mirror of
https://github.com/fafhrd91/actix-web
synced 2025-06-24 22:37:35 +02:00
use rcgen for tls key generation (#1989)
This commit is contained in:
Rob Ede
GitHub
@ -95,6 +95,7 @@ actix-http-test = { version = "3.0.0-beta.2", features = ["openssl"] }
|
||||
actix-tls = { version = "3.0.0-beta.2", features = ["openssl"] }
|
||||
criterion = "0.3"
|
||||
env_logger = "0.8"
|
||||
rcgen = "0.8"
|
||||
serde_derive = "1.0"
|
||||
tls-openssl = { version = "0.10", package = "openssl" }
|
||||
tls-rustls = { version = "0.19", package = "rustls" }
|
||||
|
||||
@ -14,7 +14,11 @@ use actix_service::{fn_service, ServiceFactoryExt};
|
||||
use bytes::{Bytes, BytesMut};
|
||||
use futures_util::future::{err, ok, ready};
|
||||
use futures_util::stream::{once, Stream, StreamExt};
|
||||
use openssl::ssl::{AlpnError, SslAcceptor, SslFiletype, SslMethod};
|
||||
use openssl::{
|
||||
pkey::PKey,
|
||||
ssl::{SslAcceptor, SslMethod},
|
||||
x509::X509,
|
||||
};
|
||||
|
||||
async fn load_body<S>(stream: S) -> Result<BytesMut, PayloadError>
|
||||
where
|
||||
@ -34,29 +38,26 @@ where
|
||||
Ok(body)
|
||||
}
|
||||
|
||||
fn ssl_acceptor() -> SslAcceptor {
|
||||
// load ssl keys
|
||||
fn tls_config() -> SslAcceptor {
|
||||
let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
|
||||
let cert_file = cert.serialize_pem().unwrap();
|
||||
let key_file = cert.serialize_private_key_pem();
|
||||
let cert = X509::from_pem(cert_file.as_bytes()).unwrap();
|
||||
let key = PKey::private_key_from_pem(key_file.as_bytes()).unwrap();
|
||||
|
||||
let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();
|
||||
builder
|
||||
.set_private_key_file("../tests/key.pem", SslFiletype::PEM)
|
||||
.unwrap();
|
||||
builder
|
||||
.set_certificate_chain_file("../tests/cert.pem")
|
||||
.unwrap();
|
||||
builder.set_certificate(&cert).unwrap();
|
||||
builder.set_private_key(&key).unwrap();
|
||||
|
||||
builder.set_alpn_select_callback(|_, protos| {
|
||||
const H2: &[u8] = b"\x02h2";
|
||||
const H11: &[u8] = b"\x08http/1.1";
|
||||
if protos.windows(3).any(|window| window == H2) {
|
||||
Ok(b"h2")
|
||||
} else if protos.windows(9).any(|window| window == H11) {
|
||||
Ok(b"http/1.1")
|
||||
} else {
|
||||
Err(AlpnError::NOACK)
|
||||
Err(openssl::ssl::AlpnError::NOACK)
|
||||
}
|
||||
});
|
||||
builder
|
||||
.set_alpn_protos(b"\x08http/1.1\x02h2")
|
||||
.expect("Can not contrust SslAcceptor");
|
||||
builder.set_alpn_protos(b"\x02h2").unwrap();
|
||||
|
||||
builder.build()
|
||||
}
|
||||
@ -66,7 +67,7 @@ async fn test_h2() -> io::Result<()> {
|
||||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, Error>(Response::Ok().finish()))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -85,7 +86,7 @@ async fn test_h2_1() -> io::Result<()> {
|
||||
assert_eq!(req.version(), Version::HTTP_2);
|
||||
ok::<_, Error>(Response::Ok().finish())
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -104,7 +105,7 @@ async fn test_h2_body() -> io::Result<()> {
|
||||
let body = load_body(req.take_payload()).await?;
|
||||
Ok::<_, Error>(Response::Ok().body(body))
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -133,7 +134,7 @@ async fn test_h2_content_length() {
|
||||
];
|
||||
ok::<_, ()>(Response::new(statuses[indx]))
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -195,7 +196,7 @@ async fn test_h2_headers() {
|
||||
}
|
||||
ok::<_, ()>(builder.body(data.clone()))
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
}).await;
|
||||
|
||||
@ -234,7 +235,7 @@ async fn test_h2_body2() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -252,7 +253,7 @@ async fn test_h2_head_empty() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.finish(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -276,7 +277,7 @@ async fn test_h2_head_binary() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -299,7 +300,7 @@ async fn test_h2_head_binary2() {
|
||||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -323,7 +324,7 @@ async fn test_h2_body_length() {
|
||||
Response::Ok().body(body::SizedStream::new(STR.len() as u64, body)),
|
||||
)
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -348,7 +349,7 @@ async fn test_h2_body_chunked_explicit() {
|
||||
.streaming(body),
|
||||
)
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -376,7 +377,7 @@ async fn test_h2_response_http_error_handling() {
|
||||
.body(STR),
|
||||
)
|
||||
}))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -394,7 +395,7 @@ async fn test_h2_service_error() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| err::<Response, Error>(ErrorBadRequest("error")))
