9Y7DZABT
|
||||
DBcE5tEkKl6sE34g+EILteyLGD+xQwIDAQABAoICABPpGpcgzrhCNe3p8MHFwjRd
|
||||
5V6tIdX93YXO2OBqJI1k+wB5WlvoQ2VHT2eQ/jUA5EG1t4QPKQG+eP5HqrI3W6B2
|
||||
yc/57Rwbtcwe7ZHStGhotcsIJ7S1GolwASZTBZyFjDkL/M8a7vPJsRsfcQVKiEeT
|
||||
UwsnvIROSNuYcIUAVGB7g6cIg3rTWwW6yf1F5ZiElqm+ygRlfaAhtlt9saXnJNtH
|
||||
suEDO24cGW7gZIypsFO9+fpjJB4ZGQcWdvNPzkiHzhp7z0ub7uDggQst97WmIyX6
|
||||
ycZgb7C8I90861iHAsvC3Hxs+BZDqDAf5ycnhBKOqgJgEacNeZ5tHMl57YJ7JfkU
|
||||
t88GO8rnQgkmBeLKg4aEX6A2zvtzQMfD6SaUBYvPG9gX+rJ4pFyEG006V4GgJS7v
|
||||
jo4usDevgyxiFnJbAO4vGPwbwOvXgzJMWAGxRETkFM++4Gmlo+NS995c2qfhpBLo
|
||||
+IhMdSq/tYygC82lqjDIkIqJdMbg8/X4khvMhWrlIe3PSkbfaHe58IKq63Y8oRxK
|
||||
eTAWUw/khdpn0weSfQt/0XITci7+tn+HdNLulWyyf+/3LgwLp4l0+ss4lcoRO873
|
||||
OIm1Xy6SyUrFo6nvbbibhex0w4z+KuZNgN75DycikJqhwKGOsZCTMRYT+IYxQgv5
|
||||
qSe2JkhlXckHKa0DTuBBAoIBAQD2OtaVT20z4ctkId8OmhkIl/N61ofLxsDBlskO
|
||||
dXvdTWgoJQ+CM0Jww00R2Uppx3ZktL9K1BpY49GMvoyVNDXcEAoY1xpDiS46qnFm
|
||||
yZXYpYU+B4kZgmUbUG0Va3rUCQdVBqeFuKmTTLMhCQ1/Oh5XY/LeddyM8pNGo05d
|
||||
Rjn7fspENLCzKStkFXfpE3CPEVwnitg3ETezO44LntYXHRnBLQm5tJMF3r3jskyx
|
||||
MIdnNHDLKiHgp4XbEyltp10RiL2dgvdNQBOuo5T9Lbdf5jVxTq71kiiMib9u/ZEE
|
||||
ej9RHlYDjJLYktwyyVGyYtndfHUt7gwiGMIZOS6gtkafMNztAoIBAQDk2vum0/tG
|
||||
1eYMuN60vAt8Kh6PoHnR2Gw3/KQxx9PJLS5o/Eu2VG+Kk0ZLcCo3ABpSEOWBxAiv
|
||||
Kgun82GAxwEcPs8v2KObwpEK5SvA3tDdyY24qkVr6WDx/WNh3AjUo0jOZUrGUlvS
|
||||
M2rmbiUG3XGw3CRMUgvhfLzvQpx6/G8UQ5LVsgVycfbKijt0qbqramKqlKpu4UMm
|
||||
OccM8QNxWytrK4dEs41/YzmtBRuHzo8YeQ3eCY8RhT15E/hCdSHW0EleykiPBQJP
|
||||
75NdE5Jac1DVmK796G3V43wjfbkeN4o/dRjbJ0+aQhEiogyIZ2Darkg3/HwLDEy/
|
||||
rLCl2dgfaTDvAoIBAQCqrZZY4TmdIQLPYfswL/jyUAHiQBrZUegDSPYNI7q8aA+u
|
||||
5CGf6tA/QeGGYcyHDlAu9msy/1tUCncSzHK+afZ7mFKnbVMzRT/aQpNg4JMSHYoC
|
||||
uU57dDuJd3Jlyp7Vo3yFn5s3wg0poZz5ZUEJ08t8YDfVpHVA7lTQPhrv5OIERpsG
|
||||
NE/XoM4HDiqUUXlQcoQilMfTRAgMIVgRDgTw+KcFlKaNJ3JSO1f9IXavzCfPjjYx
|
||||
Xf8lrnnGpb2t2LlWkiZ9rG6oCaabA6Ee7jWSMA0TgasdZjbdVA5ybSm8pNCG9jRB
|
||||
OYwAu6wPOCV9NbA3KzI+qCeY6viAa3a6yB6j8kbxAoIBAQDiS7czi8GYlcHZKqTt
|
||||
SlSA/pUhqKlM2xiHdAZYQyQkdczCe1fSf0OcX2zPA6Z6pFtictq+qj18F7NW686q
|
||||
LB3o9CKjSTDewFHz2BCfsrQN21OMGrJytl7qaohvJ8iDmsJPdNGvsZiiDb3TBW8P
|
||||
jsDxBX3PCgI9gb7BR7i71AlynC8Bp/rC4/YI6Q9JmNvAzH2r9z1gTta7Yb52CYxB
|
||||
9sjEPFKRmIp+QHuznq1OaO4OYQVZXVJfHMVgiGKgNHq1k1g5pwSAh491w4yQKN47
|
||||
GnQAAe5nnAGf0kXaQmNegcTuYrelXQXVnyaafGqwJqkbE+LNmZh+xDbQAc7a8MJI
|
||||
rRd5AoIBAQCl5DW6gcnd7K/ippmLixMjxjluqyIjTzZjq/opD18BwkfNZgeKF9tn
|
||||
HG4QhwXwIw7UzVAKQuSW6ZWRgDCCYwAiQRjHul29XtX6NY5LuOnJJElnWAqk0O1e
|
||||
uKW3fL+vlAwfLQtZQMudVUTXz5xnXOTViSN9GTRlJn+ahM26tzGXmEqKDPtx64Fi
|
||||
NsiXjie/kDeeKpPwpDvVErnFezyHPfH2mgsBvNjytgJe5LvtAJqgR0dTJNUwxEOu
|
||||
