chore: rework TLS code in test server (#23566)

In order to make the reqwest/rustls upgrade more straightforward, we
refactor the test server to depend on deno_tls.

4 files changed, 42 insertions, 62 deletions

diff --git a/tests/util/server/Cargo.toml b/tests/util/server/Cargo.toml
index a321501b8..641cf5993 100644
--- a/tests/util/server/Cargo.toml
+++ b/tests/util/server/Cargo.toml
@@ -19,6 +19,7 @@ async-stream = "0.3.3"
 base64.workspace = true
 bytes.workspace = true
 console_static_text.workspace = true
+deno_tls.workspace = true
 deno_unsync = "0"
 denokv_proto.workspace = true
 fastwebsockets.workspace = true
@@ -43,8 +44,6 @@ pretty_assertions.workspace = true
 prost.workspace = true
 regex.workspace = true
 reqwest.workspace = true
-rustls-pemfile.workspace = true
-rustls-tokio-stream.workspace = true
 semver = "=1.0.14"
 serde.workspace = true
 serde_json.workspace = true
diff --git a/tests/util/server/src/https.rs b/tests/util/server/src/https.rs
index 8a2524dca..0cc58255d 100644
--- a/tests/util/server/src/https.rs
+++ b/tests/util/server/src/https.rs
@@ -1,12 +1,14 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 use anyhow::anyhow;
+use deno_tls::load_certs;
+use deno_tls::load_private_keys;
+use deno_tls::rustls;
+use deno_tls::RootCertStore;
+use deno_tls::TlsStream;
 use futures::Stream;
 use futures::StreamExt;
-use rustls::Certificate;
-use rustls::PrivateKey;
-use rustls_tokio_stream::rustls;
-use rustls_tokio_stream::TlsStream;
 use std::io;
+use std::io::Read;
 use std::num::NonZeroUsize;
 use std::result::Result;
 use std::sync::Arc;
@@ -68,65 +70,43 @@ pub fn get_tls_config(
   let key_file = std::fs::File::open(key_path)?;
   let ca_file = std::fs::File::open(ca_path)?;
 
-  let certs: Vec<Certificate> = {
-    let mut cert_reader = io::BufReader::new(cert_file);
-    rustls_pemfile::certs(&mut cert_reader)
-      .unwrap()
-      .into_iter()
-      .map(Certificate)
-      .collect()
-  };
+  let err_map = |x| io::Error::new(io::ErrorKind::InvalidData, x);
+  let certs =
+    load_certs(&mut io::BufReader::new(cert_file)).map_err(err_map)?;
 
   let mut ca_cert_reader = io::BufReader::new(ca_file);
-  let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader)
-    .expect("Cannot load CA certificate")
-    .remove(0);
+  let ca_cert = load_certs(&mut ca_cert_reader).map_err(err_map)?.remove(0);
 
   let mut key_reader = io::BufReader::new(key_file);
-  let key = {
-    let pkcs8_key = rustls_pemfile::pkcs8_private_keys(&mut key_reader)
-      .expect("Cannot load key file");
-    let rsa_key = rustls_pemfile::rsa_private_keys(&mut key_reader)
-      .expect("Cannot load key file");
-    if !pkcs8_key.is_empty() {
-      Some(pkcs8_key[0].clone())
-    } else if !rsa_key.is_empty() {
-      Some(rsa_key[0].clone())
-    } else {
-      None
+  let mut key = vec![];
+  key_reader.read_to_end(&mut key)?;
+  let key = load_private_keys(&key).map_err(err_map)?.remove(0);
+
+  let mut root_cert_store = RootCertStore::empty();
+  root_cert_store.add(&ca_cert).unwrap();
+
+  // Allow (but do not require) client authentication.
+
+  let mut config = rustls::ServerConfig::builder()
+    .with_safe_defaults()
+    .with_client_cert_verifier(Arc::new(
+      rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(
+        root_cert_store,
+      ),
+    ))
+    .with_single_cert(certs, key)
+    .map_err(|e| anyhow!("Error setting cert: {:?}", e))
+    .unwrap();
+
+  match http_versions {
+    SupportedHttpVersions::All => {
+      config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
     }
-  };
-
-  match key {
-    Some(key) => {
-      let mut root_cert_store = rustls::RootCertStore::empty();
-      root_cert_store.add(&rustls::Certificate(ca_cert)).unwrap();
-
-      // Allow (but do not require) client authentication.
-
-      let mut config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
-        .with_client_cert_verifier(Arc::new(
-          rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(
-            root_cert_store,
-          ),
-        ))
-        .with_single_cert(certs, PrivateKey(key))
-        .map_err(|e| anyhow!("Error setting cert: {:?}", e))
-        .unwrap();
-
-      match http_versions {
-        SupportedHttpVersions::All => {
-          config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];
-        }
-        SupportedHttpVersions::Http1Only => {}
-        SupportedHttpVersions::Http2Only => {
-          config.alpn_protocols = vec!["h2".into()];
-        }
-      }
-
-      Ok(Arc::new(config))
+    SupportedHttpVersions::Http1Only => {}
+    SupportedHttpVersions::Http2Only => {
+      config.alpn_protocols = vec!["h2".into()];
     }
-    None => Err(io::Error::new(io::ErrorKind::Other, "Cannot find key")),
   }
+
+  Ok(Arc::new(config))
 }
diff --git a/tests/util/server/src/servers/grpc.rs b/tests/util/server/src/servers/grpc.rs
index 144afc06a..ff00cae49 100644
--- a/tests/util/server/src/servers/grpc.rs
+++ b/tests/util/server/src/servers/grpc.rs
@@ -1,10 +1,10 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
+use deno_tls::TlsStream;
 use futures::StreamExt;
 use h2;
 use hyper::header::HeaderName;
 use hyper::header::HeaderValue;
-use rustls_tokio_stream::TlsStream;
 use tokio::net::TcpStream;
 use tokio::task::LocalSet;
 
diff --git a/tests/util/server/src/servers/hyper_utils.rs b/tests/util/server/src/servers/hyper_utils.rs
index ea15bba0e..58b5f0cb9 100644
--- a/tests/util/server/src/servers/hyper_utils.rs
+++ b/tests/util/server/src/servers/hyper_utils.rs
@@ -1,6 +1,7 @@
 // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
 
 use bytes::Bytes;
+use deno_tls::TlsStream;
 use futures::Future;
 use futures::FutureExt;
 use futures::Stream;
@@ -69,7 +70,7 @@ pub async fn run_server_with_acceptor<'a, A, F, S>(
   error_msg: &'static str,
   kind: ServerKind,
 ) where
-  A: Stream<Item = io::Result<rustls_tokio_stream::TlsStream>> + ?Sized,
+  A: Stream<Item = io::Result<TlsStream>> + ?Sized,
   F: Fn(Request<hyper::body::Incoming>) -> S + Copy + 'static,
   S: Future<Output = HandlerOutput> + 'static,
 {