restructure folders

2025-06-26 17:17:42 +02:00 · 2022-02-18 02:01:48 +00:00
parent 4d8573c3fe
commit cc3d356209
201 changed files with 52 additions and 49 deletions
--- a/https-tls/rustls/Cargo.toml
+++ b/https-tls/rustls/Cargo.toml
@ -0,0 +1,15 @@
+[package]
+name = "rustls-example"
+version = "1.0.0"
+edition = "2021"
+
+[[bin]]
+name = "rustls-server"
+path = "src/main.rs"
+
+[dependencies]
+env_logger = "0.9"
+rustls = "0.20.2"
+rustls-pemfile = "0.2.1"
+actix-web = { version = "4.0.0-beta.21", features = ["rustls"] }
+actix-files = "0.6.0-beta.15"
--- a/https-tls/rustls/README.md
+++ b/https-tls/rustls/README.md
@ -0,0 +1,43 @@
+# TLS / HTTPS (via Rustls)
+
+## Usage
+
+### Certificate
+
+We put the self-signed certificate in this directory as an example
+but your browser would complain that it isn't secure.
+So we recommend to use [`mkcert`] to trust it. To use local CA, you should run:
+
+```bash
+mkcert -install
+```
+
+If you want to generate your own cert/private key file, then run:
+
+```bash
+mkcert 127.0.0.1 localhost
+```
+
+For `rsa` keys use `rsa_private_keys` function instead `pkcs8_private_keys`
+```rs
+let mut keys = pkcs8_private_keys(key_file).unwrap(); // pkcs8
+let mut keys = rsa_private_keys(key_file).unwrap(); // rsa
+```
+
+[`mkcert`]: https://github.com/FiloSottile/mkcert
+
+### Running the Example Server
+
+```bash
+cd security/rustls
+cargo run # (or ``cargo watch -x run``)
+# Started http server: 127.0.0.1:8443
+```
+
+If you prefer reloading you can substitute `cargo watch -x run`.
+That requires you install the `cargo-watch` crate.
+
+### web client
+
+- curl: ``curl -v https://127.0.0.1:8443/index.html --compressed -k``
+- browser: [https://127.0.0.1:8443/index.html](https://127.0.0.1:8443/index.html)
--- a/https-tls/rustls/cert.pem
+++ b/https-tls/rustls/cert.pem
@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAo+gAwIBAgIQKu5MWHrdyO4HsnfIu8alTDANBgkqhkiG9w0BAQsFADBt
+MR4wHAYDVQQKExVta2NlcnQgZGV2ZWxvcG1lbnQgQ0ExITAfBgNVBAsMGHJvYkBz
+b21icmEueDUyLmRldiAoUm9iKTEoMCYGA1UEAwwfbWtjZXJ0IHJvYkBzb21icmEu
+eDUyLmRldiAoUm9iKTAeFw0yMTEwMDYyMTMxMzNaFw0yNDAxMDYyMjMxMzNaMEwx
+JzAlBgNVBAoTHm1rY2VydCBkZXZlbG9wbWVudCBjZXJ0aWZpY2F0ZTEhMB8GA1UE
+CwwYcm9iQHNvbWJyYS54NTIuZGV2IChSb2IpMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAoI9BHaflPrNfnGKO6WmaEwhXfKKBH9sWlo4NKdP9ECZTC2Ef
+ubvQzhjcJsPWIwYj1NDiAa11WfD6ayKG7YleoNynsDKnsOEBfXtFHU2IPWaESX4Q
+rO8OaTXx001qdjwE3j/+K0AD43umXdnCeks3JYYlyG4/XxKa62pmpwu6KMgKbygA
+MS3dIMe7WcYbKX+qPNl4xoF5xkeqlp2urO3SWPkgIYB+cDNsWRHb5vsMWw9s7Zos
+W4mWAPZz0bLKw6w6imfo0rq0j5aoPJLNAyuH3/qhZIZC13tUCAxymIq0+pCeO+lZ
+f0OC05dB/Hw1zSLxAxHgDzpOsaq9/NXSkIwEzwIDAQABo2QwYjAOBgNVHQ8BAf8E
+BAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwHwYDVR0jBBgwFoAUto/ox0MqZShm
+QpViV/gjfJKrMDkwGgYDVR0RBBMwEYIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3
+DQEBCwUAA4IBgQCxMiND9F3xsyGlIyqIgHc+fp+wzFI5Yz9qD/02RP558qXHAj2o
+6zGECzc4PeiBLh7Y7wHjcu4TTLIXnRtrdVFBUT/s58l/uoK8NGVjky74Rc4A+djt
+zwcHS0snuj+FJ859Y+uS3rGKAmBAKWD22wmhB96UNRiZjG1QdJ/Or6hMZ3PVbELs
+Hgv69UG1jJiL8y7cn4foBXC6Wgb10tPXNoz7TpD3B14+Pd82yergAHswCp3nj9Ip
+D+9Ohko26OItO1dJYeDZWi0CurWdjP7xnEsZo2OaLIlSMiUbSyJOCMk/xWJCjuLW
+BEc1VzaFwhkGZJUa1F6TOIc70geLC4wQWOaqZoLbsQfihYgRoUMZJOmjcDXJrNZz
+wZofnBI+0tDsZfKjwXFyA4bzUD1I3lFY5Zy3wgQprUrZCm69uo8G4RtMWP9DmXCc
+SEw6CxBVPu/l/ljYoxdqCyJTLvdQ97OlGgLv3b0DDcWqi7e0zB8NqT0aCTPm7J/M
+OBWicNgMJ+1qL8M=
+-----END CERTIFICATE-----
--- a/https-tls/rustls/key.pem
+++ b/https-tls/rustls/key.pem
@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCgj0Edp+U+s1+c
+Yo7paZoTCFd8ooEf2xaWjg0p0/0QJlMLYR+5u9DOGNwmw9YjBiPU0OIBrXVZ8Ppr
+IobtiV6g3KewMqew4QF9e0UdTYg9ZoRJfhCs7w5pNfHTTWp2PATeP/4rQAPje6Zd
+2cJ6SzclhiXIbj9fEprramanC7ooyApvKAAxLd0gx7tZxhspf6o82XjGgXnGR6qW
+na6s7dJY+SAhgH5wM2xZEdvm+wxbD2ztmixbiZYA9nPRssrDrDqKZ+jSurSPlqg8
+ks0DK4ff+qFkhkLXe1QIDHKYirT6kJ476Vl/Q4LTl0H8fDXNIvEDEeAPOk6xqr38
+1dKQjATPAgMBAAECggEAVBfTvgmSuw1NtWW1fjDuHqvOzpt6T8n7Aa2y3UaHk67O
+7fXXnPruuRMyMyd8/2kW2T7yMHi+LvZU4kn6K204X75SIanWRIEEu8kVgOx7v9Ty
+0l8xsrGedaJoXwh8CyMSValkoRhtMPcxQpRsFItSfdfN8DU2AcCH3WckDrfIr9SJ
+qvag8VsYeg/PH3rP3bNAh4xousaJzcvr8ifuNcN7NmoUDMoTXk3Pxhxeryj+sACS
+cFxt777edShuYqL2BAziY/cTl0zcvCarX27NUS+q9exF7VYvMCuqiWHYcYkLlkH1
+UfrwPXQmdX5/CUBqt36xBsKyub5j74KoEk7shzOmkQKBgQDKTr0vc+53QNUR1mUD
+7a8Pw+oWW1ddcd9SYtvzEJeNqb7s2aZsEzTRk4Pxdx3wrm8PAaPqjzJWwx1SmazU
+iLt55SRFu3sPw8gTwNQj01fy2roae/ZzMP4MJRzw6vFtNPPcevLQK9JN9uKBQep+
+NU3xHYNYnT2I+X7QVJi6AsMwxwKBgQDLLA6iOwN+3aQmLlW1A4reRpIkFQ75RD92
+BtCnYQwXCqOtU4uUz3fIlmcuCI5jhqAYWG0m9IL+rxQD2SdFu9UaG1pEsMkapjUh
+mPLAm3UcoqnhKygGiiQ8iPL9zMFai3dfbBYrmBMsYgFxT7wkPuAgjWM0bvfyUqA
+lwKrkykTuQKBgHdSZacdW6MerA0vRLlCcSR9Sw4QpcDJrwwqnswIFztIyQFthgjs
+cxTBSusadKBGYd6Z+xIXj3s47YyQcy2Pz/OfQPuYDodH1DRCYV0YBCGK/IUuZDeg
+x9Zl9WHrUKY2uzZpldlOX2X4nbPbKvFxgx0ZaSTU6Txm23MI0mOzyWh1AoGBAJYu
+jvKkpMTWmUwP3BLd93yutcAuQM9I/5ADIaFYP1OY7bxlkTwC0AxaARMqB/bRwO2+
+D5FIFLymNilSD5GgcrnFlkhIVZ95VLU1HScnOIBd2thRXjlKnMnn80YGCJTsE9Mx
