Refactor TransportStream in Server

libbonknet/src/cert.rs

@@ -1,8 +1,10 @@
-use std::io::{BufReader, Error, ErrorKind};
+use std::io::{BufReader, Error, ErrorKind, Write};
 use rcgen::{Certificate, CertificateParams, DnType, KeyPair};
 use rustls_pemfile::{Item, read_all, read_one};
 use tokio_rustls::rustls::{ClientConfig, RootCertStore};
 use tokio_rustls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
+use x509_parser::nom::AsBytes;
+use pem::{self, Pem};
 
 pub struct RawCertPair {
     pub cert: Vec<u8>,
@@ -17,6 +19,16 @@ pub struct LeafCertPair<'a> {
     prkey: PrivatePkcs8KeyDer<'a>,
 }
 
+impl Clone for LeafCertPair<'_> {
+    fn clone(&self) -> Self {
+        Self {
+            cert: self.cert.clone(),
+            ca_chain: self.ca_chain.clone(),
+            prkey: self.prkey.clone_key(),
+        }
+    }
+}
+
 impl LeafCertPair<'_> {
     pub fn parse<'a>(cert: Vec<u8>, ca_chain: Vec<Vec<u8>>, prkey: Vec<u8>) -> LeafCertPair<'a> {
         let cert = CertificateDer::from(cert);
@@ -29,7 +41,20 @@ impl LeafCertPair<'_> {
         }
     }
 
-    pub fn load_from_file(filename: &str) -> std::io::Result<LeafCertPair> {
+    pub fn save_into_file<P: AsRef<std::path::Path>>(&self, filename: P) -> std::io::Result<()> {
+        let mut file = std::fs::File::create(filename)?;
+        let mut pems = vec![
+            Pem::new("CERTIFICATE", self.cert.as_bytes())
+        ];
+        for c in self.ca_chain.iter() {
+            pems.push(Pem::new("CERTIFICATE", c.as_bytes()));
+        }
+        pems.push(Pem::new("PRIVATE KEY", self.prkey.secret_pkcs8_der()));
+        file.write_all(pem::encode_many(&pems).as_bytes())?;
+        Ok(())
+    }
+
+    pub fn load_from_file<'a, P: AsRef<std::path::Path>>(filename: P) -> std::io::Result<LeafCertPair<'a>> {
         let file = std::fs::File::open(filename).unwrap();
         let mut buf = BufReader::new(file);
         if let Item::X509Certificate(cert) = read_one(&mut buf).unwrap().unwrap() {
@@ -65,6 +90,10 @@ impl LeafCertPair<'_> {
         &self.cert
     }
 
+    pub fn ca_chain(&self) -> &Vec<CertificateDer> {
+        &self.ca_chain
+    }
+
     pub fn prkey(&self) -> &PrivatePkcs8KeyDer {
         &self.prkey
     }
@@ -103,7 +132,7 @@ pub struct CACertPair<'a> {
 }
 
 impl CACertPair<'_> {
-    pub fn load_from_file(filename: &str) -> std::io::Result<CACertPair> {
+    pub fn load_from_file<'a, P: AsRef<std::path::Path>>(filename: P) -> std::io::Result<CACertPair<'a>> {
         let file = std::fs::File::open(filename).unwrap();
         let mut buf = BufReader::new(file);
         if let Item::X509Certificate(cert) = read_one(&mut buf).unwrap().unwrap() {
@@ -170,12 +199,13 @@ pub fn server_leaf_certparams(name: &str) -> CertificateParams {
     params
 }
 
+#[derive(Clone)]
 pub struct BrokerRootCerts<'a> {
     root_cert: CertificateDer<'a>
 }
 
 impl BrokerRootCerts<'_> {
-    pub fn load_from_file(filename: &str) -> std::io::Result<BrokerRootCerts> {
+    pub fn load_from_file<'a, P: AsRef<std::path::Path>>(filename: P) -> std::io::Result<BrokerRootCerts<'a>> {
         let file = std::fs::File::open(filename).unwrap();
         let mut buf = BufReader::new(file);
         if let Item::X509Certificate(root_cert) = read_one(&mut buf).unwrap().unwrap() {

libbonknet/src/servermsg.rs

@@ -101,7 +101,7 @@ impl ToGuestServerMessage {
     pub fn make_okannounce(server_leaf: &LeafCertPair) -> Self {
         ToGuestServerMessage::OkAnnounce(OkAnnoucePayload {
             server_cert: server_leaf.cert().to_vec(),
-            ca_chain: server_leaf.fullchain().into_iter().map(|c| c.to_vec()).collect(),
+            ca_chain: server_leaf.ca_chain().iter().map(|c| c.to_vec()).collect(),
             server_prkey: server_leaf.prkey().secret_pkcs8_der().to_vec(),
         })
     }