imap_client/client/
verifier.rs1use sha2::{Digest, Sha256};
2use tokio_rustls::rustls::{
3 client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
4 pki_types::{CertificateDer, ServerName, UnixTime},
5 DigitallySignedStruct, Error, SignatureScheme,
6};
7
8#[derive(Debug)]
9pub struct FingerprintVerifier {
10 expected_fingerprint: Vec<u8>,
11}
12
13impl FingerprintVerifier {
14 pub fn new(cert_der: &[u8]) -> Self {
15 let fingerprint = Sha256::digest(cert_der).to_vec();
16 Self {
17 expected_fingerprint: fingerprint,
18 }
19 }
20}
21
22impl ServerCertVerifier for FingerprintVerifier {
23 fn verify_server_cert(
24 &self,
25 end_entity: &CertificateDer<'_>,
26 _intermediates: &[CertificateDer<'_>],
27 _server_name: &ServerName<'_>,
28 _ocsp_response: &[u8],
29 _now: UnixTime,
30 ) -> Result<ServerCertVerified, Error> {
31 let fingerprint = Sha256::digest(end_entity.as_ref()).to_vec();
32
33 if fingerprint != self.expected_fingerprint {
34 return Err(Error::General("Certificate fingerprint mismatch".into()));
35 }
36
37 Ok(ServerCertVerified::assertion())
38 }
39
40 fn verify_tls12_signature(
41 &self,
42 _message: &[u8],
43 _cert: &CertificateDer<'_>,
44 _dss: &DigitallySignedStruct,
45 ) -> Result<HandshakeSignatureValid, Error> {
46 Ok(HandshakeSignatureValid::assertion())
47 }
48
49 fn verify_tls13_signature(
50 &self,
51 _message: &[u8],
52 _cert: &CertificateDer<'_>,
53 _dss: &DigitallySignedStruct,
54 ) -> Result<HandshakeSignatureValid, Error> {
55 Ok(HandshakeSignatureValid::assertion())
56 }
57
58 fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
59 vec![
60 SignatureScheme::RSA_PKCS1_SHA256,
61 SignatureScheme::RSA_PKCS1_SHA384,
62 SignatureScheme::RSA_PKCS1_SHA512,
63 SignatureScheme::ECDSA_NISTP256_SHA256,
64 SignatureScheme::ECDSA_NISTP384_SHA384,
65 SignatureScheme::RSA_PSS_SHA256,
66 SignatureScheme::RSA_PSS_SHA384,
67 SignatureScheme::RSA_PSS_SHA512,
68 SignatureScheme::ED25519,
69 ]
70 }
71}