Skip to content

Commit

Permalink
Upgrade rcgen
Browse files Browse the repository at this point in the history
  • Loading branch information
@lemaitre-aneo
lemaitre-aneo committed Jul 20, 2024
1 parent 499a726 commit 6c77c04
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 20 deletions.
6 changes: 3 additions & 3 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 1 addition & 2 deletions Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,8 @@ async-stream = "0.3"
async-trait = "0.1"
base64 = "0.22"
futures = "0.3"
pem = "3.0"
prost = "0.13"
rcgen = "0.12"
rcgen = "0.13"
rmp-serde = "1.1"
serde = { version = "1.0", features = ["derive"] }
serde_bytes = "0.11"
Expand Down
24 changes: 9 additions & 15 deletions src/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,16 +313,12 @@ impl TlsConfig {
let client_cert = tonic::transport::Certificate::from_pem(env_cert);

// Parameters to generate the server certificate
let mut cp = rcgen::CertificateParams::new(vec!["localhost".to_string()]);
cp.alg = &rcgen::PKCS_ECDSA_P384_SHA384;
let mut cp = rcgen::CertificateParams::new(["localhost".to_string()])?;
cp.not_before = time::OffsetDateTime::now_utc().saturating_sub(30.seconds());
cp.not_after = time::OffsetDateTime::now_utc().saturating_add((30 * 365).days());
let mut dn = rcgen::DistinguishedName::new();
dn.push(rcgen::DnType::OrganizationName, "Hashicorp");
dn.push(
rcgen::DnType::CommonName,
rcgen::DnValue::PrintableString("localhost".to_string()),
);
dn.push(rcgen::DnType::CommonName, "localhost");
cp.distinguished_name = dn;
cp.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
cp.key_usages = vec![
Expand All @@ -338,22 +334,20 @@ impl TlsConfig {
cp.key_identifier_method = rcgen::KeyIdMethod::Sha512;

// Generate the server certificate and its keys
let server_cert = rcgen::Certificate::from_params(cp)?;
let server_cert_der = server_cert.serialize_der_with_signer(&server_cert)?;

let p = pem::Pem::new("CERTIFICATE".to_string(), server_cert_der.clone());
let server_cert_pem = pem::encode(&p);

let server_cert_key_pem = server_cert.serialize_private_key_pem();
let keypair = rcgen::KeyPair::generate_for(&rcgen::PKCS_ECDSA_P384_SHA384)?;
let server_cert = cp.self_signed(&keypair)?;

let tls_config = ServerTlsConfig::new()
.client_ca_root(client_cert)
.client_auth_optional(true)
.identity(Identity::from_pem(server_cert_pem, server_cert_key_pem));
.identity(Identity::from_pem(
server_cert.pem(),
keypair.serialize_pem(),
));

Ok(Self {
server: Some(tls_config),
cert: server_cert_der,
cert: server_cert.der().to_vec(),
})
}

Expand Down

0 comments on commit 6c77c04

Please sign in to comment.