Properly load either RSA or PKCS8 formatted keys
Just my luck that a serious integration test ended up requiring PKCS8 formatted keys
This commit is contained in:
parent
704b86316e
commit
961becb0be
|
@ -517,7 +517,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "hotdog"
|
name = "hotdog"
|
||||||
version = "0.1.3"
|
version = "0.1.4"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"async-std",
|
"async-std",
|
||||||
"async-tls",
|
"async-tls",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "hotdog"
|
name = "hotdog"
|
||||||
version = "0.1.3"
|
version = "0.1.4"
|
||||||
authors = ["R. Tyler Croy <rtyler+hotdog@brokenco.de>"]
|
authors = ["R. Tyler Croy <rtyler+hotdog@brokenco.de>"]
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,52 @@
|
||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDcHwdD3FKdlCHc
|
||||||
|
wWkvnKx8YHayYBC3yC8kzzsLh/ze5nOgJRau7PfypKZ471IjMy9xZwF1Z9zM2LvM
|
||||||
|
5ckmb9eSPfBmbFrGr5XuPTkJVvv9HJjdBJwFY8+R5uRKHNhADNCb0fVseCSQyJbW
|
||||||
|
OH31cY7GHXqUVKDShIqeSRLkDYh/0pNIuwNA5ldz/Ih3h+Ws1XiAEA307GUfaPXc
|
||||||
|
PsDuwp+3TPZbeGsoDiUYQyu/qjDyc/uGRFcdPtblYE3PO9Y2KFyv7nUXocqokS8k
|
||||||
|
7G61oQcWXfWvmU8qUFmJ4UcO9RaTaxvz+JgmgoY1jZ1/bJ6qGAkG/9QWEq9TjRgf
|
||||||
|
YhKAM377D/thhjFGwRAnQHIYpCuxeD2ayHGTgSE0xyztTTNI8RZdYeuRQn+gYfAG
|
||||||
|
pxQT4Py6uLyQTAHIgRhljUKIO29Y0/8uefYzswh0+U9FHNwkvcMw1YkQE/9VuMyp
|
||||||
|
oXjG3gw1EDk3Q0vv14V8liq/Mnql6piqxd8RynRy9EKxyBNN9xfS9lITf79fFyQ3
|
||||||
|
1TGlL77O3hshM7rH35RhFmDWqX1dkRgLKL04ZbX429+V+Rkj+BrFyqCoCXoGi/Vk
|
||||||
|
KnRcqblsr+3v9ukDbG5ucExTMH0cRMR5A7d3tgcp+Fy8Ohsqt/MCfcOS9Y7DZABT
|
||||||
|
DBcE5tEkKl6sE34g+EILteyLGD+xQwIDAQABAoICABPpGpcgzrhCNe3p8MHFwjRd
|
||||||
|
5V6tIdX93YXO2OBqJI1k+wB5WlvoQ2VHT2eQ/jUA5EG1t4QPKQG+eP5HqrI3W6B2
|
||||||
|
yc/57Rwbtcwe7ZHStGhotcsIJ7S1GolwASZTBZyFjDkL/M8a7vPJsRsfcQVKiEeT
|
||||||
|
UwsnvIROSNuYcIUAVGB7g6cIg3rTWwW6yf1F5ZiElqm+ygRlfaAhtlt9saXnJNtH
|
||||||
|
suEDO24cGW7gZIypsFO9+fpjJB4ZGQcWdvNPzkiHzhp7z0ub7uDggQst97WmIyX6
|
||||||
|
ycZgb7C8I90861iHAsvC3Hxs+BZDqDAf5ycnhBKOqgJgEacNeZ5tHMl57YJ7JfkU
|
||||||
|
t88GO8rnQgkmBeLKg4aEX6A2zvtzQMfD6SaUBYvPG9gX+rJ4pFyEG006V4GgJS7v
|
||||||
|
jo4usDevgyxiFnJbAO4vGPwbwOvXgzJMWAGxRETkFM++4Gmlo+NS995c2qfhpBLo
|
||||||
|
+IhMdSq/tYygC82lqjDIkIqJdMbg8/X4khvMhWrlIe3PSkbfaHe58IKq63Y8oRxK
|
||||||
|
eTAWUw/khdpn0weSfQt/0XITci7+tn+HdNLulWyyf+/3LgwLp4l0+ss4lcoRO873
|
||||||
|
OIm1Xy6SyUrFo6nvbbibhex0w4z+KuZNgN75DycikJqhwKGOsZCTMRYT+IYxQgv5
|
||||||
|
qSe2JkhlXckHKa0DTuBBAoIBAQD2OtaVT20z4ctkId8OmhkIl/N61ofLxsDBlskO
|
||||||
|
dXvdTWgoJQ+CM0Jww00R2Uppx3ZktL9K1BpY49GMvoyVNDXcEAoY1xpDiS46qnFm
|
||||||
|
yZXYpYU+B4kZgmUbUG0Va3rUCQdVBqeFuKmTTLMhCQ1/Oh5XY/LeddyM8pNGo05d
|
