refactor: delete unused certs::verifier
This commit is contained in:
parent
32b888b3c1
commit
73addc33ca
1 changed files with 0 additions and 83 deletions
|
@ -1,83 +0,0 @@
|
|||
//! Internal custom Rustls verifier
|
||||
//! allowing verification both with webpki trust roots (when enabled)
|
||||
//! and with implementaions of our own [`SelfsignedCertVerifier`]
|
||||
|
||||
use crate::certs::SelfsignedCertVerifier;
|
||||
|
||||
use std::sync::Arc;
|
||||
|
||||
pub use tokio_rustls::rustls::pki_types::{CertificateDer, ServerName, UnixTime};
|
||||
|
||||
use tokio_rustls::rustls::{
|
||||
self,
|
||||
client::danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier},
|
||||
};
|
||||
|
||||
pub struct CustomCertVerifier {
|
||||
pub(crate) provider: Arc<rustls::crypto::CryptoProvider>,
|
||||
pub(crate) ss_verifier: Box<dyn SelfsignedCertVerifier>,
|
||||
}
|
||||
|
||||
impl ServerCertVerifier for CustomCertVerifier {
|
||||
fn verify_server_cert(
|
||||
&self,
|
||||
end_entity: &CertificateDer<'_>,
|
||||
_intermediates: &[CertificateDer<'_>],
|
||||
server_name: &ServerName<'_>,
|
||||
_ocsp_response: &[u8],
|
||||
now: UnixTime,
|
||||
) -> Result<ServerCertVerified, rustls::Error> {
|
||||
// TODO: certificate validation (domain, expiry, etc.)
|
||||
|
||||
if self
|
||||
.ss_verifier
|
||||
.verify(end_entity, server_name.to_str().as_ref(), now)?
|
||||
{
|
||||
Ok(ServerCertVerified::assertion())
|
||||
} else {
|
||||
Err(rustls::Error::InvalidCertificate(
|
||||
rustls::CertificateError::ApplicationVerificationFailure,
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer<'_>,
|
||||
dss: &rustls::DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||
rustls::crypto::verify_tls12_signature(
|
||||
message,
|
||||
cert,
|
||||
dss,
|
||||
&self.provider.signature_verification_algorithms,
|
||||
)
|
||||
}
|
||||
|
||||
fn verify_tls13_signature(
|
||||
&self,
|
||||
message: &[u8],
|
||||
cert: &CertificateDer<'_>,
|
||||
dss: &rustls::DigitallySignedStruct,
|
||||
) -> Result<HandshakeSignatureValid, rustls::Error> {
|
||||
rustls::crypto::verify_tls13_signature(
|
||||
message,
|
||||
cert,
|
||||
dss,
|
||||
&self.provider.signature_verification_algorithms,
|
||||
)
|
||||
}
|
||||
|
||||
fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
|
||||
self.provider
|
||||
.signature_verification_algorithms
|
||||
.supported_schemes()
|
||||
}
|
||||
}
|
||||
|
||||
impl std::fmt::Debug for CustomCertVerifier {
|
||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
||||
write!(f, "CustomCertVerifier {{ provider: {:?} }}", self.provider)
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue