Various experiments

2024-01-30 16:07:09 +01:00
parent 21d2b16ee8
commit 7ee40b7dbe
11 changed files with 1150 additions and 116 deletions
--- a/.cargo/config.toml
+++ b/.cargo/config.toml
@@ -0,0 +1,2 @@
 [build]
 rustflags = ["--cfg", "tokio_unstable"]
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/bonknet_client/Cargo.toml
+++ b/bonknet_client/Cargo.toml
@@ -6,6 +6,11 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
 libbonknet = { path = "../libbonknet" }
 tokio = { version = "1", features = ["full"] }
 tokio-rustls = "0.25.0"
 tokio-util = { version = "0.7.10", features = ["codec"] }
 futures = "0.3"
 rustls-pemfile = "2.0.0"
 serde = { version = "1.0", features = ["derive"] }
 rmp-serde = "1.1.2"
--- a/bonknet_client/src/bin/client.rs
+++ b/bonknet_client/src/bin/client.rs
@@ -0,0 +1,73 @@
 use std::sync::Arc;
 use futures::SinkExt;
 use tokio::net::TcpStream;
 use tokio_rustls::rustls::{ClientConfig, RootCertStore};
 use tokio_rustls::rustls::pki_types::{ServerName};
 use tokio_rustls::TlsConnector;
 use tokio_util::codec::{Framed, LengthDelimitedCodec};
 use serde::{Serialize, Deserialize};
 use libbonknet::{load_cert, load_prkey};
 #[derive(Debug, Serialize, Deserialize)]
 enum ClientMessage {
    Response { status_code: u32, msg: Option<String> },
    Announce { name: String },
    Required { id: String },
    NotRequired { id: String },
 }
 #[tokio::main]
 async fn main() -> std::io::Result<()> {
    let client_name = "Polnareffland1";
    // Root certs to verify the server is the right one
    let mut server_root_cert_store = RootCertStore::empty();
    let server_root_cert_der = load_cert("server_root_cert.pem").unwrap();
    server_root_cert_store.add(server_root_cert_der).unwrap();
    // Auth Cert to send the server who am I
    let root_client_cert = load_cert("client_root_cert.pem").unwrap();
    let client_cert = load_cert("client_cert.pem").unwrap();
    let client_prkey = load_prkey("client_key.pem").unwrap();
    // Load TLS Config
    let tlsconfig = ClientConfig::builder()
        .with_root_certificates(server_root_cert_store)
        // .with_no_client_auth();
        .with_client_auth_cert(vec![client_cert, root_client_cert], client_prkey.into())
        .unwrap();
    let connector = TlsConnector::from(Arc::new(tlsconfig));
    let dnsname = ServerName::try_from("localhost").unwrap();
    let stream = TcpStream::connect("localhost:6379").await?;
    let stream = connector.connect(dnsname, stream).await?;
    let mut transport = Framed::new(stream, LengthDelimitedCodec::new());
    let msg1 = ClientMessage::Announce { name: client_name.into() };
    transport.send(rmp_serde::to_vec(&msg1).unwrap().into()).await.unwrap();
    for i in 0..10 {
        let msg = ClientMessage::Response { status_code: 100+i, msg: Some(format!("yay {}", i)) };
        transport.send(rmp_serde::to_vec(&msg).unwrap().into()).await.unwrap();
        tokio::time::sleep(std::time::Duration::from_secs(1)).await;
    }
    // transport.for_each(|item| async move {
    //     let a: ClientMessage = rmp_serde::from_slice(&item.unwrap()).unwrap();
    //     println!("{:?}", a);
    // }).await;
    // let mut buf = vec![0;1024];
    // let (mut rd,mut tx) = split(stream);
    //
    //
    // tokio::spawn(async move {
    //     let mut stdout = tokio::io::stdout();
    //     tokio::io::copy(&mut rd, &mut stdout).await.unwrap();
    // });
    //
    // let mut reader = tokio::io::BufReader::new(tokio::io::stdin()).lines();
    //
    // while let Some(line) = reader.next_line().await.unwrap() {
    //     tx.write_all(line.as_bytes()).await.unwrap();
    // }
    Ok(())
 }
--- a/bonknet_client/src/bin/requester.rs
+++ b/bonknet_client/src/bin/requester.rs
@@ -0,0 +1,2 @@
 #[tokio::main]
 async fn main() {}
--- a/bonknet_client/src/main.rs
+++ b/bonknet_client/src/main.rs
@@ -1,67 +0,0 @@
 use std::io::{BufReader, Error, ErrorKind};
 use std::sync::Arc;
 use rustls_pemfile::{Item, read_one};
 use tokio::io::{AsyncBufReadExt, AsyncWriteExt, split};
 use tokio::net::TcpStream;
 use tokio_rustls::rustls::{ClientConfig, RootCertStore};
 use tokio_rustls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer, ServerName};
 use tokio_rustls::TlsConnector;
 fn load_cert(filename: &str) -> std::io::Result<CertificateDer> {
