rustls-extra 0.15.0

Useful abstractions to make it easier to work with the logic in rustls for epoll-based servers and clients.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

// This file is part of rustls-extra. It is subject to the license terms in the COPYRIGHT file found in the top-level directory of this distribution and at https://raw.githubusercontent.com/lemonrock/rustls-extra/master/COPYRIGHT. No part of rustls-extra, including this file, may be copied, modified, propagated, or distributed except according to the terms contained in the COPYRIGHT file.
// Copyright © 2018 The developers of rustls-extra. See the COPYRIGHT file in the top-level directory of this distribution and at https://raw.githubusercontent.com/lemonrock/rustls-extra/master/COPYRIGHT.


/// Defaults to `AllowAnyAnonymous`.
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum ClientAuthenticationConfiguration
{
	/// Only clients presenting a client certificate which is authenticated against an issuing Certificate Authority in `certificate_authority_root_certificates_file` are permitted.
	///
	/// Client distinguished names are not checked.
	AllowAnyAuthenticated
	{
		/// PEM-encoded file of certificate authority certificates.
		certificate_authority_root_certificates_files: Vec<PathBuf>,
	},

	/// Either annoymous clients (those not presenting a client certificate) clients presenting a client certificate which is authenticated against an issuing Certificate Authority in `certificate_authority_root_certificates_file` are permitted.
	///
	/// Client distinguished names are not checked.
	AllowAnyAnonymousOrAuthenticated
	{
		/// PEM-encoded file of certificate authority certificates.
		certificate_authority_root_certificates_files: Vec<PathBuf>,
	},

	/// Only clients which do not present a client certificate are permitted.
	///
	/// This is the most common setting for web servers.
	///
	/// This is the default.
	AllowAnyAnonymous,
}

impl Default for ClientAuthenticationConfiguration
{
	#[inline(always)]
	fn default() -> Self
	{
		ClientAuthenticationConfiguration::AllowAnyAnonymous
	}
}

impl ClientAuthenticationConfiguration
{
	#[inline(always)]
	pub(crate) fn client_certificate_verifier(&self) -> Result<Arc<ClientCertVerifier>, RootCertificateStoreLoadError>
	{
		use self::ClientAuthenticationConfiguration::*;

		match self
		{
			AllowAnyAuthenticated { ref certificate_authority_root_certificates_files } => Ok(AllowAnyAuthenticatedClient::new(RootCertificateStoreLoadError::root_certificate_store(certificate_authority_root_certificates_files)?)),

			AllowAnyAnonymousOrAuthenticated { ref certificate_authority_root_certificates_files } => Ok(AllowAnyAnonymousOrAuthenticatedClient::new(RootCertificateStoreLoadError::root_certificate_store(certificate_authority_root_certificates_files)?)),

			AllowAnyAnonymous => Ok(NoClientAuth::new()),
		}
	}
}