diff --git a/Cargo.lock b/Cargo.lock index 3d5a2c5..711e315 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -28,15 +28,15 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.86" +version = "1.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3d1d046238990b9cf5bcde22a3fb3584ee5cf65fb2765f454ed428c7a0063da" +checksum = "10f00e1f6e58a40e807377c75c6a7f97bf9044fab57816f2414e6f5f4499d7b8" [[package]] name = "aws-lc-rs" -version = "1.8.1" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ae74d9bd0a7530e8afd1770739ad34b36838829d6ad61818f9230f683f5ad77" +checksum = "2f95446d919226d587817a7d21379e6eb099b97b45110a7f272a444ca5c54070" dependencies = [ "aws-lc-sys", "mirai-annotations", @@ -46,9 +46,9 @@ dependencies = [ [[package]] name = "aws-lc-sys" -version = "0.20.1" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f0e249228c6ad2d240c2dc94b714d711629d52bad946075d8e9b2f5391f0703" +checksum = "5055edc4a9a1b2a917a818258cdfb86a535947feebd9981adc99667a062c6f85" dependencies = [ "bindgen", "cc", @@ -132,9 +132,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "cc" -version = "1.1.15" +version = "1.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" dependencies = [ "jobserver", "libc", @@ -178,9 +178,9 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -325,7 +325,7 @@ dependencies = [ [[package]] name = "kaminari" -version = "0.12.0" +version = "0.1.202409071" dependencies = [ "lazy_static", "lightws", @@ -357,7 +357,7 @@ name = "kaminari-cmd" version = "0.6.0" dependencies = [ "anyhow", - "kaminari 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", + "kaminari 0.12.0", "realm_io", "realm_syscall", "tokio", @@ -687,9 +687,9 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustix" -version = "0.38.35" +version = "0.38.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" +checksum = "3f55e80d50763938498dd5ebb18647174e0c76dc38c5505294bb224624f30f36" dependencies = [ "bitflags", "errno", @@ -721,6 +721,7 @@ dependencies = [ "aws-lc-rs", "log", "once_cell", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -757,18 +758,18 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", @@ -816,9 +817,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.76" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -933,9 +934,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "webpki-roots" -version = "0.26.3" +version = "0.26.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd" +checksum = "0bd24728e5af82c6c4ec1b66ac4844bdf8156257fccda846ec58b42cd0cdbe6a" dependencies = [ "rustls-pki-types", ] @@ -1060,17 +1061,3 @@ name = "zeroize" version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" -dependencies = [ - "zeroize_derive", -] - -[[package]] -name = "zeroize_derive" -version = "1.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] diff --git a/cmd/Cargo.toml b/cmd/Cargo.toml index 513a54e..972a108 100644 --- a/cmd/Cargo.toml +++ b/cmd/Cargo.toml @@ -11,9 +11,9 @@ license = "GPL-3.0" [dependencies] anyhow = "1" realm_io = "0.5.1" -realm_syscall = "0.1.6" +realm_syscall = "0.1.8" kaminari = { version = "0.12", features = ["ws"] } -tokio = { version = "1.9", features = ["rt", "net", "macros"] } +tokio = { version = "1.40", features = ["rt", "net", "macros"] } [[bin]] name = "kaminaric" diff --git a/cmd/README.md b/cmd/README.md index b8f038f..67867cb 100644 --- a/cmd/README.md +++ b/cmd/README.md @@ -168,3 +168,35 @@ sslocal -b "127.0.0.1:1080" -s "example.com:8080" -m "aes-128-gcm" -k "123456" \ --plugin "path/to/v2ray-plugin" \ --plugin-opts "mux=0;host=example.com;path=/chat" ``` + +Minimal working sample: + +```rust +use std::error::Error; + +use tokio::io::{AsyncReadExt, AsyncWriteExt}; +use tokio::net::TcpStream; + +use kaminari::nop::NopConnect; +use kaminari::tls::TlsConnect; +use kaminari::AsyncConnect; +use kaminari::{opt, ws}; + +#[tokio::main] +async fn main() -> Result<(), Box> { + info!("starting..."); + let ws_conf = opt::get_ws_conf("ws;host=my-wss-server.xyz;path=/").unwrap(); + let tls = opt::get_tls_client_conf("tls;sni=my-wss-server.xyz;alpn=h2,http/1.1").unwrap(); + let client = ws::WsConnect::new(TlsConnect::new(NopConnect {}, tls), ws_conf); + + let stream = TcpStream::connect("my-wss-server.xyz").await?; + info!("Connected"); + let mut buf = vec![0u8; 0x1000]; + let mut ws_stream = client.connect(stream, &mut buf).await?; + ws_stream.write(&buf).await?; + ws_stream.read(&mut buf).await?; + + Ok(()) +} + +``` \ No newline at end of file diff --git a/kaminari/Cargo.toml b/kaminari/Cargo.toml index 0e95508..ee1c429 100644 --- a/kaminari/Cargo.toml +++ b/kaminari/Cargo.toml @@ -1,12 +1,7 @@ [package] name = "kaminari" -version = "0.12.0" +version = "0.1.202409071" edition = "2021" -authors = ["zephyr "] -keywords = ["lightws", "network"] -repository = "https://github.com/zephyrchien/kaminari" -documentation = "https://docs.rs/kaminari" -description = "The ever fast websocket tunnel built on top of lightws." license = "MIT" [features] @@ -20,19 +15,22 @@ tls = ["tokio-rustls", "webpki-roots", "rustls-pemfile", "rcgen"] [dependencies] # async rt -tokio = "1.9" +tokio = "1.40.0" # global static -lazy_static = "1" +lazy_static = "1.5.0" # ws -lightws = { version = "0.6", features = ["unsafe_auto_mask_write"], optional = true } +lightws = { version = "0.6.10", features = [], optional = true } # uot udpflow = { version = "0.1.0", optional = true } # tls -tokio-rustls = { version = "0.26.0", features = ["early-data"], optional = true } +tokio-rustls = { version = "0.26.0", features = [ + "early-data", + "ring", +], optional = true } webpki-roots = { version = "0.26", optional = true } rustls-pemfile = { version = "2", optional = true } rcgen = { version = "0.13.1", optional = true } diff --git a/kaminari/src/lib.rs b/kaminari/src/lib.rs index e6655a3..af3f1df 100644 --- a/kaminari/src/lib.rs +++ b/kaminari/src/lib.rs @@ -16,14 +16,6 @@ pub trait AsyncConnect { fn connect<'a>(&'a self, stream: S, buf: &'a mut [u8]) -> Self::ConnectFut<'a>; } -pub trait AsyncAccept { - type Stream: IOStream; - type AcceptFut<'a>: Future> - where - Self: 'a; - fn accept<'a>(&'a self, stream: S, buf: &'a mut [u8]) -> Self::AcceptFut<'a>; -} - pub mod nop; pub mod opt; pub mod trick; diff --git a/kaminari/src/nop.rs b/kaminari/src/nop.rs index 6a3fd45..0ab9d4d 100644 --- a/kaminari/src/nop.rs +++ b/kaminari/src/nop.rs @@ -2,7 +2,7 @@ use std::io::Result; use std::future::Future; use std::fmt::{Display, Formatter}; -use super::{IOStream, AsyncAccept, AsyncConnect}; +use