refactor
This commit is contained in:
		
					parent
					
						
							
								7311dbc68e
							
						
					
				
			
			
				commit
				
					
						f2327778f6
					
				
			
		
					 5 changed files with 23 additions and 13 deletions
				
			
		|  | @ -1,4 +1,4 @@ | ||||||
| use crate::{log::*, proxy::CertsAndKeys}; | use crate::{certs::CertsAndKeys, log::*}; | ||||||
| use rustls::{Certificate, PrivateKey}; | use rustls::{Certificate, PrivateKey}; | ||||||
| use std::{ | use std::{ | ||||||
|   fs::File, |   fs::File, | ||||||
							
								
								
									
										17
									
								
								src/certs.rs
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								src/certs.rs
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,17 @@ | ||||||
|  | use async_trait::async_trait; | ||||||
|  | use rustls::{Certificate, PrivateKey}; | ||||||
|  | 
 | ||||||
|  | /// Certificates and private keys in rustls loaded from files
 | ||||||
|  | #[derive(Debug, PartialEq, Eq, Clone)] | ||||||
|  | pub struct CertsAndKeys { | ||||||
|  |   pub certs: Vec<Certificate>, | ||||||
|  |   pub cert_keys: Vec<PrivateKey>, | ||||||
|  |   pub client_ca_certs: Option<Vec<Certificate>>, | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | #[async_trait] | ||||||
|  | // Trait to read certs and keys anywhere from KVS, file, sqlite, etc.
 | ||||||
|  | pub trait ReadCerts { | ||||||
|  |   type Error; | ||||||
|  |   async fn read_crypto_source(&self) -> Result<CertsAndKeys, Self::Error>; | ||||||
|  | } | ||||||
|  | @ -6,7 +6,8 @@ use tikv_jemallocator::Jemalloc; | ||||||
| static GLOBAL: Jemalloc = Jemalloc; | static GLOBAL: Jemalloc = Jemalloc; | ||||||
| 
 | 
 | ||||||
| mod backend; | mod backend; | ||||||
| mod cert_reader; | mod cert_file_reader; | ||||||
|  | mod certs; | ||||||
| mod config; | mod config; | ||||||
| mod constants; | mod constants; | ||||||
| mod error; | mod error; | ||||||
|  |  | ||||||
|  | @ -1,5 +1,6 @@ | ||||||
| use crate::{ | use crate::{ | ||||||
|   cert_reader::read_certs_and_keys, // TODO: Trait defining read_certs_and_keys and add struct implementing the trait to backend when build backend
 |   cert_file_reader::read_certs_and_keys, // TODO: Trait defining read_certs_and_keys and add struct implementing the trait to backend when build backend
 | ||||||
|  |   certs::CertsAndKeys, | ||||||
|   globals::Globals, |   globals::Globals, | ||||||
|   log::*, |   log::*, | ||||||
|   utils::ServerNameBytesExp, |   utils::ServerNameBytesExp, | ||||||
|  | @ -10,7 +11,7 @@ use rustc_hash::{FxHashMap as HashMap, FxHashSet as HashSet}; | ||||||
| use rustls::{ | use rustls::{ | ||||||
|   server::ResolvesServerCertUsingSni, |   server::ResolvesServerCertUsingSni, | ||||||
|   sign::{any_supported_type, CertifiedKey}, |   sign::{any_supported_type, CertifiedKey}, | ||||||
|   Certificate, OwnedTrustAnchor, PrivateKey, RootCertStore, ServerConfig, |   OwnedTrustAnchor, RootCertStore, ServerConfig, | ||||||
| }; | }; | ||||||
| use std::{io, sync::Arc}; | use std::{io, sync::Arc}; | ||||||
| use x509_parser::prelude::*; | use x509_parser::prelude::*; | ||||||
|  | @ -21,14 +22,6 @@ pub struct CryptoReloader { | ||||||
|   globals: Arc<Globals>, |   globals: Arc<Globals>, | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| /// Certificates and private keys in rustls loaded from files
 |  | ||||||
| #[derive(Debug, PartialEq, Eq, Clone)] |  | ||||||
| pub struct CertsAndKeys { |  | ||||||
|   pub certs: Vec<Certificate>, |  | ||||||
|   pub cert_keys: Vec<PrivateKey>, |  | ||||||
|   pub client_ca_certs: Option<Vec<Certificate>>, |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| pub type SniServerCryptoMap = HashMap<ServerNameBytesExp, Arc<ServerConfig>>; | pub type SniServerCryptoMap = HashMap<ServerNameBytesExp, Arc<ServerConfig>>; | ||||||
| pub struct ServerCrypto { | pub struct ServerCrypto { | ||||||
|   // For Quic/HTTP3, only servers with no client authentication
 |   // For Quic/HTTP3, only servers with no client authentication
 | ||||||
|  |  | ||||||
|  | @ -5,5 +5,4 @@ mod proxy_h3; | ||||||
| mod proxy_main; | mod proxy_main; | ||||||
| mod proxy_tls; | mod proxy_tls; | ||||||
| 
 | 
 | ||||||
| pub use crypto_service::CertsAndKeys; |  | ||||||
| pub use proxy_main::{Proxy, ProxyBuilder, ProxyBuilderError}; | pub use proxy_main::{Proxy, ProxyBuilder, ProxyBuilderError}; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Jun Kurihara
				Jun Kurihara