Skip to content

Commit

Permalink
[#195] tls_acceptor 초기화 로직 모듈화
Browse files Browse the repository at this point in the history
  • Loading branch information
myyrakle committed Dec 21, 2024
1 parent 8f310d1 commit af9d82e
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 25 deletions.
40 changes: 35 additions & 5 deletions rupring/src/core/bootings/tls.rs
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
use std::{fs, io};
use std::{fs, io, sync::Arc};

use tokio_rustls::rustls::pki_types::{CertificateDer, PrivateKeyDer};
use rustls::ServerConfig;
use tokio_rustls::{
rustls::pki_types::{CertificateDer, PrivateKeyDer},
TlsAcceptor,
};

pub fn error(err: String) -> io::Error {
use crate::application_properties::ApplicationProperties;

fn error(err: String) -> io::Error {
io::Error::new(io::ErrorKind::Other, err)
}

pub fn load_certs(filename: &str) -> io::Result<Vec<CertificateDer<'static>>> {
fn load_certs(filename: &str) -> io::Result<Vec<CertificateDer<'static>>> {
// Open certificate file.
let certfile = fs::File::open(filename)
.map_err(|e| error(format!("failed to open {}: {}", filename, e)))?;
Expand All @@ -17,7 +23,7 @@ pub fn load_certs(filename: &str) -> io::Result<Vec<CertificateDer<'static>>> {
}

// Load private key from file.
pub fn load_private_key(filename: &str) -> io::Result<PrivateKeyDer<'static>> {
fn load_private_key(filename: &str) -> io::Result<PrivateKeyDer<'static>> {
// Open keyfile.
let keyfile = fs::File::open(filename)
.map_err(|e| error(format!("failed to open {}: {}", filename, e)))?;
Expand All @@ -26,3 +32,27 @@ pub fn load_private_key(filename: &str) -> io::Result<PrivateKeyDer<'static>> {
// Load and return a single private key.
rustls_pemfile::private_key(&mut reader).map(|key| key.unwrap())
}

pub fn new_tls_acceptor(
application_properties: &ApplicationProperties,
) -> anyhow::Result<TlsAcceptor> {
let certs = load_certs(&application_properties.server.ssl.cert)?;
// Load private key.
let key = load_private_key(&application_properties.server.ssl.key)?;

let mut server_config = ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(certs, key)
.map_err(|e| error(e.to_string()))?;

if application_properties.server.http2.enabled {
server_config.alpn_protocols =
vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()];
} else {
server_config.alpn_protocols = vec![b"http/1.1".to_vec(), b"http/1.0".to_vec()];
}

let tls_acceptor = TlsAcceptor::from(Arc::new(server_config));

Ok(tls_acceptor)
}
20 changes: 1 addition & 19 deletions rupring/src/core/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@ use bootings::tls;
use hyper_util::rt::TokioExecutor;
use tokio::time::error::Elapsed;
use tokio::time::Instant;
use tokio_rustls::rustls::ServerConfig;
use tokio_rustls::TlsAcceptor;

use crate::application_properties;
use crate::application_properties::CompressionAlgorithm;
Expand Down Expand Up @@ -88,17 +86,7 @@ pub async fn run_server(
let keep_alive = application_properties.server.http1.keep_alive.to_owned();
let http2_enabled = application_properties.server.http2.enabled.to_owned();

let certs = tls::load_certs("cert.pem")?;
// Load private key.
let key = tls::load_private_key("key.pem")?;

// Build TLS configuration.
let mut server_config = ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(certs, key)
.map_err(|e| tls::error(e.to_string()))?;
server_config.alpn_protocols = vec![b"h2".to_vec(), b"http/1.1".to_vec(), b"http/1.0".to_vec()];
let tls_acceptor = TlsAcceptor::from(Arc::new(server_config));
let tls_acceptor = tls::new_tls_acceptor(&application_properties)?;

// 5. Main Server Loop
// Spawns a new async Task for each request.
Expand All @@ -119,10 +107,6 @@ pub async fn run_server(
}
}

// Use an adapter to access something implementing `tokio::io` traits as if they implement
// `hyper::rt` IO traits.
// let io = TokioIo::new(tcp_stream);

// copy for each request
let di_context = Arc::clone(&di_context);
let application_properties = Arc::clone(&application_properties);
Expand All @@ -133,8 +117,6 @@ pub async fn run_server(

// 6. create tokio task per HTTP request
tokio::task::spawn(async move {
// let tls_stream = tls_acceptor.accept(tcp_stream).await.unwrap();

let tls_stream = match tls_acceptor.accept(tcp_stream).await {
Ok(tls_stream) => tls_stream,
Err(err) => {
Expand Down
4 changes: 3 additions & 1 deletion rupring_example/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,6 @@ server.compression.min-response-size=1024
server.compression.algorithm=gzip
server.request-timeout=3s
server.http1.keep-alive=true
server.http2.enabled=true
server.http2.enabled=true
server.ssl.cert=cert.pem
server.ssl.key=key.pem

0 comments on commit af9d82e

Please sign in to comment.