Use the real structure with Server-Broker-Client instead of Client-Server-Requester previously used in Bonk v1
This commit is contained in:
@@ -1,125 +0,0 @@
|
||||
use std::fs::File;
|
||||
use std::io::Write;
|
||||
use rcgen::{self, BasicConstraints, Certificate, CertificateParams, DnType};
|
||||
|
||||
fn server_root_cert() -> Certificate {
|
||||
let subject_alt_names = vec!["hello.world.example".into()];
|
||||
let mut certparams = CertificateParams::new(subject_alt_names);
|
||||
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
||||
let mut distname = rcgen::DistinguishedName::new();
|
||||
distname.push(DnType::OrganizationName, "Eister Corporation");
|
||||
distname.push(DnType::CommonName, "Bonknet Server Root Cert CA");
|
||||
certparams.distinguished_name = distname;
|
||||
Certificate::from_params(certparams).unwrap()
|
||||
}
|
||||
|
||||
fn server_cert() -> Certificate {
|
||||
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "localhost".into()]);
|
||||
params.distinguished_name.push(DnType::CommonName, "localhost");
|
||||
params.use_authority_key_identifier_extension = true;
|
||||
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
||||
params
|
||||
.extended_key_usages
|
||||
.push(rcgen::ExtendedKeyUsagePurpose::ServerAuth);
|
||||
Certificate::from_params(params).unwrap()
|
||||
}
|
||||
|
||||
fn client_root_cert() -> Certificate {
|
||||
let subject_alt_names = vec!["hello.world.example".into()];
|
||||
let mut certparams = CertificateParams::new(subject_alt_names);
|
||||
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
||||
let mut distname = rcgen::DistinguishedName::new();
|
||||
distname.push(DnType::OrganizationName, "Eister Corporation");
|
||||
distname.push(DnType::CommonName, "Bonknet Client Root Cert CA");
|
||||
certparams.distinguished_name = distname;
|
||||
Certificate::from_params(certparams).unwrap()
|
||||
}
|
||||
|
||||
fn client_cert() -> Certificate {
|
||||
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.client.1".into()]);
|
||||
params.distinguished_name.push(DnType::CommonName, "Client 1");
|
||||
params.use_authority_key_identifier_extension = true;
|
||||
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
||||
params
|
||||
.extended_key_usages
|
||||
.push(rcgen::ExtendedKeyUsagePurpose::ClientAuth);
|
||||
Certificate::from_params(params).unwrap()
|
||||
}
|
||||
|
||||
fn requester_root_cert() -> Certificate {
|
||||
let subject_alt_names = vec!["hello.world.example".into()];
|
||||
let mut certparams = CertificateParams::new(subject_alt_names);
|
||||
certparams.is_ca = rcgen::IsCa::Ca(BasicConstraints::Unconstrained);
|
||||
let mut distname = rcgen::DistinguishedName::new();
|
||||
distname.push(DnType::OrganizationName, "Eister Corporation");
|
||||
distname.push(DnType::CommonName, "Bonknet Requester Root Cert CA");
|
||||
certparams.distinguished_name = distname;
|
||||
Certificate::from_params(certparams).unwrap()
|
||||
}
|
||||
|
||||
fn requester_cert() -> Certificate {
|
||||
let mut params = CertificateParams::new(vec!["entity.other.host".into(), "bonk.client.1".into()]);
|
||||
params.distinguished_name.push(DnType::CommonName, "Requester 1");
|
||||
params.use_authority_key_identifier_extension = true;
|
||||
params.key_usages.push(rcgen::KeyUsagePurpose::DigitalSignature);
|
||||
params
|
||||
.extended_key_usages
|
||||
