certs: cleanup logic and add new util functions

Cargo.lock

@@ -862,6 +862,22 @@ dependencies = [
  "webpki-roots",
 ]
 
+[[package]]
+name = "hyper-tls"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
+dependencies = [
+ "bytes",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "native-tls",
+ "tokio",
+ "tokio-native-tls",
+ "tower-service",
+]
+
 [[package]]
 name = "hyper-util"
 version = "0.1.14"
@@ -1240,6 +1256,23 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "native-tls"
+version = "0.2.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e"
+dependencies = [
+ "libc",
+ "log",
+ "openssl",
+ "openssl-probe",
+ "openssl-sys",
+ "schannel",
+ "security-framework 2.11.1",
+ "security-framework-sys",
+ "tempfile",
+]
+
 [[package]]
 name = "nix"
 version = "0.30.1"
@@ -1750,10 +1783,12 @@ dependencies = [
  "http-body-util",
  "hyper",
  "hyper-rustls",
+ "hyper-tls",
  "hyper-util",
  "js-sys",
  "log",
  "mime",
+ "native-tls",
  "percent-encoding",
  "pin-project-lite",
  "quinn",
@@ -1764,6 +1799,7 @@ dependencies = [
  "serde_urlencoded",
  "sync_wrapper",
  "tokio",
+ "tokio-native-tls",
  "tokio-rustls",
  "tokio-util",
  "tower",
@@ -1919,7 +1955,7 @@ dependencies = [
  "openssl-probe",
  "rustls-pki-types",
  "schannel",
- "security-framework",
+ "security-framework 3.2.0",
 ]
 
 [[package]]
@@ -2154,6 +2190,19 @@ version = "4.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1c107b6f4780854c8b126e228ea8869f4d7b71260f962fefb57b996b8959ba6b"
 
+[[package]]
+name = "security-framework"
+version = "2.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
+dependencies = [
+ "bitflags",
+ "core-foundation 0.9.4",
+ "core-foundation-sys",
+ "libc",
+ "security-framework-sys",
+]
+
 [[package]]
 name = "security-framework"
 version = "3.2.0"
@@ -2554,6 +2603,16 @@ dependencies = [
  "syn 2.0.104",
 ]
 
+[[package]]
+name = "tokio-native-tls"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
+dependencies = [
+ "native-tls",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-rustls"
 version = "0.26.2"

gamestream-webtransport-proxy/Cargo.toml

@@ -14,6 +14,7 @@ openssl = "0.10.73"
 rand = "0.9.1"
 reqwest = { version = "0.12.20", features = [
   "rustls-tls",
+  "native-tls",
 ], default-features = false }
 salvo = { version = "0.79.0", features = ["oapi"] }
 serde = { version = "1.0.219", features = ["serde_derive"] }

gamestream-webtransport-proxy/src/certs.rs

@@ -1,5 +1,6 @@
 use std::fs;
 use std::io::Write;
+use std::path::PathBuf;
 
 use anyhow::Result;
 use openssl::hash::MessageDigest;
@@ -7,6 +8,17 @@ use openssl::pkey::{PKey, Private};
 use openssl::rsa::Rsa;
 use openssl::x509::X509;
 
+pub fn get_and_create_cert_dir() -> Result<PathBuf> {
+    let project_dirs =
+        directories::ProjectDirs::from("xyz", "ohea", "gamestream-webtransport-proxy")
+            .ok_or(anyhow::anyhow!("Could not get project dirs"))?;
+    let data_dir = project_dirs.data_dir();
+    let cert_dir = data_dir.join("certs");
+    fs::create_dir_all(&cert_dir)?;
+
+    Ok(cert_dir)
+}
+
 pub fn get_cert_and_key() -> Result<(X509, PKey<Private>)> {
     if let Ok((cert, key)) = load_cert_and_key_from_disk() {
         Ok((cert, key))
@@ -16,12 +28,7 @@ pub fn get_cert_and_key() -> Result<(X509, PKey<Private>)> {
 }
 
 pub fn load_cert_and_key_from_disk() -> Result<(X509, PKey<Private>)> {
-    let project_dirs =
+    let cert_dir = get_and_create_cert_dir()?;
-        directories::ProjectDirs::from("xyz", "ohea", "gamestream-webtransport-proxy")
-            .ok_or(anyhow::anyhow!("Could not get project dirs"))?;
-    let data_dir = project_dirs.data_dir();
-    let cert_dir = data_dir.join("certs");
-    fs::create_dir_all(&cert_dir)?;
 
     let cert_filepath = cert_dir.join("cert");
     let key_filepath = cert_dir.join("key");
@@ -72,13 +79,7 @@ pub fn generate_cert_and_key() -> Result<(X509, PKey<Private>)> {
 }
 
 pub fn save_cert_and_key_to_disk(cert: &X509, key: &PKey<Private>) -> Result<()> {
-    let project_dirs =
+    let cert_dir = get_and_create_cert_dir()?;
-        directories::ProjectDirs::from("xyz", "ohea", "gamestream-webtransport-proxy")
-            .ok_or(anyhow::anyhow!("Could not get project dirs"))?;
-    let data_dir = project_dirs.data_dir();
-    let cert_dir = data_dir.join("certs");
-    fs::create_dir_all(&cert_dir)?;
-
     let cert_filepath = cert_dir.join("cert");
     let key_filepath = cert_dir.join("key");
 
@@ -109,4 +110,15 @@ pub fn save_cert_and_key_to_disk(cert: &X509, key: &PKey<Private>) -> Result<()>
     Ok(())
 }
 
-pub fn http_client_with_identity() {}
+pub fn http_client_with_identity() -> Result<reqwest::Client> {
+    let cert_dir = get_and_create_cert_dir()?;
+    let cert_filepath = cert_dir.join("cert");
+    let key_filepath = cert_dir.join("key");
+
+    let cert_bytes = fs::read(cert_filepath)?;
+    let key_bytes = fs::read(key_filepath)?;
+
+    let identity = reqwest::tls::Identity::from_pkcs8_pem(&cert_bytes, &key_bytes)?;
+
+    Ok(reqwest::Client::builder().identity(identity).build()?)
+}