+4XTsEQsf/+gkEY5J3V704RiiwDl/1a6P8c1aDnchAoGALEDzByXeADMiYjKi6M19
+1WK3+TDD9Sy8fu4x2qmTho9Z9nk5bw6ZPHbXDTaQ+jxnOD4Io6iZIQLEYMwzbXnO
+951+ck9E5mwWo/IyNROOMo0aNT9yqLANu5Hp1CliQ5Yqmb1R1Qhuk4SZTWmUGjo/
+3I+uWHi2Foc2FU8LSAb4hLk=
+-----END PRIVATE KEY-----
--- a/https-tls/rustls/src/main.rs
+++ b/https-tls/rustls/src/main.rs
@ -0,0 +1,64 @@
+use std::fs::File;
+use std::io::BufReader;
+
+use actix_files::Files;
+use actix_web::{middleware, web, App, HttpRequest, HttpResponse, HttpServer};
+use rustls::{Certificate, PrivateKey, ServerConfig};
+use rustls_pemfile::{certs, pkcs8_private_keys};
+
+/// simple handle
+async fn index(req: HttpRequest) -> HttpResponse {
+    println!("{:?}", req);
+    HttpResponse::Ok()
+        .content_type("text/html; charset=utf-8")
+        .body("<!DOCTYPE html><html><body><p>Welcome!</p></body></html>")
+}
+
+#[actix_web::main]
+async fn main() -> std::io::Result<()> {
+    if std::env::var("RUST_LOG").is_err() {
+        std::env::set_var("RUST_LOG", "actix_web=info");
+    }
+    env_logger::init();
+
+    // load ssl keys
+    let config = ServerConfig::builder()
+        .with_safe_defaults()
+        .with_no_client_auth();
+    let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap());
+    let key_file = &mut BufReader::new(File::open("key.pem").unwrap());
+    let cert_chain = certs(cert_file)
+        .unwrap()
+        .into_iter()
+        .map(Certificate)
+        .collect();
+    let mut keys: Vec<PrivateKey> = pkcs8_private_keys(key_file)
+        .unwrap()
+        .into_iter()
+        .map(PrivateKey)
+        .collect();
+    if keys.is_empty() {
+        eprintln!("Could not locate PKCS 8 private keys.");
+        std::process::exit(1);
+    }
+    let config = config.with_single_cert(cert_chain, keys.remove(0)).unwrap();
+
+    println!("Starting https server: 127.0.0.1:8443");
+    HttpServer::new(|| {
+        App::new()
+            // enable logger
+            .wrap(middleware::Logger::default())
+            // register simple handler, handle all methods
+            .service(web::resource("/index.html").to(index))
+            // with path parameters
+            .service(web::resource("/").route(web::get().to(|| async {
+                HttpResponse::Found()
+                    .append_header(("LOCATION", "/index.html"))
+                    .finish()
+            })))
+            .service(Files::new("/static", "static"))
+    })
+    .bind_rustls("127.0.0.1:8443", config)?
+    .run()
+    .await
+}