.push(rcgen::ExtendedKeyUsagePurpose::ClientAuth);
|
||||
Certificate::from_params(params).unwrap()
|
||||
}
|
||||
|
||||
fn main() -> std::io::Result<()> {
|
||||
// SERVER
|
||||
let server_root_cert = server_root_cert();
|
||||
// The certificate is now valid for localhost and the domain "hello.world.example"
|
||||
{
|
||||
let mut certfile = File::create("server_root_cert.pem")?;
|
||||
certfile.write_all(server_root_cert.serialize_pem().unwrap().as_bytes())?;
|
||||
let mut privkfile = File::create("server_root_key.pem")?;
|
||||
privkfile.write_all(server_root_cert.serialize_private_key_pem().as_bytes())?;
|
||||
}
|
||||
// Now create the leaf
|
||||
let server_leaf_cert = server_cert();
|
||||
{
|
||||
let mut certfile = File::create("server_cert.pem")?;
|
||||
certfile.write_all(server_leaf_cert.serialize_pem_with_signer(&server_root_cert).unwrap().as_bytes())?;
|
||||
let mut privkfile = File::create("server_key.pem")?;
|
||||
privkfile.write_all(server_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
||||
}
|
||||
// CLIENT
|
||||
let client_root_cert = client_root_cert();
|
||||
// The certificate is now valid for localhost and the domain "hello.world.example"
|
||||
{
|
||||
let mut certfile = File::create("client_root_cert.pem")?;
|
||||
certfile.write_all(client_root_cert.serialize_pem().unwrap().as_bytes())?;
|
||||
let mut privkfile = File::create("client_root_key.pem")?;
|
||||
privkfile.write_all(client_root_cert.serialize_private_key_pem().as_bytes())?;
|
||||
}
|
||||
// Now create the leaf
|
||||
let client_leaf_cert = client_cert();
|
||||
{
|
||||
let mut certfile = File::create("client_cert.pem")?;
|
||||
certfile.write_all(client_leaf_cert.serialize_pem_with_signer(&client_root_cert).unwrap().as_bytes())?;
|
||||
let mut privkfile = File::create("client_key.pem")?;
|
||||
privkfile.write_all(client_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
||||
}
|
||||
// CLIENT
|
||||
let requester_root_cert = requester_root_cert();
|
||||
// The certificate is now valid for localhost and the domain "hello.world.example"
|
||||
{
|
||||
let mut certfile = File::create("requester_root_cert.pem")?;
|
||||
certfile.write_all(requester_root_cert.serialize_pem().unwrap().as_bytes())?;
|
||||
let mut privkfile = File::create("requester_root_key.pem")?;
|
||||
privkfile.write_all(requester_root_cert.serialize_private_key_pem().as_bytes())?;
|
||||
}
|
||||
// Now create the leaf
|
||||
let requester_leaf_cert = requester_cert();
|
||||
{
|
||||
let mut certfile = File::create("requester_cert.pem")?;
|
||||
certfile.write_all(requester_leaf_cert.serialize_pem_with_signer(&requester_root_cert).unwrap().as_bytes())?;
|
||||
let mut privkfile = File::create("requester_key.pem")?;
|
||||
privkfile.write_all(requester_leaf_cert.serialize_private_key_pem().as_bytes())?;
|
||||
}
|
||||
println!("Certificates created");
|
||||
Ok(())
|
||||
}
|
||||
@@ -1,19 +1,12 @@
|
||||
use std::collections::HashMap;
|
||||
use tokio::net::{TcpListener, TcpStream};
|
||||
use std::net::{SocketAddr};
|
||||
use std::sync::{Arc};
|
||||
use std::time::Instant;
|
||||
use futures::stream::{Stream, StreamExt};
|
||||
use tokio_rustls::{TlsAcceptor};
|
||||
use tokio_rustls::rustls::{RootCertStore, ServerConfig};
|
||||
use tokio_rustls::rustls::server::WebPkiClientVerifier;
|
||||
use serde::{Serialize, Deserialize};