super::{IOStream, AsyncConnect}; #[derive(Debug, Clone, Copy)] pub struct NopConnect {} @@ -28,14 +28,3 @@ where fn connect(&self, stream: S, _: &mut [u8]) -> Self::ConnectFut<'_> { async move { Ok(stream) } } } - -impl AsyncAccept for NopAccept -where - S: IOStream, -{ - type Stream = S; - - type AcceptFut<'a> = impl Future> where Self:'a; - - fn accept(&self, stream: S, _: &mut [u8]) -> Self::AcceptFut<'_> { async move { Ok(stream) } } -} diff --git a/kaminari/src/opt.rs b/kaminari/src/opt.rs index c0a30b8..123bb2e 100644 --- a/kaminari/src/opt.rs +++ b/kaminari/src/opt.rs @@ -5,7 +5,7 @@ use super::ws::WsConf; #[cfg(feature = "tls")] -use super::tls::{TlsClientConf, TlsServerConf}; +use super::tls::TlsClientConf; #[macro_export] macro_rules! has_opt { @@ -85,179 +85,3 @@ pub fn get_tls_client_conf(s: &str) -> Option { panic!("tls: require sni") } } - -#[cfg(feature = "tls")] -pub fn get_tls_server_conf(s: &str) -> Option { - let it = s.split(';').map(|x| x.trim()); - - if !has_opt!(it.clone(), "tls") { - return None; - } - - let crt = get_opt!(it.clone(), "cert"); - let key = get_opt!(it.clone(), "key"); - let ocsp = get_opt!(it.clone(), "ocsp"); - let server_name = get_opt!(it.clone(), "servername"); - - if crt.is_some() && key.is_some() || server_name.is_some() { - Some(TlsServerConf { - crt: crt.map_or(String::new(), String::from), - key: key.map_or(String::new(), String::from), - ocsp: ocsp.map_or(String::new(), String::from), - server_name: server_name.map_or(String::new(), String::from), - }) - } else { - panic!("tls: require cert and key or servername") - } -} - -#[cfg(test)] -#[cfg(any(feature = "ws", feature = "tls"))] -mod test { - use super::*; - - #[test] - #[cfg(feature = "ws")] - fn ws_conf() { - macro_rules! y { - ( $( ($s:expr, $host: expr, $path: expr); )+ )=> { - $( - assert_eq!(get_ws_conf($s), Some(WsConf{ - host: String::from($host), - path: String::from($path), - })); - )+ - } - } - - y![ - ("ws;host=a.b.c;path=/", "a.b.c", "/"); - ("ws;host=a.b.c;path=/abc", "a.b.c", "/abc"); - ("ws;path=/abc;host=a.b.c", "a.b.c", "/abc"); - ("ws;path=/abc;host=a.b.c;", "a.b.c", "/abc"); - ]; - } - - #[test] - #[should_panic] - #[cfg(feature = "ws")] - fn ws_conf_err() { - macro_rules! n { - ( $( $s: expr, )+ ) => {{ - $( - assert_eq!(get_ws_conf($s), None); - )+ - }} - } - - n![ - "ws", - "ws;", - "ws;host", - "ws;host=", - "ws;host=;", - "ws;host=a.b.c;", - "ws;host=a.b.c;path", - "ws;host=a.b.c;path=", - "ws;host=a.b.c;path=;", - ]; - } - - #[test] - #[cfg(feature = "tls")] - fn tls_client_conf() { - macro_rules! y { - ( $( ($s:expr, $sni: expr, $alpn: expr, $insecure: expr, $early_data: expr); )+ )=> { - $( - assert_eq!(get_tls_client_conf($s), Some(TlsClientConf{ - sni: String::from($sni), - alpn: $alpn.split(',').map(str::trim).map(Vec::from) - .filter(|v|!v.is_empty()).collect(), - insecure: $insecure, - early_data: $early_data, - })); - )+ - } - } - - y![ - ("tls;sni=a.b.c", "a.b.c", "", false, false); - ("tls;sni=a.b.c;alpn=h2", "a.b.c", "h2", false, false); - ("tls;sni=a.b.c;alpn=http/1.1;insecure", "a.b.c", "http/1.1", true, false); - ("tls;sni=a.b.c;alpn=h2,http/1.1;insecure;", "a.b.c", "h2,http/1.1", true, false); - ("tls;sni=a.b.c;alpn=h2,http/1.1;insecure;0rtt", "a.b.c", "h2,http/1.1", true, true); - ("tls;sni=a.b.c;alpn=h2,http/1.1;insecure;0rtt;" ,"a.b.c", "h2,http/1.1", true, true); - ]; - } - - #[test] - #[should_panic] - #[cfg(feature = "tls")] - fn tls_client_err() { - macro_rules! n { - ( $( $s: expr, )+ ) => {{ - $( - assert_eq!