bbox-core 0.6.1

Common functionality for BBOX services
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

use crate::config::{app_dir, config_error_exit, error_exit};
use rustls::{Certificate, PrivateKey, ServerConfig};
use rustls_pemfile::{certs, pkcs8_private_keys};
use std::{fs::File, io::BufReader};

// For self-signed certificates we recommend to use [`mkcert`].
// To use local CA, you should run:
//
// ```sh
// mkcert -install
// ```
//
// If you want to generate your own cert/private key file, then run:
//
// ```sh
// mkcert localhost 127.0.0.1
// ```
//
// [`mkcert`]: https://github.com/FiloSottile/mkcert

pub fn load_rustls_config(tls_cert: &str, tls_key: &str) -> rustls::ServerConfig {
    // init server config builder with safe defaults
    let config = ServerConfig::builder()
        .with_safe_defaults()
        .with_no_client_auth();

    // load TLS key/cert files
    let cert_file = &mut BufReader::new(File::open(app_dir(tls_cert)).unwrap_or_else(error_exit));
    let key_file = &mut BufReader::new(File::open(app_dir(tls_key)).unwrap_or_else(error_exit));

    // convert files to key/cert objects
    let cert_chain = certs(cert_file)
        .unwrap_or_else(error_exit)
        .into_iter()
        .map(Certificate)
        .collect();
    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)
        .unwrap_or_else(error_exit)
        .into_iter()
        .map(PrivateKey)
        .collect();

    // exit if no keys could be parsed
    if keys.is_empty() {
        config_error_exit("Could not locate PKCS 8 private keys.");
    }

    config
        .with_single_cert(cert_chain, keys.remove(0))
        .unwrap_or_else(error_exit)
}