rustls_cert_reloadable_resolver/
loader.rs

1//! The [`CertifiedKeyLoader`].
2
3use futures_util::TryFutureExt as _;
4
5/// Load the [`rustls::sign::CertifiedKey`] from the specified paths using the specified readers.
6pub struct CertifiedKeyLoader<KeyProvider, KeyReader, CertsReader> {
7    /// The provider to load the key into.
8    pub key_provider: KeyProvider,
9    /// Reads a key from the file.
10    pub key_reader: KeyReader,
11    /// Reads a list of certs from file.
12    pub certs_reader: CertsReader,
13}
14
15impl<KeyProvider, KeyReader, CertsReader> std::fmt::Debug
16    for CertifiedKeyLoader<KeyProvider, KeyReader, CertsReader>
17{
18    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
19        f.debug_struct("CertifiedKeyLoader")
20            .field("key_provider", &"...")
21            .field("key_reader", &"...")
22            .field("certs_reader", &"...")
23            .finish()
24    }
25}
26
27/// An error that can occur while loading the data.
28#[derive(Debug, thiserror::Error)]
29pub enum CertifiedKeyLoaderError<ReadKey, ReadCerts> {
30    /// Reading the key failed.
31    #[error("reading key: {0}")]
32    ReadKey(ReadKey),
33    /// Reading the certificate failed.
34    #[error("reading certs: {0}")]
35    ReadCerts(ReadCerts),
36    /// Key processing failed.
37    #[error("loading key: {0}")]
38    LoadKey(rustls::Error),
39}
40
41impl<KeyProvider, KeyReader, CertsReader> reloadable_state::core::Loader
42    for CertifiedKeyLoader<KeyProvider, KeyReader, CertsReader>
43where
44    KeyProvider: rustls::crypto::KeyProvider,
45    KeyReader: rustls_cert_read::ReadKey + Send,
46    CertsReader: rustls_cert_read::ReadCerts + Send,
47    KeyReader::Error: std::error::Error + Send + 'static,
48    CertsReader::Error: std::error::Error + Send + 'static,
49{
50    type Value = rustls::sign::CertifiedKey;
51    type Error = CertifiedKeyLoaderError<KeyReader::Error, CertsReader::Error>;
52
53    async fn load(&mut self) -> Result<Self::Value, Self::Error> {
54        let (certs, key) = {
55            let key_fut = self
56                .key_reader
57                .read_key()
58                .map_err(CertifiedKeyLoaderError::ReadKey);
59            let certs_fut = self
60                .certs_reader
61                .read_certs()
62                .map_err(CertifiedKeyLoaderError::ReadCerts);
63            futures_util::future::try_join(certs_fut, key_fut).await?
64        };
65
66        let key = self
67            .key_provider
68            .load_private_key(key)
69            .map_err(CertifiedKeyLoaderError::LoadKey)?;
70
71        Ok(rustls::sign::CertifiedKey::new(certs, key))
72    }
73}