Compare commits
2 commits
1fc73d0cab
...
3359c3c9fd
Author | SHA1 | Date | |
---|---|---|---|
3359c3c9fd | |||
32895e5b65 |
2 changed files with 25 additions and 4 deletions
|
@ -1,4 +1,4 @@
|
||||||
use std::{borrow::Cow, io::Write, os::fd::AsFd, sync::Mutex};
|
use std::{borrow::Cow, io::Write, os::fd::AsFd, path::Path, sync::Mutex};
|
||||||
|
|
||||||
use dashmap::DashMap;
|
use dashmap::DashMap;
|
||||||
use tokio::io::AsyncBufReadExt;
|
use tokio::io::AsyncBufReadExt;
|
||||||
|
@ -18,11 +18,11 @@ pub struct FileBasedCertVerifier {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl FileBasedCertVerifier {
|
impl FileBasedCertVerifier {
|
||||||
pub async fn init(path: &str) -> Result<Self, LibError> {
|
pub async fn init(path: impl AsRef<Path>) -> Result<Self, LibError> {
|
||||||
let map = DashMap::new();
|
let map = DashMap::new();
|
||||||
|
|
||||||
if tokio::fs::try_exists(path).await? {
|
if tokio::fs::try_exists(&path).await? {
|
||||||
let mut f = tokio::fs::OpenOptions::new().read(true).open(path).await?;
|
let mut f = tokio::fs::OpenOptions::new().read(true).open(&path).await?;
|
||||||
|
|
||||||
let mut reader = tokio::io::BufReader::new(&mut f);
|
let mut reader = tokio::io::BufReader::new(&mut f);
|
||||||
|
|
||||||
|
|
|
@ -13,17 +13,30 @@ pub const SHA512_HEX_LEN: usize = 128; // (512 / 8) * 2
|
||||||
pub const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
|
pub const SHA256_B64_LEN: usize = 44; // 4 * ((256 / 8) as f64 / 3 as f64).ceil()
|
||||||
pub const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
|
pub const SHA512_B64_LEN: usize = 88; // 4 * ((512 / 8) as f64 / 3 as f64).ceil()
|
||||||
|
|
||||||
|
/// Supported hashing algorithms
|
||||||
#[derive(Debug, Clone, Copy)]
|
#[derive(Debug, Clone, Copy)]
|
||||||
pub enum HashAlgo {
|
pub enum HashAlgo {
|
||||||
Sha256,
|
Sha256,
|
||||||
Sha512,
|
Sha512,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Structure holding a TLS cert hash
|
||||||
|
/// and providing bin2text methods,
|
||||||
|
/// mostly for use in [`crate::certs::SelfsignedCertVerifier`]
|
||||||
pub struct CertFingerprint<T: Digest> {
|
pub struct CertFingerprint<T: Digest> {
|
||||||
hash: sha2::digest::Output<T>,
|
hash: sha2::digest::Output<T>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<T: Digest> CertFingerprint<T> {
|
impl<T: Digest> CertFingerprint<T> {
|
||||||
|
/// Generate a TLS cert hash.
|
||||||
|
///
|
||||||
|
/// # Examples
|
||||||
|
/// ```
|
||||||
|
/// use tokio_gemini::certs::fingerprint::{CertFingerprint, Sha256};
|
||||||
|
///
|
||||||
|
/// let hash = CertFingerprint::<Sha256>::new(rustls_cert);
|
||||||
|
/// let fingerprint = hash.base64();
|
||||||
|
/// ```
|
||||||
pub fn new(cert: &CertificateDer) -> Self {
|
pub fn new(cert: &CertificateDer) -> Self {
|
||||||
let mut hasher = T::new();
|
let mut hasher = T::new();
|
||||||
for chunk in cert.chunks(128) {
|
for chunk in cert.chunks(128) {
|
||||||
|
@ -36,11 +49,15 @@ impl<T: Digest> CertFingerprint<T> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl CertFingerprint<Sha256> {
|
impl CertFingerprint<Sha256> {
|
||||||
|
/// Encode the TLS cert SHA-256 hash as HEX (base16).
|
||||||
|
/// Resulting string is 64 bytes length.
|
||||||
pub fn hex(&self) -> String {
|
pub fn hex(&self) -> String {
|
||||||
let mut buf = [0u8; SHA256_HEX_LEN];
|
let mut buf = [0u8; SHA256_HEX_LEN];
|
||||||
b16::encode_str(&self.hash, &mut buf).unwrap().to_owned()
|
b16::encode_str(&self.hash, &mut buf).unwrap().to_owned()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Encode the TLS cert SHA-256 hash as base64.
|
||||||
|
/// Resulting string is 44 bytes length.
|
||||||
pub fn base64(&self) -> String {
|
pub fn base64(&self) -> String {
|
||||||
let mut buf = [0u8; SHA256_B64_LEN];
|
let mut buf = [0u8; SHA256_B64_LEN];
|
||||||
b64::encode(&self.hash, &mut buf).unwrap().to_owned()
|
b64::encode(&self.hash, &mut buf).unwrap().to_owned()
|
||||||
|
@ -48,11 +65,15 @@ impl CertFingerprint<Sha256> {
|
||||||
}
|
}
|
||||||
|
|
||||||
impl CertFingerprint<Sha512> {
|
impl CertFingerprint<Sha512> {
|
||||||
|
/// Encode the TLS cert SHA-512 hash as HEX (base16).
|
||||||
|
/// Resulting string is 128 bytes length.
|
||||||
pub fn hex(&self) -> String {
|
pub fn hex(&self) -> String {
|
||||||
let mut buf = [0u8; SHA512_HEX_LEN];
|
let mut buf = [0u8; SHA512_HEX_LEN];
|
||||||
b16::encode_str(&self.hash, &mut buf).unwrap().to_owned()
|
b16::encode_str(&self.hash, &mut buf).unwrap().to_owned()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Encode the TLS cert SHA-512 hash as base64.
|
||||||
|
/// Resulting string is 88 bytes length.
|
||||||
pub fn base64(&self) -> String {
|
pub fn base64(&self) -> String {
|
||||||
let mut buf = [0u8; SHA512_B64_LEN];
|
let mut buf = [0u8; SHA512_B64_LEN];
|
||||||
b64::encode(&self.hash, &mut buf).unwrap().to_owned()
|
b64::encode(&self.hash, &mut buf).unwrap().to_owned()
|
||||||
|
|
Loading…
Add table
Reference in a new issue