From a1f33b5de3ff61838d8852b10fdc4ba4c77a42f7 Mon Sep 17 00:00:00 2001 From: restitux Date: Tue, 15 Jul 2025 19:04:14 -0600 Subject: [PATCH] certs: cleanup logic and add new util functions --- Cargo.lock | 61 +++++++++++++++++++++- gamestream-webtransport-proxy/Cargo.toml | 1 + gamestream-webtransport-proxy/src/certs.rs | 40 +++++++++----- 3 files changed, 87 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3999317..c97fdaf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -862,6 +862,22 @@ dependencies = [ "webpki-roots", ] +[[package]] +name = "hyper-tls" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" +dependencies = [ + "bytes", + "http-body-util", + "hyper", + "hyper-util", + "native-tls", + "tokio", + "tokio-native-tls", + "tower-service", +] + [[package]] name = "hyper-util" version = "0.1.14" @@ -1240,6 +1256,23 @@ dependencies = [ "serde", ] +[[package]] +name = "native-tls" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e" +dependencies = [ + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework 2.11.1", + "security-framework-sys", + "tempfile", +] + [[package]] name = "nix" version = "0.30.1" @@ -1750,10 +1783,12 @@ dependencies = [ "http-body-util", "hyper", "hyper-rustls", + "hyper-tls", "hyper-util", "js-sys", "log", "mime", + "native-tls", "percent-encoding", "pin-project-lite", "quinn", @@ -1764,6 +1799,7 @@ dependencies = [ "serde_urlencoded", "sync_wrapper", "tokio", + "tokio-native-tls", "tokio-rustls", "tokio-util", "tower", @@ -1919,7 +1955,7 @@ dependencies = [ "openssl-probe", "rustls-pki-types", "schannel", - "security-framework", + "security-framework 3.2.0", ] [[package]] @@ -2154,6 +2190,19 @@ version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b" +[[package]] +name = "security-framework" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" +dependencies = [ + "bitflags", + "core-foundation 0.9.4", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + [[package]] name = "security-framework" version = "3.2.0" @@ -2554,6 +2603,16 @@ dependencies = [ "syn 2.0.104", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + [[package]] name = "tokio-rustls" version = "0.26.2" diff --git a/gamestream-webtransport-proxy/Cargo.toml b/gamestream-webtransport-proxy/Cargo.toml index 7a6b34e..798cf12 100644 --- a/gamestream-webtransport-proxy/Cargo.toml +++ b/gamestream-webtransport-proxy/Cargo.toml @@ -14,6 +14,7 @@ openssl = "0.10.73" rand = "0.9.1" reqwest = { version = "0.12.20", features = [ "rustls-tls", + "native-tls", ], default-features = false } salvo = { version = "0.79.0", features = ["oapi"] } serde = { version = "1.0.219", features = ["serde_derive"] } diff --git a/gamestream-webtransport-proxy/src/certs.rs b/gamestream-webtransport-proxy/src/certs.rs index 79b7590..eccb702 100644 --- a/gamestream-webtransport-proxy/src/certs.rs +++ b/gamestream-webtransport-proxy/src/certs.rs @@ -1,5 +1,6 @@ use std::fs; use std::io::Write; +use std::path::PathBuf; use anyhow::Result; use openssl::hash::MessageDigest; @@ -7,6 +8,17 @@ use openssl::pkey::{PKey, Private}; use openssl::rsa::Rsa; use openssl::x509::X509; +pub fn get_and_create_cert_dir() -> Result { + let project_dirs = + directories::ProjectDirs::from("xyz", "ohea", "gamestream-webtransport-proxy") + .ok_or(anyhow::anyhow!("Could not get project dirs"))?; + let data_dir = project_dirs.data_dir(); + let cert_dir = data_dir.join("certs"); + fs::create_dir_all(&cert_dir)?; + + Ok(cert_dir) +} + pub fn get_cert_and_key() -> Result<(X509, PKey)> { if let Ok((cert, key)) = load_cert_and_key_from_disk() { Ok((cert, key)) @@ -16,12 +28,7 @@ pub fn get_cert_and_key() -> Result<(X509, PKey)> { } pub fn load_cert_and_key_from_disk() -> Result<(X509, PKey)> { - let project_dirs = - directories::ProjectDirs::from("xyz", "ohea", "gamestream-webtransport-proxy") - .ok_or(anyhow::anyhow!("Could not get project dirs"))?; - let data_dir = project_dirs.data_dir(); - let cert_dir = data_dir.join("certs"); - fs::create_dir_all(&cert_dir)?; + let cert_dir = get_and_create_cert_dir()?; let cert_filepath = cert_dir.join("cert"); let key_filepath = cert_dir.join("key"); @@ -72,13 +79,7 @@ pub fn generate_cert_and_key() -> Result<(X509, PKey)> { } pub fn save_cert_and_key_to_disk(cert: &X509, key: &PKey) -> Result<()> { - let project_dirs = - directories::ProjectDirs::from("xyz", "ohea", "gamestream-webtransport-proxy") - .ok_or(anyhow::anyhow!("Could not get project dirs"))?; - let data_dir = project_dirs.data_dir(); - let cert_dir = data_dir.join("certs"); - fs::create_dir_all(&cert_dir)?; - + let cert_dir = get_and_create_cert_dir()?; let cert_filepath = cert_dir.join("cert"); let key_filepath = cert_dir.join("key"); @@ -109,4 +110,15 @@ pub fn save_cert_and_key_to_disk(cert: &X509, key: &PKey) -> Result<()> Ok(()) } -pub fn http_client_with_identity() {} +pub fn http_client_with_identity() -> Result { + let cert_dir = get_and_create_cert_dir()?; + let cert_filepath = cert_dir.join("cert"); + let key_filepath = cert_dir.join("key"); + + let cert_bytes = fs::read(cert_filepath)?; + let key_bytes = fs::read(key_filepath)?; + + let identity = reqwest::tls::Identity::from_pkcs8_pem(&cert_bytes, &key_bytes)?; + + Ok(reqwest::Client::builder().identity(identity).build()?) +}