rama_net/tls/
mod.rs

1//! rama common tls types
2//!
3
4use rama_utils::str::NonEmptyString;
5
6mod enums;
7pub use enums::{
8    ApplicationProtocol, CertificateCompressionAlgorithm, CipherSuite, CompressionAlgorithm,
9    ECPointFormat, ExtensionId, ProtocolVersion, SignatureScheme, SupportedGroup,
10};
11
12pub mod client;
13pub mod keylog;
14pub mod server;
15
16#[derive(Debug, Clone)]
17/// Context information that can be provided by `tls` connectors`,
18/// to configure the connection in function on an tls tunnel.
19pub struct TlsTunnel {
20    /// The server name to use for the connection.
21    pub server_host: crate::address::Host,
22}
23
24#[derive(Debug, Clone, Default)]
25/// An [`Extensions`] value that can be added to the [`Context`]
26/// of a transport layer to signal that the transport is secure.
27///
28/// [`Extensions`]: rama_core::context::Extensions
29/// [`Context`]: rama_core::Context
30pub struct SecureTransport {
31    client_hello: Option<client::ClientHello>,
32}
33
34impl SecureTransport {
35    /// Create a [`SecureTransport`] with a [`ClientHello`]
36    /// attached to it, containing the client hello info
37    /// used to establish this secure transport.
38    pub fn with_client_hello(hello: client::ClientHello) -> Self {
39        Self {
40            client_hello: Some(hello),
41        }
42    }
43
44    /// Return the [`ClientHello`] used to establish this secure transport,
45    /// only available if the tls service stored it.
46    pub fn client_hello(&self) -> Option<&client::ClientHello> {
47        self.client_hello.as_ref()
48    }
49}
50
51#[derive(Debug, Clone, Default)]
52/// Intent for a (tls) keylogger to be used.
53///
54/// Applicable to both a client- and server- config.
55pub enum KeyLogIntent {
56    #[default]
57    /// By default `SSLKEYLOGFILE` env variable is respected
58    /// as the path to key log to, if defined
59    Environment,
60    /// You can choose to disable the key logging explicitly
61    Disabled,
62    /// Request a keys to be logged to the given file path.
63    File(String),
64}
65
66impl KeyLogIntent {
67    /// get the file path if intended
68    pub fn file_path(&self) -> Option<String> {
69        match self {
70            KeyLogIntent::Disabled => None,
71            KeyLogIntent::Environment => std::env::var("SSLKEYLOGFILE").ok().clone(),
72            KeyLogIntent::File(keylog_filename) => Some(keylog_filename.clone()),
73        }
74    }
75
76    /// consume itself into the file path if intended
77    pub fn into_file_path(self) -> Option<String> {
78        match self {
79            KeyLogIntent::Disabled => None,
80            KeyLogIntent::Environment => std::env::var("SSLKEYLOGFILE").ok().clone(),
81            KeyLogIntent::File(keylog_filename) => Some(keylog_filename),
82        }
83    }
84}
85
86#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
87/// Implementation agnostic encoding of common data such
88/// as certificates and keys.
89pub enum DataEncoding {
90    /// Distinguished Encoding Rules (DER) (binary)
91    Der(Vec<u8>),
92    /// Same as [`DataEncoding::Der`], but multiple
93    DerStack(Vec<Vec<u8>>),
94    /// Privacy Enhanced Mail (PEM) (plain text)
95    Pem(NonEmptyString),
96}