mycommon_utils/utils/
tls.rs

1use std::fs::File;
2use std::io::BufReader;
3use rumqttc::tokio_rustls::rustls::RootCertStore;
4use crate::error::{Error, Result};
5use rustls::pki_types::{CertificateDer, PrivateKeyDer};
6use tokio::fs;
7use tracing::log;
8
9#[allow(dead_code)]
10pub fn get_root_certs(ca_path: &str) -> Result<RootCertStore> {
11    let mut root_store = RootCertStore::empty();
12    // 如果有 CA 证书路径，加载 CA 证书
13        log::info!("Loading CA certs from {}", ca_path);
14        let file = File::open(ca_path)?;
15        let mut reader = BufReader::new(file);
16        let certs = rustls_pemfile::certs(&mut reader);
17        for cert in certs.flatten() {
18            root_store.add(cert).unwrap();
19        }
20    Ok(root_store)
21}
22#[allow(dead_code)]
23pub async fn load_cert(cert_file: &str) -> Result<Vec<CertificateDer<'static>>> {
24    let cert_s = fs::read_to_string(cert_file).await?;
25    let mut cert_b = cert_s.as_bytes();
26    let certs = rustls_pemfile::certs(&mut cert_b);
27    let mut out = Vec::new();
28    for cert in certs {
29        out.push(cert?.into_owned());
30    }
31    Ok(out)
32}
33
34#[allow(dead_code)]
35pub async fn load_key(key_file: &str) -> Result<PrivateKeyDer<'static>> {
36    let key_s = fs::read_to_string(key_file).await?;
37    let key_s = private_key_to_pkcs8(&key_s)?;
38    let mut key_b = key_s.as_bytes();
39    let mut keys = rustls_pemfile::pkcs8_private_keys(&mut key_b);
40    if let Some(key) = keys.next() {
41        return match key {
42            Ok(v) => Ok(PrivateKeyDer::Pkcs8(v.clone_key())),
43            Err(e) => {
44                log::error!("Error parsing private key:{}",e);
45                Err(Error::ErrorParsingPrivateKey())
46            }
47        }
48    }
49
50    Err(Error::NotFoundPrivateKey())
51}
52
53#[allow(dead_code)]
54pub fn private_key_to_pkcs8(pem: &str) -> Result<String> {
55    if pem.contains("RSA PRIVATE KEY") {
56        use rsa::{
57            pkcs1::DecodeRsaPrivateKey,
58            pkcs8::{EncodePrivateKey, LineEnding},
59            RsaPrivateKey,
60        };
61
62        let pkey = RsaPrivateKey::from_pkcs1_pem(pem).unwrap();
63        let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default()).unwrap();
64        Ok(pkcs8_pem.as_str().to_owned())
65    } else if pem.contains("EC PRIVATE KEY") {
66        use elliptic_curve::{
67            pkcs8::{EncodePrivateKey, LineEnding},
68            SecretKey,
69        };
70
71        // We assume it is a P256 based secret-key, which is the most popular curve.
72        // Attempting to decode it as P256 is still better than just failing to read it.
73        let pkey: SecretKey<p256::NistP256> = SecretKey::from_sec1_pem(pem).unwrap();
74        let pkcs8_pem = pkey.to_pkcs8_pem(LineEnding::default()).unwrap();
75        Ok(pkcs8_pem.as_str().to_owned())
76    } else {
77        Ok(pem.to_string())
78    }
79}
mycommon_utils/utils/tls.rs

mycommon_utils/utils/
tls.rs