(get_tls_client_conf($s), None); - )+ - }} - } - - n!["", "tls", "tls;", "tls;sni", "tls;sni=", "tls;sni=;",]; - } - - #[test] - #[cfg(feature = "tls")] - fn tls_server_conf() { - macro_rules! y { - ( $( ($s:expr, $key: expr, $crt: expr, $server_name: expr); )+ )=> { - $( - assert_eq!(get_tls_server_conf($s), Some(TlsServerConf{ - key: String::from($key), - crt: String::from($crt), - ocsp: String::new(), - server_name: String::from($server_name), - })); - )+ - } - } - - y![ - ("tls;key=/a;cert=/b", "/a", "/b", ""); - ("tls;key=/a;cert=/b;", "/a", "/b", ""); - ("tls;key=/a;cert=/b;servername=;", "/a", "/b", ""); - - ("tls;servername=a.b.c", "", "", "a.b.c"); - ("tls;servername=a.b.c;", "", "", "a.b.c"); - ("tls;key=;cert=;servername=a.b.c", "", "", "a.b.c"); - - // this is expected - ("tls;key=/a;cert=/b;servername=a.b.c;", "/a", "/b", "a.b.c"); - ]; - } - - #[test] - #[should_panic] - #[cfg(feature = "tls")] - fn tls_server_err() { - macro_rules! n { - ( $( $s: expr, )+ ) => {{ - $( - assert_eq!(get_tls_server_conf($s), None); - )+ - }} - } - - n![ - "", - "tls", - "tls;", - "tls;key", - "tls;key=", - "tls;key=;", - "tls;key=/a;", - "tls;key=/a;cert", - "tls;key=/a;cert=", - "tls;key=/a;cert=;", - ]; - } -} diff --git a/kaminari/src/tls.rs b/kaminari/src/tls.rs index 621f483..f28d6a1 100644 --- a/kaminari/src/tls.rs +++ b/kaminari/src/tls.rs @@ -3,11 +3,10 @@ use std::future::Future; use std::sync::Arc; use std::fmt::{Debug, Display, Formatter}; -use super::{IOStream, AsyncAccept, AsyncConnect}; +use super::{IOStream, AsyncConnect}; use tokio_rustls::rustls; use rustls::client::ClientConfig; -use rustls::server::ServerConfig; use rustls::pki_types::ServerName; use tokio_rustls::{TlsAcceptor, TlsConnector}; @@ -149,387 +148,3 @@ where } } } - -// ========== server ========== -#[derive(Debug, Clone, PartialEq, Eq)] -pub struct TlsServerConf { - pub crt: String, - pub key: String, - pub ocsp: String, - pub server_name: String, -} - -impl Display for TlsServerConf { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - write!( - f, - "cert: {}, key: {}, oscp: {}, server_name: {}", - self.crt, self.key, self.ocsp, self.server_name - ) - } -} - -#[derive(Clone)] -pub struct TlsAccept { - lis: T, - ac: TlsAcceptor, -} - -impl Display for TlsAccept -where - T: Display, -{ - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { write!(f, "[tls]{}", self.lis) } -} - -impl Debug for TlsAccept -where - T: Debug, -{ - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - f.debug_struct("TlsAccept").field("lis", &self.lis).finish() - } -} - -impl TlsAccept { - pub fn new(lis: T, conf: TlsServerConf) -> Self { - let TlsServerConf { - crt, - key, - ocsp, - server_name, - } = conf; - - let (cert, key) = if !crt.is_empty() && !key.is_empty() { - ( - utils::read_certificates(&crt).expect("failed to read certificate"), - utils::read_private_key(&key).expect("failed to read private key"), - ) - } else if !server_name.is_empty() { - utils::generate_self_signed(&server_name) - } else { - panic!