refactor: delete unused certs::verifier

This commit is contained in:
DarkCat09 2024-08-28 17:17:04 +04:00
parent 32b888b3c1
commit 73addc33ca
Signed by: DarkCat09
GPG key ID: BD3CE9B65916CD82

View file

@ -1,83 +0,0 @@
//! Internal custom Rustls verifier
//! allowing verification both with webpki trust roots (when enabled)
//! and with implementaions of our own [`SelfsignedCertVerifier`]
use crate::certs::SelfsignedCertVerifier;
use std::sync::Arc;
pub use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
use tokio_rustls::rustls::{
self,
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
};
pub struct CustomCertVerifier {
pub(crate) provider: Arc<rustls::crypto::CryptoProvider>,
pub(crate) ss_verifier: Box<dyn SelfsignedCertVerifier>,
}
impl ServerCertVerifier for CustomCertVerifier {
fn verify_server_cert(
&self,
end_entity: &CertificateDer<'_>,
_intermediates: &[CertificateDer<'_>],
server_name: &ServerName<'_>,
_ocsp_response: &[u8],
now: UnixTime,
) -> Result<ServerCertVerified, rustls::Error> {
// TODO: certificate validation (domain, expiry, etc.)
if self
.ss_verifier
.verify(end_entity, server_name.to_str().as_ref(), now)?
{
Ok(ServerCertVerified::assertion())
} else {
Err(rustls::Error::InvalidCertificate(
rustls::CertificateError::ApplicationVerificationFailure,
))
}
}
fn verify_tls12_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &rustls::DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, rustls::Error> {
rustls::crypto::verify_tls12_signature(
message,
cert,
dss,
&self.provider.signature_verification_algorithms,
)
}
fn verify_tls13_signature(
&self,
message: &[u8],
cert: &CertificateDer<'_>,
dss: &rustls::DigitallySignedStruct,
) -> Result<HandshakeSignatureValid, rustls::Error> {
rustls::crypto::verify_tls13_signature(
message,
cert,
dss,
&self.provider.signature_verification_algorithms,
)
}
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
self.provider
.signature_verification_algorithms
.supported_schemes()
}
}
impl std::fmt::Debug for CustomCertVerifier {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
write!(f, "CustomCertVerifier {{ provider: {:?} }}", self.provider)
}
}