better error for missing certificate files
made config::path pub(crate) to avoid code duplication but not pub so it is not part of the public API
This commit is contained in:
Johann150
parent
1733c22b86
commit
b9d07ed9fb
2 changed files with 71 additions and 38 deletions
|
|
@ -165,25 +165,41 @@ impl Connection {
|
||||||
let mut builder = TlsConnector::builder();
|
let mut builder = TlsConnector::builder();
|
||||||
|
|
||||||
if let Some(cert_path) = config.cert_path() {
|
if let Some(cert_path) = config.cert_path() {
|
||||||
let mut file = File::open(cert_path)?;
|
if let Ok(mut file) = File::open(cert_path) {
|
||||||
let mut cert_data = vec![];
|
let mut cert_data = vec![];
|
||||||
file.read_to_end(&mut cert_data)?;
|
file.read_to_end(&mut cert_data)?;
|
||||||
let cert = Certificate::from_der(&cert_data)?;
|
let cert = Certificate::from_der(&cert_data)?;
|
||||||
builder.add_root_certificate(cert);
|
builder.add_root_certificate(cert);
|
||||||
log::info!("Added {} to trusted certificates.", cert_path);
|
log::info!("Added {} to trusted certificates.", cert_path);
|
||||||
|
} else {
|
||||||
|
return Err(error::Error::InvalidConfig {
|
||||||
|
path: config.path(),
|
||||||
|
cause: error::ConfigError::FileMissing {
|
||||||
|
file: cert_path.to_string(),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(client_cert_path) = config.client_cert_path() {
|
if let Some(client_cert_path) = config.client_cert_path() {
|
||||||
let client_cert_pass = config.client_cert_pass();
|
if let Ok(mut file) = File::open(client_cert_path) {
|
||||||
let mut file = File::open(client_cert_path)?;
|
|
||||||
let mut client_cert_data = vec![];
|
let mut client_cert_data = vec![];
|
||||||
file.read_to_end(&mut client_cert_data)?;
|
file.read_to_end(&mut client_cert_data)?;
|
||||||
|
let client_cert_pass = config.client_cert_pass();
|
||||||
let pkcs12_archive = Identity::from_pkcs12(&client_cert_data, &client_cert_pass)?;
|
let pkcs12_archive = Identity::from_pkcs12(&client_cert_data, &client_cert_pass)?;
|
||||||
builder.identity(pkcs12_archive);
|
builder.identity(pkcs12_archive);
|
||||||
log::info!(
|
log::info!(
|
||||||
"Using {} for client certificate authentication.",
|
"Using {} for client certificate authentication.",
|
||||||
client_cert_path
|
client_cert_path
|
||||||
);
|
);
|
||||||
|
} else {
|
||||||
|
return Err(error::Error::InvalidConfig {
|
||||||
|
path: config.path(),
|
||||||
|
cause: error::ConfigError::FileMissing {
|
||||||
|
file: client_cert_path.to_string(),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let connector: tokio_native_tls::TlsConnector = builder.build()?.into();
|
let connector: tokio_native_tls::TlsConnector = builder.build()?.into();
|
||||||
|
|
@ -207,7 +223,7 @@ impl Connection {
|
||||||
.add_server_trust_anchors(&TLS_SERVER_ROOTS);
|
.add_server_trust_anchors(&TLS_SERVER_ROOTS);
|
||||||
|
|
||||||
if let Some(cert_path) = config.cert_path() {
|
if let Some(cert_path) = config.cert_path() {
|
||||||
let file = File::open(cert_path)?;
|
if let Ok(mut file) = File::open(cert_path) {
|
||||||
let mut cert_data = BufReader::new(file);
|
let mut cert_data = BufReader::new(file);
|
||||||
builder
|
builder
|
||||||
.root_store
|
.root_store
|
||||||
|
|
@ -216,14 +232,22 @@ impl Connection {
|
||||||
error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert"))
|
error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert"))
|
||||||
})?;
|
})?;
|
||||||
log::info!("Added {} to trusted certificates.", cert_path);
|
log::info!("Added {} to trusted certificates.", cert_path);
|
||||||
|
} else {
|
||||||
|
return Err(error::Error::InvalidConfig {
|
||||||
|
path: config.path(),
|
||||||
|
cause: error::ConfigError::FileMissing {
|
||||||
|
file: cert_path.to_string(),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if let Some(client_cert_path) = config.client_cert_path() {
|
if let Some(client_cert_path) = config.client_cert_path() {
|
||||||
let client_cert_pass = PrivateKey(Vec::from(config.client_cert_pass()));
|
if let Ok(mut file) = File::open(client_cert_path) {
|
||||||
let file = File::open(client_cert_path)?;
|
|
||||||
let client_cert_data = certs(&mut BufReader::new(file)).map_err(|_| {
|
let client_cert_data = certs(&mut BufReader::new(file)).map_err(|_| {
|
||||||
error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert"))
|
error::Error::Io(Error::new(ErrorKind::InvalidInput, "invalid cert"))
|
||||||
})?;
|
})?;
|
||||||
|
let client_cert_pass = PrivateKey(Vec::from(config.client_cert_pass()));
|
||||||
builder
|
builder
|
||||||
.set_single_client_cert(client_cert_data, client_cert_pass)
|
.set_single_client_cert(client_cert_data, client_cert_pass)
|
||||||
.map_err(|err| error::Error::Io(Error::new(ErrorKind::InvalidInput, err)))?;
|
.map_err(|err| error::Error::Io(Error::new(ErrorKind::InvalidInput, err)))?;
|
||||||
|
|
@ -231,6 +255,14 @@ impl Connection {
|
||||||
"Using {} for client certificate authentication.",
|
"Using {} for client certificate authentication.",
|
||||||
client_cert_path
|
client_cert_path
|
||||||
);
|
);
|
||||||
|
} else {
|
||||||
|
return Err(error::Error::InvalidConfig {
|
||||||
|
path: config.path(),
|
||||||
|
cause: error::ConfigError::FileMissing {
|
||||||
|
file: client_cert_path.to_string(),
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let connector = TlsConnector::from(Arc::new(builder));
|
let connector = TlsConnector::from(Arc::new(builder));
|
||||||
|
|
|
||||||
|
|
@ -224,7 +224,8 @@ impl Config {
|
||||||
self
|
self
|
||||||
}
|
}
|
||||||
|
|
||||||
fn path(&self) -> String {
|
/// Returns the location this Config was loaded from or `<none>`.
|
||||||
|
pub(crate) fn path(&self) -> String {
|
||||||
self.path
|
self.path
|
||||||
.as_ref()
|
.as_ref()
|
||||||
.map(|buf| buf.to_string_lossy().into_owned())
|
.map(|buf| buf.to_string_lossy().into_owned())
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue