From c50bcb38d72d49d1a8f1a233b85207546b3e2fde Mon Sep 17 00:00:00 2001 From: Valentin Brandl Date: Sun, 8 Jul 2018 21:33:57 +0200 Subject: [PATCH] Enable TLS support --- Cargo.lock | 28 ++++++++++++++++++++++++++++ server/Cargo.toml | 4 ++-- server/src/cli.rs | 2 ++ server/src/main.rs | 29 +++++++++++++++++++++++++---- 4 files changed, 57 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c4f687d..237d920 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -50,6 +50,7 @@ dependencies = [ "mio 0.6.15 (registry+https://github.com/rust-lang/crates.io-index)", "net2 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)", "num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)", "percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)", "regex 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", @@ -62,6 +63,7 @@ dependencies = [ "time 0.1.40 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-core 0.1.17 (registry+https://github.com/rust-lang/crates.io-index)", "tokio-io 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio-openssl 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "url 1.7.1 (registry+https://github.com/rust-lang/crates.io-index)", "version_check 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -180,6 +182,7 @@ dependencies = [ "failure 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)", "pretty_env_logger 0.2.3 (registry+https://github.com/rust-lang/crates.io-index)", "serde 1.0.69 (registry+https://github.com/rust-lang/crates.io-index)", "serde_json 1.0.22 (registry+https://github.com/rust-lang/crates.io-index)", @@ -990,6 +993,19 @@ dependencies = [ "openssl-sys 0.9.33 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "openssl" +version = "0.10.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "bitflags 1.0.3 (registry+https://github.com/rust-lang/crates.io-index)", + "cfg-if 0.1.4 (registry+https://github.com/rust-lang/crates.io-index)", + "foreign-types 0.3.2 (registry+https://github.com/rust-lang/crates.io-index)", + "lazy_static 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.42 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl-sys 0.9.33 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "openssl-probe" version = "0.1.2" @@ -1661,6 +1677,16 @@ dependencies = [ "log 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "tokio-openssl" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "futures 0.1.21 (registry+https://github.com/rust-lang/crates.io-index)", + "openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)", + "tokio-io 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", +] + [[package]] name = "tokio-proto" version = "0.1.1" @@ -2125,6 +2151,7 @@ dependencies = [ "checksum nodrop 0.1.12 (registry+https://github.com/rust-lang/crates.io-index)" = "9a2228dca57108069a5262f2ed8bd2e82496d2e074a06d1ccc7ce1687b6ae0a2" "checksum num-traits 0.2.5 (registry+https://github.com/rust-lang/crates.io-index)" = "630de1ef5cc79d0cdd78b7e33b81f083cbfe90de0f4b2b2f07f905867c70e9fe" "checksum num_cpus 1.8.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c51a3322e4bca9d212ad9a158a02abc6934d005490c054a2778df73a70aa0a30" +"checksum openssl 0.10.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ed18a0f40ec4e9a8a81f8865033d823b7195d16a0a5721e10963ee1b0c2980ca" "checksum openssl 0.9.24 (registry+https://github.com/rust-lang/crates.io-index)" = "a3605c298474a3aa69de92d21139fb5e2a81688d308262359d85cdd0d12a7985" "checksum openssl-probe 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "77af24da69f9d9341038eba93a073b1fdaaa1b788221b00a69bce9e762cb32de" "checksum openssl-sys 0.9.33 (registry+https://github.com/rust-lang/crates.io-index)" = "d8abc04833dcedef24221a91852931df2f63e3369ae003134e70aff3645775cc" @@ -2203,6 +2230,7 @@ dependencies = [ "checksum tokio-executor 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "8cac2a7883ff3567e9d66bb09100d09b33d90311feca0206c7ca034bc0c55113" "checksum tokio-fs 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "fc42bae2f6e33865b99069d95bcddfc85c9f0849b4e7e7399eeee71956ef34d7" "checksum tokio-io 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "a5c9635ee806f26d302b8baa1e145689a280d8f5aa8d0552e7344808da54cc21" +"checksum tokio-openssl 0.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "4646ae1fd623393de3d796ea53af75acd02938dd5579544fbd6d236d041978a6" "checksum tokio-proto 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "8fbb47ae81353c63c487030659494b295f6cb6576242f907f203473b191b0389" "checksum tokio-reactor 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "e00ec63bbec2c97ce1178cb0587b2c438b2f6b09d3ee54a33c45a9cf0d530810" "checksum tokio-service 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "24da22d077e0f15f55162bdbdc661228c1581892f52074fb242678d015b45162" diff --git a/server/Cargo.toml b/server/Cargo.toml index d5b8f57..b92d2ad 100644 --- a/server/Cargo.toml +++ b/server/Cargo.toml @@ -6,14 +6,14 @@ description = "Web API to create, update and remove DNS entries in bind9" license = "MIT/Apache-2.0" [dependencies] -actix-web = "0.6.14" -# actix-web = { git = "https://github.com/actix/actix-web.git" } +actix-web = { version = "0.6.14", features=["alpn"] } clap = "2.31.2" crypto = { path = "../crypto" } data = { path = "../data" } failure = "0.1.1" futures = "0.1.21" log = "0.4.3" +openssl = "0.10" pretty_env_logger = "0.2.3" serde = "1.0.69" serde_json = "1.0.22" \ No newline at end of file diff --git a/server/src/cli.rs b/server/src/cli.rs index 3bd1b0b..006cf1c 100644 --- a/server/src/cli.rs +++ b/server/src/cli.rs @@ -49,5 +49,7 @@ pub fn parse_args() -> ::clap::ArgMatches<'static> { (@arg PORT: -p --port +takes_value "Port to listen on (Defaults to 8000)") (@arg HOST: -h --host +takes_value "Host to listen on (Defaults to 0.0.0.0)") (@arg SERVER: -s --server +takes_value "Bind server (Defaults to 127.0.0.1)") + (@arg CERT: -c --cert +takes_value "TLS certificate chain file") + (@arg KEY: -k --key +takes_value "TLS key file") ).get_matches() } diff --git a/server/src/main.rs b/server/src/main.rs index e725b32..cc8c6a6 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -47,6 +47,7 @@ extern crate failure; extern crate futures; #[macro_use] extern crate log; +extern crate openssl; extern crate pretty_env_logger; extern crate serde; extern crate serde_json; @@ -59,6 +60,7 @@ use actix_web::{ }; use data::{Delete, Update}; use failure::Error; +use openssl::ssl::{SslAcceptor, SslFiletype, SslMethod}; use std::{ io::Write, process::{Command, Stdio}, sync::Arc, }; @@ -147,12 +149,31 @@ fn main() { .expect("Cannot parse port"); let host = matches.value_of("HOST").unwrap_or("0.0.0.0"); let host = format!("{}:{}", host, port); - server::new(move || { + let key = matches.value_of("KEY"); + let cert = matches.value_of("CERT"); + let server = server::new(move || { App::with_state(config.clone()) .middleware(Logger::default()) .route("/record", http::Method::POST, update) .route("/record", http::Method::DELETE, delete) - }).bind(host) - .unwrap() - .run(); + }); + match (key, cert) { + (Some(k), Some(c)) => { + let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap(); + builder.set_private_key_file(k, SslFiletype::PEM).unwrap(); + builder.set_certificate_chain_file(c).unwrap(); + server.bind_ssl(host, builder) + }, + (None, None) => server.bind(host), + (_, _) => panic!("When using TLS, the --cert and --key parameter must be set"), + }.unwrap() + .run() + // server::new(move || { + // App::with_state(config.clone()) + // .middleware(Logger::default()) + // .route("/record", http::Method::POST, update) + // .route("/record", http::Method::DELETE, delete) + // }).bind(host) + // .unwrap() + // .run(); }