|
||||
use tokio::task::JoinHandle;
|
||||
use tokio_rustls::server::TlsStream;
|
||||
use std::sync::Arc;
|
||||
use futures::SinkExt;
|
||||
use tokio::net::TcpStream;
|
||||
use tokio_rustls::rustls::{ClientConfig, RootCertStore};
|
||||
use tokio_rustls::rustls::pki_types::{ServerName};
|
||||
use tokio_rustls::TlsConnector;
|
||||
use tokio_util::codec::{Framed, LengthDelimitedCodec};
|
||||
use libbonknet::{load_prkey, load_cert};
|
||||
|
||||
type FramedStream = Framed<TlsStream<TcpStream>,LengthDelimitedCodec>;
|
||||
use serde::{Serialize, Deserialize};
|
||||
use libbonknet::{load_cert, load_prkey, FromServerMessage};
|
||||
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
enum ClientMessage {
|
||||
@@ -23,115 +16,38 @@ enum ClientMessage {
|
||||
NotRequired { id: String },
|
||||
}
|
||||
|
||||
async fn process_client(stream: TlsStream<TcpStream>, peer_addr: SocketAddr) {
|
||||
let transport = Framed::new(stream, LengthDelimitedCodec::new());
|
||||
transport.for_each(|item| async move {
|
||||
match item {
|
||||
Ok(frame) => {
|
||||
let a: ClientMessage = rmp_serde::from_slice(&frame).unwrap();
|
||||
println!("{:?}: {:?}", peer_addr, a);
|
||||
},
|
||||
Err(e) => {
|
||||
println!("{:?}: ERROR: {}", peer_addr, e);
|
||||
}
|
||||
}
|
||||
}).await;
|
||||
}
|
||||
|
||||
struct ClientState {
|
||||
framedstream: FramedStream,
|
||||
last_life_signal: Instant,
|
||||
}
|
||||
|
||||
struct ClientConnectionManager {
|
||||
registered_clients: Arc<HashMap<String,ClientState>>,
|
||||
unreg_clients: Arc<Vec<ClientState>>,
|
||||
}
|
||||
|
||||
impl ClientConnectionManager {
|
||||
async fn new_and_initialize(port: u16, tlsconfig: ServerConfig) -> ClientConnectionManager {
|
||||
let acceptor = TlsAcceptor::from(Arc::new(tlsconfig));
|
||||
let listener = TcpListener::bind(format!("localhost:{}", port)).await.unwrap();
|
||||
let registered_clients = Arc::new(HashMap::new());
|
||||
let unreg_clients = Arc::new(Vec::new());
|
||||
tokio::spawn(async move {
|
||||
let task_acceptor = acceptor;
|
||||
loop {
|
||||
let (stream, peer_addr) = listener.accept().await.unwrap();
|
||||
let acceptor = task_acceptor.clone();
|
||||
let stream = acceptor.accept(stream).await.unwrap();
|
||||
|
||||
tokio::spawn(async move {
|
||||
//let transport = Framed::new(stream, LengthDelimitedCodec::new());
|
||||
process_client(stream, peer_addr).await;
|
||||
});
|
||||
}
|
||||
});
|
||||
let ccm = ClientConnectionManager { registered_clients, unreg_clients};
|
||||
ccm
|
||||
}
|
||||
|
||||
async fn process_new_client(&mut self, transport: FramedStream, _peer_addr: SocketAddr) {
|
||||
let state = ClientState{
|
||||
framedstream: transport,
|
||||
last_life_signal: Instant::now(),
|
||||
};
|
||||
self.unreg_clients.push(state);
|
||||
}
|
||||
}
|
||||
|
||||
#[tokio::main]
|
||||
async fn main() {
|
||||
let server_root_cert_der = load_cert("server_root_cert.pem").unwrap();
|
||||
let server_cert_der = load_cert("server_cert.pem").unwrap();
|
||||
let server_prkey_der = load_prkey("server_key.pem").unwrap();
|
||||
// CLIENT ROOT
|
||||
let client_root_cert_der = load_cert("client_root_cert.pem").unwrap();
|
||||
// Client Verifier
|
||||
let mut clientrootstore = RootCertStore::empty();
|
||||
clientrootstore.add(client_root_cert_der).unwrap();
|
||||
let client_verifier = WebPkiClientVerifier::builder(Arc::new(clientrootstore)).build().unwrap();
