wip: designing acme
This commit is contained in:
		
					parent
					
						
							
								9b9622edc5
							
						
					
				
			
			
				commit
				
					
						63f9d1dabc
					
				
			
		
					 3 changed files with 87 additions and 51 deletions
				
			
		|  | @ -15,14 +15,14 @@ enum FileType { | |||
|   Cert, | ||||
| } | ||||
| 
 | ||||
| #[derive(Debug)] | ||||
| #[derive(Debug, PartialEq, Eq)] | ||||
| pub struct DirCache { | ||||
|   account_dir: PathBuf, | ||||
|   cert_dir: PathBuf, | ||||
|   pub(super) account_dir: PathBuf, | ||||
|   pub(super) cert_dir: PathBuf, | ||||
| } | ||||
| 
 | ||||
| impl DirCache { | ||||
|   pub fn new<P>(dir: P, server_name: impl AsRef<Path>) -> Self | ||||
|   pub fn new<P>(dir: P, server_name: &str) -> Self | ||||
|   where | ||||
|     P: AsRef<Path>, | ||||
|   { | ||||
|  |  | |||
|  | @ -1,32 +1,28 @@ | |||
| use crate::dir_cache::DirCache; | ||||
| use crate::{ | ||||
|   constants::{ACME_DIR_URL, ACME_REGISTRY_PATH}, | ||||
|   dir_cache::DirCache, | ||||
|   error::RpxyAcmeError, | ||||
|   log::*, | ||||
| }; | ||||
| use rustc_hash::FxHashMap as HashMap; | ||||
| use rustls_acme::AcmeConfig; | ||||
| use std::{fmt::Debug, path::PathBuf, sync::Arc}; | ||||
| // use rustls_acme::AcmeConfig;
 | ||||
| use std::path::PathBuf; | ||||
| use url::Url; | ||||
| 
 | ||||
| #[derive(Debug)] | ||||
| /// ACME settings
 | ||||
| pub struct AcmeContexts<EC, EA = EC> | ||||
| where | ||||
|   EC: Debug + 'static, | ||||
|   EA: Debug + 'static, | ||||
| { | ||||
| pub struct AcmeContexts { | ||||
|   /// ACME directory url
 | ||||
|   acme_dir_url: Url, | ||||
|   /// ACME registry directory
 | ||||
|   acme_registry_dir: PathBuf, | ||||
|   /// ACME contacts
 | ||||
|   contacts: Vec<String>, | ||||
|   /// ACME config
 | ||||
|   inner: HashMap<String, Box<AcmeConfig<EC, EA>>>, | ||||
|   /// ACME directly cache information
 | ||||
|   inner: HashMap<String, DirCache>, | ||||
| } | ||||
| 
 | ||||
| impl AcmeContexts<std::io::Error> { | ||||
| impl AcmeContexts { | ||||
|   /// Create a new instance. Note that for each domain, a new AcmeConfig is created.
 | ||||
|   /// This means that for each domain, a distinct operation will be dispatched and separated certificates will be generated.
 | ||||
|   pub fn try_new( | ||||
|  | @ -35,6 +31,9 @@ impl AcmeContexts<std::io::Error> { | |||
|     contacts: &[String], | ||||
|     domains: &[String], | ||||
|   ) -> Result<Self, RpxyAcmeError> { | ||||
|     // Install aws_lc_rs as default crypto provider for rustls
 | ||||
|     let _ = rustls::crypto::CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider()); | ||||
| 
 | ||||
|     let acme_registry_dir = acme_registry_dir | ||||
|       .map(|v| v.to_ascii_lowercase()) | ||||
|       .map_or_else(|| PathBuf::from(ACME_REGISTRY_PATH), PathBuf::from); | ||||
|  | @ -46,25 +45,33 @@ impl AcmeContexts<std::io::Error> { | |||
|       .as_deref() | ||||
|       .map_or_else(|| Url::parse(ACME_DIR_URL), Url::parse)?; | ||||
|     let contacts = contacts.iter().map(|email| format!("mailto:{email}")).collect::<Vec<_>>(); | ||||
|     let rustls_client_config = rustls::ClientConfig::builder() | ||||
|       .dangerous() // The `Verifier` we're using is actually safe
 | ||||
|       .with_custom_certificate_verifier(std::sync::Arc::new(rustls_platform_verifier::Verifier::new())) | ||||
|       .with_no_client_auth(); | ||||
|     let rustls_client_config = Arc::new(rustls_client_config); | ||||
|     // let rustls_client_config = rustls::ClientConfig::builder()
 | ||||
|     //   .dangerous() // The `Verifier` we're using is actually safe