    let cert_file = std::fs::File::open(filename).unwrap();
    let mut buf = std::io::BufReader::new(cert_file);
    if let Item::X509Certificate(cert) = read_one(&mut buf).unwrap().unwrap() {
        Ok(cert)
    } else {
        eprintln!("File {} doesn't contain a X509 Certificate", filename);
        Err(Error::new(ErrorKind::InvalidInput, "no x509 cert"))
    }
 }
 fn load_prkey(filename: &str) -> std::io::Result<PrivatePkcs8KeyDer> {
    let prkey_file = std::fs::File::open(filename).unwrap();
    let mut buf = BufReader::new(prkey_file);
    if let Item::Pkcs8Key(pkey) = read_one(&mut buf).unwrap().unwrap() {
        Ok(pkey)
    } else {
        eprintln!("File {} doesn't contain a Pkcs8 Private Key", filename);
        Err(Error::new(ErrorKind::InvalidInput, "no pkcs8key"))
    }
 }
 #[tokio::main]
 async fn main() -> std::io::Result<()> {
    // Root certs to verify the server is the right one
    let mut server_root_cert_store = RootCertStore::empty();
    let server_root_cert_der = load_cert("server_root_cert.pem").unwrap();
    server_root_cert_store.add(server_root_cert_der).unwrap();
    // Auth Cert to send the server who am I
    let root_client_cert = load_cert("client_root_cert.pem").unwrap();
    let client_cert = load_cert("client_cert.pem").unwrap();
    let client_prkey = load_prkey("client_key.pem").unwrap();
    // Load TLS Config
    let tlsconfig = ClientConfig::builder()
        .with_root_certificates(server_root_cert_store)
        // .with_no_client_auth();
        .with_client_auth_cert(vec![client_cert, root_client_cert], client_prkey.into())
        .unwrap();
    let connector = TlsConnector::from(Arc::new(tlsconfig));
    let dnsname = ServerName::try_from("localhost").unwrap();
    let stream = TcpStream::connect("localhost:6379").await?;
    let stream = connector.connect(dnsname, stream).await?;
    let (mut rd,mut tx) = split(stream);
    tokio::spawn(async move {
        let mut stdout = tokio::io::stdout();
        tokio::io::copy(&mut rd, &mut stdout).await.unwrap();
    });
    let mut reader = tokio::io::BufReader::new(tokio::io::stdin()).lines();
    while let Some(line) = reader.next_line().await.unwrap() {
        tx.write_all(line.as_bytes()).await.unwrap();
    }
    Ok(())
 }
--- a/bonknet_server/Cargo.toml
+++ b/bonknet_server/Cargo.toml
@@ -6,7 +6,14 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
-tokio = { version = "1", features = ["full"] }
+libbonknet = { path = "../libbonknet" }
 tokio = { version = "1", features = ["full", "tracing"] }
 tokio-util = { version = "0.7.10", features = ["codec"] }
 futures = "0.3"
 rcgen = "0.12.0"
 tokio-rustls = "0.25.0"
 rustls-pemfile = "2.0.0"
 serde = { version = "1.0", features = ["derive"] }
 rmp-serde = "1.1.2"
 tracing = "0.1"
 console-subscriber = "0.2.0"
--- a/bonknet_server/src/bin/init_certs.rs
+++ b/bonknet_server/src/bin/init_certs.rs
@@ -46,6 +46,28 @@ fn client_cert() -> Certificate {
    Certificate::from_params(params).unwrap()
 }
 fn requester_root_cert() -> Certificate {
    let subject_alt_names = vec!["hello.world.example".into()];
    let mut certparams = CertificateParams::new(subject_alt_names);
    certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
    let mut distname = rcgen::DistinguishedName::new();
    distname.push(DnType::OrganizationName, "Eister Corporation");
    distname.push(DnType::CommonName, "Bonknet Requester Root Cert CA");
    certparams.distinguished_name = distname;
    Certificate::from_params(certparams).unwrap()
 }
 fn requester_cert() -> Certificate {
    let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.client.1".into()]);
    params.distinguished_name.push(DnType::CommonName, "Requester 1");
    params.use_authority_key_identifier_extension = true;
    params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
    params
        .extended_key_usages
        .push(rcgen::ExtendedKeyUsagePurpose::ClientAuth);
    Certificate::from_params(params).unwrap()
 }
 fn main() -> std::io::Result<()> {
    // SERVER
    let server_root_cert = server_root_cert();
@@ -81,6 +103,23 @@ fn main() -> std::io::Result<()> {
        let mut privkfile = File::create("client_key.pem")?;
