Implement TLS for server

2025-01-18 10:26:12 +01:00 · 2020-10-28 22:21:44 +01:00 · 2020-10-28 22:21:44 +01:00 · 4d52e9809b
commit 4d52e9809b
parent 416e213478
3 changed files with 27 additions and 3 deletions
--- a/server/Cargo.toml
+++ b/server/Cargo.toml
@ -15,3 +15,4 @@ toml = "0.5.7"
 structopt = "0.3.20"
 log = "0.4.11"
 env_logger = "0.8.1"
+tokio-native-tls = "0.2.0"
--- a/server/src/config.rs
+++ b/server/src/config.rs
@ -1,10 +1,13 @@
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
 use std::net::SocketAddr;
+use std::path::PathBuf;

 #[derive(Serialize, Deserialize)]
 #[serde(rename_all = "kebab-case")]
 pub struct Config {
    pub listen_address: SocketAddr,
    pub switch_keys: HashSet<u16>,
+    pub identity_path: PathBuf,
+    pub identity_password: String,
 }
--- a/server/src/main.rs
+++ b/server/src/main.rs
@ -7,7 +7,7 @@ use std::collections::{HashMap, HashSet};
 use std::convert::Infallible;
 use std::io::{Error, ErrorKind};
 use std::net::SocketAddr;
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use std::process;
 use std::time::Duration;
 use structopt::StructOpt;
@ -16,6 +16,7 @@ use tokio::io::{AsyncRead, AsyncWrite};
 use tokio::net::TcpListener;
 use tokio::sync::mpsc::{self, UnboundedReceiver, UnboundedSender};
 use tokio::time;
+use tokio_native_tls::native_tls::{Identity, TlsAcceptor};

 async fn handle_connection<T>(
    mut stream: T,
@ -48,7 +49,18 @@ where
    }
 }

-async fn run(listen_address: SocketAddr, switch_keys: &HashSet<u16>) -> Result<Infallible, Error> {
+async fn run(
+    listen_address: SocketAddr,
+    switch_keys: &HashSet<u16>,
+    identity_path: &Path,
+    identity_password: &str,
+) -> Result<Infallible, Error> {
+    let identity = fs::read(identity_path).await?;
+    let identity = Identity::from_pkcs12(&identity, identity_password)
+        .map_err(|err| Error::new(ErrorKind::InvalidData, err))?;
+    let acceptor: tokio_native_tls::TlsAcceptor = TlsAcceptor::new(identity)
+        .map_err(|err| Error::new(ErrorKind::InvalidData, err))
+        .map(Into::into)?;
    let listener = TcpListener::bind(listen_address).await?;

    log::info!("Listening on {}", listen_address);
@ -64,6 +76,14 @@ async fn run(listen_address: SocketAddr, switch_keys: &HashSet<u16>) -> Result<I
                }
            };

+            let stream = match acceptor.accept(stream).await {
+                Ok(stream) => stream,
+                Err(err) => {
+                    log::error!("{}: TLS error: {}", address, err);
+                    continue;
+                }
+            };
+
            let (sender, receiver) = mpsc::unbounded_channel();
            if client_sender.send(Ok(sender)).is_err() {
                return;
@ -163,7 +183,7 @@ async fn main() {
    };

    tokio::select! {
-        result = run(config.listen_address, &config.switch_keys) => {
+        result = run(config.listen_address, &config.switch_keys, &config.identity_path, &config.identity_password) => {
            if let Err(err) = result {
                log::error!("Error: {}", err);
                process::exit(1);