From dbb00a88b049eafc56acb06ec9666bb8c82889b4 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Sat, 10 Oct 2020 22:38:07 +0800 Subject: [PATCH] feat: add certs --- actix_rustls/src/cert_chain.pem | 84 ++++++++++++++++++++++++++++++++ actix_rustls/src/main.rs | 21 ++++++-- actix_rustls/src/private_key.pem | 40 +++++++++++++++ 3 files changed, 141 insertions(+), 4 deletions(-) create mode 100644 actix_rustls/src/cert_chain.pem create mode 100644 actix_rustls/src/private_key.pem diff --git a/actix_rustls/src/cert_chain.pem b/actix_rustls/src/cert_chain.pem new file mode 100644 index 0000000..3237af6 --- /dev/null +++ b/actix_rustls/src/cert_chain.pem @@ -0,0 +1,84 @@ +-----BEGIN CERTIFICATE----- +MIIEczCCAtugAwIBAgIVANtxEITBMdlrkDCaLZGYyxlH2g7eMA0GCSqGSIb3DQEB +CwUAMCYxJDAiBgNVBAMMG0hhdHRlciBUZXN0IEludGVybWVkaWF0ZSBDQTAeFw0x +OTA2MDMwMDAwMDBaFw0yNDA2MDMwMDAwMDBaMBYxFDASBgNVBAMMC2V4YW1wbGUu +Y29tMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3sFqqYgsr6taCt5x +fJ0esQUo5TfvHaGMwiKqp8Wz5Z2qkEWgGyk7TLAzFdh74kgK42GT7ajz2BOuGjOG +h23UJIsvCM6CPH0P/e9NwPAkwst7XRUvwKC1l0952E6eVPi68CQ5JNrpcwD9Gwz9 +74lBc/LhmEgpczTedSzo1PP+yl5+kvtj7HQ+D42t119UIQk08w6yyg65X/m9YDXy +aqEF/nEGTW/p9UCjyUPMNENcXxdkqb4U4GZP7Y8AnxOR43IitKDJiAcRN7I5NzOR +OACa28fb12rDWEDaNV2pfIkxWRSpgrIqB6D4fkCoFO5k6VuRZozaA41HWaxpSfYn +2fc5WiAGnW1KU5kRQwtLBefWBiMWzhxQjC7g0ZN1RLDIK8bU6PgPRbncuMXtMe+n +3M62uBihmP+yE590W3UZ3Fe7kmp6F0bgelp7m1RgkXv46NCF46TUoMtjerrvtPIe +cV3lziYcfGd8xh8+isFOJnYiqz2XdhRLAaqUMdIcKECDzSWDAgMBAAGjgacwgaQw +DgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUH +AwEGCCsGAQUFBwMCMCUGA1UdEQQeMByCC2V4YW1wbGUuY29tgg0qLmV4YW1wbGUu +Y29tMB0GA1UdDgQWBBTxqz0CCK+umU+67N0RAInTy3CFlzAfBgNVHSMEGDAWgBT/ +l70lphw5HEmXYdRc1xhwNNfLSDANBgkqhkiG9w0BAQsFAAOCAYEAd2Gz9l+5RT4Y +AozhgD/KFsi0dTkoJ20Tnw0LfRi3ig1mJFF4qQ2/hMm0Xy0kro9xTZHSblWukbDi +pbRuIPvNhLgHt55w0lDJTgsC2dEBi5SMgWABYY98QbcKhoy9s9T1uxvdUUxo55Bw +whWbg3hYRmNqkk5FY7HxahfsL6K6b/zjAlGTc3mne0kYTRhjZ2BolO3jpCT0bxFg +k6KBNymQLsX1RnP0wbN+Tr09VA/f1vOVU2D/gIyomdLRXS5BRyLfclI/tfJ2q9b8 +9rLhoKi9xlvVK6XhLMqr9dGTuwNH7YtIzMI0a67UgBRLZnD397jR0YsPeynBuv25 +bGOMRw8EuSGqL6ZvoLPUVi6Rrx+I+eJRwcQBZ3QjGQkac84OGs1b050cTJyUPkmw +87Ymd/effG8mxxBlk3Aogv+xqEDgGbYtgW5ihqk8OsTNzeA07lNdPc35XMoukIRR +LUA5YPfbZkwT8riGCKY/mAa1twGcF5hXa4BIw8CJaVFSfrYhgnvf +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEuTCCAqGgAwIBAgIVAIsCKxneJOj/cG10MuQwOn8uYdUdMA0GCSqGSIb3DQEB +CwUAMB4xHDAaBgNVBAMME0hhdHRlciBUZXN0IENBIFJvb3QwHhcNMTkwNjAzMDAw +MDAwWhcNMzkwNjAzMDAwMDAwWjAmMSQwIgYDVQQDDBtIYXR0ZXIgVGVzdCBJbnRl +cm1lZGlhdGUgQ0EwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCRkidw +HPZYiuLGFV1KNbYB4mp1OoGwYL2MVS0uEMlODF1dRGVTpoF/9bSOvQ7CIxuqbEPF +qDu37rZnJ7ixTMnLcnfifek5q+0IdWyYgYyuBiVpgvhW1SzI/RHcZzQImhUkQ6ue +ciQCgF2G4ToqZoAnIzImklOhfT3UQXqHQHyra2fW7C1GKq2guUmcjcGwOv5+wy7D +SwKqULMXfKNyg1xVdanaU+9DpPGHrbndAjS4XNWLaPSFx05vJU9XmNwkx/1FZn2r +r4/geJDZqRwru+rWxrQnQr4sClJcORBT9KeJ94EF3APfpR3GfSYFnUmvcW+NB+qn +mpC6Qgy7xiMZuDRo9J1To/uNiPq2i6HBA2HqMlNArznk2eHijmRtwP1mhbVyeFeS +kom7gqz+iMTt/ZKiQh1x+2l6IYekGswfqi++1165g74IMn0JSZJY08vX+CGRaVQP +yjud4dWh0BJYS/e5hpXEgNdft4KGiGm1eKaKkacWOC+LIjAHlS+OnExbRgkCAwEA +AaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0O +BBYEFP+XvSWmHDkcSZdh1FzXGHA018tIMB8GA1UdIwQYMBaAFG7h4b7D6YJr322D +nnS7D+VyBXA8MA0GCSqGSIb3DQEBCwUAA4ICAQAmSn6nelezJsSgu/i7GYlWkluE +pSvmtxeL6hvvXf1tKcSGUmwWi+gI8V5/G7cJ/5i9+np7aijFvdXIhVvBS3+Ydg2u +7juF/4nD40ZAwu8imH0HLcG2klfCIb4PWPT3zMY5wTijNmlLf2R8Xi/sjbkcaGrH +KS2EQiKR1Wo9Aac7RPCeYHr+BORLJY4zKsMA0RfLIhdDxrrT7YrlQguhHCiWulhs +vN4cFHt6IQjq0ijjMYKgjyuEWU+6YdrMMQNL3m74mCmbNOTRbL+PTOXzKphA9qcr +/V+vPxMWDjpRc+aj7zpelF2IqQnhH8fs6F0shlz6PJsIitsd5CpuSvTUtOQzreTf +NQXGS/FWLq0ylxbbXOtfm0Rtu2hXmlCHdz1jp3BD9nrQNgBFAPJVkocg7CyP5eka +ZI635dXcM8LpRc8npivQFaqOelvmJHzKhQVoiHjnoz9IuIZBSLsZ9x3cKtZMPsTS ++JZ73rrXhJtRGZm6KCyR9ozqAOlapE1uqMLedNneCl8ZHrFU45zX+8dElBh+7iaD +6aQug2chqhqB4HZ34rLimDaIVUNwnBOqon4gJ20KQrMlXBKTeeN0CVKBxJiwEKNA +rAb/cv+JFXsLz407+Y1E1bVcwqxH55G6K58ZavcrSApVV+sTvoPqlJxD6JSpgrwN +iAEAqVLBzHwqXCfAGA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFMDCCAxigAwIBAgIVAOnHe885oPpG3CMPxGBEf6t9ZT07MA0GCSqGSIb3DQEB +CwUAMB4xHDAaBgNVBAMME0hhdHRlciBUZXN0IENBIFJvb3QwIBcNMTkwNjAyMDAw +MDAwWhgPMjA3OTA2MDIwMDAwMDBaMB4xHDAaBgNVBAMME0hhdHRlciBUZXN0IENB +IFJvb3QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAN85IVVGc90li +qoDOu3zj9V7+CM6RLB1JsHATvKCsfqxCigNT/pXw7MLG3KLNI5jqBjo9rm72dyPP +qlcuKQQMD6zAfMGThLFbWc9p88QfLFFoO4Y2QZI2kAP92N6rdBMvQJR0d/B+3Ppg +najvBdlokwcs36fUlA1/ODg7xZEK5Lvdbwdi3rlGwbj5l3qvIREMPNVZFTrvfWWi +mVti5u823kr7vqFfJrcIkuRITj1Se/jFujFl+yYHXQff4QmSPCc29tKLBPC5D0Fa +HnwmZB1UTtKfQw4vPDgqRlbwdvJXz4+dNtCdSbVFe25vMnmW1rYpe3KS3+mpT3Hj +8wQYdTTLo7O+cJY/nMVmbdv1asmIr41drHxJOO9eBJGazRwQqZbZU1vcTN39/8tL +HZ42+jbr0txOWoVufr2y5Mh/ykQgj4k4R1V6VLeb026jjePI5Cl5vdbf1uf3VLQj +OEw0BRv84ribdJVAuzjVbWBNT7EJ4UN9Vy9YvL325ATn7b1M7PIJIlu+ORXk4nv0 +31efTzVqKoBfn2FyryV4g2/BMWUeoBkgIBA1XfUOPxCM5TKYcVKb74pGhmYk3G5p +gllBB/a8h7uXldBj4Fpvy307noODxDWlXruphXPV4T92gNSg01uZ1CTepLV35FQw +IOLWYBHldDtGBKAnMidg72QhPsNb4wIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUbuHhvsPpgmvfbYOedLsP5XIFcDww +HwYDVR0jBBgwFoAUbuHhvsPpgmvfbYOedLsP5XIFcDwwDQYJKoZIhvcNAQELBQAD +ggIBAEMO0sdE285PRpflCCXPc6KRJvAr7+QqgcBFF85FQSI4MXPUSsUXn3VYMIqN +H/StaBGL11gXRP5nuH6j4vjNV+q02fa7XvBTcg8Y7EUy/e3t4X6oAGFXV6LWEl75 +4lK6wOowUCSctKFv3+CqA8GWlR1pnwbIMm4aaqXgrLnzYAi7Q/xWqTQy6fcp3Sdg +GBiNAyLyDuaKlgmHhcP2OP1oSPyGhTZMSmnagJxc081qNzmyJq1r6RX3gv0IyqWm +UVyb5/hTPcn3/mXYR2S9oSAnaxkkDdsycJc0urcQ7BpYKouaZrSyCjUjSfnOIcoe +9NcTSJdm24pIMdRn8rVy3BdtXvK7/XDOXA/EkfJ6bdg3vxSV8rANVHUq2bvYwKVQ +/uG6sC0x3GtlgHdEpJ317YrM/wgxf/6BkIblZQOjbslZYWYilD6tTwtoennS1IXd +y30vyZ1xteZkpcI88/Cz8H3e+nae4WH0nxVXjuaFf9qrJy8NF41g0jOnRaDwYfjm +uyOJu18QyRADuF0RhS9t37/qvO1qTj2BYXBeA/yKOc+PjimS7Ds21zwvMseydwIH +GscPbyIZNvtQ109bCw6zH3LTZX42PT7Jfdz6BgwjlRae0mb4LACe1sG689gMYx4f +N66PfShPXgjYC0EdfHdEgsGWDpFmoSamnF9HSBmHgQxM0Atd +-----END CERTIFICATE----- \ No newline at end of file diff --git a/actix_rustls/src/main.rs b/actix_rustls/src/main.rs index 101590c..c45e3b4 100644 --- a/actix_rustls/src/main.rs +++ b/actix_rustls/src/main.rs @@ -3,17 +3,30 @@ use rustls::ClientHello; use rustls::NoClientAuth; use rustls::ServerConfig; use