VIG4AEnvAIR4c9BthxhkluBkpWetgt/ZWdwjDGZRGN1YxgXKlcCVOHtT6nLP04+W
|
||||
iAwAOku/DNYa9Kk8OnbvhKGgHYVn8huA
|
||||
-----END PRIVATE KEY-----
|
|
@ -16,7 +16,7 @@ use async_tls::TlsAcceptor;
|
|||
use crossbeam::channel::bounded;
|
||||
use dipstick::*;
|
||||
use log::*;
|
||||
use rustls::internal::pemfile::{certs, rsa_private_keys};
|
||||
use rustls::internal::pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
|
||||
use rustls::{Certificate, NoClientAuth, PrivateKey, ServerConfig};
|
||||
use std::path::Path;
|
||||
|
||||
|
@ -27,11 +27,24 @@ fn load_certs(path: &Path) -> io::Result<Vec<Certificate>> {
|
|||
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
|
||||
}
|
||||
|
||||
/// Load the passed keys file
|
||||
/**
|
||||
* Loads the keys file passed in, whether it is an RSA or PKCS8 formatted key
|
||||
*/
|
||||
fn load_keys(path: &Path) -> io::Result<Vec<PrivateKey>> {
|
||||
debug!("Loading TLS keys from: {}", path.display());
|
||||
rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
|
||||
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
|
||||
|
||||
let result = rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
|
||||
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"));
|
||||
|
||||
if let Ok(keys) = result {
|
||||
if keys.len() == 0 {
|
||||
debug!("Failed to load key as RSA, trying PKCS8");
|
||||
return pkcs8_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
|
||||
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"));
|
||||
}
|
||||
return Ok(keys);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
/// Configure the server using rusttls
|
||||
|
@ -44,6 +57,10 @@ fn load_tls_config(settings: &Settings) -> io::Result<ServerConfig> {
|
|||
let certs = load_certs(cert.as_path())?;
|
||||
let mut keys = load_keys(key.as_path())?;
|
||||
|
||||
if keys.len() <= 0 {
|
||||
panic!("TLS key could not be properly loaded! This is fatal!");
|
||||
}
|
||||
|
||||
// we don't use client authentication
|
||||
let mut config = ServerConfig::new(NoClientAuth::new());
|
||||
config
|
||||
|
@ -172,7 +189,7 @@ mod tests {
|
|||
}
|
||||
|
||||
#[test]
|
||||
fn test_load_keys() {
|
||||
fn test_load_keys_rsa() {
|
||||
let key_path = Path::new("./contrib/cert-key.pem");
|
||||
if let Ok(keys) = load_keys(&key_path) {
|
||||
assert_eq!(1, keys.len());
|
||||
|
@ -180,4 +197,14 @@ mod tests {
|
|||
assert!(false);
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn test_load_keys_pkcs8() {
|
||||
let key_path = Path::new("./contrib/pkcs8-key.pem");
|
||||
if let Ok(keys) = load_keys(&key_path) {
|
||||
assert_eq!(1, keys.len());
|
||||
} else {
|
||||
assert!(false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue