From 60c8160d6a2aee06a5d55a034b6351c0d5e1bd62 Mon Sep 17 00:00:00 2001
From: Olivier Guittonneau <o.guittonneau@fractalenergy.io>
Date: Thu, 3 Apr 2025 15:59:34 +0200
Subject: [PATCH] Simplify rustls example

---
 Cargo.lock                   |  1 -
 https-tls/rustls/Cargo.toml  |  1 -
 https-tls/rustls/src/main.rs | 36 ++++++++++++++----------------------
 3 files changed, 14 insertions(+), 24 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a2206af7..cdaf81c3 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7006,7 +7006,6 @@ dependencies = [
  "env_logger",
  "log",
  "rustls 0.23.25",
- "rustls-pemfile 2.2.0",
 ]
 
 [[package]]
diff --git a/https-tls/rustls/Cargo.toml b/https-tls/rustls/Cargo.toml
index 577795ee..23edaabb 100644
--- a/https-tls/rustls/Cargo.toml
+++ b/https-tls/rustls/Cargo.toml
@@ -10,4 +10,3 @@ actix-files.workspace = true
 env_logger.workspace = true
 log.workspace = true
 rustls.workspace = true
-rustls-pemfile.workspace = true
diff --git a/https-tls/rustls/src/main.rs b/https-tls/rustls/src/main.rs
index c13d92aa..55cb162f 100644
--- a/https-tls/rustls/src/main.rs
+++ b/https-tls/rustls/src/main.rs
@@ -1,12 +1,12 @@
-use std::{fs::File, io::BufReader};
-
 use actix_files::Files;
 use actix_web::{
     App, HttpRequest, HttpResponse, HttpServer, http::header::ContentType, middleware, web,
 };
 use log::debug;
-use rustls::{ServerConfig, pki_types::PrivateKeyDer};
-use rustls_pemfile::{certs, pkcs8_private_keys};
+use rustls::{
+    ServerConfig,
+    pki_types::{CertificateDer, PrivateKeyDer, pem::PemObject},
+};
 
 /// simple handle
 async fn index(req: HttpRequest) -> HttpResponse {
@@ -46,25 +46,17 @@ fn load_rustls_config() -> rustls::ServerConfig {
         .install_default()
         .unwrap();
 
-    // init server config builder with safe defaults
-    let config = ServerConfig::builder().with_no_client_auth();
-
     // load TLS key/cert files
-    let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap());
-    let key_file = &mut BufReader::new(File::open("key.pem").unwrap());
+    let cert_chain = CertificateDer::pem_file_iter("cert.pem")
+        .unwrap()
+        .flatten()
+        .collect();
 
-    // convert files to key/cert objects
-    let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
-    let mut keys = pkcs8_private_keys(key_file)
-        .map(|key| key.map(PrivateKeyDer::Pkcs8))
-        .collect::<Result<Vec<_>, _>>()
-        .unwrap();
+    let key_der =
+        PrivateKeyDer::from_pem_file("key.pem").expect("Could not locate PKCS 8 private keys.");
 
-    // exit if no keys could be parsed
-    if keys.is_empty() {
-        eprintln!("Could not locate PKCS 8 private keys.");
-        std::process::exit(1);
-    }
-
-    config.with_single_cert(cert_chain, keys.remove(0)).unwrap()
+    ServerConfig::builder()
+        .with_no_client_auth()
+        .with_single_cert(cert_chain, key_der)
+        .unwrap()
 }