mirrors/ntex
1
0
Fork 0
mirror of https://github.com/ntex-rs/ntex.git synced 2025-04-04 21:37:58 +03:00
Code Issues Projects Releases Packages Wiki Activity

PeerCert and PeerCertChain implementation for rustls (#101)

Browse source 
* PeerCert and PeerCertChain implementation for rustls

* Move PeerCert and PeerCertChain to rustls/mod.rs

* Add tests. Failed due to only x509 v3 is supported in rustls

* Use io variable name

* Fix all other tests. Now one failing: test_rustls_string

* Add #[ignore] temporary for test_rustls_string
This commit is contained in:
Andrey Voronkov 2022-01-29 11:27:51 +03:00 committed by GitHub
parent 26ce0f8771
commit 2d13488c17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 238 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ntex-tls/CHANGES.md
View file

@ -1,5 +1,9 @@
# Changes # Changes
## [0.1.3] - 2022-01-27
* Add PeerCert and PeerCertChain for rustls
## [0.1.2] - 2022-01-12 ## [0.1.2] - 2022-01-12
* Update Filter trait usage * Update Filter trait usage

2
ntex-tls/Cargo.toml
View file

@ -1,6 +1,6 @@
[package] [package]
name = "ntex-tls" name = "ntex-tls"
version = "0.1.2" version = "0.1.3"
authors = ["ntex contributors <team@ntex.rs>"] authors = ["ntex contributors <team@ntex.rs>"]
description = "An implementation of SSL streams for ntex backed by OpenSSL" description = "An implementation of SSL streams for ntex backed by OpenSSL"
keywords = ["network", "framework", "async", "futures"] keywords = ["network", "framework", "async", "futures"]

4
ntex-tls/examples/rustls-server.rs
View file

@ -3,7 +3,7 @@ use std::{fs::File, io, io::BufReader, sync::Arc};
use ntex::service::{fn_service, pipeline_factory}; use ntex::service::{fn_service, pipeline_factory};
use ntex::{codec, io::filter, io::Io, server, util::Either}; use ntex::{codec, io::filter, io::Io, server, util::Either};
use ntex_tls::rustls::TlsAcceptor; use ntex_tls::rustls::TlsAcceptor;
use rustls_pemfile::{certs, rsa_private_keys}; use rustls_pemfile::{certs, pkcs8_private_keys};
use tls_rust::{Certificate, PrivateKey, ServerConfig}; use tls_rust::{Certificate, PrivateKey, ServerConfig};
#[ntex::main] #[ntex::main]
@ -17,7 +17,7 @@ async fn main() -> io::Result<()> {
let cert_file = let cert_file =
&mut BufReader::new(File::open("../ntex-tls/examples/cert.pem").unwrap()); &mut BufReader::new(File::open("../ntex-tls/examples/cert.pem").unwrap());
let key_file = &mut BufReader::new(File::open("../ntex-tls/examples/key.pem").unwrap()); let key_file = &mut BufReader::new(File::open("../ntex-tls/examples/key.pem").unwrap());
let keys = PrivateKey(rsa_private_keys(key_file).unwrap().remove(0)); let keys = PrivateKey(pkcs8_private_keys(key_file).unwrap().remove(0));
let cert_chain = certs(cert_file) let cert_chain = certs(cert_file)
.unwrap() .unwrap()
.iter() .iter()

24
ntex-tls/src/openssl/mod.rs
View file

@ -75,17 +75,21 @@ impl<F: Filter> io::Write for IoInner<F> {
impl<F: Filter> Filter for SslFilter<F> { impl<F: Filter> Filter for SslFilter<F> {
fn query(&self, id: any::TypeId) -> Option<Box<dyn any::Any>> { fn query(&self, id: any::TypeId) -> Option<Box<dyn any::Any>> {
const H2: &[u8] = b"h2";
if id == any::TypeId::of::<types::HttpProtocol>() { if id == any::TypeId::of::<types::HttpProtocol>() {
let proto = let h2 = self
if let Some(protos) = self.inner.borrow().ssl().selected_alpn_protocol() { .inner
if protos.windows(2).any(|window| window == b"h2") { .borrow()
types::HttpProtocol::Http2 .ssl()
} else { .selected_alpn_protocol()
types::HttpProtocol::Http1 .map(|protos| protos.windows(2).any(|w| w == H2))
} .unwrap_or(false);
} else { let proto = if h2 {
types::HttpProtocol::Http1 types::HttpProtocol::Http2
}; } else {
types::HttpProtocol::Http1
};
Some(Box::new(proto)) Some(Box::new(proto))
} else if id == any::TypeId::of::<PeerCert>() { } else if id == any::TypeId::of::<PeerCert>() {
if let Some(cert) = self.inner.borrow().ssl().peer_certificate() { if let Some(cert) = self.inner.borrow().ssl().peer_certificate() {

