Remove unmaintained rustls-pemfile dependency

Cargo.toml

@@ -72,7 +72,6 @@ rustls = "0.23"
 tokio-rustls = "0.26"
 rustls-pki-types = "1.12"
 rustls-native-certs = "0.8.1"
-rustls-pemfile = "2.2"
 quinn = { version = "0.11", default-features = false, features = [
   "log",
   "runtime-tokio",

tsp_sdk/Cargo.toml

@@ -33,7 +33,6 @@ async = [
   "dep:tokio-rustls",
   "dep:rustls-pki-types",
   "dep:rustls-native-certs",
-  "dep:rustls-pemfile",
   "dep:quinn",
 ]
 resolve = ["serialize", "dep:reqwest", "dep:didwebvh-rs"]
@@ -73,7 +72,6 @@ rustls = { workspace = true, optional = true }
 tokio-rustls = { workspace = true, optional = true }
 rustls-pki-types = { workspace = true, optional = true }
 rustls-native-certs = { workspace = true, optional = true }
-rustls-pemfile = { workspace = true, optional = true }
 quinn = { workspace = true, optional = true }
 # resolve
 reqwest = { workspace = true, optional = true }

tsp_sdk/src/transport/error.rs

@@ -18,6 +18,8 @@ pub enum TransportError {
     TLSConfiguration,
     #[error("missing TLS certificate or key file '{0}'")]
     TLSMissingFile(String),
+    #[error("invalid TLS certificate")]
+    TLSCertificate,
     #[error("invalid TLS key '{0}'")]
     TLSKey(String),
     #[error("{0}")]

tsp_sdk/src/transport/tls.rs

@@ -3,7 +3,7 @@ use bytes::{Bytes, BytesMut};
 use futures::StreamExt;
 use once_cell::sync::Lazy;
 use rustls::{ClientConfig, RootCertStore, crypto::CryptoProvider};
-use rustls_pki_types::ServerName;
+use rustls_pki_types::{ServerName, pem::PemObject};
 use std::sync::Arc;
 use tokio::{io::AsyncWriteExt, net::TcpListener, sync::mpsc};
 use tokio_rustls::{TlsAcceptor, TlsConnector};
@@ -25,11 +25,6 @@ pub(super) fn load_certificate() -> Result<
     ),
     TransportError,
 > {
-    use std::{
-        fs::File,
-        io::{BufReader, Result},
-    };
-
     #[cfg(not(test))]
     let cert_path = std::env::var("TSP_TLS_CERT").map_err(|_| TransportError::TLSConfiguration)?;
     #[cfg(not(test))]
@@ -39,20 +34,16 @@ pub(super) fn load_certificate() -> Result<
     #[cfg(test)]
     let key_path = "../examples/test/localhost-key.pem".to_string();
 
-    let cert_file =
-        File::open(&cert_path).map_err(|_| TransportError::TLSMissingFile(cert_path))?;
-
-    let certs: Result<Vec<rustls_pki_types::CertificateDer<'static>>> =
-        rustls_pemfile::certs(&mut BufReader::new(cert_file)).collect();
-
-    let key_file =
-        File::open(&key_path).map_err(|_| TransportError::TLSMissingFile(key_path.clone()))?;
+    let certs: Vec<rustls_pki_types::CertificateDer<'static>> =
+        rustls_pki_types::CertificateDer::pem_file_iter(&cert_path)
+            .map_err(|_| TransportError::TLSMissingFile(cert_path))?
+            .collect::<Result<Vec<_>, _>>()
+            .map_err(|_| TransportError::TLSCertificate)?;
 
-    let key = rustls_pemfile::private_key(&mut BufReader::new(&key_file))
-        .map_err(|_| TransportError::TLSKey(key_path.clone()))?
-        .ok_or(TransportError::TLSKey(key_path))?;
+    let key = rustls_pki_types::PrivateKeyDer::from_pem_file(&key_path)
+        .map_err(|_| TransportError::TLSKey(key_path))?;
 
-    Ok((certs.unwrap(), key))
+    Ok((certs, key))
 }
 
 pub(super) fn create_tls_config() -> ClientConfig {
@@ -70,11 +61,13 @@ pub(super) fn create_tls_config() -> ClientConfig {
     #[cfg(test)]
     {
         let cert_path = "../examples/test/root-ca.pem";
-        let cert_file = std::fs::File::open(cert_path).expect("could not find test CA certificate");
-        let certs: std::io::Result<Vec<rustls_pki_types::CertificateDer<'static>>> =
-            rustls_pemfile::certs(&mut std::io::BufReader::new(cert_file)).collect();
+        let certs: Vec<rustls_pki_types::CertificateDer<'static>> =
+            rustls_pki_types::CertificateDer::pem_file_iter(cert_path)
+                .expect("could not find test CA certificate")
+                .collect::<Result<Vec<_>, _>>()
+                .expect("could not read test CA certificate");
 
-        for cert in certs.expect("could not read test CA certificate") {
+        for cert in certs {
             root_cert_store
                 .add(cert)
                 .expect("could not add test CA certificate")