87 lines
2.8 KiB
Rust
87 lines
2.8 KiB
Rust
use crate::{
|
|
crypto_source::CryptoSource,
|
|
error::*,
|
|
log::*,
|
|
server_crypto::{ServerCryptoBase, ServerNameBytes},
|
|
};
|
|
use ahash::HashMap;
|
|
use async_trait::async_trait;
|
|
use hot_reload::{Reload, ReloaderError};
|
|
use std::sync::Arc;
|
|
|
|
/* ------------------------------------------------ */
|
|
/// Boxed CryptoSource trait object with Send and Sync
|
|
/// TODO: support for not only `CryptoFileSource` but also other type of sources
|
|
pub(super) type DynCryptoSource = dyn CryptoSource<Error = RpxyCertError> + Send + Sync + 'static;
|
|
|
|
#[derive(Clone)]
|
|
/// Reloader service for certificates and keys for TLS
|
|
pub struct CryptoReloader {
|
|
inner: HashMap<ServerNameBytes, Arc<Box<DynCryptoSource>>>,
|
|
}
|
|
|
|
impl<T> Extend<(ServerNameBytes, T)> for CryptoReloader
|
|
where
|
|
T: CryptoSource<Error = RpxyCertError> + Send + Sync + 'static,
|
|
{
|
|
fn extend<I: IntoIterator<Item = (ServerNameBytes, T)>>(&mut self, iter: I) {
|
|
let iter = iter
|
|
.into_iter()
|
|
.map(|(k, v)| (k, Arc::new(Box::new(v) as Box<DynCryptoSource>)));
|
|
self.inner.extend(iter);
|
|
}
|
|
}
|
|
|
|
#[async_trait]
|
|
impl Reload<ServerCryptoBase> for CryptoReloader {
|
|
type Source = HashMap<ServerNameBytes, Arc<Box<DynCryptoSource>>>;
|
|
|
|
async fn new(source: &Self::Source) -> Result<Self, ReloaderError<ServerCryptoBase>> {
|
|
let mut inner = HashMap::default();
|
|
inner.extend(source.clone());
|
|
Ok(Self { inner })
|
|
}
|
|
|
|
async fn reload(&self) -> Result<Option<ServerCryptoBase>, ReloaderError<ServerCryptoBase>> {
|
|
let mut server_crypto_base = ServerCryptoBase::default();
|
|
|
|
for (server_name_bytes, crypto_source) in self.inner.iter() {
|
|
let certs_keys = match crypto_source.read().await {
|
|
Ok(certs_keys) => certs_keys,
|
|
Err(e) => {
|
|
error!("Failed to read certs and keys, skip at this time: {}", e);
|
|
continue;
|
|
}
|
|
};
|
|
server_crypto_base.inner.insert(server_name_bytes.clone(), certs_keys);
|
|
}
|
|
|
|
Ok(Some(server_crypto_base))
|
|
}
|
|
}
|
|
/* ------------------------------------------------ */
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
use crate::crypto_source::CryptoFileSourceBuilder;
|
|
|
|
#[tokio::test]
|
|
async fn test_crypto_reloader() {
|
|
let tls_cert_path = "../example-certs/server.crt";
|
|
let tls_cert_key_path = "../example-certs/server.key";
|
|
let client_ca_cert_path = Some("../example-certs/client.ca.crt");
|
|
|
|
let mut crypto_reloader = CryptoReloader::new(&HashMap::default()).await.unwrap();
|
|
let crypto_source = CryptoFileSourceBuilder::default()
|
|
.tls_cert_path(tls_cert_path)
|
|
.tls_cert_key_path(tls_cert_key_path)
|
|
.client_ca_cert_path(client_ca_cert_path)
|
|
.build()
|
|
.unwrap();
|
|
crypto_reloader.extend(vec![(b"localhost".to_vec(), crypto_source)]);
|
|
|
|
let server_crypto_base = crypto_reloader.reload().await.unwrap().unwrap();
|
|
assert_eq!(server_crypto_base.inner.len(), 1);
|
|
}
|
|
}
|