18
ntex-tls/src/rustls/client.rs
View file

@ -10,6 +10,8 @@ use tls_rust::{ClientConfig, ClientConnection, ServerName};
use crate::rustls::{IoInner, TlsFilter, Wrapper}; use crate::rustls::{IoInner, TlsFilter, Wrapper};
use crate::types; use crate::types;
use super::{PeerCert, PeerCertChain};
/// An implementation of SSL streams /// An implementation of SSL streams
pub struct TlsClientFilter<F> { pub struct TlsClientFilter<F> {
inner: RefCell<IoInner<F>>, inner: RefCell<IoInner<F>>,
@ -34,6 +36,22 @@ impl<F: Filter> Filter for TlsClientFilter<F> {
types::HttpProtocol::Http1 types::HttpProtocol::Http1
}; };
Some(Box::new(proto)) Some(Box::new(proto))
} else if id == any::TypeId::of::<PeerCert>() {
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
if let Some(cert) = cert_chain.first() {
Some(Box::new(PeerCert(cert.to_owned())))
} else {
None
}
} else {
None
}
} else if id == any::TypeId::of::<PeerCertChain>() {
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
Some(Box::new(PeerCertChain(cert_chain.to_vec())))
} else {
None
}
} else { } else {
self.inner.borrow().filter.query(id) self.inner.borrow().filter.query(id)
} }

10
ntex-tls/src/rustls/mod.rs
View file

@ -6,7 +6,7 @@ use std::{any, cmp, future::Future, io, pin::Pin, task::Context, task::Poll};
use ntex_bytes::{BytesMut, PoolRef}; use ntex_bytes::{BytesMut, PoolRef};
use ntex_io::{Base, Filter, FilterFactory, Io, IoRef, ReadStatus, WriteStatus}; use ntex_io::{Base, Filter, FilterFactory, Io, IoRef, ReadStatus, WriteStatus};
use ntex_util::time::Millis; use ntex_util::time::Millis;
use tls_rust::{ClientConfig, ServerConfig, ServerName}; use tls_rust::{Certificate, ClientConfig, ServerConfig, ServerName};
mod accept; mod accept;
mod client; mod client;
@ -16,6 +16,14 @@ pub use accept::{Acceptor, AcceptorService};
use self::client::TlsClientFilter; use self::client::TlsClientFilter;
use self::server::TlsServerFilter; use self::server::TlsServerFilter;
/// Connection's peer cert
#[derive(Debug)]
pub struct PeerCert(pub Certificate);
/// Connection's peer cert chain
#[derive(Debug)]
pub struct PeerCertChain(pub Vec<Certificate>);
/// An implementation of SSL streams /// An implementation of SSL streams
pub struct TlsFilter<F = Base> { pub struct TlsFilter<F = Base> {
inner: InnerTlsFilter<F>, inner: InnerTlsFilter<F>,

18
ntex-tls/src/rustls/server.rs
View file

@ -10,6 +10,8 @@ use tls_rust::{ServerConfig, ServerConnection};
use crate::rustls::{IoInner, TlsFilter, Wrapper}; use crate::rustls::{IoInner, TlsFilter, Wrapper};
use crate::types; use crate::types;
use super::{PeerCert, PeerCertChain};
/// An implementation of SSL streams /// An implementation of SSL streams
pub struct TlsServerFilter<F> { pub struct TlsServerFilter<F> {
inner: RefCell<IoInner<F>>, inner: RefCell<IoInner<F>>,
@ -34,6 +36,22 @@ impl<F: Filter> Filter for TlsServerFilter<F> {
types::HttpProtocol::Http1 types::HttpProtocol::Http1
}; };
Some(Box::new(proto)) Some(Box::new(proto))
} else if id == any::TypeId::of::<PeerCert>() {
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
if let Some(cert) = cert_chain.first() {
Some(Box::new(PeerCert(cert.to_owned())))
} else {
None
}
} else {
None
}
} else if id == any::TypeId::of::<PeerCertChain>() {
if let Some(cert_chain) = self.session.borrow().peer_certificates() {
Some(Box::new(PeerCertChain(cert_chain.to_vec())))
} else {
None
}
} else { } else {
self.inner.borrow().filter.query(id) self.inner.borrow().filter.query(id)
} }

