docs: add doc-comments for crate::certs
This commit is contained in:
parent
9de12169a6
commit
6f91e705d3
4 changed files with 33 additions and 2 deletions
|
@ -1,17 +1,23 @@
|
|||
//! Helpers for TLS cert fingerprint generating
|
||||
|
||||
use base64ct::{Base64Unpadded, Encoding};
|
||||
use sha2::{Digest, Sha256, Sha512};
|
||||
|
||||
use super::verifier::CertificateDer;
|
||||
|
||||
const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
|
||||
const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
|
||||
pub const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
|
||||
pub const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
|
||||
|
||||
/// Certificate hashing algorithms
|
||||
/// supported in this library
|
||||
#[derive(Debug, Clone, Copy)]
|
||||
pub enum Algorithm {
|
||||
Sha256,
|
||||
Sha512,
|
||||
}
|
||||
|
||||
/// Generate a fingerprint for the provided certificate
|
||||
/// using the specified algorithm + base64
|
||||
pub fn generate_fingerprint(cert: &CertificateDer, algo: Algorithm) -> String {
|
||||
match algo {
|
||||
Algorithm::Sha256 => {
|
||||
|
|
|
@ -1,13 +1,26 @@
|
|||
//! Custom verifier for Rustls accepting any TLS cert
|
||||
//! (usually called "insecure mode")
|
||||
|
||||
use tokio_rustls::rustls::{
|
||||
self,
|
||||
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
|
||||
crypto::CryptoProvider,
|
||||
};
|
||||
|
||||
/// Custom verifier for Rustls accepting any TLS certificate
|
||||
#[derive(Debug)]
|
||||
pub struct AllowAllCertVerifier(std::sync::Arc<CryptoProvider>);
|
||||
|
||||
impl AllowAllCertVerifier {
|
||||
/// Constructor for this verifier.
|
||||
/// Use only if you know what you are doing.
|
||||
///
|
||||
/// # Examples
|
||||
/// ```
|
||||
/// let client = tokio_gemini::Client::builder()
|
||||
/// .with_custom_verifier(AllowAllCertVerifier::yes_i_know_what_i_am_doing())
|
||||
/// .build()
|
||||
/// ```
|
||||
pub fn yes_i_know_what_i_am_doing() -> Self {
|
||||
AllowAllCertVerifier(
|
||||
CryptoProvider::get_default()
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
//! Everything related to TLS certs verification
|
||||
|
||||
pub mod fingerprint;
|
||||
pub mod insecure;
|
||||
|
||||
|
@ -10,6 +12,9 @@ pub use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
|
|||
|
||||
use tokio_rustls::rustls;
|
||||
|
||||
/// Trait for implementing self-signed cert verifiers
|
||||
/// like [`file_sscv::FileBasedCertVerifier`]
|
||||
/// (probably via known_hosts with TOFU policy or DANE verification)
|
||||
pub trait SelfsignedCertVerifier: Send + Sync {
|
||||
fn verify(
|
||||
&self,
|
||||
|
@ -19,6 +24,9 @@ pub trait SelfsignedCertVerifier: Send + Sync {
|
|||
) -> Result<bool, rustls::Error>;
|
||||
}
|
||||
|
||||
/// Structure holding a cert fingerprint and expiry date,
|
||||
/// suggested for using in a [`SelfsignedCertVerifier`] cert storage
|
||||
/// (like `HashMap<String, SelfsignedCert>`, as a known_hosts parsing result)
|
||||
pub struct SelfsignedCert {
|
||||
pub algo: crate::certs::fingerprint::Algorithm,
|
||||
pub fingerprint: String,
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
//! Internal custom Rustls verifier
|
||||
//! allowing verification both with webpki trust roots (when enabled)
|
||||
//! and with implementaions of our own [`SelfsignedCertVerifier`]
|
||||
|
||||
use crate::certs::SelfsignedCertVerifier;
|
||||
|
||||
use std::sync::Arc;
|
||||
|
|
Loading…
Reference in a new issue