summaryrefslogtreecommitdiff
path: root/ext/tls/tls_key.rs
diff options
context:
space:
mode:
Diffstat (limited to 'ext/tls/tls_key.rs')
-rw-r--r--ext/tls/tls_key.rs46
1 files changed, 28 insertions, 18 deletions
diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs
index 47a8e0e57..66fac86f8 100644
--- a/ext/tls/tls_key.rs
+++ b/ext/tls/tls_key.rs
@@ -11,8 +11,6 @@
//! key lookup can handle closing one end of the pair, in which case they will just
//! attempt to clean up the associated resources.
-use crate::Certificate;
-use crate::PrivateKey;
use deno_core::anyhow::anyhow;
use deno_core::error::AnyError;
use deno_core::futures::future::poll_fn;
@@ -32,12 +30,21 @@ use std::sync::Arc;
use tokio::sync::broadcast;
use tokio::sync::mpsc;
use tokio::sync::oneshot;
+use webpki::types::CertificateDer;
+use webpki::types::PrivateKeyDer;
type ErrorType = Rc<AnyError>;
/// A TLS certificate/private key pair.
-#[derive(Clone, Debug, PartialEq, Eq)]
-pub struct TlsKey(pub Vec<Certificate>, pub PrivateKey);
+/// see https://docs.rs/rustls-pki-types/latest/rustls_pki_types/#cloning-private-keys
+#[derive(Debug, PartialEq, Eq)]
+pub struct TlsKey(pub Vec<CertificateDer<'static>>, pub PrivateKeyDer<'static>);
+
+impl Clone for TlsKey {
+ fn clone(&self) -> Self {
+ Self(self.0.clone(), self.1.clone_key())
+ }
+}
#[derive(Clone, Debug, Default)]
pub enum TlsKeys {
@@ -111,9 +118,8 @@ impl TlsKeyResolver {
let key = self.resolve(sni).await?;
let mut tls_config = ServerConfig::builder()
- .with_safe_defaults()
.with_no_client_auth()
- .with_single_cert(key.0, key.1)?;
+ .with_single_cert(key.0, key.1.clone_key())?;
tls_config.alpn_protocols = alpn;
Ok(tls_config.into())
}
@@ -255,14 +261,18 @@ impl TlsKeyLookup {
pub mod tests {
use super::*;
use deno_core::unsync::spawn;
- use rustls::Certificate;
- use rustls::PrivateKey;
fn tls_key_for_test(sni: &str) -> TlsKey {
- TlsKey(
- vec![Certificate(format!("{sni}-cert").into_bytes())],
- PrivateKey(format!("{sni}-key").into_bytes()),
- )
+ let manifest_dir =
+ std::path::PathBuf::from(std::env::var("CARGO_MANIFEST_DIR").unwrap());
+ let sni = sni.replace(".com", "");
+ let cert_file = manifest_dir.join(format!("testdata/{}_cert.der", sni));
+ let prikey_file = manifest_dir.join(format!("testdata/{}_prikey.der", sni));
+ let cert = std::fs::read(cert_file).unwrap();
+ let prikey = std::fs::read(prikey_file).unwrap();
+ let cert = CertificateDer::from(cert);
+ let prikey = PrivateKeyDer::try_from(prikey).unwrap();
+ TlsKey(vec![cert], prikey)
}
#[tokio::test]
@@ -274,8 +284,8 @@ pub mod tests {
}
});
- let key = resolver.resolve("example.com".to_owned()).await.unwrap();
- assert_eq!(tls_key_for_test("example.com"), key);
+ let key = resolver.resolve("example1.com".to_owned()).await.unwrap();
+ assert_eq!(tls_key_for_test("example1.com"), key);
drop(resolver);
task.await.unwrap();
@@ -290,13 +300,13 @@ pub mod tests {
}
});
- let f1 = resolver.resolve("example.com".to_owned());
- let f2 = resolver.resolve("example.com".to_owned());
+ let f1 = resolver.resolve("example1.com".to_owned());
+ let f2 = resolver.resolve("example1.com".to_owned());
let key = f1.await.unwrap();
- assert_eq!(tls_key_for_test("example.com"), key);
+ assert_eq!(tls_key_for_test("example1.com"), key);
let key = f2.await.unwrap();
- assert_eq!(tls_key_for_test("example.com"), key);
+ assert_eq!(tls_key_for_test("example1.com"), key);
drop(resolver);
task.await.unwrap();
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 00:28:08 +0000