48
ntex/tests/cert.pem
View file

@ -1,31 +1,21 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIFPjCCAyYCCQDWGwiaSniPcTANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV MIIDajCCAlKgAwIBAgIUXGfV5eF2km1rLi4yywOzRFdYIzUwDQYJKoZIhvcNAQEL
UzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMRAwDgYDVQQKDAdDb21wYW55MQww BQAwYTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjEQMA4G
CgYDVQQLDANPcmcxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTAeFw0yMTEyMTgx A1UECgwHQ29tcGFueTEMMAoGA1UECwwDT3JnMRgwFgYDVQQDDA93d3cuZXhhbXBs
NjMwNDlaFw0yMjEyMTgxNjMwNDlaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJD ZS5jb20wHhcNMjIwMTI3MTcwOTExWhcNMzIwMTI1MTcwOTExWjBhMQswCQYDVQQG
QTELMAkGA1UEBwwCU0YxEDAOBgNVBAoMB0NvbXBhbnkxDDAKBgNVBAsMA09yZzEY EwJVUzELMAkGA1UECAwCQ0ExCzAJBgNVBAcMAlNGMRAwDgYDVQQKDAdDb21wYW55
MBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A MQwwCgYDVQQLDANPcmcxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJ
MIICCgKCAgEAryUL1k7npaMOck9OO+EjzeL0FoysOP5JrgRh+8BoPY7WPyL56oFP KoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0c0VayXZcvtjaIzDl0A2kd+kq8RFHe
aCYKp2YMucmvFh/VZSyupC75JJNIaW0fvcIe4Euzy2Ex0VukPxYteRicaWRsxSId RW95OEE0BMUg8Z/dTgGGdkMPUNtO/bQP9mI7ZXLbLfoHdHCESxiH15o2S8B9b5uy
o5RNNHd7JOf3ZWIMqkxmDhPNnqSGHcnVs/14+I5IbJCoba+KNElmL9CrL3gQkqNY lQ/HkvSpnuyW8W13lLVFbjGdoMfcSCGX341CPZRoqBJH0wxlKL7luzygfdXTh/dO
Jf2FSIgou5j1OthEdnQpiRxSRLmJ7gXtvpFGgj4AnrHGsMAPHueeop6yOX6egFnw RhlJhl+1eO69rvWlUv0jq2XNolkmdkxovIpIKgS20sHbBJD7qRn8w7X/OzsLEG/n
2cwp98c/0tMOUsXnDU1MTGF11+4UVr043SruZKU7bvhMZRcf4NTR2MNin0b3DYJ+ 4DqLHMRHHMFcfRr1TXRWW+uaLDskxRbqB/T1TjRMaiRIAKXEurlUQ0O1RicsCIQH
JbTn+HgPhhhx3mrsWRyCvfP23jzwnV/222o+U46i7tNYYrDN8vXIM17gtIvKrv2F 44senvnFT51qphfCGod4j3dwzBKXQD0W/8irV/r+ZvOQGgYNey/9kbMCAwEAAaMa
CLTJE6tsp0xAi6dT+J+AIVqkJntrsxqx2CuOYGOOkPPc4rSf64bwOR1mikdvZCnV MBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQELBQADggEBABgs
NwGEXcH3nBRFMlk5bByCW0kUy03QNakiUEF+PoFzLrCL+V+21Q6Fd7Jmw06BzVFV xKfmHSfpznCNogu6StohnxuUBXDhrPHwYCLJL1LiqAAfBbllZjhbkTblsB7Iw07M
2YtsqFcSo7HXW91XJTDVJCPnrMJOooKQ9Fbq4zbQM0Lv02LyJWyR+0PMBzy4FfkW vDeD35bfg6vshcTi1f0ZR9hanTME7xdgdWhFcacxVWAU8pk+PU1ndza2N6nc+qCZ
ZWz10g3w+CITL/MQ65fsBBc9hRHC3QBWetj3puqM8DlPwqPhgmCA5zo8AWx7CogR xYyIxoBOBS8SecSkWEZPI4CYlAde9Ag/1Lc/adjgJoGa29wdoXxPwoTZbrrRDYX+
V66ukkeBYXYFHwV5uDJTX91tbwYesOL43rlDT905aV0VbaAyDZflipMCAwEAATAN zmyurftmmf279ZMzr33KULr2y6jHhTyZ1V94AoM24bd8B7EqTuP1TE+NiaiavShv
BgkqhkiG9w0BAQsFAAOCAgEAWeq502+YKMHrk8YD4L2mzY/AHSEWf6XubMgkNRbh +ZK7I5MZSH9hgWReFqT1GjYleWk/6/Epo/SdlnAaqrSnSDiYVS8Su2ZlJE+3LAMk
s72+zJs2SrAzu+y+iv5La4JXOxrWEvZOUCKAK0sRG/+ESQxul5mbyPQLWFJgSqv5 9weljkXSuMU4+8Bw3ss=
O2RmhQ65l+O6RjPZbHPNJMTLMMlkFrKctgGIg5ysKHWPEZZ7ZlS3maxon+X75/b5
uI3BxBpJTWcg6zOxh0+zIxhesgEbRmaEz6qu3ZSktBeUQFpTElreCcbkntlFbr+9
SiKkaO4l6qEwRDhA595/7/JRZo4R5U1MifU6JhTMOyXTsH3BV1aVeS81/9jGPHl8
kgVxeKSpL/jDwuSJdr+dMxs/TJHV6fsnVewFFFmigLWThYGDnKmXqJQNyt8utRpe
6vvReWSSIece1EdBActy0rtjPaUJNTTdYk1UYo63OIbCguLWQD1XYN1qJg4KWJzB
PjS6KCOLmJvYrAxRMED4XeZ17+PxC3xr2IpAL+loRhZUuxXV4GhccGZ4z89OIdOU
x97x2BjjV5Nnnt6eBfF3vP5sOz31QpAS/8tzdlGD+6Xq2/i1ZKMPrwgs2dhTyah0
kCBfdE88Zew/A79z55IsVNiYJ4MrD8WTFjcM2j8SgI7tg+M+X/unj+wnzYT0L0dg
BEfzPd7zWdDOPInlTV9zUj1WOsLHX9odOh/Jj5X0FV5vZtcyQ0sGJAhdgTaXDvXs
Ing=
-----END CERTIFICATE----- -----END CERTIFICATE-----