rustls::ResolvesServerCert; +use rustls::sign; use rustls::sign::CertifiedKey; +use rustls::internal::pemfile; use actix_web::App; use actix_web::HttpServer; use actix_web::get; use actix_web::Responder; -struct CustomResolvesServerCert; -impl ResolvesServerCert for CustomResolvesServerCert { +const CERT_CHAIN: &str = include_str!("cert_chain.pem"); +const PRIVATE_KEY: &str = include_str!("private_key.pem"); + +struct ResolvesServerCertImpl; +impl ResolvesServerCert for ResolvesServerCertImpl { fn resolve(&self, client_hello: ClientHello) -> Option { println!("Request server name: {:?}", client_hello.server_name()); - None + + let mut cert_chain_bytes = CERT_CHAIN.as_bytes(); + let mut private_key_bytes = PRIVATE_KEY.as_bytes(); + + let cert_chain = pemfile::certs(&mut cert_chain_bytes).unwrap(); + let mut keys = pemfile::pkcs8_private_keys(&mut private_key_bytes).unwrap(); + let signing_key = sign::any_supported_type(&keys.remove(0)).unwrap(); + + Some(CertifiedKey::new(cert_chain, Arc::new(signing_key))) } } @@ -25,7 +38,7 @@ async fn index() -> impl Responder { #[actix_web::main] async fn main() -> std::io::Result<()> { let mut config = ServerConfig::new(NoClientAuth::new()); - config.cert_resolver = Arc::new(CustomResolvesServerCert); + config.cert_resolver = Arc::new(ResolvesServerCertImpl); let listen = "127.0.0.1:8443"; println!("Listen at: {}", listen); diff --git a/actix_rustls/src/private_key.pem b/actix_rustls/src/private_key.pem new file mode 100644 index 0000000..453b413 --- /dev/null +++ b/actix_rustls/src/private_key.pem @@ -0,0 +1,40 @@ +-----BEGIN PRIVATE KEY----- +MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDewWqpiCyvq1oK +3nF8nR6xBSjlN+8doYzCIqqnxbPlnaqQRaAbKTtMsDMV2HviSArjYZPtqPPYE64a +M4aHbdQkiy8IzoI8fQ/9703A8CTCy3tdFS/AoLWXT3nYTp5U+LrwJDkk2ulzAP0b +DP3viUFz8uGYSClzNN51LOjU8/7KXn6S+2PsdD4Pja3XX1QhCTTzDrLKDrlf+b1g +NfJqoQX+cQZNb+n1QKPJQ8w0Q1xfF2SpvhTgZk/tjwCfE5HjciK0oMmIBxE3sjk3 +M5E4AJrbx9vXasNYQNo1Xal8iTFZFKmCsioHoPh+QKgU7mTpW5FmjNoDjUdZrGlJ +9ifZ9zlaIAadbUpTmRFDC0sF59YGIxbOHFCMLuDRk3VEsMgrxtTo+A9Fudy4xe0x +76fczra4GKGY/7ITn3RbdRncV7uSanoXRuB6WnubVGCRe/jo0IXjpNSgy2N6uu+0 +8h5xXeXOJhx8Z3zGHz6KwU4mdiKrPZd2FEsBqpQx0hwoQIPNJYMCAwEAAQKCAYA+ +LvJOp0QKOiRlulkl91qVAiK7clTfCbUYkMLhGPCyXcQ6iCU8z9LNArcQFyHmNkRL +23aHNs3zePL2P4IDlmZNWUllBPkYV7U6Jy6meKNaeaFTh9GPzY1D0xzphHDwuYq9 +9O662h2nTBRcE9FjqAZMjvXpI+PmVFDxlvrcT8zFw4FEGMd5P63/e4aXA/ahTkeo +vmasv1WCdF4oWIb2u0LIF9cxkNdX7paKXdHImTFVHlusgvKi/gy7/VqoDbeBLd/6 +yebo9jVfI9Jf6pT5VaQdw1vTHTcZWHJDlRuCd+rVksLn7CMjUdbd0RFIgEJtEZiJ +8aYrE7MI+5ZbE4Hw/TkM5B8+wEvwcE8nU+Zh4Sf9uQ4F5dsCflcZmKCJ76XXOOc0 +WJUVesnKCbyWYa+bEiwI2QZwHh5Zt8tjMTJ92DOu17lmrjy273bJXo+EjVhxDw/x ++BdUO0lQm2smk+LI+ICHxi++rojM9gltJ0CcPu3acPnefgAFmTFl1RGoDWWsUjkC +gcEA/YTnS8vo6UPt7x3XSug+4Rec83ZRx6PS6lvQMfysXYA3Cy5rNRW00ZnPlXlU +6lxZoSWCZ5NO7brZ4HE3gUH27OCot6RGvvXlMjh563g7oEzqMrZKfUZF8TIOOnaB +8TMNxHzhlC4wRl4cAfoJwn62eSfHrx0lducheru6XOVM8HcDKNIvtFA9s+oB+DZs +nLTbyCyh0haJ1JUPT4mOtW6ZDwTeyEs6p5+rhDDdxX+yZelyqVeAy3HFK/KQZB05 +uba9AoHBAODvck7anaVaG+7sOZIMfKzMIBJMe+JBGcNiBUpx6iwnpUsg6amLjju+ +dtyLXkD1ik7BW2CQgR9oYhR1WbvqVX9aF2AMK5N1YQxC1YAH47x638llFmIQQKa0 +oV5Sg12XT+fTMBJLVJ2tnnKMPL5eSUZFszw5sMIUOkO3NWSD1Pnc2UD9sH3HOEDP +rf4pj/Uw7wIEFM1awZxXuP4AHQlPu1eyxhuuj6zAm51XltMC3OR45hO5qYtEiOd5 +YIMunQsxPwKBwQCqJxNeSgOO3CrLvEmNWwco6EJNHXKR/aBH70ty4VWGg9Ftzb/i +pyjvLL6oYgDeMxFtGNHHVpU49ZnaC+Lm/DEQl1BlwPpCnKMx67nYkp/iXP0rADJK +lmnHEoN+NZ/NFSj+YZq9a6q27974bKs0QPuToWFiZLuKbGKKD4lrY/MZyabzNO8T +pG9lW3/q6gxHuRNx7JLHgJ0NcuYNyhNgLlTIQcqMwAEkFAR3+pw+PBCuWdq9UZ99 +7GQbtPe4We0uejkCgcAUZcJQ4kQ/dV9pGCTUWKuJo+0Ym7T0PIEQlbfzG0dn/6Re +nrpxtIUOZ+QxdbXzYBDNuX0G0bPT3ExgnI+pmcNtDAdon1HoSlGlof3oYU7GjcHz +amZQODcUpvanLgZZm1oUpLMMRaaDsfXXX142ySgN5k4tnPGpd9ocv+VomwfaLKvK +1/aEQWeZgPu/O5ehXXGfFi2ovZ0nB1FwPyRi7scHWd/bLMY8nS6/Yuz7b5wGX+xF +R6XXSjy7+ObGnpiBJlMCgcAJF3aUd1nmPf5xlPEnCJ/ngMFhhG/WREyhrhFme3z8 +NZQeaD8w78A8wrOWfY1SXtEc9+U1Y2DO39cQ9GUDuudL0ZZC4N87fsMB1iMYOa7H +lCSnzCNRMC5r/1LU1kGVblfMIBrfdBz09a88mGYqk4kqzg1HsfZWZ/dg/3zDv3LF +AyO6Qk6EqTuNa+i9sUlb20GT0bjBxB/x9z21dNQwpmKKrtVoxTATi1PRTog8n+DD +kk4MNz4BCcE8K3fyQKOF1vU= +-----END PRIVATE KEY----- \ No newline at end of file