feat: basic cut of TLS

warlock-labs · Sep 10, 2024 · 25d98a3 · 25d98a3
1 parent 8192854
commit 25d98a3
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 0 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,7 +20,10 @@ http-body-util = "0.1.2"
 hyper = "1.4.1"
 hyper-util = { version = "0.1.8", features = ["server", "tokio", "server-auto", "server-graceful", "service"] }
 pin-project = "1.1.5"
+rustls = "0.23.13"
+rustls-pemfile = "2.1.3"
 tokio = { version = "1.40.0", features = ["net", "macros"] }
+tokio-rustls = "0.26.0"
 tokio-stream = { version = "0.1.16", features = ["net"] }
 tower = { version = "0.5.1", features = ["util"] }
 tracing = "0.1.40"

diff --git a/src/tls.rs b/src/tls.rs
@@ -1 +1,52 @@
+use std::sync::Arc;
+use std::{fs, io};
+use tokio::net::TcpStream;
+use tokio_rustls::TlsAcceptor;
+use rustls::ServerConfig;
+use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 
+fn error(err: String) -> io::Error {
+    io::Error::new(io::ErrorKind::Other, err)
+}
+
+pub fn create_tls_acceptor(cert_path: &str, key_path: &str) -> io::Result<TlsAcceptor> {
+    // Load public certificate.
+    let certs = load_certs(cert_path)?;
+    // Load private key.
+    let key = load_private_key(key_path)?;
+
+    // Build TLS configuration.
+    let mut server_config = ServerConfig::builder()
+        .with_no_client_auth()
+        .with_single_cert(certs, key)
+        .map_err(|e| error(e.to_string()))?;
+    server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()];
+
+    Ok(TlsAcceptor::from(Arc::new(server_config)))
+}
+
+// Load public certificate from file.
+fn load_certs(filename: &str) -> io::Result<Vec<CertificateDer<'static>>> {
+    // Open certificate file.
+    let certfile = fs::File::open(filename)
+        .map_err(|e| error(format!("failed to open {}: {}", filename, e)))?;
+    let mut reader = io::BufReader::new(certfile);
+
+    // Load and return certificate.
+    rustls_pemfile::certs(&mut reader).collect()
+}
+
+// Load private key from file.
+fn load_private_key(filename: &str) -> io::Result<PrivateKeyDer<'static>> {
+    // Open keyfile.
+    let keyfile = fs::File::open(filename)
+        .map_err(|e| error(format!("failed to open {}: {}", filename, e)))?;
+    let mut reader = io::BufReader::new(keyfile);
+
+    // Load and return a single private key.
+    rustls_pemfile::private_key(&mut reader).map(|key| key.unwrap())
+}
+
+pub async fn tls_accept(acceptor: TlsAcceptor, tcp_stream: TcpStream) -> Result<tokio_rustls::server::TlsStream<TcpStream>, std::io::Error> {
+    acceptor.accept(tcp_stream).await.map_err(|e| error(format!("failed to perform tls handshake: {}", e)))
+}