133
ntex/tests/connect.rs
View file

@ -1,4 +1,5 @@
use std::io; use std::io;
use std::sync::Arc;
use ntex::codec::BytesCodec; use ntex::codec::BytesCodec;
use ntex::connect::Connect; use ntex::connect::Connect;
@ -22,11 +23,61 @@ fn ssl_acceptor() -> tls_openssl::ssl::SslAcceptor {
builder.build() builder.build()
} }
#[cfg(feature = "rustls")]
use tls_rustls::ServerConfig;
#[cfg(feature = "rustls")]
fn tls_acceptor() -> Arc<ServerConfig> {
use rustls_pemfile::{certs, pkcs8_private_keys};
use std::fs::File;
use std::io::BufReader;
use tls_rustls::{Certificate, PrivateKey};
let cert_file = &mut BufReader::new(File::open("tests/cert.pem").unwrap());
let key_file = &mut BufReader::new(File::open("tests/key.pem").unwrap());
let cert_chain = certs(cert_file)
.unwrap()
.iter()
.map(|c| Certificate(c.to_vec()))
.collect();
let key = PrivateKey(pkcs8_private_keys(key_file).unwrap().remove(0));
let config = ServerConfig::builder()
.with_safe_defaults()
.with_no_client_auth()
.with_single_cert(cert_chain, key)
.unwrap();
Arc::new(config)
}
mod danger {
use std::time::SystemTime;
use tls_rustls::{Certificate, ServerName};
pub struct NoCertificateVerification {}
impl tls_rustls::client::ServerCertVerifier for NoCertificateVerification {
fn verify_server_cert(
&self,
_end_entity: &Certificate,
_intermediates: &[Certificate],
_server_name: &ServerName,
_scts: &mut dyn Iterator<Item = &[u8]>,
_ocsp_response: &[u8],
_now: SystemTime,
) -> Result<tls_rustls::client::ServerCertVerified, tls_rustls::Error> {
Ok(tls_rustls::client::ServerCertVerified::assertion())
}
}
}
#[cfg(feature = "openssl")] #[cfg(feature = "openssl")]
#[ntex::test] #[ntex::test]
async fn test_openssl_string() { async fn test_openssl_string() {
use ntex::server::openssl; use ntex::server::openssl;
use tls_openssl::ssl::{SslConnector, SslMethod, SslVerifyMode}; use ntex_tls::openssl::PeerCert;
use tls_openssl::{
ssl::{SslConnector, SslMethod, SslVerifyMode},
x509::X509,
};
let srv = test_server(|| { let srv = test_server(|| {
pipeline_factory(fn_service(|io: Io<_>| async move { pipeline_factory(fn_service(|io: Io<_>| async move {
@ -48,8 +99,14 @@ async fn test_openssl_string() {
let conn = ntex::connect::openssl::Connector::new(builder.build()); let conn = ntex::connect::openssl::Connector::new(builder.build());
let addr = format!("127.0.0.1:{}", srv.addr().port()); let addr = format!("127.0.0.1:{}", srv.addr().port());
let con = conn.call(addr.into()).await.unwrap(); let io = conn.call(addr.into()).await.unwrap();
let item = con.recv(&BytesCodec).await.unwrap().unwrap(); assert_eq!(io.query::<PeerAddr>().get().unwrap(), srv.addr().into());
let cert = X509::from_pem(include_bytes!("cert.pem")).unwrap();
assert_eq!(
io.query::<PeerCert>().as_ref().unwrap().0.to_der().unwrap(),
cert.to_der().unwrap()
);
let item = io.recv(&BytesCodec).await.unwrap().unwrap();
assert_eq!(item, Bytes::from_static(b"test")); assert_eq!(item, Bytes::from_static(b"test"));
} }
@ -67,10 +124,9 @@ async fn test_openssl_read_before_error() {
})) }))
.and_then(openssl::Acceptor::new(ssl_acceptor())) .and_then(openssl::Acceptor::new(ssl_acceptor()))
.and_then(fn_service(|io: Io<_>| async move { .and_then(fn_service(|io: Io<_>| async move {
log::info!("ssl handshake completed"); io.send(Bytes::from_static(b"test"), &BytesCodec)
io.encode(Bytes::from_static(b"test"), &BytesCodec).unwrap(); .await
// ntex::time::sleep(ntex::time::Millis(1000)).await; .unwrap();
io.shutdown().await.unwrap();
Ok::<_, Box<dyn std::error::Error>>(()) Ok::<_, Box<dyn std::error::Error>>(())
})) }))
}); });
@ -88,20 +144,51 @@ async fn test_openssl_read_before_error() {
#[cfg(feature = "rustls")] #[cfg(feature = "rustls")]
#[ntex::test] #[ntex::test]
#[ignore]
async fn test_rustls_string() { async fn test_rustls_string() {
use ntex::server::rustls;
use ntex_tls::rustls::PeerCert;
use rustls_pemfile::certs;
use std::fs::File;
use std::io::BufReader;
