actix/examples
1
0
Fork 0
mirror of https://github.com/actix/examples synced 2025-04-22 08:34:52 +02:00
Code Issues Releases Wiki Activity

Simplify cert-watch example

Browse Source
This commit is contained in:
Olivier Guittonneau 2025-04-03 17:50:46 +02:00
parent 60c8160d6a
commit c3bd9d9620
No known key found for this signature in database
GPG Key ID: 7328EDEC98A034EA
2 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
https-tls/cert-watch/Cargo.toml
View File

@ -11,5 +11,4 @@ eyre.workspace = true
log.workspace = true log.workspace = true
notify = "6" notify = "6"
rustls.workspace = true rustls.workspace = true
rustls-pemfile.workspace = true
tokio = { workspace = true, features = ["time", "rt", "macros"] } tokio = { workspace = true, features = ["time", "rt", "macros"] }

44
https-tls/cert-watch/src/main.rs
View File

@ -1,12 +1,14 @@
use std::{fs::File, io::BufReader, path::Path}; use std::path::Path;
use actix_web::{ use actix_web::{
App, HttpRequest, HttpResponse, HttpServer, http::header::ContentType, middleware, web, App, HttpRequest, HttpResponse, HttpServer, http::header::ContentType, middleware, web,
}; };
use log::debug; use log::debug;
use notify::{Event, RecursiveMode, Watcher as _}; use notify::{Event, RecursiveMode, Watcher as _};
use rustls::{ServerConfig, pki_types::PrivateKeyDer}; use rustls::{
use rustls_pemfile::{certs, pkcs8_private_keys}; ServerConfig,
pki_types::{CertificateDer, PrivateKeyDer, pem::PemObject},
};
use tokio::sync::mpsc; use tokio::sync::mpsc;
#[derive(Debug)] #[derive(Debug)]
@ -27,6 +29,11 @@ async fn main() -> eyre::Result<()> {
color_eyre::install()?; color_eyre::install()?;
env_logger::init_from_env(env_logger::Env::default().default_filter_or("info")); env_logger::init_from_env(env_logger::Env::default().default_filter_or("info"));
// Load default provider, to be done once for the process
rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.unwrap();
// signal channel used to notify main event loop of cert/key file changes // signal channel used to notify main event loop of cert/key file changes
let (reload_tx, mut reload_rx) = mpsc::channel(1); let (reload_tx, mut reload_rx) = mpsc::channel(1);
@ -100,29 +107,16 @@ async fn main() -> eyre::Result<()> {
} }
fn load_rustls_config() -> eyre::Result<rustls::ServerConfig> { fn load_rustls_config() -> eyre::Result<rustls::ServerConfig> {
rustls::crypto::aws_lc_rs::default_provider()
.install_default()
.unwrap();
// init server config builder with safe defaults
let config = ServerConfig::builder().with_no_client_auth();
// load TLS key/cert files // load TLS key/cert files
let cert_file = &mut BufReader::new(File::open("cert.pem")?); let cert_chain = CertificateDer::pem_file_iter("cert.pem")
let key_file = &mut BufReader::new(File::open("key.pem")?); .unwrap()
.flatten()
.collect();
// convert files to key/cert objects let key_der =
let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap(); PrivateKeyDer::from_pem_file("key.pem").expect("Could not locate PKCS 8 private keys.");
let mut keys = pkcs8_private_keys(key_file)
.map(|key| key.map(PrivateKeyDer::Pkcs8))
.collect::<Result<Vec<_>, _>>()
.unwrap();
// exit if no keys could be parsed Ok(ServerConfig::builder()
if keys.is_empty() { .with_no_client_auth()
eprintln!("Could not locate PKCS 8 private keys."); .with_single_cert(cert_chain, key_der)?)
std::process::exit(1);
}
Ok(config.with_single_cert(cert_chain, keys.remove(0))?)
} }