("no certificate or private key supplied") - }; - - let ocsp = if !ocsp.is_empty() { - utils::read_ocsp(&ocsp).expect("failed to read ocsp") - } else { - Vec::new() - }; - - let conf = ServerConfig::builder() - .with_no_client_auth() - .with_single_cert_with_ocsp(cert, key, ocsp) - .expect("bad certificate or key"); - - Self { - lis, - ac: Arc::new(conf).into(), - } - } - - // use shared cert, key - pub fn new_shared(lis: T, conf: TlsServerConf) -> Self { - let TlsServerConf { - crt, - key, - ocsp, - server_name, - } = conf; - - let ocsp = if !ocsp.is_empty() { - Some(utils::read_ocsp(&ocsp).expect("failed to read ocsp")) - } else { - None - }; - - let cert_resolver = if !crt.is_empty() && !key.is_empty() { - utils::new_crt_key_resolver(crt, key, ocsp) - } else if !server_name.is_empty() { - utils::new_self_signed_resolver(server_name) - } else { - panic!("no certificate or private key supplied") - }; - - let conf = ServerConfig::builder() - .with_no_client_auth() - .with_cert_resolver(cert_resolver); - - Self { - lis, - ac: Arc::new(conf).into(), - } - } -} - -impl AsyncAccept for TlsAccept -where - S: IOStream, - T: AsyncAccept, -{ - type Stream = TlsServerStream; - - type AcceptFut<'a> = impl Future> +'a where Self:'a; - - fn accept<'a>(&'a self, stream: S, buf: &'a mut [u8]) -> Self::AcceptFut<'a> { - async move { - let stream = self.lis.accept(stream, buf).await?; - self.ac.accept(stream).await - } - } -} - -#[allow(unused)] -mod utils { - pub use client::*; - pub use server::*; - - mod client { - use std::sync::Arc; - use lazy_static::lazy_static; - - use tokio_rustls::rustls::{self, pki_types}; - use pki_types::{CertificateDer, PrivateKeyDer, ServerName}; - use rustls::{RootCertStore, DigitallySignedStruct, SignatureScheme}; - use rustls::client::WebPkiServerVerifier; - use rustls::client::danger::{ServerCertVerified, ServerCertVerifier, HandshakeSignatureValid}; - - pub fn firefox_roots() -> RootCertStore { - use webpki_roots::TLS_SERVER_ROOTS; - RootCertStore { - roots: Vec::from(TLS_SERVER_ROOTS), - } - } - - #[derive(Debug)] - pub struct SkipVerify {} - impl ServerCertVerifier for SkipVerify { - fn verify_server_cert( - &self, - _end_entity: &CertificateDer<'_>, - _intermediates: &[CertificateDer<'_>], - _server_name: &ServerName, - _ocsp_response: &[u8], - _now: pki_types::UnixTime, - ) -> Result { - Ok(ServerCertVerified::assertion()) - } - - fn verify_tls12_signature( - &self, - _message: &[u8], - _cert: &CertificateDer<'_>, - _dss: &DigitallySignedStruct, - ) -> Result { - Ok(HandshakeSignatureValid::assertion()) - } - - fn verify_tls13_signature( - &self, - _message: &[u8], - _cert: &CertificateDer<'_>, - _dss: &DigitallySignedStruct, - ) -> Result { - Ok(HandshakeSignatureValid::assertion()) - } - - fn supported_verify_schemes(&self) -> Vec { - vec![ - SignatureScheme::RSA_PKCS1_SHA1, - SignatureScheme::ECDSA_SHA1_Legacy, - SignatureScheme::RSA_PKCS1_SHA256, - SignatureScheme::ECDSA_NISTP256_SHA256, - SignatureScheme::RSA_PKCS1_SHA384, - SignatureScheme::ECDSA_NISTP384_SHA384, - SignatureScheme::RSA_PKCS1_SHA512, - SignatureScheme::ECDSA_NISTP521_SHA512, - SignatureScheme::RSA_PSS_SHA256, - SignatureScheme::RSA_PSS_SHA384, - SignatureScheme::RSA_PSS_SHA512, - SignatureScheme::ED25519, - SignatureScheme::ED448, - ] - } - } - - fn