use tls_rustls::{Certificate, ClientConfig};
let srv = test_server(|| { let srv = test_server(|| {
fn_service(|io: Io| async move { pipeline_factory(fn_service(|io: Io<_>| async move {
let res = io.read_ready().await;
assert!(res.is_ok());
Ok(io)
}))
.and_then(rustls::Acceptor::new(tls_acceptor()))
.and_then(fn_service(|io: Io<_>| async move {
io.send(Bytes::from_static(b"test"), &BytesCodec) io.send(Bytes::from_static(b"test"), &BytesCodec)
.await .await
.unwrap(); .unwrap();
Ok::<_, io::Error>(()) Ok::<_, std::io::Error>(())
}) }))
}); });
let conn = ntex::connect::Connector::default(); let config = ClientConfig::builder()
.with_safe_defaults()
.with_custom_certificate_verifier(Arc::new(danger::NoCertificateVerification {}))
.with_no_client_auth();
let conn = ntex::connect::rustls::Connector::new(config);
let addr = format!("localhost:{}", srv.addr().port()); let addr = format!("localhost:{}", srv.addr().port());
let con = conn.call(addr.into()).await.unwrap(); let io = conn.call(addr.into()).await.unwrap();
assert_eq!(con.query::<PeerAddr>().get().unwrap(), srv.addr().into()); assert_eq!(io.query::<PeerAddr>().get().unwrap(), srv.addr().into());
let cert_file = &mut BufReader::new(File::open("tests/cert.pem").unwrap());
let cert_chain: Vec<Certificate> = certs(cert_file)
.unwrap()
.iter()
.map(|c| Certificate(c.to_vec()))
.collect();
assert_eq!(
io.query::<PeerCert>().as_ref().unwrap().0,
*cert_chain.first().unwrap()
);
let item = io.recv(&BytesCodec).await.unwrap().unwrap();
assert_eq!(item, Bytes::from_static(b"test"));
} }
#[ntex::test] #[ntex::test]
@ -117,13 +204,13 @@ async fn test_static_str() {
let conn = ntex::connect::Connector::new(); let conn = ntex::connect::Connector::new();
let con = conn.call(Connect::with("10", srv.addr())).await.unwrap(); let io = conn.call(Connect::with("10", srv.addr())).await.unwrap();
assert_eq!(con.query::<PeerAddr>().get().unwrap(), srv.addr().into()); assert_eq!(io.query::<PeerAddr>().get().unwrap(), srv.addr().into());
let connect = Connect::new("127.0.0.1".to_owned()); let connect = Connect::new("127.0.0.1".to_owned());
let conn = ntex::connect::Connector::new(); let conn = ntex::connect::Connector::new();
let con = conn.call(connect).await; let io = conn.call(connect).await;
assert!(con.is_err()); assert!(io.is_err());
} }
#[ntex::test] #[ntex::test]
@ -139,8 +226,8 @@ async fn test_new_service() {
let factory = ntex::connect::Connector::new(); let factory = ntex::connect::Connector::new();
let conn = factory.new_service(()).await.unwrap(); let conn = factory.new_service(()).await.unwrap();
let con = conn.call(Connect::with("10", srv.addr())).await.unwrap(); let io = conn.call(Connect::with("10", srv.addr())).await.unwrap();
assert_eq!(con.query::<PeerAddr>().get().unwrap(), srv.addr().into()); assert_eq!(io.query::<PeerAddr>().get().unwrap(), srv.addr().into());
} }
#[cfg(feature = "openssl")] #[cfg(feature = "openssl")]
@ -161,8 +248,8 @@ async fn test_uri() {
let addr = let addr =
ntex::http::Uri::try_from(format!("https://localhost:{}", srv.addr().port())) ntex::http::Uri::try_from(format!("https://localhost:{}", srv.addr().port()))
.unwrap(); .unwrap();
let con = conn.call(addr.into()).await.unwrap(); let io = conn.call(addr.into()).await.unwrap();
assert_eq!(con.query::<PeerAddr>().get().unwrap(), srv.addr().into()); assert_eq!(io.query::<PeerAddr>().get().unwrap(), srv.addr().into());
} }
#[cfg(feature = "rustls")] #[cfg(feature = "rustls")]
@ -183,6 +270,6 @@ async fn test_rustls_uri() {
let addr = let addr =
ntex::http::Uri::try_from(format!("https://localhost:{}", srv.addr().port())) ntex::http::Uri::try_from(format!("https://localhost:{}", srv.addr().port()))
.unwrap(); .unwrap();
let con = conn.call(addr.into()).await.unwrap(); let io = conn.call(addr.into()).await.unwrap();
assert_eq!(con.query::<PeerAddr>().get().unwrap(), srv.addr().into()); assert_eq!(io.query::<PeerAddr>().get().unwrap(), srv.addr().into());
} }

7
ntex/tests/gen_cert.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
set -e
cd "$(dirname "${0}")" || exit 1
openssl req -nodes -new -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 3650 -extensions v3_req -subj "/C=US/ST=CA/L=SF/O=Company/OU=Org/CN=www.example.com"

79
ntex/tests/key.pem
View file

@ -1,51 +1,28 @@
-----BEGIN RSA PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIJKQIBAAKCAgEAryUL1k7npaMOck9OO+EjzeL0FoysOP5JrgRh+8BoPY7WPyL5 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNHNFWsl2XL7Y2
6oFPaCYKp2YMucmvFh/VZSyupC75JJNIaW0fvcIe4Euzy2Ex0VukPxYteRicaWRs iMw5dANpHfpKvERR3kVveThBNATFIPGf3U4BhnZDD1DbTv20D/ZiO2Vy2y36B3Rw
xSIdo5RNNHd7JOf3ZWIMqkxmDhPNnqSGHcnVs/14+I5IbJCoba+KNElmL9CrL3gQ hEsYh9eaNkvAfW+bspUPx5L0qZ7slvFtd5S1RW4xnaDH3Eghl9+NQj2UaKgSR9MM
kqNYJf2FSIgou5j1OthEdnQpiRxSRLmJ7gXtvpFGgj4AnrHGsMAPHueeop6yOX6e ZSi+5bs8oH3V04f3TkYZSYZftXjuva71pVL9I6tlzaJZJnZMaLyKSCoEttLB2wSQ
gFnw2cwp98c/0tMOUsXnDU1MTGF11+4UVr043SruZKU7bvhMZRcf4NTR2MNin0b3 +6kZ/MO1/zs7CxBv5+A6ixzERxzBXH0a9U10Vlvrmiw7JMUW6gf09U40TGokSACl
DYJ+JbTn+HgPhhhx3mrsWRyCvfP23jzwnV/222o+U46i7tNYYrDN8vXIM17gtIvK xLq5VENDtUYnLAiEB+OLHp75xU+daqYXwhqHeI93cMwSl0A9Fv/Iq1f6/mbzkBoG
rv2FCLTJE6tsp0xAi6dT+J+AIVqkJntrsxqx2CuOYGOOkPPc4rSf64bwOR1mikdv DXsv/ZGzAgMBAAECggEBALTTcBZ/nxT3YiuHxIvuJEeavxr+CTknvI0/EAIjywTD
ZCnVNwGEXcH3nBRFMlk5bByCW0kUy03QNakiUEF+PoFzLrCL+V+21Q6Fd7Jmw06B O2FVqDyd/0q1iPIfHHmPDQajGJf+dPUVd2juqInS0JfKwFPOAgQAl3tW1c7ObyZj
zVFV2YtsqFcSo7HXW91XJTDVJCPnrMJOooKQ9Fbq4zbQM0Lv02LyJWyR+0PMBzy4 GCsKnlaFBFXHgoRQRmMfUl1lhYZ+EZY0LfKiiB5rx/r1/pnxJ9A1+IS4ljdwdFH7
FfkWZWz10g3w+CITL/MQ65fsBBc9hRHC3QBWetj3puqM8DlPwqPhgmCA5zo8AWx7 4X9h7hiJ6Cs8GZdtVYQdzo45WEqDbjqgt0ZUF6TVuB9EaJDep89oAP/QKvZPkc5F
CogRV66ukkeBYXYFHwV5uDJTX91tbwYesOL43rlDT905aV0VbaAyDZflipMCAwEA 3r8hZuyv0ZvSPQwoedNyfSFLD/QCItybNiPoyV82a/akoCAN0gvRGD9MffM+30RJ
AQKCAgBoOnqt4a0XNE8PlcRv/A6Loskxdiuzixib133cDOe74nn7frwNY0C3MRRc 1gUY27Y0dDgYZUgIxSMwi3uqjn65wxd4mXLyL/t4nxkCgYEA75yLuk0T8HYrNgpQ
BG4ETlLErtMWb53KlS2tJ30LSGaATbqELmjj2oaEGa5H4NHU4+GJErtsIV5UD5hW uEzESOcNkTYYfl4+VzCDktZkckufnt/Ykk3bPcPuQHyExKuNXI75WkkDbkYdF3b7
ZdhB4U2n5s60tdxx+jT+eNhbd9aWU3yfJkVRXlDtXW64qQmH4P1OtXvfWBfIG/Qq 5pqpuPJMXmZHtQZuxA5qEMEcj1nv5jmg9D9HKdMvDT3ZICVHcSZt9tnwPS+oVGUM
cuUSpvchOrybZYumTdVjkqrTnHGcW+YC8hT6W79rRhB5issr6ZcUghafOWcMpeQ/ VShb+fDJEO1oxrlQImFbqk7L+PcCgYEA2yQ3VYOo/CqF/uLkM0IsnfFqbgqXSkp+
0TJZK0K13ZIfp2WFeuZfRw6Rg/AIJllSScZxxo/oBPfym5P6FGRndxrkzkh19g+q b/F1HS9xJS/iWhrx3tgsyrIxf4BFo0yZBIxkItp5yjAoEB3WWXIUwENqZiATspMO
HQDYA0oYW7clXMMtebbrEIb8kLRdaIHDiwyFXmyywvuAAk0jHbA8snM2dyeJWSRr lcG2lIrIDdGe0HIfboayPIKpIr4zacT42eTVktaVWcC2AcoTs57XRVPIcfJY1xSF
WQjvQFccGF4z390ZGUCN0ZeESskndg12r4jYaL/aQ8dQZ1ivS69F8bmbQtQNU2Ej 0dmyoauymiUCgYEAq22s6lVK9rcUo00uAy2pIR9trX6ud3qlz2t+Nwf8RWmlgd1U
hscTUzEMOnrBTxvRQTjI9nnrbsbklagKmJHXOc/fj13g6/FkcfmeTrjuB30LxJyH 7ReWy9HqG2j69FpogNgpvlaOhc7T8X3HK21sEE4KJV+33eQES3CkoegHrugBow2I
j+xXAi8AGv/oZRk6s/txas5hXpcFXnQDRobVoJjV8kuomcDTt1j33H+05ACFyvHM AjdjiqD1ANxHA6CoRGPiOMIkByKZpAfHkwWVCHUk5V91nvfmRTKyil5lwHECgYAJ
/2jxJ1f3xbFx3fqivL89+Z4r8RYxLoWLg7QuqQLdtRgThEKUG0t3lt59fUo+JVVJ 1YU6LC9gKZRbzNjKyBRyfgv1pjoF1nP4GBDWX3OnZI+21XC3PGI+MmLwQtRdMKnJ
CgRbj/OM3n5udgiIeBAyMAMZjVPUKhvLIFpiUY2vKnYx/97L0QKCAQEA4QUt3dEh P3ea7Mz8Ws7hckVVPD5cJmpW7OeVYu4LoGbOIbA6loaW+hgZAKhs+LwYWAq8m19D
P0L4eQEAzg/J8JuleH7io5VxoK5c2oulhCdQdRDF5HWSesPKJmCmgJRmIXi7zseo f/ZpoYGQRoqkZ+ocbGtirBDZtDNya3RZ53gRsz/PlQKBgFVWVIZXkOhrEcu2uGdL
Sbg7Hd2xt/QnaPhRnASXJOdn7ddtoZ1M6Zb0y+d6mmcG+mK6PshtMCQ5S3Lqhsuh utXavENsfUppRCtSShKZGg6jgnElMFkGioC0lhJAQPnfByZ4qO93/XIr0TCzpzdY
tYQbwawNlCFzwzCzwGb3aD9lBKQYts7KFrMT3Goexg3Qqv374XGn6Eg1LMhXWYbT vArOztO5tzfUYkZaEo24CC0NOVHSL+EEo2dSSWAL7GJev6xp9OJq4IWa+0232+HW
M5gcPOYnOT+RugeaTxMnJ6nr6E7kyrLIS+xASXKwXGxSUsQG9VWH7jDuzzARrPEU yJoqkhXgooFADK4a2jfh5NLH
aeyxWdbDkBn2vzW+wDpMPMqzoShZsRC9NnFfncXRZfUC5DJWGzwA/xZaR0ZNNng2 -----END PRIVATE KEY-----
OE7rILyAH/aZSQKCAQEAx0ICGi7y94vn5KWdaNVol3nPid4aMnk4LDcX5m0tiqUG
7LIqnFDOOjEdxTf13n7Cv4gotOQNluOypswSDZI4tI0xQ/dJ8PI+vwmA0oHSzf7U
ZPO2gzIOzububPllQsCrKHN++2SyyNlKyYFu/akmlu6yIN3EMRLqYKvZaIL5z9Lk
pTU7eS0AsXJyqD54zRLFkw6S9omQHJXrEzYAuZI+Ue/Arlgyq95mUMsHYRHgaTq4
GDMDLHNyrdKUhW+ZiZ9dhX+aRghHgNiXDk/Eh2/RZrLhKdVk94dJQbfGu/aiSk71
dXPEAaQ7o1MDwQgu4TsCVCzac/CeqvmcoMFyx3NA+wKCAQEAoLfLR8hsH7wcroiZ
45QBXzo8WLD//WjrDKIdLfdaE+bkn4iIX6HeKpMXGowjwGi9/aA3O/z85RKSHsXO
fp4DXAUofPAGaFRjtcwNwMYSPjEUzWKa/hciM8o6TkdnPWBSD+KXQgnFiVk/Xfge
hrPR9BMgAAdLJIlLBKKUCFXwn3/uaprdOgZ6CPd5ZU+BZvXUDRVW1lnnFc3KNXEJ
iOkvk5iEjYAXkkvadEWNQn2pdBjc3djtwEWaEwVyFt6tROJsX01tAoH6W6G0Fn+/
lHgG9hFUGgZJl44L+MpSLZbQHkehzJWS92ilVQni2HbmG0wC1S+QTJxV1agAZpRc
SvgeCQKCAQB3PnVrnfUhV8Sq/MG63xv8qpUc+KHM2uZW75GKAIRkmGYQeH8vlNwV
zxb104t8X3fEj4Ns3Z2UUyey0iVrobn1sxlshyzk2NPcF5/UWoUBaiNJVuA+m1Jp
V6IP7SBAVnUXfCbd42Fq+T7cYG0/uF6zrJ1FNfIXPC6vM6ij9t3xFVBn3fd9iQUF
LGyZaul4MGe0neAtUh3APae0k3jTlUVeW5B/xaBtYmbwqs/7s2sNDmrlcIHRtDVI
+OCRCjxkM88P+VEl4AaKgRPFKM+ADdbPEvXUxzPpPjkE7yorimmM9rvGUkVWhiZ6
k0+H0ZHckCfQoBcLk1AhGcg2HA7IdZzJAoIBAQDAicb6CWlNdaIcJfADKSNK4+BF
JFbH+lXYrTxVSTV+Ubdi0w8Kwk0bzf20EstJnaOCyLDCjcxafjbmuGBVbw7an0lt
Yxjx0fWXxMfvb9/3vKuJVUySA4iq/zfXKlokRaFoqbdRfod3PVGUsynCV7HmImf3
RZA0WkcSwzbg2E2QNKQ3CPd3cHtPpBX8TwRCotg/R5yCR9lihVfkSyULikwBFvrm
2UKZm4pPESWSfMHBToJoAeO0g67itbwwpNhwvgUdyjaj8u46qyjN1FMx3mBiv7Yq
CIE+H0qNu0jmFhoqPrgxfFrGCi6eDPYjRS86536Nc4m8y24z2hie8JLK8QKQ
-----END RSA PRIVATE KEY-----

