mirror of
https://github.com/actix/examples
synced 2025-04-22 08:34:52 +02:00
Rob Ede
GitHub
commit
f328e04374
5
Cargo.lock
generated
5
Cargo.lock
generated
@ -2047,7 +2047,6 @@ dependencies = [
|
||||
"log",
|
||||
"notify 6.1.1",
|
||||
"rustls 0.23.25",
|
||||
"rustls-pemfile 2.2.0",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
@ -5094,7 +5093,6 @@ dependencies = [
|
||||
"futures-util",
|
||||
"log",
|
||||
"rustls 0.23.25",
|
||||
"rustls-pemfile 2.2.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -6995,7 +6993,6 @@ dependencies = [
|
||||
"env_logger",
|
||||
"log",
|
||||
"rustls 0.23.25",
|
||||
"rustls-pemfile 2.2.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -7007,7 +7004,6 @@ dependencies = [
|
||||
"env_logger",
|
||||
"log",
|
||||
"rustls 0.23.25",
|
||||
"rustls-pemfile 2.2.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@ -8412,7 +8408,6 @@ dependencies = [
|
||||
"eyre",
|
||||
"log",
|
||||
"rustls 0.23.25",
|
||||
"rustls-pemfile 2.2.0",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
|
||||
@ -112,7 +112,6 @@ rand = "0.9"
|
||||
redis = { version = "0.27" }
|
||||
reqwest = { version = "0.12", features = ["json", "stream"] }
|
||||
rustls = "0.23"
|
||||
rustls-pemfile = "2"
|
||||
serde = { version = "1", features = ["derive"] }
|
||||
serde_json = "1"
|
||||
time = "0.3"
|
||||
|
||||
@ -12,5 +12,4 @@ env_logger.workspace = true
|
||||
eyre.workspace = true
|
||||
log.workspace = true
|
||||
rustls.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
tokio = { workspace = true, features = ["fs"] }
|
||||
|
||||
@ -4,7 +4,7 @@ use acme::{Certificate, Directory, DirectoryUrl, create_p256_key};
|
||||
use actix_files::Files;
|
||||
use actix_web::{App, HttpRequest, HttpServer, Responder, rt, web};
|
||||
use eyre::eyre;
|
||||
use rustls::pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
|
||||
use rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer, pem::PemObject};
|
||||
use tokio::fs;
|
||||
|
||||
const CHALLENGE_DIR: &str = "./acme-challenges";
|
||||
@ -188,10 +188,9 @@ fn load_rustls_config(cert: Certificate) -> eyre::Result<rustls::ServerConfig> {
|
||||
let private_key = PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(cert.private_key_der()?));
|
||||
|
||||
// convert ACME-obtained certificate chain
|
||||
let cert_chain =
|
||||
rustls_pemfile::certs(&mut std::io::BufReader::new(cert.certificate().as_bytes()))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
.unwrap();
|
||||
let cert_chain = CertificateDer::pem_slice_iter(cert.certificate().as_bytes())
|
||||
.flatten()
|
||||
.collect();
|
||||
|
||||
Ok(config.with_single_cert(cert_chain, private_key)?)
|
||||
}
|
||||
|
||||
@ -11,5 +11,4 @@ eyre.workspace = true
|
||||
log.workspace = true
|
||||
notify = "6"
|
||||
rustls.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
tokio = { workspace = true, features = ["time", "rt", "macros"] }
|
||||
|
||||
@ -1,12 +1,14 @@
|
||||
use std::{fs::File, io::BufReader, path::Path};
|
||||
use std::path::Path;
|
||||
|
||||
use actix_web::{
|
||||
App, HttpRequest, HttpResponse, HttpServer, http::header::ContentType, middleware, web,
|
||||
};
|
||||
use log::debug;
|
||||
use notify::{Event, RecursiveMode, Watcher as _};
|
||||
use rustls::{ServerConfig, pki_types::PrivateKeyDer};
|
||||
use rustls_pemfile::{certs, pkcs8_private_keys};
|
||||
use rustls::{
|
||||
ServerConfig,
|
||||
pki_types::{CertificateDer, PrivateKeyDer, pem::PemObject},
|
||||
};
|
||||
use tokio::sync::mpsc;
|
||||
|
||||
#[derive(Debug)]
|
||||
@ -27,6 +29,11 @@ async fn main() -> eyre::Result<()> {
|
||||
color_eyre::install()?;
|
||||
env_logger::init_from_env(env_logger::Env::default().default_filter_or("info"));
|
||||
|
||||
// Load default provider, to be done once for the process
|
||||
rustls::crypto::aws_lc_rs::default_provider()
|
||||
.install_default()
|
||||
.unwrap();
|
||||
|
||||
// signal channel used to notify main event loop of cert/key file changes
|
||||
let (reload_tx, mut reload_rx) = mpsc::channel(1);
|
||||
|
||||
@ -100,29 +107,16 @@ async fn main() -> eyre::Result<()> {
|
||||
}
|
||||
|
||||
fn load_rustls_config() -> eyre::Result<rustls::ServerConfig> {
|
||||
rustls::crypto::aws_lc_rs::default_provider()
|
||||
.install_default()
|
||||
.unwrap();
|
||||
|
||||
// init server config builder with safe defaults
|
||||
let config = ServerConfig::builder().with_no_client_auth();
|
||||
|
||||
// load TLS key/cert files
|
||||
let cert_file = &mut BufReader::new(File::open("cert.pem")?);
|
||||
let key_file = &mut BufReader::new(File::open("key.pem")?);
|
||||
let cert_chain = CertificateDer::pem_file_iter("cert.pem")
|
||||
.unwrap()
|
||||
.flatten()
|
||||
.collect();
|
||||
|
||||
// convert files to key/cert objects
|
||||
let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
|
||||
let mut keys = pkcs8_private_keys(key_file)
|
||||
.map(|key| key.map(PrivateKeyDer::Pkcs8))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
.unwrap();
|
||||
let key_der =
|
||||
PrivateKeyDer::from_pem_file("key.pem").expect("Could not locate PKCS 8 private keys.");
|
||||
|
||||
// exit if no keys could be parsed
|
||||
if keys.is_empty() {
|
||||
eprintln!("Could not locate PKCS 8 private keys.");
|
||||
std::process::exit(1);
|
||||
}
|
||||
|
||||
Ok(config.with_single_cert(cert_chain, keys.remove(0))?)
|
||||
Ok(ServerConfig::builder()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(cert_chain, key_der)?)
|
||||
}
|
||||
|
||||
@ -9,4 +9,3 @@ actix-web = { workspace = true, features = ["rustls-0_23"] }
|
||||
env_logger.workspace = true
|
||||
log.workspace = true
|
||||
rustls.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
//! This example shows how to use `actix_web::HttpServer::on_connect` to access client certificates
|
||||
//! pass them to a handler through connection-local data.
|
||||
|
||||
use std::{any::Any, fs::File, io::BufReader, net::SocketAddr, sync::Arc};
|
||||
use std::{any::Any, net::SocketAddr, sync::Arc};
|
||||
|
||||
use actix_tls::accept::rustls_0_23::TlsStream;
|
||||
use actix_web::{
|
||||
@ -10,10 +10,9 @@ use actix_web::{
|
||||
use log::info;
|
||||
use rustls::{
|
||||
RootCertStore, ServerConfig,
|
||||
pki_types::{CertificateDer, PrivateKeyDer},
|
||||
pki_types::{CertificateDer, PrivateKeyDer, pem::PemObject},
|
||||
server::WebPkiClientVerifier,
|
||||
};
|
||||
use rustls_pemfile::{certs, pkcs8_private_keys};
|
||||
|
||||
const CA_CERT: &str = "certs/rootCA.pem";
|
||||
const SERVER_CERT: &str = "certs/server-cert.pem";
|
||||
@ -80,29 +79,27 @@ async fn main() -> std::io::Result<()> {
|
||||
let mut cert_store = RootCertStore::empty();
|
||||
|
||||
// import CA cert
|
||||
let ca_cert = &mut BufReader::new(File::open(CA_CERT)?);
|
||||
let ca_cert = certs(ca_cert).collect::<Result<Vec<_>, _>>().unwrap();
|
||||
|
||||
for cert in ca_cert {
|
||||
cert_store.add(cert).expect("root CA not added to store");
|
||||
}
|
||||
CertificateDer::pem_file_iter(CA_CERT)
|
||||
.unwrap()
|
||||
.flatten()
|
||||
.for_each(|der| cert_store.add(der).unwrap());
|
||||
|
||||
// set up client authentication requirements
|
||||
let client_auth = WebPkiClientVerifier::builder(Arc::new(cert_store))
|
||||
.build()
|
||||
.unwrap();
|
||||
let config = ServerConfig::builder().with_client_cert_verifier(client_auth);
|
||||
|
||||
// import server cert and key
|
||||
let cert_file = &mut BufReader::new(File::open(SERVER_CERT)?);
|
||||
let key_file = &mut BufReader::new(File::open(SERVER_KEY)?);
|
||||
let key_der = PrivateKeyDer::from_pem_file(SERVER_KEY).unwrap();
|
||||
let cert_chain = CertificateDer::pem_file_iter(SERVER_CERT)
|
||||
.unwrap()
|
||||
.flatten()
|
||||
.collect();
|
||||
|
||||
let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
|
||||
let mut keys = pkcs8_private_keys(key_file)
|
||||
.map(|key| key.map(PrivateKeyDer::Pkcs8))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
let config = ServerConfig::builder()
|
||||
.with_client_cert_verifier(client_auth)
|
||||
.with_single_cert(cert_chain, key_der)
