mycommon-utils 0.2.1

use std::fs::File;
use std::io::BufReader;
use rumqttc::tokio_rustls::rustls::RootCertStore;
use crate::error::{Error, Result};
use rustls::pki_types::{CertificateDer, PrivateKeyDer};
use tokio::fs;
use tracing::log;

#[allow(dead_code)]
pub fn get_root_certs(ca_path: &str) -> Result<RootCertStore> {
    let mut root_store = RootCertStore::empty();
    // 如果有 CA 证书路径，加载 CA 证书
        log::info!("Loading CA certs from {}", ca_path);
        let file = File::open(ca_path)?;
        let mut reader = BufReader::new(file);
        let certs = rustls_pemfile::certs(&mut reader);
        for cert in certs.flatten() {
            root_store.add(cert).unwrap();
        }
    Ok(root_store)
}
#[allow(dead_code)]
pub async fn load_cert(cert_file: &str) -> Result<Vec<CertificateDer<'static>>> {
    let cert_s = fs::read_to_string(cert_file).await?;
    let mut cert_b = cert_s.as_bytes();
    let certs = rustls_pemfile::certs(&mut cert_b);
    let mut out = Vec::new();
    for cert in certs {
        out.push(cert?.into_owned());
    }
    Ok(out)
}

#[allow(dead_code)]
pub async fn load_key(key_file: &str) -> Result<PrivateKeyDer<'static>> {
    let key_s = fs::read_to_string(key_file).await?;
    let key_s = private_key_to_pkcs8(&key_s)?;
    let mut key_b = key_s.as_bytes();
    let mut keys = rustls_pemfile::pkcs8_private_keys(&mut key_b);
    if let Some(key) = keys.next() {
        return match key {
            Ok(v) => Ok(PrivateKeyDer::Pkcs8(v.clone_key())),
            Err(e) => {
                log::error!("Error parsing private key:{}",e);
                Err(Error::ErrorParsingPrivateKey())
            }
        }
    }

    Err(Error::NotFoundPrivateKey())
}

#[allow(dead_code)]
pub fn private_key_to_pkcs8(pem: &str) -> Result<String> {
    if pem.contains("RSA PRIVATE KEY") {
        use rsa::{
            pkcs1::DecodeRsaPrivateKey,
            pkcs8::{EncodePrivateKey, LineEnding},
            RsaPrivateKey,
        };

        let pkey = RsaPrivateKey::from_pkcs1_pem(pem).unwrap();
        let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default()).unwrap();
        Ok(pkcs8_pem.as_str().to_owned())
    } else if pem.contains("EC PRIVATE KEY") {
        use elliptic_curve::{
            pkcs8::{EncodePrivateKey, LineEnding},
            SecretKey,
        };

        // We assume it is a P256 based secret-key, which is the most popular curve.
        // Attempting to decode it as P256 is still better than just failing to read it.
        let pkey: SecretKey<p256::NistP256> = SecretKey::from_sec1_pem(pem).unwrap();
        let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default()).unwrap();
        Ok(pkcs8_pem.as_str().to_owned())
    } else {
        Ok(pem.to_string())
    }
}