4
ntex/tests/web_httpserver.rs
View file

@ -146,7 +146,7 @@ async fn test_rustls() {
use std::{fs::File, io::BufReader}; use std::{fs::File, io::BufReader};
use ntex::web::HttpRequest; use ntex::web::HttpRequest;
use rustls_pemfile::{certs, rsa_private_keys}; use rustls_pemfile::{certs, pkcs8_private_keys};
use tls_rustls::{Certificate, PrivateKey, ServerConfig as RustlsServerConfig}; use tls_rustls::{Certificate, PrivateKey, ServerConfig as RustlsServerConfig};
let addr = TestServer::unused_addr(); let addr = TestServer::unused_addr();
@ -163,7 +163,7 @@ async fn test_rustls() {
.iter() .iter()
.map(|c| Certificate(c.to_vec())) .map(|c| Certificate(c.to_vec()))
.collect(); .collect();
let keys = PrivateKey(rsa_private_keys(key_file).unwrap().remove(0)); let keys = PrivateKey(pkcs8_private_keys(key_file).unwrap().remove(0));
let config = RustlsServerConfig::builder() let config = RustlsServerConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_no_client_auth() .with_no_client_auth()

12
ntex/tests/web_server.rs
View file

@ -847,7 +847,7 @@ async fn test_brotli_encoding_large_openssl_h2() {
async fn test_reading_deflate_encoding_large_random_rustls() { async fn test_reading_deflate_encoding_large_random_rustls() {
use std::{fs::File, io::BufReader}; use std::{fs::File, io::BufReader};
use rustls_pemfile::{certs, rsa_private_keys}; use rustls_pemfile::{certs, pkcs8_private_keys};
use tls_rustls::{Certificate, PrivateKey, ServerConfig}; use tls_rustls::{Certificate, PrivateKey, ServerConfig};
let data = rand::thread_rng() let data = rand::thread_rng()
@ -864,7 +864,7 @@ async fn test_reading_deflate_encoding_large_random_rustls() {
.iter() .iter()
.map(|c| Certificate(c.to_vec())) .map(|c| Certificate(c.to_vec()))
.collect(); .collect();
let keys = PrivateKey(rsa_private_keys(key_file).unwrap().remove(0)); let keys = PrivateKey(pkcs8_private_keys(key_file).unwrap().remove(0));
let config = ServerConfig::builder() let config = ServerConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_no_client_auth() .with_no_client_auth()
@ -903,7 +903,7 @@ async fn test_reading_deflate_encoding_large_random_rustls() {
#[cfg(all(feature = "rustls", feature = "openssl"))] #[cfg(all(feature = "rustls", feature = "openssl"))]
#[ntex::test] #[ntex::test]
async fn test_reading_deflate_encoding_large_random_rustls_h1() { async fn test_reading_deflate_encoding_large_random_rustls_h1() {
use rustls_pemfile::{certs, rsa_private_keys}; use rustls_pemfile::{certs, pkcs8_private_keys};
use std::fs::File; use std::fs::File;
use std::io::BufReader; use std::io::BufReader;
use tls_rustls::{Certificate, PrivateKey, ServerConfig}; use tls_rustls::{Certificate, PrivateKey, ServerConfig};
@ -922,7 +922,7 @@ async fn test_reading_deflate_encoding_large_random_rustls_h1() {
.iter() .iter()
.map(|c| Certificate(c.to_vec())) .map(|c| Certificate(c.to_vec()))
.collect(); .collect();
let keys = PrivateKey(rsa_private_keys(key_file).unwrap().remove(0)); let keys = PrivateKey(pkcs8_private_keys(key_file).unwrap().remove(0));
let config = ServerConfig::builder() let config = ServerConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_no_client_auth() .with_no_client_auth()
@ -963,7 +963,7 @@ async fn test_reading_deflate_encoding_large_random_rustls_h1() {
async fn test_reading_deflate_encoding_large_random_rustls_h2() { async fn test_reading_deflate_encoding_large_random_rustls_h2() {
use std::{fs::File, io::BufReader}; use std::{fs::File, io::BufReader};
use rustls_pemfile::{certs, rsa_private_keys}; use rustls_pemfile::{certs, pkcs8_private_keys};
use tls_rustls::{Certificate, PrivateKey, ServerConfig}; use tls_rustls::{Certificate, PrivateKey, ServerConfig};
let data = rand::thread_rng() let data = rand::thread_rng()
@ -980,7 +980,7 @@ async fn test_reading_deflate_encoding_large_random_rustls_h2() {
.iter() .iter()
.map(|c| Certificate(c.to_vec())) .map(|c| Certificate(c.to_vec()))
.collect(); .collect();
let keys = PrivateKey(rsa_private_keys(key_file).unwrap().remove(0)); let keys = PrivateKey(pkcs8_private_keys(key_file).unwrap().remove(0));
let config = ServerConfig::builder() let config = ServerConfig::builder()
.with_safe_defaults() .with_safe_defaults()
.with_no_client_auth() .with_no_client_auth()