||||||
|
Rjn7fspENLCzKStkFXfpE3CPEVwnitg3ETezO44LntYXHRnBLQm5tJMF3r3jskyx
|
||||||
|
MIdnNHDLKiHgp4XbEyltp10RiL2dgvdNQBOuo5T9Lbdf5jVxTq71kiiMib9u/ZEE
|
||||||
|
ej9RHlYDjJLYktwyyVGyYtndfHUt7gwiGMIZOS6gtkafMNztAoIBAQDk2vum0/tG
|
||||||
|
1eYMuN60vAt8Kh6PoHnR2Gw3/KQxx9PJLS5o/Eu2VG+Kk0ZLcCo3ABpSEOWBxAiv
|
||||||
|
Kgun82GAxwEcPs8v2KObwpEK5SvA3tDdyY24qkVr6WDx/WNh3AjUo0jOZUrGUlvS
|
||||||
|
M2rmbiUG3XGw3CRMUgvhfLzvQpx6/G8UQ5LVsgVycfbKijt0qbqramKqlKpu4UMm
|
||||||
|
OccM8QNxWytrK4dEs41/YzmtBRuHzo8YeQ3eCY8RhT15E/hCdSHW0EleykiPBQJP
|
||||||
|
75NdE5Jac1DVmK796G3V43wjfbkeN4o/dRjbJ0+aQhEiogyIZ2Darkg3/HwLDEy/
|
||||||
|
rLCl2dgfaTDvAoIBAQCqrZZY4TmdIQLPYfswL/jyUAHiQBrZUegDSPYNI7q8aA+u
|
||||||
|
5CGf6tA/QeGGYcyHDlAu9msy/1tUCncSzHK+afZ7mFKnbVMzRT/aQpNg4JMSHYoC
|
||||||
|
uU57dDuJd3Jlyp7Vo3yFn5s3wg0poZz5ZUEJ08t8YDfVpHVA7lTQPhrv5OIERpsG
|
||||||
|
NE/XoM4HDiqUUXlQcoQilMfTRAgMIVgRDgTw+KcFlKaNJ3JSO1f9IXavzCfPjjYx
|
||||||
|
Xf8lrnnGpb2t2LlWkiZ9rG6oCaabA6Ee7jWSMA0TgasdZjbdVA5ybSm8pNCG9jRB
|
||||||
|
OYwAu6wPOCV9NbA3KzI+qCeY6viAa3a6yB6j8kbxAoIBAQDiS7czi8GYlcHZKqTt
|
||||||
|
SlSA/pUhqKlM2xiHdAZYQyQkdczCe1fSf0OcX2zPA6Z6pFtictq+qj18F7NW686q
|
||||||
|
LB3o9CKjSTDewFHz2BCfsrQN21OMGrJytl7qaohvJ8iDmsJPdNGvsZiiDb3TBW8P
|
||||||
|
jsDxBX3PCgI9gb7BR7i71AlynC8Bp/rC4/YI6Q9JmNvAzH2r9z1gTta7Yb52CYxB
|
||||||
|
9sjEPFKRmIp+QHuznq1OaO4OYQVZXVJfHMVgiGKgNHq1k1g5pwSAh491w4yQKN47
|
||||||
|
GnQAAe5nnAGf0kXaQmNegcTuYrelXQXVnyaafGqwJqkbE+LNmZh+xDbQAc7a8MJI
|
||||||
|
rRd5AoIBAQCl5DW6gcnd7K/ippmLixMjxjluqyIjTzZjq/opD18BwkfNZgeKF9tn
|
||||||
|
HG4QhwXwIw7UzVAKQuSW6ZWRgDCCYwAiQRjHul29XtX6NY5LuOnJJElnWAqk0O1e
|
||||||
|
uKW3fL+vlAwfLQtZQMudVUTXz5xnXOTViSN9GTRlJn+ahM26tzGXmEqKDPtx64Fi
|
||||||
|
NsiXjie/kDeeKpPwpDvVErnFezyHPfH2mgsBvNjytgJe5LvtAJqgR0dTJNUwxEOu
|
||||||
|
VIG4AEnvAIR4c9BthxhkluBkpWetgt/ZWdwjDGZRGN1YxgXKlcCVOHtT6nLP04+W
|
||||||
|
iAwAOku/DNYa9Kk8OnbvhKGgHYVn8huA
|
||||||
|
-----END PRIVATE KEY-----
|
|
@ -16,7 +16,7 @@ use async_tls::TlsAcceptor;
|
||||||
use crossbeam::channel::bounded;
|
use crossbeam::channel::bounded;
|
||||||
use dipstick::*;
|
use dipstick::*;
|
||||||
use log::*;
|
use log::*;
|
||||||
use rustls::internal::pemfile::{certs, rsa_private_keys};
|
use rustls::internal::pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
|
||||||
use rustls::{Certificate, NoClientAuth, PrivateKey, ServerConfig};
|
use rustls::{Certificate, NoClientAuth, PrivateKey, ServerConfig};
|
||||||
use std::path::Path;
|
use std::path::Path;
|
||||||
|
|
||||||
|
@ -27,11 +27,24 @@ fn load_certs(path: &Path) -> io::Result<Vec<Certificate>> {
|
||||||
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid cert"))