new_insecure_verifier() -> Arc { - lazy_static! { - static ref ARC: Arc = Arc::new(SkipVerify {}); - } - ARC.clone() - } - - fn new_firefox_verifier() -> Arc { - lazy_static! { - static ref ARC: Arc = { - let ff = Arc::new(firefox_roots()); - WebPkiServerVerifier::builder(Arc::new(firefox_roots())) - .build() - .unwrap() - }; - } - ARC.clone() - } - - pub fn new_verifier(insecure: bool) -> Arc { - if insecure { - new_insecure_verifier() - } else { - new_firefox_verifier() - } - } - } - - mod server { - use std::io::{BufReader, Result}; - use std::fs::{self, File}; - use std::sync::{Arc, Mutex}; - - use tokio_rustls::rustls::{self, pki_types}; - use pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer as Der}; - use rustls::sign; - use rustls::server::ResolvesServerCert; - use rustls::server::ClientHello; - - use rustls_pemfile::Item; - use webpki_roots::TLS_SERVER_ROOTS; - - use lazy_static::lazy_static; - - pub fn read_certificates(path: &str) -> Result>> { - let mut file = BufReader::new(File::open(path)?); - let mut certs = Vec::new(); - - // pem - while let Ok(Some(item)) = rustls_pemfile::read_one(&mut file) { - if let Item::X509Certificate(cert) = item { - certs.push(cert); - } - } - - // der - if certs.is_empty() { - certs = vec![CertificateDer::from(fs::read(path)?)]; - } - - Ok(certs) - } - - pub fn read_private_key(path: &str) -> Result> { - let mut file = BufReader::new(File::open(path)?); - let mut priv_key = None; - - // pem - while let Ok(Some(item)) = rustls_pemfile::read_one(&mut file) { - priv_key = Some(match item { - Item::Pkcs1Key(k) => k.into(), - Item::Pkcs8Key(k) => k.into(), - Item::Sec1Key(k) => k.into(), - _ => continue, - }); - break; - } - - // der - priv_key.map_or_else(|| fs::read(path).map(|x| Der::from(x).into()), Ok) - } - - pub fn read_ocsp(path: &str) -> Result> { fs::read(path) } - - pub fn generate_self_signed( - server_name: &str, - ) -> (Vec>, PrivateKeyDer<'static>) { - let self_signed = rcgen::generate_simple_self_signed(vec![server_name.to_string()]) - .expect("failed to generate self signed certificate and private key"); - - let key = Der::from(self_signed.serialize_private_key_der()).into(); - - let cert = self_signed - .serialize_der() - .map(CertificateDer::from) - .expect("failed to serialize self signed certificate"); - - (vec![cert], key) - } - - // copy from rustls: - // https://docs.rs/rustls/latest/src/rustls/server/handy.rs.html - #[derive(Debug)] - pub struct AlwaysResolvesChain(Arc); - - impl ResolvesServerCert for AlwaysResolvesChain { - fn resolve(&self, _: ClientHello) -> Option> { - Some(Arc::clone(&self.0)) - } - } - - pub fn new_resolver( - cert: Vec>, - priv_key: &PrivateKeyDer, - ocsp: Option>, - ) -> Arc { - // this is for ring - use rustls::crypto::ring as crypto; - let key = crypto::sign::any_supported_type(priv_key).expect("invalid key"); - Arc::new(AlwaysResolvesChain(Arc::new(sign::CertifiedKey { - cert, - key, - ocsp, - }))) - } - - pub fn new_self_signed_resolver(server_name: String) -> Arc { - type Store = Mutex)>>; - lazy_static! { - static ref STORE: Store = { Mutex::new(Vec::new()) }; - } - - // hold the lock - let mut store = STORE.lock().unwrap(); - - // simply increase ref count - if let Some(x) = store.iter().find(|(x, _)| *x == server_name) { - return x.1.clone(); - } - - // generate a new cert - let (cert, key) = generate_self_signed(&server_name); - let resolver = new_resolver(cert, &key, None); - - store.push((server_name, resolver.clone())); - store.shrink_to_fit(); - - resolver - } - - pub fn new_crt_key_resolver( - crt: String, - key: String, - ocsp: Option>, - ) -> Arc { - type Store = Mutex)>>; - lazy_static! { - static ref STORE: Store = { Mutex::new(Vec::new()) }; - } - - // hold the lock - let mut store = STORE.lock().unwrap(); - - // find based on key path, no real data - // simply increase ref count - if let Some(x) = store.iter().find(|(x, _)| *x == key) { - return x.1.clone(); - } - - // read cert and key - let cert = read_certificates(&crt).expect("failed to read certificate"); - let priv_key = read_private_key(&key).expect("failed to read private key"); - let resolver = new_resolver(cert, &priv_key, ocsp); - - store.push((key, resolver.clone())); - store.shrink_to_fit(); - - resolver - } - } -} diff --git a/kaminari/src/trick.rs b/kaminari/src/trick.rs index e133c6e..27d7767 100644 --- a/kaminari/src/trick.rs +++ b/kaminari/src/trick.rs @@ -2,7 +2,7 @@ use core::ops::Deref; use std::io::Result; use std::future::Future; -use super::{IOStream, AsyncAccept, AsyncConnect}; +use super::{IOStream, AsyncConnect}; // Safety: // pointer is not null once inited(comes from an immutable ref) @@ -56,20 +56,3 @@ where } } } - -impl AsyncAccept for Ref -where - S: IOStream, - T: AsyncAccept, -{ - type Stream = T::Stream; - - type AcceptFut<'a> = impl Future> +'a where Self:'a; - - fn accept<'a>(&'a self, stream: S, buf: &'a mut [u8]) -> Self::AcceptFut<'a> { - async move { - let stream = self.as_ref().accept(stream, buf).await?; - Ok(stream) - } - } -} diff --git a/kaminari/src/ws.rs b/kaminari/src/ws.rs index 9d748fc..05727d2 100644 --- a/kaminari/src/ws.rs +++ b/kaminari/src/ws.rs @@ -3,7 +3,7 @@ use std::future::Future; use std::marker::PhantomData; use std::fmt::{Display, Formatter}; -use super::{IOStream, AsyncAccept, AsyncConnect}; +use super::{IOStream, AsyncConnect}; use lightws::endpoint::Endpoint; use lightws::role::{Server, Client, StandardClient, FixedMaskClient, ClientRole}; @@ -121,45 +121,3 @@ where } } } - -// ========== server ========== -#[derive(Debug, Clone)] -pub struct WsAccept { - lis: T, - conf: WsConf, -} - -impl Display for WsAccept -where - T: Display, -{ - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { write!(f, "[ws]{}", self.lis) } -} - -impl WsAccept { - #[inline] - pub const fn new(lis: T, conf: WsConf) -> Self { Self { lis, conf } } -} - -impl AsyncAccept for WsAccept -where - S: IOStream, - T: AsyncAccept, -{ - type Stream = WsServerStream; - - type AcceptFut<'a> = impl Future> +'a where Self:'a; - - fn accept<'a>(&'a self, stream: S, buf: &'a mut [u8]) -> Self::AcceptFut<'a> { - async move { - let stream = self.lis.accept(stream, buf).await?; - - let stream = - Endpoint::<_, Server>::accept_async(stream, buf, &self.conf.host, &self.conf.path) - .await? - .guard(); - - Ok(stream) - } - } -}