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
@ -418,7 +419,7 @@ async fn test_h2_on_connect() {
|
||||
assert!(req.extensions().contains::<isize>());
|
||||
ok::<_, ()>(Response::Ok().finish())
|
||||
})
|
||||
.openssl(ssl_acceptor())
|
||||
.openssl(tls_config())
|
||||
.map_err(|_| ())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -31,14 +31,19 @@ where
|
||||
Ok(body)
|
||||
}
|
||||
|
||||
fn ssl_acceptor() -> RustlsServerConfig {
|
||||
// load ssl keys
|
||||
fn tls_config() -> RustlsServerConfig {
|
||||
let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_owned()]).unwrap();
|
||||
let cert_file = cert.serialize_pem().unwrap();
|
||||
let key_file = cert.serialize_private_key_pem();
|
||||
|
||||
let mut config = RustlsServerConfig::new(NoClientAuth::new());
|
||||
let cert_file = &mut BufReader::new(File::open("../tests/cert.pem").unwrap());
|
||||
let key_file = &mut BufReader::new(File::open("../tests/key.pem").unwrap());
|
||||
let cert_file = &mut BufReader::new(cert_file.as_bytes());
|
||||
let key_file = &mut BufReader::new(key_file.as_bytes());
|
||||
|
||||
let cert_chain = certs(cert_file).unwrap();
|
||||
let mut keys = pkcs8_private_keys(key_file).unwrap();
|
||||
config.set_single_cert(cert_chain, keys.remove(0)).unwrap();
|
||||
|
||||
config
|
||||
}
|
||||
|
||||
@ -47,7 +52,7 @@ async fn test_h1() -> io::Result<()> {
|
||||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h1(|_| future::ok::<_, Error>(Response::Ok().finish()))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -61,7 +66,7 @@ async fn test_h2() -> io::Result<()> {
|
||||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| future::ok::<_, Error>(Response::Ok().finish()))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -79,7 +84,7 @@ async fn test_h1_1() -> io::Result<()> {
|
||||
assert_eq!(req.version(), Version::HTTP_11);
|
||||
future::ok::<_, Error>(Response::Ok().finish())
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -97,7 +102,7 @@ async fn test_h2_1() -> io::Result<()> {
|
||||
assert_eq!(req.version(), Version::HTTP_2);
|
||||
future::ok::<_, Error>(Response::Ok().finish())
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -115,7 +120,7 @@ async fn test_h2_body1() -> io::Result<()> {
|
||||
let body = load_body(req.take_payload()).await?;
|
||||
Ok::<_, Error>(Response::Ok().body(body))
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -143,7 +148,7 @@ async fn test_h2_content_length() {
|
||||
];
|
||||
future::ok::<_, ()>(Response::new(statuses[indx]))
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -203,7 +208,7 @@ async fn test_h2_headers() {
|
||||
}
|
||||
future::ok::<_, ()>(config.body(data.clone()))
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
}).await;
|
||||
|
||||
let response = srv.sget("/").send().await.unwrap();
|
||||
@ -241,7 +246,7 @@ async fn test_h2_body2() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| future::ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -258,7 +263,7 @@ async fn test_h2_head_empty() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.finish(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -284,7 +289,7 @@ async fn test_h2_head_binary() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -309,7 +314,7 @@ async fn test_h2_head_binary2() {
|
||||
let srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| ok::<_, ()>(Response::Ok().body(STR)))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -335,7 +340,7 @@ async fn test_h2_body_length() {
|
||||
Response::Ok().body(body::SizedStream::new(STR.len() as u64, body)),
|
||||
)
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -359,7 +364,7 @@ async fn test_h2_body_chunked_explicit() {
|
||||
.streaming(body),
|
||||
)
|
||||
})
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -388,7 +393,7 @@ async fn test_h2_response_http_error_handling() {
|
||||
)
|
||||
}))
|
||||
}))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -405,7 +410,7 @@ async fn test_h2_service_error() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h2(|_| err::<Response, Error>(error::ErrorBadRequest("error")))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
@ -422,7 +427,7 @@ async fn test_h1_service_error() {
|
||||
let mut srv = test_server(move || {
|
||||
HttpService::build()
|
||||
.h1(|_| err::<Response, Error>(error::ErrorBadRequest("error")))
|
||||
.rustls(ssl_acceptor())
|
||||
.rustls(tls_config())
|
||||
})
|
||||
.await;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user