 | ||||
|     //   .with_custom_certificate_verifier(std::sync::Arc::new(rustls_platform_verifier::Verifier::new()))
 | ||||
|     //   .with_no_client_auth();
 | ||||
|     // let rustls_client_config = Arc::new(rustls_client_config);
 | ||||
| 
 | ||||
|     let inner = domains | ||||
|       .iter() | ||||
|       .map(|domain| { | ||||
|         let dir_cache = DirCache::new(&acme_registry_dir, domain); | ||||
|         let config = AcmeConfig::new([domain]) | ||||
|           .contact(&contacts) | ||||
|           .cache(dir_cache) | ||||
|           .directory(acme_dir_url.as_str()) | ||||
|           .client_tls_config(rustls_client_config.clone()); | ||||
|         let config = Box::new(config); | ||||
|         (domain.to_ascii_lowercase(), config) | ||||
|         let domain = domain.to_ascii_lowercase(); | ||||
|         let dir_cache = DirCache::new(&acme_registry_dir, &domain); | ||||
|         (domain, dir_cache) | ||||
|       }) | ||||
|       .collect::<HashMap<_, _>>(); | ||||
|     // let inner = domains
 | ||||
|     //   .iter()
 | ||||
|     //   .map(|domain| {
 | ||||
|     //     let dir_cache = DirCache::new(&acme_registry_dir, domain);
 | ||||
|     //     let config = AcmeConfig::new([domain])
 | ||||
|     //       .contact(&contacts)
 | ||||
|     //       .cache(dir_cache)
 | ||||
|     //       .directory(acme_dir_url.as_str())
 | ||||
|     //       .client_tls_config(rustls_client_config.clone());
 | ||||
|     //     let config = Box::new(config);
 | ||||
|     //     (domain.to_ascii_lowercase(), config)
 | ||||
|     //   })
 | ||||
|     //   .collect::<HashMap<_, _>>();
 | ||||
| 
 | ||||
|     Ok(Self { | ||||
|       acme_dir_url, | ||||
|  | @ -77,6 +84,8 @@ impl AcmeContexts<std::io::Error> { | |||
| 
 | ||||
| #[cfg(test)] | ||||
| mod tests { | ||||
|   use crate::constants::ACME_ACCOUNT_SUBDIR; | ||||
| 
 | ||||
|   use super::*; | ||||
| 
 | ||||
|   #[test] | ||||
|  | @ -84,13 +93,30 @@ mod tests { | |||
|     let acme_dir_url = "https://acme.example.com/directory"; | ||||
|     let acme_registry_dir = "/tmp/acme"; | ||||
|     let contacts = vec!["test@example.com".to_string()]; | ||||
|     let acme_contexts: AcmeContexts<std::io::Error> = AcmeContexts::try_new( | ||||
|     let acme_contexts: AcmeContexts = AcmeContexts::try_new( | ||||
|       Some(acme_dir_url), | ||||
|       Some(acme_registry_dir), | ||||
|       &contacts, | ||||
|       &["example.com".to_string(), "example.org".to_string()], | ||||
|     ) | ||||
|     .unwrap(); | ||||
|     println!("{:#?}", acme_contexts); | ||||
|     assert_eq!(acme_contexts.inner.len(), 2); | ||||
|     assert_eq!(acme_contexts.contacts, vec!["mailto:test@example.com".to_string()]); | ||||
|     assert_eq!(acme_contexts.acme_dir_url.as_str(), acme_dir_url); | ||||
|     assert_eq!(acme_contexts.acme_registry_dir, PathBuf::from(acme_registry_dir)); | ||||
|     assert_eq!( | ||||
|       acme_contexts.inner["example.com"], | ||||
|       DirCache { | ||||
|         account_dir: PathBuf::from(acme_registry_dir).join(ACME_ACCOUNT_SUBDIR), | ||||
|         cert_dir: PathBuf::from(acme_registry_dir).join("example.com"), | ||||
|       } | ||||
|     ); | ||||
|     assert_eq!( | ||||
|       acme_contexts.inner["example.org"], | ||||
|       DirCache { | ||||
|         account_dir: PathBuf::from(acme_registry_dir).join(ACME_ACCOUNT_SUBDIR), | ||||
|         cert_dir: PathBuf::from(acme_registry_dir).join("example.org"), | ||||
|       } | ||||
|     ); | ||||
|   } | ||||
| } | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Jun Kurihara
				Jun Kurihara