diff --git a/Cargo.toml b/Cargo.toml index 2617f4d..e3f3567 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,7 +72,6 @@ rustls = "0.23" tokio-rustls = "0.26" rustls-pki-types = "1.12" rustls-native-certs = "0.8.1" -rustls-pemfile = "2.2" quinn = { version = "0.11", default-features = false, features = [ "log", "runtime-tokio", diff --git a/tsp_sdk/Cargo.toml b/tsp_sdk/Cargo.toml index 6bbbb9d..42e7bb7 100644 --- a/tsp_sdk/Cargo.toml +++ b/tsp_sdk/Cargo.toml @@ -33,7 +33,6 @@ async = [ "dep:tokio-rustls", "dep:rustls-pki-types", "dep:rustls-native-certs", - "dep:rustls-pemfile", "dep:quinn", ] resolve = ["serialize", "dep:reqwest", "dep:didwebvh-rs"] @@ -73,7 +72,6 @@ rustls = { workspace = true, optional = true } tokio-rustls = { workspace = true, optional = true } rustls-pki-types = { workspace = true, optional = true } rustls-native-certs = { workspace = true, optional = true } -rustls-pemfile = { workspace = true, optional = true } quinn = { workspace = true, optional = true } # resolve reqwest = { workspace = true, optional = true } diff --git a/tsp_sdk/src/transport/error.rs b/tsp_sdk/src/transport/error.rs index 91b1625..10c2782 100644 --- a/tsp_sdk/src/transport/error.rs +++ b/tsp_sdk/src/transport/error.rs @@ -18,6 +18,8 @@ pub enum TransportError { TLSConfiguration, #[error("missing TLS certificate or key file '{0}'")] TLSMissingFile(String), + #[error("invalid TLS certificate")] + TLSCertificate, #[error("invalid TLS key '{0}'")] TLSKey(String), #[error("{0}")] diff --git a/tsp_sdk/src/transport/tls.rs b/tsp_sdk/src/transport/tls.rs index 7ec6452..ac99ca0 100644 --- a/tsp_sdk/src/transport/tls.rs +++ b/tsp_sdk/src/transport/tls.rs @@ -3,7 +3,7 @@ use bytes::{Bytes, BytesMut}; use futures::StreamExt; use once_cell::sync::Lazy; use rustls::{ClientConfig, RootCertStore, crypto::CryptoProvider}; -use rustls_pki_types::ServerName; +use rustls_pki_types::{ServerName, pem::PemObject}; use std::sync::Arc; use tokio::{io::AsyncWriteExt, net::TcpListener, sync::mpsc}; use tokio_rustls::{TlsAcceptor, TlsConnector}; @@ -25,11 +25,6 @@ pub(super) fn load_certificate() -> Result< ), TransportError, > { - use std::{ - fs::File, - io::{BufReader, Result}, - }; - #[cfg(not(test))] let cert_path = std::env::var("TSP_TLS_CERT").map_err(|_| TransportError::TLSConfiguration)?; #[cfg(not(test))] @@ -39,20 +34,16 @@ pub(super) fn load_certificate() -> Result< #[cfg(test)] let key_path = "../examples/test/localhost-key.pem".to_string(); - let cert_file = - File::open(&cert_path).map_err(|_| TransportError::TLSMissingFile(cert_path))?; - - let certs: Result>> = - rustls_pemfile::certs(&mut BufReader::new(cert_file)).collect(); - - let key_file = - File::open(&key_path).map_err(|_| TransportError::TLSMissingFile(key_path.clone()))?; + let certs: Vec> = + rustls_pki_types::CertificateDer::pem_file_iter(&cert_path) + .map_err(|_| TransportError::TLSMissingFile(cert_path))? + .collect::, _>>() + .map_err(|_| TransportError::TLSCertificate)?; - let key = rustls_pemfile::private_key(&mut BufReader::new(&key_file)) - .map_err(|_| TransportError::TLSKey(key_path.clone()))? - .ok_or(TransportError::TLSKey(key_path))?; + let key = rustls_pki_types::PrivateKeyDer::from_pem_file(&key_path) + .map_err(|_| TransportError::TLSKey(key_path))?; - Ok((certs.unwrap(), key)) + Ok((certs, key)) } pub(super) fn create_tls_config() -> ClientConfig { @@ -70,11 +61,13 @@ pub(super) fn create_tls_config() -> ClientConfig { #[cfg(test)] { let cert_path = "../examples/test/root-ca.pem"; - let cert_file = std::fs::File::open(cert_path).expect("could not find test CA certificate"); - let certs: std::io::Result>> = - rustls_pemfile::certs(&mut std::io::BufReader::new(cert_file)).collect(); + let certs: Vec> = + rustls_pki_types::CertificateDer::pem_file_iter(cert_path) + .expect("could not find test CA certificate") + .collect::, _>>() + .expect("could not read test CA certificate"); - for cert in certs.expect("could not read test CA certificate") { + for cert in certs { root_cert_store .add(cert) .expect("could not add test CA certificate")