From 9f092224cd2c551ac9a92186c2d9fb524b2598d5 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 15 Feb 2021 00:00:57 +0100 Subject: [PATCH] Parse PKCS8 and RSA keys separately --- src/libdoh/src/tls.rs | 41 ++++++++++++++++++++++++++++------------- 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/src/libdoh/src/tls.rs b/src/libdoh/src/tls.rs index 64a6988..bd8b882 100644 --- a/src/libdoh/src/tls.rs +++ b/src/libdoh/src/tls.rs @@ -3,7 +3,7 @@ use crate::{DoH, LocalExecutor}; use hyper::server::conn::Http; use std::fs::File; -use std::io::{self, BufReader}; +use std::io::{self, BufReader, Cursor, Read}; use std::path::Path; use std::sync::Arc; use tokio::net::TcpListener; @@ -38,22 +38,37 @@ where }; let certs_keys = { let certs_keys_path_str = certs_keys_path.as_ref().display().to_string(); - let mut reader = BufReader::new(File::open(certs_keys_path).map_err(|e| { - io::Error::new( - e.kind(), - format!( - "Unable to load the certificate keys [{}]: {}", - certs_keys_path_str, - e.to_string() - ), - ) - })?); - let keys = pemfile::pkcs8_private_keys(&mut reader).map_err(|_| { + let encoded_keys = { + let mut encoded_keys = vec![]; + File::open(certs_keys_path) + .map_err(|e| { + io::Error::new( + e.kind(), + format!( + "Unable to load the certificate keys [{}]: {}", + certs_keys_path_str, + e.to_string() + ), + ) + })? + .read_to_end(&mut encoded_keys)?; + encoded_keys + }; + let mut reader = Cursor::new(encoded_keys); + let pkcs8_keys = pemfile::pkcs8_private_keys(&mut reader).map_err(|_| { io::Error::new( io::ErrorKind::InvalidInput, - "Unable to parse the certificates private keys", + "Unable to parse the certificates private keys (PKCS8)", ) })?; + let mut rsa_keys = pemfile::rsa_private_keys(&mut reader).map_err(|_| { + io::Error::new( + io::ErrorKind::InvalidInput, + "Unable to parse the certificates private keys (RSA)", + ) + })?; + let mut keys = pkcs8_keys; + keys.append(&mut rsa_keys); if keys.is_empty() { return Err(io::Error::new( io::ErrorKind::InvalidInput,