|
||||
.unwrap();
|
||||
let config = config.with_single_cert(cert_chain, keys.remove(0)).unwrap();
|
||||
|
||||
log::info!("starting HTTP server at http://localhost:8080 and https://localhost:8443");
|
||||
|
||||
|
||||
@ -10,4 +10,3 @@ actix-files.workspace = true
|
||||
env_logger.workspace = true
|
||||
log.workspace = true
|
||||
rustls.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
use std::{fs::File, io::BufReader};
|
||||
|
||||
use actix_files::Files;
|
||||
use actix_web::{
|
||||
App, HttpRequest, HttpResponse, HttpServer, http::header::ContentType, middleware, web,
|
||||
};
|
||||
use log::debug;
|
||||
use rustls::{ServerConfig, pki_types::PrivateKeyDer};
|
||||
use rustls_pemfile::{certs, pkcs8_private_keys};
|
||||
use rustls::{
|
||||
ServerConfig,
|
||||
pki_types::{CertificateDer, PrivateKeyDer, pem::PemObject},
|
||||
};
|
||||
|
||||
/// simple handle
|
||||
async fn index(req: HttpRequest) -> HttpResponse {
|
||||
@ -46,25 +46,17 @@ fn load_rustls_config() -> rustls::ServerConfig {
|
||||
.install_default()
|
||||
.unwrap();
|
||||
|
||||
// init server config builder with safe defaults
|
||||
let config = ServerConfig::builder().with_no_client_auth();
|
||||
|
||||
// load TLS key/cert files
|
||||
let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap());
|
||||
let key_file = &mut BufReader::new(File::open("key.pem").unwrap());
|
||||
let cert_chain = CertificateDer::pem_file_iter("cert.pem")
|
||||
.unwrap()
|
||||
.flatten()
|
||||
.collect();
|
||||
|
||||
// convert files to key/cert objects
|
||||
let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
|
||||
let mut keys = pkcs8_private_keys(key_file)
|
||||
.map(|key| key.map(PrivateKeyDer::Pkcs8))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
.unwrap();
|
||||
let key_der =
|
||||
PrivateKeyDer::from_pem_file("key.pem").expect("Could not locate PKCS 8 private keys.");
|
||||
|
||||
// exit if no keys could be parsed
|
||||
if keys.is_empty() {
|
||||
eprintln!("Could not locate PKCS 8 private keys.");
|
||||
std::process::exit(1);
|
||||
}
|
||||
|
||||
config.with_single_cert(cert_chain, keys.remove(0)).unwrap()
|
||||
ServerConfig::builder()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(cert_chain, key_der)
|
||||
.unwrap()
|
||||
}
|
||||
|
||||
@ -9,4 +9,3 @@ env_logger.workspace = true
|
||||
futures-util.workspace = true
|
||||
log.workspace = true
|
||||
rustls.workspace = true
|
||||
rustls-pemfile.workspace = true
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
use std::{fs::File, io::BufReader};
|
||||
|
||||
use actix_web::{App, HttpResponse, HttpServer, dev::Service, get, http};
|
||||
use futures_util::future::{self, Either, FutureExt};
|
||||
use rustls::{ServerConfig, pki_types::PrivateKeyDer};
|
||||
use rustls_pemfile::{certs, pkcs8_private_keys};
|
||||
use rustls::{
|
||||
ServerConfig,
|
||||
pki_types::{CertificateDer, PrivateKeyDer, pem::PemObject},
|
||||
};
|
||||
|
||||
#[get("/")]
|
||||
async fn index() -> String {
|
||||
@ -18,18 +18,17 @@ async fn main() -> std::io::Result<()> {
|
||||
.install_default()
|
||||
.unwrap();
|
||||
|
||||
let cert_file = &mut BufReader::new(File::open("cert.pem").unwrap());
|
||||
let key_file = &mut BufReader::new(File::open("key.pem").unwrap());
|
||||
let cert_chain = CertificateDer::pem_file_iter("cert.pem")
|
||||
.unwrap()
|
||||
.flatten()
|
||||
.collect();
|
||||
|
||||
let cert_chain = certs(cert_file).collect::<Result<Vec<_>, _>>().unwrap();
|
||||
let mut keys = pkcs8_private_keys(key_file)
|
||||
.map(|key| key.map(PrivateKeyDer::Pkcs8))
|
||||
.collect::<Result<Vec<_>, _>>()
|
||||
.unwrap();
|
||||
let key_der =
|
||||
PrivateKeyDer::from_pem_file("key.pem").expect("Could not locate PKCS 8 private keys.");
|
||||
|
||||
let config = ServerConfig::builder()
|
||||
.with_no_client_auth()
|
||||
.with_single_cert(cert_chain, keys.remove(0))
|
||||
.with_single_cert(cert_chain, key_der)
|
||||
.unwrap();
|
||||
|
||||
log::info!(
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user