        privkfile.write_all(client_leaf_cert.serialize_private_key_pem().as_bytes())?;
    }
    // CLIENT
    let requester_root_cert = requester_root_cert();
    // The certificate is now valid for localhost and the domain "hello.world.example"
    {
        let mut certfile = File::create("requester_root_cert.pem")?;
        certfile.write_all(requester_root_cert.serialize_pem().unwrap().as_bytes())?;
        let mut privkfile = File::create("requester_root_key.pem")?;
        privkfile.write_all(requester_root_cert.serialize_private_key_pem().as_bytes())?;
    }
    // Now create the leaf
    let requester_leaf_cert = requester_cert();
    {
        let mut certfile = File::create("requester_cert.pem")?;
        certfile.write_all(requester_leaf_cert.serialize_pem_with_signer(&requester_root_cert).unwrap().as_bytes())?;
        let mut privkfile = File::create("requester_key.pem")?;
        privkfile.write_all(requester_leaf_cert.serialize_private_key_pem().as_bytes())?;
    }
    println!("Certificates created");
    Ok(())
 }
--- a/bonknet_server/src/bin/server.rs
+++ b/bonknet_server/src/bin/server.rs
@@ -1,35 +1,84 @@
-use tokio::net::{TcpListener};
+use std::collections::HashMap;
-use std::io::{BufReader, Error, ErrorKind};
+use tokio::net::{TcpListener, TcpStream};
 use std::net::{SocketAddr};
 use std::sync::{Arc};
 use std::time::Instant;
 use futures::stream::{Stream, StreamExt};
 use tokio_rustls::{TlsAcceptor};
 use tokio_rustls::rustls::{RootCertStore, ServerConfig};
 use tokio_rustls::rustls::server::WebPkiClientVerifier;
-use rustls_pemfile::{read_one, Item};
+use serde::{Serialize, Deserialize};
-use tokio::io::{AsyncWriteExt, copy, split};
+use tokio::task::JoinHandle;
-use tokio_rustls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
+use tokio_rustls::server::TlsStream;
 use tokio_util::codec::{Framed, LengthDelimitedCodec};
 use libbonknet::{load_prkey, load_cert};
-fn load_cert(filename: &str) -> std::io::Result<CertificateDer> {
+type FramedStream = Framed<TlsStream<TcpStream>,LengthDelimitedCodec>;
-    let cert_file = std::fs::File::open(filename).unwrap();
+
-    let mut buf = std::io::BufReader::new(cert_file);
+#[derive(Debug, Serialize, Deserialize)]
-    if let Item::X509Certificate(cert) = read_one(&mut buf).unwrap().unwrap() {
+enum ClientMessage {
-        Ok(cert)
+    Response { status_code: u32, msg: Option<String> },
-    } else {
+    Announce { name: String },
-        eprintln!("File {} doesn't contain a X509 Certificate", filename);
+    Required { id: String },
-        Err(Error::new(ErrorKind::InvalidInput, "no x509 cert"))
+    NotRequired { id: String },
    }
 }
-fn load_prkey(filename: &str) -> std::io::Result<PrivatePkcs8KeyDer> {
+async fn process_client(stream: TlsStream<TcpStream>, peer_addr: SocketAddr) {
-    let prkey_file = std::fs::File::open(filename).unwrap();
+    let transport = Framed::new(stream, LengthDelimitedCodec::new());
-    let mut buf = BufReader::new(prkey_file);
+    transport.for_each(|item| async move {
-    if let Item::Pkcs8Key(pkey) = read_one(&mut buf).unwrap().unwrap() {
+        match item {
-        Ok(pkey)
+            Ok(frame) => {
-    } else {
+                let a: ClientMessage = rmp_serde::from_slice(&frame).unwrap();
-        eprintln!("File {} doesn't contain a Pkcs8 Private Key", filename);
+                println!("{:?}: {:?}", peer_addr, a);
-        Err(Error::new(ErrorKind::InvalidInput, "no pkcs8key"))
+            },
-    }
+            Err(e) => {
                println!("{:?}: ERROR: {}", peer_addr, e);
            }
        }
    }).await;
 }
 struct ClientState {
    framedstream: FramedStream,
    last_life_signal: Instant,
 }
 struct ClientConnectionManager {
    registered_clients: Arc<HashMap<String,ClientState>>,
    unreg_clients: Arc<Vec<ClientState>>,
 }
 impl ClientConnectionManager {
    async fn new_and_initialize(port: u16, tlsconfig: ServerConfig) -> ClientConnectionManager {
        let acceptor = TlsAcceptor::from(Arc::new(tlsconfig));
        let listener = TcpListener::bind(format!("localhost:{}", port)).await.unwrap();
        let registered_clients = Arc::new(HashMap::new());
        let unreg_clients = Arc::new(Vec::new());
        tokio::spawn(async move {
            let task_acceptor = acceptor;
            loop {
                let (stream, peer_addr) = listener.accept().await.unwrap();
                let acceptor = task_acceptor.clone();
                let stream = acceptor.accept(stream).await.unwrap();
                tokio::spawn(async move {
                    //let transport = Framed::new(stream, LengthDelimitedCodec::new());
                    process_client(stream, peer_addr).await;
                });
            }
        });
        let ccm = ClientConnectionManager { registered_clients, unreg_clients};
        ccm
    }
    async fn process_new_client(&mut self, transport: FramedStream, _peer_addr: SocketAddr) {
        let state = ClientState{
            framedstream: transport,
            last_life_signal: Instant::now(),
        };
        self.unreg_clients.push(state);
    }
 }
 #[tokio::main]
 async fn main() {
@@ -52,24 +101,37 @@ async fn main() {
    let listener = TcpListener::bind("localhost:6379").await.unwrap();
    // Create Queue Binder
    loop {
        let (stream, peer_addr) = listener.accept().await.unwrap();
        let acceptor = acceptor.clone();
-
+        let stream = acceptor.accept(stream).await.unwrap();
        let fut = async move {
            let stream = acceptor.accept(stream).await?;
            let (mut reader, mut writer) = split(stream);
            let n = copy(&mut reader, &mut writer).await?;
            writer.flush().await?;
            println!("Echo: {} - {}", peer_addr, n);
            Ok(()) as std::io::Result<()>
        };
        tokio::spawn(async move {
-            if let Err(err) = fut.await {
+            //let transport = Framed::new(stream, LengthDelimitedCodec::new());
-                eprintln!("{:?}", err);
+            process_client(stream, peer_addr).await;
            }
        });
        // let msg1 = ClientMessage::Required { id: "Testo".into() };
        // let msg2 = ClientMessage::NotRequired { id: "Testo2".into() };
        // transport.send(rmp_serde::to_vec(&msg1).unwrap().into()).await.unwrap();
        // transport.send(rmp_serde::to_vec(&msg2).unwrap().into()).await.unwrap();
        // let fut = async move {
        //     let stream = acceptor.accept(stream).await?;
        //     let (mut reader, mut writer) = split(stream);
        //     let n = copy(&mut reader, &mut writer).await?;
        //     writer.flush().await?;
        //     println!("Echo: {} - {}", peer_addr, n);
        //
        //     Ok(()) as std::io::Result<()>
        // };
        //
        // tokio::spawn(async move {
        //     if let Err(err) = fut.await {
        //         eprintln!("{:?}", err);
        //     }
        // });
    }
 }
--- a/libbonknet/Cargo.toml
+++ b/libbonknet/Cargo.toml
@@ -6,3 +6,5 @@ edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
 tokio-rustls = "0.25.0"
 rustls-pemfile = "2.0.0"
--- a/libbonknet/src/lib.rs
+++ b/libbonknet/src/lib.rs
@@ -1,14 +1,25 @@
-pub fn add(left: usize, right: usize) -> usize {
+use std::io::{BufReader, Error, ErrorKind};
-    left + right
+use rustls_pemfile::{read_one, Item};
-}
+use tokio_rustls::rustls::pki_types::{CertificateDer, PrivatePkcs8KeyDer};
-#[cfg(test)]
+pub fn load_cert(filename: &str) -> std::io::Result<CertificateDer> {
-mod tests {
+    let cert_file = std::fs::File::open(filename).unwrap();
-    use super::*;
+    let mut buf = std::io::BufReader::new(cert_file);
-
+    if let Item::X509Certificate(cert) = read_one(&mut buf).unwrap().unwrap() {
-    #[test]
+        Ok(cert)
-    fn it_works() {
+    } else {
-        let result = add(2, 2);
+        eprintln!("File {} doesn't contain a X509 Certificate", filename);
-        assert_eq!(result, 4);
+        Err(Error::new(ErrorKind::InvalidInput, "no x509 cert"))
    }
 }
 pub fn load_prkey(filename: &str) -> std::io::Result<PrivatePkcs8KeyDer> {
    let prkey_file = std::fs::File::open(filename).unwrap();
    let mut buf = BufReader::new(prkey_file);
    if let Item::Pkcs8Key(pkey) = read_one(&mut buf).unwrap().unwrap() {
        Ok(pkey)
    } else {
        eprintln!("File {} doesn't contain a Pkcs8 Private Key", filename);
        Err(Error::new(ErrorKind::InvalidInput, "no pkcs8key"))
    }
 }
		`@@ -0,0 +1,2 @@`
							`[build]`
							`rustflags = ["--cfg", "tokio_unstable"]`