diff options
| author | Ryan Dahl <ry@tinyclouds.org> | 2021-12-01 11:13:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-01 11:13:11 -0500 |
| commit | 084caffc08ceb33c4d20c4b6d744ce15c19c4baf (patch) | |
| tree | bc7a2aa6b6bb55c2383912b6f8a542e648488fdc /ext/tls/lib.rs | |
| parent | 4c36fa1fdf6c353fb01f2ec80da39a52e969fb5f (diff) | |
refactor: cli doesn't need to depend on deno_tls (#12952)
also move create_http_client to deno_fetch
Diffstat (limited to 'ext/tls/lib.rs')
| -rw-r--r-- | ext/tls/lib.rs | 69 |
1 files changed, 13 insertions, 56 deletions
diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index b29a142b9..91eb4c54b 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -8,15 +8,10 @@ pub use webpki_roots; use deno_core::anyhow::anyhow; use deno_core::error::custom_error; -use deno_core::error::generic_error; use deno_core::error::AnyError; use deno_core::parking_lot::Mutex; use deno_core::Extension; -use reqwest::header::HeaderMap; -use reqwest::header::USER_AGENT; -use reqwest::redirect::Policy; -use reqwest::Client; use rustls::internal::msgs::handshake::DigitallySignedStruct; use rustls::internal::pemfile::certs; use rustls::internal::pemfile::pkcs8_private_keys; @@ -138,6 +133,7 @@ pub fn create_client_config( root_cert_store: Option<RootCertStore>, ca_certs: Vec<Vec<u8>>, unsafely_ignore_certificate_errors: Option<Vec<String>>, + client_cert_chain_and_key: Option<(String, String)>, ) -> Result<ClientConfig, AnyError> { let mut tls_config = ClientConfig::new(); tls_config.set_persistence(CLIENT_SESSION_MEMORY_CACHE.clone()); @@ -159,6 +155,18 @@ pub fn create_client_config( )); } + if let Some((cert_chain, private_key)) = client_cert_chain_and_key { + // The `remove` is safe because load_private_keys checks that there is at least one key. + let private_key = load_private_keys(private_key.as_bytes())?.remove(0); + + tls_config + .set_single_client_cert( + load_certs(&mut cert_chain.as_bytes())?, + private_key, + ) + .expect("invalid client key or certificate"); + } + Ok(tls_config) } @@ -209,54 +217,3 @@ pub fn load_private_keys(bytes: &[u8]) -> Result<Vec<PrivateKey>, AnyError> { Ok(keys) } - -/// Create new instance of async reqwest::Client. This client supports -/// proxies and doesn't follow redirects. -pub fn create_http_client( - user_agent: String, - root_cert_store: Option<RootCertStore>, - ca_certs: Vec<Vec<u8>>, - proxy: Option<Proxy>, - unsafely_ignore_certificate_errors: Option<Vec<String>>, - client_cert_chain_and_key: Option<(String, String)>, -) -> Result<Client, AnyError> { - let mut tls_config = create_client_config( - root_cert_store, - ca_certs, - unsafely_ignore_certificate_errors, - )?; - - if let Some((cert_chain, private_key)) = client_cert_chain_and_key { - // The `remove` is safe because load_private_keys checks that there is at least one key. - let private_key = load_private_keys(private_key.as_bytes())?.remove(0); - - tls_config - .set_single_client_cert( - load_certs(&mut cert_chain.as_bytes())?, - private_key, - ) - .expect("invalid client key or certificate"); - } - - tls_config.alpn_protocols = vec!["h2".into(), "http/1.1".into()]; - - let mut headers = HeaderMap::new(); - headers.insert(USER_AGENT, user_agent.parse().unwrap()); - let mut builder = Client::builder() - .redirect(Policy::none()) - .default_headers(headers) - .use_preconfigured_tls(tls_config); - - if let Some(proxy) = proxy { - let mut reqwest_proxy = reqwest::Proxy::all(&proxy.url)?; - if let Some(basic_auth) = &proxy.basic_auth { - reqwest_proxy = - reqwest_proxy.basic_auth(&basic_auth.username, &basic_auth.password); - } - builder = builder.proxy(reqwest_proxy); - } - - builder - .build() - .map_err(|e| generic_error(format!("Unable to build http client: {}", e))) -} |