Refactor code to match dependency updates (#144)

sbstp · Jul 29, 2023 · bb3e0b5 · bb3e0b5
1 parent 4d94796
commit bb3e0b5
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 18 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -30,7 +30,7 @@ serde_json = {version = "1.0.83", optional = true}
 serde_urlencoded = {version = "0.7.1", optional = true}
 url = "2.2.2"
 webpki = {version = "0.22.0", optional = true}
-webpki-roots = {version = "0.23.0", optional = true}
+webpki-roots = {version = "0.25.1", optional = true}
 
 [dev-dependencies]
 anyhow = "1.0.61"
@@ -40,8 +40,9 @@ futures-util = "0.3.23"
 hyper = "0.14.20"
 lazy_static = "1.4.0"
 multipart = {version = "0.18.0", default-features = false, features = ["server"]}
+rustls-pemfile = "1.0.3"
 tokio = {version = "1.20.1", features = ["full"]}
-tokio-rustls = "0.22.0"
+tokio-rustls = "0.24.1"
 tokio-stream = {version = "0.1.9", features = ["net"]}
 warp = "0.3.2"
 

diff --git a/src/request/builder.rs b/src/request/builder.rs
@@ -4,6 +4,8 @@ use std::fs;
 use std::str;
 use std::time::Duration;
 
+#[cfg(feature = "basic-auth")]
+use base64::Engine;
 use http::{
     header::{
         HeaderMap, HeaderValue, IntoHeaderName, ACCEPT, CONNECTION, CONTENT_LENGTH, CONTENT_TYPE, TRANSFER_ENCODING,
@@ -133,7 +135,7 @@ impl<B> RequestBuilder<B> {
         };
         self.header(
             http::header::AUTHORIZATION,
-            format!("Basic {}", base64::encode(auth.as_bytes())),
+            format!("Basic {}", base64::engine::general_purpose::STANDARD.encode(auth.as_bytes())),
         )
     }
 

diff --git a/src/tls/rustls_impl.rs b/src/tls/rustls_impl.rs
@@ -59,7 +59,7 @@ impl TlsHandshaker {
                 let mut root_store = RootCertStore::empty();
 
                 #[cfg(feature = "tls-rustls-webpki-roots")]
-                root_store.add_server_trust_anchors(TLS_SERVER_ROOTS.0.iter().map(|root| {
+                root_store.add_server_trust_anchors(TLS_SERVER_ROOTS.iter().map(|root| {
                     OwnedTrustAnchor::from_subject_spki_name_constraints(root.subject, root.spki, root.name_constraints)
                 }));
 

diff --git a/tests/tools/tls.rs b/tests/tools/tls.rs
@@ -13,7 +13,7 @@ use futures::ready;
 use hyper::server::accept::Accept;
 use hyper::server::conn::{AddrIncoming, AddrStream};
 use tokio::io::{AsyncRead, AsyncWrite, ReadBuf};
-use tokio_rustls::rustls::{NoClientAuth, ServerConfig, TLSError};
+use tokio_rustls::rustls::{ServerConfig, Error as TLSError, PrivateKey, Certificate};
 
 /// Represents errors that can occur building the TlsConfig
 #[derive(Debug)]
@@ -83,8 +83,8 @@ impl TlsConfigBuilder {
 
     pub(crate) fn build(mut self) -> Result<ServerConfig, TlsConfigError> {
         let mut cert_rdr = BufReader::new(self.cert);
-        let cert = tokio_rustls::rustls::internal::pemfile::certs(&mut cert_rdr)
-            .map_err(|()| TlsConfigError::CertParseError)?;
+        let cert = rustls_pemfile::certs(&mut cert_rdr)
+            .map_err(|_| TlsConfigError::CertParseError)?.into_iter().map(Certificate).collect();
 
         let key = {
             // convert it to Vec<u8> to allow reading it again if key is RSA
@@ -95,28 +95,27 @@ impl TlsConfigBuilder {
                 return Err(TlsConfigError::EmptyKey);
             }
 
-            let mut pkcs8 = tokio_rustls::rustls::internal::pemfile::pkcs8_private_keys(&mut key_vec.as_slice())
-                .map_err(|()| TlsConfigError::Pkcs8ParseError)?;
+            let mut pkcs8 = rustls_pemfile::pkcs8_private_keys(&mut key_vec.as_slice())
+                .map_err(|_| TlsConfigError::Pkcs8ParseError)?;
 
             if !pkcs8.is_empty() {
-                pkcs8.remove(0)
+                PrivateKey(pkcs8.remove(0))
             } else {
-                let mut rsa = tokio_rustls::rustls::internal::pemfile::rsa_private_keys(&mut key_vec.as_slice())
-                    .map_err(|()| TlsConfigError::RsaParseError)?;
+                let mut rsa = rustls_pemfile::rsa_private_keys(&mut key_vec.as_slice())
+                    .map_err(|_| TlsConfigError::RsaParseError)?;
 
                 if !rsa.is_empty() {
-                    rsa.remove(0)
+                    PrivateKey(rsa.remove(0))
                 } else {
                     return Err(TlsConfigError::EmptyKey);
                 }
             }
         };
 
-        let mut config = ServerConfig::new(NoClientAuth::new());
-        config
-            .set_single_cert_with_ocsp_and_sct(cert, key, self.ocsp_resp, Vec::new())
-            .map_err(TlsConfigError::InvalidKey)?;
-        config.set_protocols(&["h2".into(), "http/1.1".into()]);
+        let config = ServerConfig::builder()
+            .with_safe_defaults()
+            .with_no_client_auth().
+            with_single_cert_with_ocsp_and_sct(cert, key, self.ocsp_resp, Vec::new()).map_err(TlsConfigError::InvalidKey)?;
         Ok(config)
     }
 }