|
||||
// Configure TLS
|
||||
let tlsconfig = ServerConfig::builder()
|
||||
// .with_no_client_auth()
|
||||
.with_client_cert_verifier(client_verifier)
|
||||
.with_single_cert(vec![server_cert_der.clone(), server_root_cert_der.clone()], server_prkey_der.into())
|
||||
async fn main() -> std::io::Result<()> {
|
||||
let client_name = "Polnareffland1";
|
||||
// Root certs to verify the server is the right one
|
||||
let mut broker_root_cert_store = RootCertStore::empty();
|
||||
let broker_root_cert_der = load_cert("certs/broker_root_cert.pem").unwrap();
|
||||
broker_root_cert_store.add(broker_root_cert_der).unwrap();
|
||||
// Auth Cert to send the server who am I
|
||||
let root_server_cert = load_cert("certs/server_root_cert.pem").unwrap();
|
||||
let server_cert = load_cert("certs/server_cert.pem").unwrap();
|
||||
let server_prkey = load_prkey("certs/server_key.pem").unwrap();
|
||||
// Load TLS Config
|
||||
let tlsconfig = ClientConfig::builder()
|
||||
.with_root_certificates(broker_root_cert_store)
|
||||
// .with_no_client_auth();
|
||||
.with_client_auth_cert(vec![server_cert, root_server_cert], server_prkey.into())
|
||||
.unwrap();
|
||||
let acceptor = TlsAcceptor::from(Arc::new(tlsconfig));
|
||||
let connector = TlsConnector::from(Arc::new(tlsconfig));
|
||||
let dnsname = ServerName::try_from("localhost").unwrap();
|
||||
|
||||
let listener = TcpListener::bind("localhost:6379").await.unwrap();
|
||||
let stream = TcpStream::connect("localhost:2541").await?;
|
||||
let stream = connector.connect(dnsname, stream).await?;
|
||||
|
||||
// Create Queue Binder
|
||||
let mut transport = Framed::new(stream, LengthDelimitedCodec::new());
|
||||
|
||||
loop {
|
||||
let (stream, peer_addr) = listener.accept().await.unwrap();
|
||||
let acceptor = acceptor.clone();
|
||||
let stream = acceptor.accept(stream).await.unwrap();
|
||||
|
||||
tokio::spawn(async move {
|
||||
//let transport = Framed::new(stream, LengthDelimitedCodec::new());
|
||||
process_client(stream, peer_addr).await;
|
||||
});
|
||||
|
||||
// let msg1 = ClientMessage::Required { id: "Testo".into() };
|
||||
// let msg2 = ClientMessage::NotRequired { id: "Testo2".into() };
|
||||
// transport.send(rmp_serde::to_vec(&msg1).unwrap().into()).await.unwrap();
|
||||
// transport.send(rmp_serde::to_vec(&msg2).unwrap().into()).await.unwrap();
|
||||
|
||||
// let fut = async move {
|
||||
// let stream = acceptor.accept(stream).await?;
|
||||
// let (mut reader, mut writer) = split(stream);
|
||||
// let n = copy(&mut reader, &mut writer).await?;
|
||||
// writer.flush().await?;
|
||||
// println!("Echo: {} - {}", peer_addr, n);
|
||||
//
|
||||
// Ok(()) as std::io::Result<()>
|
||||
// };
|
||||
//
|
||||
// tokio::spawn(async move {
|
||||
// if let Err(err) = fut.await {
|
||||
// eprintln!("{:?}", err);
|
||||
// }
|
||||
// });
|
||||
let msg1 = FromServerMessage::WhoAmI;
|
||||
transport.send(rmp_serde::to_vec(&msg1).unwrap().into()).await.unwrap();
|
||||
for i in 0..10 {
|
||||
let msg = FromServerMessage::ChangeName { name: format!("{client_name}-{i}") };
|
||||
transport.send(rmp_serde::to_vec(&msg).unwrap().into()).await.unwrap();
|
||||
tokio::time::sleep(std::time::Duration::from_secs(1)).await;
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
Reference in New Issue
Block a user