use std::io;
use std::sync::Arc;
use crate::error::{ConfigError, NtpServerError};
use rustls::pki_types::{CertificateDer, PrivateKeyDer};
fn crypto_provider() -> rustls::crypto::CryptoProvider {
#[cfg(feature = "pq-nts")]
{
rustls::crypto::aws_lc_rs::default_provider()
}
#[cfg(not(feature = "pq-nts"))]
{
rustls::crypto::ring::default_provider()
}
}
pub(crate) fn nts_server_config(
cert_chain: Vec<CertificateDer<'static>>,
private_key: PrivateKeyDer<'static>,
) -> io::Result<rustls::ServerConfig> {
rustls::ServerConfig::builder_with_provider(Arc::new(crypto_provider()))
.with_protocol_versions(&[&rustls::version::TLS13])
.expect("TLS 1.3 configuration valid")
.with_no_client_auth()
.with_single_cert(cert_chain, private_key)
.map_err(|e| -> io::Error {
NtpServerError::Config(ConfigError::InvalidTlsCredentials {
detail: format!("TLS config error: {e}"),
})
.into()
})
}