wip: started to integrate rpxy-certs to rpxy-lib

rpxy-lib/Cargo.toml

@@ -14,13 +14,14 @@ publish.workspace = true
 
 [features]
 default = ["http3-quinn", "sticky-cookie", "cache", "rustls-backend"]
-http3-quinn = ["socket2", "quinn", "h3", "h3-quinn"]
+http3-quinn = ["socket2", "quinn", "h3", "h3-quinn", "rpxy-certs/http3"]
 http3-s2n = [
   "h3",
   "s2n-quic",
   "s2n-quic-core",
   "s2n-quic-rustls",
   "s2n-quic-h3",
+  "rpxy-certs/http3",
 ]
 cache = ["http-cache-semantics", "lru", "sha2", "base64"]
 sticky-cookie = ["base64", "sha2", "chrono"]
@@ -70,6 +71,7 @@ hyper-rustls = { version = "0.27.1", default-features = false, features = [
 ], optional = true }
 
 # tls and cert management for server
+rpxy-certs = { path = "../rpxy-certs/", default-features = false }
 hot_reload = "0.1.5"
 rustls = { version = "0.21.12", default-features = false }
 tokio-rustls = { version = "0.24.1", features = ["early-data"] }

rpxy-lib/src/globals.rs

@@ -19,6 +19,8 @@ pub struct Globals {
   pub term_notify: Option<Arc<tokio::sync::Notify>>,
   /// Shared context - Certificate reloader service receiver
   pub cert_reloader_rx: Option<ReloaderReceiver<ServerCryptoBase>>,
+  /// Shared context - Certificate reloader service receiver // TODO: newer one
+  pub cert_reloader_rx_new: Option<ReloaderReceiver<rpxy_certs::ServerCryptoBase>>,
 }
 
 /// Configuration parameters for proxy transport and request handlers

rpxy-lib/src/lib.rs

@@ -10,14 +10,17 @@ mod log;
 mod message_handler;
 mod name_exp;
 mod proxy;
-
+/* ------------------------------------------------ */
 use crate::{
   crypto::build_cert_reloader, error::*, forwarder::Forwarder, globals::Globals, log::*,
   message_handler::HttpMessageHandlerBuilder, proxy::Proxy,
 };
 use futures::future::select_all;
+use hot_reload::ReloaderReceiver;
+use rpxy_certs::ServerCryptoBase;
 use std::sync::Arc;
 
+/* ------------------------------------------------ */
 pub use crate::{
   crypto::{CertsAndKeys, CryptoSource},
   globals::{AppConfig, AppConfigList, ProxyConfig, ReverseProxyConfig, TlsConfig, UpstreamUri},
@@ -31,6 +34,7 @@ pub mod reexports {
 pub async fn entrypoint<T>(
   proxy_config: &ProxyConfig,
   app_config_list: &AppConfigList<T>,
+  cert_rx: Option<&ReloaderReceiver<ServerCryptoBase>>, // TODO:
   runtime_handle: &tokio::runtime::Handle,
   term_notify: Option<Arc<tokio::sync::Notify>>,
 ) -> RpxyResult<()>
@@ -94,6 +98,7 @@ where
     runtime_handle: runtime_handle.clone(),
     term_notify: term_notify.clone(),
     cert_reloader_rx: cert_reloader_rx.clone(),
+    cert_reloader_rx_new: cert_rx.cloned(), // TODO: newer one
   });
 
   // 4. build message handler containing Arc-ed http_client and backends, and make it contained in Arc as well

rpxy-lib/src/proxy/proxy_main.rs

@@ -164,6 +164,10 @@ where
     let Some(mut server_crypto_rx) = self.globals.cert_reloader_rx.clone() else {
       return Err(RpxyError::NoCertificateReloader);
     };
+    // TODO: newer one
+    let Some(mut server_crypto_rx_new) = self.globals.cert_reloader_rx_new.clone() else {
+      return Err(RpxyError::NoCertificateReloader);
+    };
     let tcp_socket = bind_tcp_socket(&self.listening_on)?;
     let tcp_listener = tcp_socket.listen(self.globals.proxy_config.tcp_listen_backlog)?;
     info!("Start TCP proxy serving with HTTPS request for configured host names");
@@ -237,6 +241,22 @@ where
           };
           server_crypto_map = Some(server_crypto.inner_local_map.clone());
         }
+        // TODO: newer one
+        _ = server_crypto_rx_new.changed().fuse() => {
+          if server_crypto_rx_new.borrow().is_none() {
+            error!("Reloader is broken");
+            break;
+          }
+          let cert_keys_map = server_crypto_rx_new.borrow().clone().unwrap();
+          // let Some(server_crypto) = cert_keys_map.try_into().ok() else {
+          //   break;
+          // };
+          // let Some(server_crypto): Option<Arc<ServerCrypto>> = (&cert_keys_map).try_into().ok() else {
+          //   error!("Failed to update server crypto");
+          //   break;
+          // };
+          // server_crypto_map = Some(server_crypto.inner_local_map.clone());
+        }
       }
     }
     Ok(())