fluvio_future/openssl/
acceptor.rs

1use std::fmt;
2use std::path::Path;
3use std::sync::Arc;
4
5use anyhow::Result;
6use futures_lite::io::{AsyncRead, AsyncWrite};
7use openssl::ssl;
8
9use super::async_to_sync_wrapper::AsyncToSyncWrapper;
10use super::certificate::{Certificate, PrivateKey};
11use super::handshake::HandshakeFuture;
12use super::stream::TlsStream;
13
14#[derive(Clone)]
15pub struct TlsAcceptor(pub Arc<ssl::SslAcceptor>);
16
17impl TlsAcceptor {
18    pub fn builder() -> Result<TlsAcceptorBuilder> {
19        let inner =
20            openssl::ssl::SslAcceptor::mozilla_intermediate_v5(openssl::ssl::SslMethod::tls())?;
21
22        Ok(TlsAcceptorBuilder { inner })
23    }
24
25    pub async fn accept<S>(&self, stream: S) -> Result<TlsStream<S>>
26    where
27        S: AsyncRead + AsyncWrite + Unpin + fmt::Debug + Send + Sync + 'static,
28    {
29        HandshakeFuture::Initial(
30            move |stream| self.0.accept(stream),
31            AsyncToSyncWrapper::new(stream),
32        )
33        .await
34    }
35}
36
37pub struct TlsAcceptorBuilder {
38    pub inner: ssl::SslAcceptorBuilder,
39}
40
41impl TlsAcceptorBuilder {
42    pub fn with_certifiate_and_key_from_pem_files<P: AsRef<Path>>(
43        mut self,
44        cert_file: P,
45        key_file: P,
46    ) -> Result<TlsAcceptorBuilder> {
47        self.inner
48            .set_certificate_file(cert_file, ssl::SslFiletype::PEM)?;
49        self.inner
50            .set_private_key_file(key_file, ssl::SslFiletype::PEM)?;
51        Ok(self)
52    }
53
54    pub fn with_certifiate_and_key(
55        mut self,
56        cert: Certificate,
57        key: PrivateKey,
58    ) -> Result<TlsAcceptorBuilder> {
59        self.inner.set_certificate(&cert.0)?;
60        self.inner.set_private_key(&key.0)?;
61        Ok(self)
62    }
63
64    pub fn with_chain(mut self, chain: Vec<Certificate>) -> Result<TlsAcceptorBuilder> {
65        for cert in chain {
66            self.inner.add_extra_chain_cert(cert.0)?;
67        }
68        Ok(self)
69    }
70
71    pub fn with_ca_from_pem_file<P: AsRef<Path>>(
72        mut self,
73        ca_file: P,
74    ) -> Result<TlsAcceptorBuilder> {
75        self.inner.set_ca_file(ca_file)?;
76        Ok(self)
77    }
78
79    pub fn with_ssl_verify_mode(mut self, mode: ssl::SslVerifyMode) -> TlsAcceptorBuilder {
80        self.inner.set_verify(mode);
81        self
82    }
83
84    pub fn build(self) -> TlsAcceptor {
85        TlsAcceptor(Arc::new(self.inner.build()))
86    }
87}