DGNum/rust-irc
6
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Merge pull request #228 from Johann150/missing-certificates

Browse source 
better errors for missing certificates
This commit is contained in:
Aaron Weiss 2021-01-19 14:40:54 -05:00 committed by GitHub
commit 6e985a0a14
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 78 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

106
src/client/conn.rs
View file

@ -165,25 +165,41 @@ impl Connection {
let mut builder = TlsConnector::builder(); let mut builder = TlsConnector::builder();
if let Some(cert_path) = config.cert_path() { if let Some(cert_path) = config.cert_path() {
let mut file = File::open(cert_path)?; if let Ok(mut file) = File::open(cert_path) {
let mut cert_data = vec![]; let mut cert_data = vec![];
file.read_to_end(&mut cert_data)?; file.read_to_end(&mut cert_data)?;
let cert = Certificate::from_der(&cert_data)?; let cert = Certificate::from_der(&cert_data)?;
builder.add_root_certificate(cert); builder.add_root_certificate(cert);
log::info!("Added {} to trusted certificates.", cert_path); log::info!("Added {} to trusted certificates.", cert_path);
} else {
return Err(error::Error::InvalidConfig {
path: config.path(),
cause: error::ConfigError::FileMissing {
file: cert_path.to_string(),
},
});
}
} }
if let Some(client_cert_path) = config.client_cert_path() { if let Some(client_cert_path) = config.client_cert_path() {
let client_cert_pass = config.client_cert_pass(); if let Ok(mut file) = File::open(client_cert_path) {
let mut file = File::open(client_cert_path)?; let mut client_cert_data = vec![];
let mut client_cert_data = vec![]; file.read_to_end(&mut client_cert_data)?;
file.read_to_end(&mut client_cert_data)?; let client_cert_pass = config.client_cert_pass();
let pkcs12_archive = Identity::from_pkcs12(&client_cert_data, &client_cert_pass)?; let pkcs12_archive = Identity::from_pkcs12(&client_cert_data, &client_cert_pass)?;
builder.identity(pkcs12_archive); builder.identity(pkcs12_archive);
log::info!( log::info!(
"Using {} for client certificate authentication.", "Using {} for client certificate authentication.",
client_cert_path client_cert_path
); );
} else {
return Err(error::Error::InvalidConfig {
path: config.path(),
cause: error::ConfigError::FileMissing {
file: client_cert_path.to_string(),
},
});
}
} }
let connector: tokio_native_tls::TlsConnector = builder.build()?.into(); let connector: tokio_native_tls::TlsConnector = builder.build()?.into();
@ -207,30 +223,46 @@ impl Connection {
.add_server_trust_anchors(&TLS_SERVER_ROOTS); .add_server_trust_anchors(&TLS_SERVER_ROOTS);
if let Some(cert_path) = config.cert_path() { if let Some(cert_path) = config.cert_path() {
let file = File::open(cert_path)?; if let Ok(mut file) = File::open(cert_path) {
let mut cert_data = BufReader::new(file); let mut cert_data = BufReader::new(file);
builder builder
.root_store .root_store
.add_pem_file(&mut cert_data) .add_pem_file(&mut cert_data)
.map_err(|_| { .map_err(|_| {
error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert")) error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert"))
})?; })?;
log::info!("Added {} to trusted certificates.", cert_path); log::info!("Added {} to trusted certificates.", cert_path);
} else {
return Err(error::Error::InvalidConfig {
path: config.path(),
cause: error::ConfigError::FileMissing {
file: cert_path.to_string(),
},
});
}
} }
if let Some(client_cert_path) = config.client_cert_path() { if let Some(client_cert_path) = config.client_cert_path() {
let client_cert_pass = PrivateKey(Vec::from(config.client_cert_pass())); if let Ok(mut file) = File::open(client_cert_path) {
let file = File::open(client_cert_path)?; let client_cert_data = certs(&mut BufReader::new(file)).map_err(|_| {
let client_cert_data = certs(&mut BufReader::new(file)).map_err(|_| { error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert"))
error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert")) })?;
})?; let client_cert_pass = PrivateKey(Vec::from(config.client_cert_pass()));
builder builder
.set_single_client_cert(client_cert_data, client_cert_pass) .set_single_client_cert(client_cert_data, client_cert_pass)
.map_err(|err| error::Error::Io(Error::new(ErrorKind::InvalidInput, err)))?; .map_err(|err| error::Error::Io(Error::new(ErrorKind::InvalidInput, err)))?;
log::info!( log::info!(
"Using {} for client certificate authentication.", "Using {} for client certificate authentication.",
client_cert_path client_cert_path
); );
} else {
return Err(error::Error::InvalidConfig {
path: config.path(),
cause: error::ConfigError::FileMissing {
file: client_cert_path.to_string(),
},
});
}
} }
let connector = TlsConnector::from(Arc::new(builder)); let connector = TlsConnector::from(Arc::new(builder));

3
src/client/data/config.rs
View file

@ -224,7 +224,8 @@ impl Config {
self self
} }
fn path(&self) -> String { /// Returns the location this Config was loaded from or `<none>`.
pub(crate) fn path(&self) -> String {
self.path self.path
.as_ref() .as_ref()
.map(|buf| buf.to_string_lossy().into_owned()) .map(|buf| buf.to_string_lossy().into_owned())

7
src/error.rs
View file

@ -144,6 +144,13 @@ pub enum ConfigError {
/// Configuration does not specify a server. /// Configuration does not specify a server.
#[error("server not specified")] #[error("server not specified")]
ServerNotSpecified, ServerNotSpecified,
/// The specified file could not be read.
#[error("could not read file {}", file)]
FileMissing {
/// The supposed location of the file.
file: String,
},
} }
/// A wrapper that combines toml's serialization and deserialization errors. /// A wrapper that combines toml's serialization and deserialization errors.