Skip to content

Commit

Permalink
Merge pull request #9265 from habitat-sh/dependabot/cargo/rustls-pemf…
Browse files Browse the repository at this point in the history 
…ile-2.1.2

Bump rustls-pemfile from 1.0.4 to 2.1.2
  • Loading branch information
@mwrock
mwrock authored May 22, 2024
2 parents 88c21c8 + b7436c5 commit a4d3517
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 37 deletions.
7 changes: 4 additions & 3 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 15 additions & 13 deletions components/core/src/tls/rustls_wrapper/readers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,18 +38,20 @@ fn buf_from_file(path: impl AsRef<Path>) -> Result<BufReader<File>, Error> {

pub fn certificates_from_file(path: impl AsRef<Path>) -> Result<Vec<Certificate>, Error> {
let mut buf = buf_from_file(path.as_ref())?;
let certs = rustls_pemfile::certs(&mut buf).map_err(|_| {
Error::FailedToReadCerts(path.as_ref().into())
})?;
Ok(certs.into_iter().map(Certificate).collect())
rustls_pemfile::certs(&mut buf).map(|c| {
c.map_err(|_| Error::FailedToReadCerts(path.as_ref().into()))
.map(|c| Certificate(c.as_ref().to_vec()))
})
.collect()
}

fn private_keys_from_file(path: impl AsRef<Path>) -> Result<Vec<PrivateKey>, Error> {
let mut buf = buf_from_file(path.as_ref())?;
let private_keys = rustls_pemfile::pkcs8_private_keys(&mut buf).map_err(|_| {
Error::FailedToReadPrivateKeys(path.as_ref().into())
})?;
Ok(private_keys.into_iter().map(PrivateKey).collect())
rustls_pemfile::pkcs8_private_keys(&mut buf).map(|k| {
k.map_err(|_| Error::FailedToReadPrivateKeys(path.as_ref().into()))
.map(|k| PrivateKey(k.secret_pkcs8_der().to_vec()))
})
.collect()
}

pub fn private_key_from_file(path: impl AsRef<Path>) -> Result<PrivateKey, Error> {
Expand All @@ -60,11 +62,11 @@ pub fn private_key_from_file(path: impl AsRef<Path>) -> Result<PrivateKey, Error
pub fn root_certificate_store_from_file(path: impl AsRef<Path>) -> Result<RootCertStore, Error> {
let mut buf = buf_from_file(path.as_ref())?;
let mut root_certificate_store = RootCertStore::empty();
let certs =
&rustls_pemfile::certs(&mut buf).map_err(|_| {
Error::FailedToReadRootCertificateStore(path.as_ref()
.into())
})?;
let certs = &rustls_pemfile::certs(&mut buf).map(|c| {
c.map_err(|_| Error::FailedToReadRootCertificateStore(path.as_ref().into()))
.map(|c| c.as_ref().to_vec())
})
.collect::<Result<Vec<_>, _>>()?;
let (_, failed) = root_certificate_store.add_parsable_certificates(certs);
if failed > 0 {
Err(Error::FailedToReadCertificatesFromRootCertificateStore(failed, path.as_ref().into()))
Expand Down
45 changes: 24 additions & 21 deletions components/sup/src/manager.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2013,9 +2013,11 @@ fn tls_config(config: &TLSConfig) -> Result<rustls::ServerConfig> {
Some(path) => {
let mut root_store = RootCertStore::empty();
let mut ca_file = &mut BufReader::new(File::open(path)?);
let certs = &rustls_pemfile::certs(&mut ca_file).map_err(|_| {
Error::InvalidCertFile(path.clone())
})?;
let certs = &rustls_pemfile::certs(&mut ca_file).map(|c| {
c.map_err(|_| Error::InvalidCertFile(path.clone()))
.map(|c| c.as_ref().to_vec())
})
.collect::<Result<Vec<_>>>()?;
let (added, _) = root_store.add_parsable_certificates(certs);
if added < 1 {
return Err(Error::InvalidCertFile(path.clone()));
Expand All @@ -2035,29 +2037,30 @@ fn tls_config(config: &TLSConfig) -> Result<rustls::ServerConfig> {
// Note that we must explicitly map these errors because rustls returns () as the error from
// both pemfile::certs() as well as pemfile::rsa_private_keys() and we want to return
// different errors for each.
let cert_chain = rustls_pemfile::certs(cert_file).and_then(|c| {
if c.is_empty() {
let certs = rustls_pemfile::certs(cert_file).map(|c| {
c.and_then(|cr| {
if cr.is_empty() {
Err(std::io::Error::new(std::io::ErrorKind::Other,
"error getting file contents"))
} else {
Ok(c)
Ok(cr)
}
})
.map_err(|_| Error::InvalidCertFile(config.cert_path.clone()))?;
let certs = cert_chain.into_iter().map(Certificate).collect();

let key = rustls_pemfile::rsa_private_keys(key_file).and_then(|mut k| {
k.pop()
.ok_or_else(|| {
std::io::Error::new(std::io::ErrorKind::Other, "error getting file contents")
}).map_err(|_| Error::InvalidCertFile(config.cert_path.clone()))
.map(|c| Certificate(c.as_ref().to_vec()))
})
.collect::<Result<Vec<Certificate>>>()?;

let mut keys = rustls_pemfile::rsa_private_keys(key_file).map(|k| {
k.map_err(|_| Error::InvalidKeyFile(config.key_path.clone()))
.map(|k| PrivateKey(k.secret_pkcs1_der().to_vec()))
})
})
.map_err(|_| {
Error::InvalidKeyFile(config.key_path
.clone())
})?;

let mut server_config = tls_config.with_single_cert(certs, PrivateKey(key))?;
.collect::<Result<Vec<PrivateKey>>>()?;
let key = keys.pop()
.ok_or_else(|| {
std::io::Error::new(std::io::ErrorKind::Other, "error getting file contents")
})
.map_err(|_| Error::InvalidKeyFile(config.key_path.clone()))?;
let mut server_config = tls_config.with_single_cert(certs, key)?;
server_config.ignore_client_order = true;
Ok(server_config)
}
Expand Down

0 comments on commit a4d3517

Please sign in to comment.