Initial commit

bonknet_server/src/bin/server.rs

@@ -0,0 +1,75 @@
+use tokio::net::{TcpListener};
+use std::io::{BufReader, Error, ErrorKind};
+use std::sync::{Arc};
+use tokio_rustls::{TlsAcceptor};
+use tokio_rustls::rustls::{RootCertStore, ServerConfig};
+use tokio_rustls::rustls::server::WebPkiClientVerifier;
+use rustls_pemfile::{read_one, Item};
+use tokio::io::{AsyncWriteExt, copy, split};
+use tokio_rustls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
+
+fn load_cert(filename: &str) -> std::io::Result<CertificateDer> {
+    let cert_file = std::fs::File::open(filename).unwrap();
+    let mut buf = std::io::BufReader::new(cert_file);
+    if let Item::X509Certificate(cert) = read_one(&mut buf).unwrap().unwrap() {
+        Ok(cert)
+    } else {
+        eprintln!("File {} doesn't contain a X509 Certificate", filename);
+        Err(Error::new(ErrorKind::InvalidInput, "no x509 cert"))
+    }
+}
+
+fn load_prkey(filename: &str) -> std::io::Result<PrivatePkcs8KeyDer> {
+    let prkey_file = std::fs::File::open(filename).unwrap();
+    let mut buf = BufReader::new(prkey_file);
+    if let Item::Pkcs8Key(pkey) = read_one(&mut buf).unwrap().unwrap() {
+        Ok(pkey)
+    } else {
+        eprintln!("File {} doesn't contain a Pkcs8 Private Key", filename);
+        Err(Error::new(ErrorKind::InvalidInput, "no pkcs8key"))
+    }
+}
+
+
+#[tokio::main]
+async fn main() {
+    let server_root_cert_der = load_cert("server_root_cert.pem").unwrap();
+    let server_cert_der = load_cert("server_cert.pem").unwrap();
+    let server_prkey_der = load_prkey("server_key.pem").unwrap();
+    // CLIENT ROOT
+    let client_root_cert_der = load_cert("client_root_cert.pem").unwrap();
+    // Client Verifier
+    let mut clientrootstore = RootCertStore::empty();
+    clientrootstore.add(client_root_cert_der).unwrap();
+    let client_verifier = WebPkiClientVerifier::builder(Arc::new(clientrootstore)).build().unwrap();
+    // Configure TLS
+    let tlsconfig = ServerConfig::builder()
+        // .with_no_client_auth()
+        .with_client_cert_verifier(client_verifier)
+        .with_single_cert(vec![server_cert_der.clone(), server_root_cert_der.clone()], server_prkey_der.into())
+        .unwrap();
+    let acceptor = TlsAcceptor::from(Arc::new(tlsconfig));
+
+    let listener = TcpListener::bind("localhost:6379").await.unwrap();
+
+    loop {
+        let (stream, peer_addr) = listener.accept().await.unwrap();
+        let acceptor = acceptor.clone();
+
+        let fut = async move {
+            let stream = acceptor.accept(stream).await?;
+            let (mut reader, mut writer) = split(stream);
+            let n = copy(&mut reader, &mut writer).await?;
+            writer.flush().await?;
+            println!("Echo: {} - {}", peer_addr, n);
+
+            Ok(()) as std::io::Result<()>
+        };
+
+        tokio::spawn(async move {
+            if let Err(err) = fut.await {
+                eprintln!("{:?}", err);
+            }
+        });
+    }
+}