docs: add doc-comments for crate::certs

This commit is contained in:
DarkCat09 2024-08-08 17:32:28 +04:00
parent 9de12169a6
commit 6f91e705d3
Signed by: DarkCat09
GPG key ID: 0A26CD5B3345D6E3
4 changed files with 33 additions and 2 deletions

View file

@ -1,17 +1,23 @@
//! Helpers for TLS cert fingerprint generating
use base64ct::{Base64Unpadded, Encoding}; use base64ct::{Base64Unpadded, Encoding};
use sha2::{Digest, Sha256, Sha512}; use sha2::{Digest, Sha256, Sha512};
use super::verifier::CertificateDer; use super::verifier::CertificateDer;
const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil() pub const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil() pub const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
/// Certificate hashing algorithms
/// supported in this library
#[derive(Debug, Clone, Copy)] #[derive(Debug, Clone, Copy)]
pub enum Algorithm { pub enum Algorithm {
Sha256, Sha256,
Sha512, Sha512,
} }
/// Generate a fingerprint for the provided certificate
/// using the specified algorithm + base64
pub fn generate_fingerprint(cert: &CertificateDer, algo: Algorithm) -> String { pub fn generate_fingerprint(cert: &CertificateDer, algo: Algorithm) -> String {
match algo { match algo {
Algorithm::Sha256 => { Algorithm::Sha256 => {

View file

@ -1,13 +1,26 @@
//! Custom verifier for Rustls accepting any TLS cert
//! (usually called "insecure mode")
use tokio_rustls::rustls::{ use tokio_rustls::rustls::{
self, self,
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}, client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
crypto::CryptoProvider, crypto::CryptoProvider,
}; };
/// Custom verifier for Rustls accepting any TLS certificate
#[derive(Debug)] #[derive(Debug)]
pub struct AllowAllCertVerifier(std::sync::Arc<CryptoProvider>); pub struct AllowAllCertVerifier(std::sync::Arc<CryptoProvider>);
impl AllowAllCertVerifier { impl AllowAllCertVerifier {
/// Constructor for this verifier.
/// Use only if you know what you are doing.
///
/// # Examples
/// ```
/// let client = tokio_gemini::Client::builder()
/// .with_custom_verifier(AllowAllCertVerifier::yes_i_know_what_i_am_doing())
/// .build()
/// ```
pub fn yes_i_know_what_i_am_doing() -> Self { pub fn yes_i_know_what_i_am_doing() -> Self {
AllowAllCertVerifier( AllowAllCertVerifier(
CryptoProvider::get_default() CryptoProvider::get_default()

View file

@ -1,3 +1,5 @@
//! Everything related to TLS certs verification
pub mod fingerprint; pub mod fingerprint;
pub mod insecure; pub mod insecure;
@ -10,6 +12,9 @@ pub use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
use tokio_rustls::rustls; use tokio_rustls::rustls;
/// Trait for implementing self-signed cert verifiers
/// like [`file_sscv::FileBasedCertVerifier`]
/// (probably via known_hosts with TOFU policy or DANE verification)
pub trait SelfsignedCertVerifier: Send + Sync { pub trait SelfsignedCertVerifier: Send + Sync {
fn verify( fn verify(
&self, &self,
@ -19,6 +24,9 @@ pub trait SelfsignedCertVerifier: Send + Sync {
) -> Result<bool, rustls::Error>; ) -> Result<bool, rustls::Error>;
} }
/// Structure holding a cert fingerprint and expiry date,
/// suggested for using in a [`SelfsignedCertVerifier`] cert storage
/// (like `HashMap<String, SelfsignedCert>`, as a known_hosts parsing result)
pub struct SelfsignedCert { pub struct SelfsignedCert {
pub algo: crate::certs::fingerprint::Algorithm, pub algo: crate::certs::fingerprint::Algorithm,
pub fingerprint: String, pub fingerprint: String,

View file

@ -1,3 +1,7 @@
//! Internal custom Rustls verifier
//! allowing verification both with webpki trust roots (when enabled)
//! and with implementaions of our own [`SelfsignedCertVerifier`]
use crate::certs::SelfsignedCertVerifier; use crate::certs::SelfsignedCertVerifier;
use std::sync::Arc; use std::sync::Arc;