Miroirs/rkvm
1
0
Fork 0
mirror of https://github.com/htrefil/rkvm.git synced 2025-01-30 20:34:13 +01:00
Code Issues Projects Releases Packages Wiki Activity

Implement TLS for server

Browse source
This commit is contained in:
htrefil 2020-10-28 22:21:44 +01:00
parent 416e213478
commit 4d52e9809b
3 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
server/Cargo.toml
View file

@ -15,3 +15,4 @@ toml = "0.5.7"
structopt = "0.3.20" structopt = "0.3.20"
log = "0.4.11" log = "0.4.11"
env_logger = "0.8.1" env_logger = "0.8.1"
tokio-native-tls = "0.2.0"

3
server/src/config.rs
View file

@ -1,10 +1,13 @@
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use std::collections::HashSet; use std::collections::HashSet;
use std::net::SocketAddr; use std::net::SocketAddr;
use std::path::PathBuf;
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
#[serde(rename_all = "kebab-case")] #[serde(rename_all = "kebab-case")]
pub struct Config { pub struct Config {
pub listen_address: SocketAddr, pub listen_address: SocketAddr,
pub switch_keys: HashSet<u16>, pub switch_keys: HashSet<u16>,
pub identity_path: PathBuf,
pub identity_password: String,
} }

26
server/src/main.rs
View file

@ -7,7 +7,7 @@ use std::collections::{HashMap, HashSet};
use std::convert::Infallible; use std::convert::Infallible;
use std::io::{Error, ErrorKind}; use std::io::{Error, ErrorKind};
use std::net::SocketAddr; use std::net::SocketAddr;
use std::path::PathBuf; use std::path::{Path, PathBuf};
use std::process; use std::process;
use std::time::Duration; use std::time::Duration;
use structopt::StructOpt; use structopt::StructOpt;
@ -16,6 +16,7 @@ use tokio::io::{AsyncRead, AsyncWrite};
use tokio::net::TcpListener; use tokio::net::TcpListener;
use tokio::sync::mpsc::{self, UnboundedReceiver, UnboundedSender}; use tokio::sync::mpsc::{self, UnboundedReceiver, UnboundedSender};
use tokio::time; use tokio::time;
use tokio_native_tls::native_tls::{Identity, TlsAcceptor};
async fn handle_connection<T>( async fn handle_connection<T>(
mut stream: T, mut stream: T,
@ -48,7 +49,18 @@ where
} }
} }
async fn run(listen_address: SocketAddr, switch_keys: &HashSet<u16>) -> Result<Infallible, Error> { async fn run(
listen_address: SocketAddr,
switch_keys: &HashSet<u16>,
identity_path: &Path,
identity_password: &str,
) -> Result<Infallible, Error> {
let identity = fs::read(identity_path).await?;
let identity = Identity::from_pkcs12(&identity, identity_password)
.map_err(|err| Error::new(ErrorKind::InvalidData, err))?;
let acceptor: tokio_native_tls::TlsAcceptor = TlsAcceptor::new(identity)
.map_err(|err| Error::new(ErrorKind::InvalidData, err))
.map(Into::into)?;
let listener = TcpListener::bind(listen_address).await?; let listener = TcpListener::bind(listen_address).await?;
log::info!("Listening on {}", listen_address); log::info!("Listening on {}", listen_address);
@ -64,6 +76,14 @@ async fn run(listen_address: SocketAddr, switch_keys: &HashSet<u16>) -> Result<I
} }
}; };
let stream = match acceptor.accept(stream).await {
Ok(stream) => stream,
Err(err) => {
log::error!("{}: TLS error: {}", address, err);
continue;
}
};
let (sender, receiver) = mpsc::unbounded_channel(); let (sender, receiver) = mpsc::unbounded_channel();
if client_sender.send(Ok(sender)).is_err() { if client_sender.send(Ok(sender)).is_err() {
return; return;
@ -163,7 +183,7 @@ async fn main() {
}; };
tokio::select! { tokio::select! {
result = run(config.listen_address, &config.switch_keys) => { result = run(config.listen_address, &config.switch_keys, &config.identity_path, &config.identity_password) => {
if let Err(err) = result { if let Err(err) = result {
log::error!("Error: {}", err); log::error!("Error: {}", err);
process::exit(1); process::exit(1);