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Load the passed keys file
|
/**
|
||||||
|
* Loads the keys file passed in, whether it is an RSA or PKCS8 formatted key
|
||||||
|
*/
|
||||||
fn load_keys(path: &Path) -> io::Result<Vec<PrivateKey>> {
|
fn load_keys(path: &Path) -> io::Result<Vec<PrivateKey>> {
|
||||||
debug!("Loading TLS keys from: {}", path.display());
|
debug!("Loading TLS keys from: {}", path.display());
|
||||||
rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
|
|
||||||
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"))
|
let result = rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
|
||||||
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"));
|
||||||
|
|
||||||
|
if let Ok(keys) = result {
|
||||||
|
if keys.len() == 0 {
|
||||||
|
debug!("Failed to load key as RSA, trying PKCS8");
|
||||||
|
return pkcs8_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?))
|
||||||
|
.map_err(|_| io::Error::new(io::ErrorKind::InvalidInput, "invalid key"));
|
||||||
|
}
|
||||||
|
return Ok(keys);
|
||||||
|
}
|
||||||
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Configure the server using rusttls
|
/// Configure the server using rusttls
|
||||||
|
@ -44,6 +57,10 @@ fn load_tls_config(settings: &Settings) -> io::Result<ServerConfig> {
|
||||||
let certs = load_certs(cert.as_path())?;
|
let certs = load_certs(cert.as_path())?;
|
||||||
let mut keys = load_keys(key.as_path())?;
|
let mut keys = load_keys(key.as_path())?;
|
||||||
|
|
||||||
|
if keys.len() <= 0 {
|
||||||
|
panic!("TLS key could not be properly loaded! This is fatal!");
|
||||||
|
}
|
||||||
|
|
||||||
// we don't use client authentication
|
// we don't use client authentication
|
||||||
let mut config = ServerConfig::new(NoClientAuth::new());
|
let mut config = ServerConfig::new(NoClientAuth::new());
|
||||||
config
|
config
|
||||||
|
@ -172,7 +189,7 @@ mod tests {
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
fn test_load_keys() {
|
fn test_load_keys_rsa() {
|
||||||
let key_path = Path::new("./contrib/cert-key.pem");
|
let key_path = Path::new("./contrib/cert-key.pem");
|
||||||
if let Ok(keys) = load_keys(&key_path) {
|
if let Ok(keys) = load_keys(&key_path) {
|
||||||
assert_eq!(1, keys.len());
|
assert_eq!(1, keys.len());
|
||||||
|
@ -180,4 +197,14 @@ mod tests {
|
||||||
assert!(false);
|
assert!(false);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_load_keys_pkcs8() {
|
||||||
|
let key_path = Path::new("./contrib/pkcs8-key.pem");
|
||||||
|
if let Ok(keys) = load_keys(&key_path) {
|
||||||
|
assert_eq!(1, keys.len());
|
||||||
|
} else {
|
||||||
|
assert!(false);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue