shadowcat/openworm
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cert work

Browse Source
This commit is contained in:
Shadow Cat
2026-02-15 22:21:09 -05:00
parent d6c98bcf10
commit 79da5e1146
4 changed files with 91 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/bin/client/net.rs
View File

@@ -6,7 +6,7 @@ use openworm::net::{
}; };
use quinn::{ use quinn::{
ClientConfig, Connection, Endpoint, IdleTimeout, TransportConfig, ClientConfig, Connection, Endpoint, IdleTimeout, TransportConfig,
crypto::rustls::QuicClientConfig, crypto::rustls::QuicClientConfig, rustls::pki_types::CertificateDer,
}; };
use std::{ use std::{
net::{Ipv6Addr, SocketAddr, SocketAddrV6, ToSocketAddrs}, net::{Ipv6Addr, SocketAddr, SocketAddrV6, ToSocketAddrs},
@@ -21,6 +21,7 @@ pub const CLIENT_SOCKET: SocketAddr =
pub struct ConnectInfo { pub struct ConnectInfo {
pub url: String, pub url: String,
pub cert: Vec<u8>,
} }
pub struct NetHandle { pub struct NetHandle {
@@ -90,31 +91,20 @@ impl RequestMsg for CreateAccount {
} }
} }
// async fn connection_cert(addr: SocketAddr) -> NetResult<Connection> { async fn connection_cert(addr: SocketAddr, cert: CertificateDer) -> NetResult<Connection> {
// let dirs = directories_next::ProjectDirs::from("", "", "openworm").unwrap(); let mut roots = quinn::rustls::RootCertStore::empty();
// let mut roots = quinn::rustls::RootCertStore::empty(); roots.add(cert);
// match fs::read(dirs.data_local_dir().join("cert.der")) { let client_crypto = quinn::rustls::ClientConfig::builder()
// Ok(cert) => { .with_root_certificates(roots)
// roots.add(CertificateDer::from(cert))?; .with_no_client_auth();
// } let client_config = ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?));
// Err(ref e) if e.kind() == ErrorKind::NotFound => { let mut endpoint = quinn::Endpoint::client(SocketAddr::from_str("[::]:0").unwrap())?;
// eprintln!("local server certificate not found"); endpoint.set_default_client_config(client_config);
// } endpoint
// Err(e) => { .connect(addr, SERVER_NAME)?
// eprintln!("failed to open local server certificate: {}", e); .await
// } .map_err(|e| format!("failed to connect: {}", e))
// } }
// let client_crypto = quinn::rustls::ClientConfig::builder()
// .with_root_certificates(roots)
// .with_no_client_auth();
// let client_config = ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?));
// let mut endpoint = quinn::Endpoint::client(SocketAddr::from_str("[::]:0").unwrap())?;
// endpoint.set_default_client_config(client_config);
// endpoint
// .connect(addr, SERVER_NAME)?
// .await
// .map_err(|e| format!("failed to connect: {}", e))
// }
async fn connection_no_cert(addr: SocketAddr) -> NetResult<(Endpoint, Connection)> { async fn connection_no_cert(addr: SocketAddr) -> NetResult<(Endpoint, Connection)> {
let mut endpoint = Endpoint::client(CLIENT_SOCKET).map_err(|e| e.to_string())?; let mut endpoint = Endpoint::client(CLIENT_SOCKET).map_err(|e| e.to_string())?;
@@ -147,16 +137,18 @@ async fn connection_no_cert(addr: SocketAddr) -> NetResult<(Endpoint, Connection
Ok((endpoint, con)) Ok((endpoint, con))
} }
pub async fn connect(msg: impl MsgHandler, info: ConnectInfo) -> Result<NetHandle, String> { impl NetHandle {
pub async fn connect(msg: impl MsgHandler, info: ConnectInfo) -> Result<Self, String> {
let (send, mut ui_recv) = tokio::sync::mpsc::unbounded_channel::<NetCtrlMsg>(); let (send, mut ui_recv) = tokio::sync::mpsc::unbounded_channel::<NetCtrlMsg>();
let cert = CertificateDer::from_slice(&info.cert);
let addr = info let addr = info
.url .url
.to_socket_addrs() .to_socket_addrs()
.map_err(|e| e.to_string())? .map_err(|e| e.to_string())?
.next() .next()
.ok_or("no addresses found".to_string())?; .ok_or("no addresses found".to_string())?;
let (endpoint, conn) = connection_no_cert(addr).await?; let (endpoint, conn) = connection_cert(addr).await?;
let conn_ = conn.clone(); let conn_ = conn.clone();
let mut req_id = RequestId::first(); let mut req_id = RequestId::first();
@@ -200,6 +192,7 @@ pub async fn connect(msg: impl MsgHandler, info: ConnectInfo) -> Result<NetHandl
}); });
Ok(NetHandle { send }) Ok(NetHandle { send })
}
} }
pub trait MsgHandler: Sync + Send + 'static { pub trait MsgHandler: Sync + Send + 'static {

22
src/bin/client/ui/connect.rs
View File

@@ -1,6 +1,6 @@
use openworm::net::{CreateAccount, CreateAccountResp}; use openworm::net::{CreateAccount, CreateAccountResp};
use crate::net::{self, ConnectInfo}; use crate::net::{ConnectInfo, NetHandle};
use super::*; use super::*;
@@ -41,17 +41,23 @@ pub fn start(rsc: &mut Rsc) -> WeakWidget {
pub fn create_account(rsc: &mut Rsc) -> WeakWidget { pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
let url = field("", "server", rsc); let url = field("", "server", rsc);
let token = field("", "account creation token", rsc); let token = field("", "account creation token", rsc);
let cert = field("", "certificate hex", rsc);
let username = field("", "username", rsc); let username = field("", "username", rsc);
let password = field("", "password", rsc); let password = field("", "password", rsc);
let create = Button::submit("create", rsc); let create = Button::submit("create", rsc);
rsc.events.register(create, Submit, move |ctx, rsc| { rsc.events.register(create, Submit, move |ctx, rsc| {
create.disable(rsc);
let url = rsc[url].content(); let url = rsc[url].content();
let token = rsc[token].content(); let token = rsc[token].content();
let cert = rsc[cert].content();
let Ok(cert) = decode_hex(&cert) else {
rsc[ctx.state.notif].inner = Some(werror("Invalid certificate hex", rsc));
return;
};
let username = rsc[username].content(); let username = rsc[username].content();
let password = rsc[password].content(); let password = rsc[password].content();
let login_key = ctx.state.data.login_key(&username); let login_key = ctx.state.data.login_key(&username);
create.disable(rsc);
rsc.spawn_task(async move |mut ctx| { rsc.spawn_task(async move |mut ctx| {
let mut fail = move |reason| { let mut fail = move |reason| {
ctx.update(move |ctx, rsc| { ctx.update(move |ctx, rsc| {
@@ -59,11 +65,11 @@ pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
create.enable(rsc); create.enable(rsc);
}) })
}; };
let Ok(net) = net::connect( let Ok(net) = NetHandle::connect(
async |msg| { async |msg| {
println!("msg recv :joy:"); println!("msg recv :joy:");
}, },
ConnectInfo { url }, ConnectInfo { url, cert },
) )
.await .await
else { else {
@@ -98,6 +104,7 @@ pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
wtext("Create Account").text_align(Align::CENTER).size(30), wtext("Create Account").text_align(Align::CENTER).size(30),
field_box(url, rsc), field_box(url, rsc),
field_box(token, rsc), field_box(token, rsc),
field_box(cert, rsc),
field_box(username, rsc), field_box(username, rsc),
field_box(password, rsc), field_box(password, rsc),
create, create,
@@ -108,6 +115,13 @@ pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
.add(rsc) .add(rsc)
} }
pub fn decode_hex(s: &str) -> Result<Vec<u8>, std::num::ParseIntError> {
(0..s.len())
.step_by(2)
.map(|i| u8::from_str_radix(&s[i..i + 2], 16))
.collect()
}
// pub fn connect_screen(client: &mut Client, ui: &mut Ui, state: &UiState) -> WeakWidget { // pub fn connect_screen(client: &mut Client, ui: &mut Ui, state: &UiState) -> WeakWidget {
// let Client { data, proxy, .. } = client; // let Client { data, proxy, .. } = client;
// let ip = field_widget(&data.ip, "ip", ui); // let ip = field_widget(&data.ip, "ip", ui);

6
src/bin/server/main.rs
View File

@@ -42,8 +42,8 @@ fn main() {
#[tokio::main] #[tokio::main]
pub async fn run_server(port: u16) { pub async fn run_server(port: u16) {
let dir = DataDir::default(); let dir = DataDir::default();
let path = dir.get(); let path = dir.get().join("server");
let db = Db::open(path.join("server_db")); let db = Db::open(path.join("db"));
let handler = ServerListener { let handler = ServerListener {
senders: Default::default(), senders: Default::default(),
count: 0.into(), count: 0.into(),
@@ -53,7 +53,7 @@ pub async fn run_server(port: u16) {
let token = account_token(&db, ServerPerms::ACCOUNT_TOKENS); let token = account_token(&db, ServerPerms::ACCOUNT_TOKENS);
println!("no users found, token for admin: {token}"); println!("no users found, token for admin: {token}");
} }
let (endpoint, handle) = listen(port, path, handler); let (endpoint, handle) = listen(port, &path, handler);
let _ = ctrl_c().await; let _ = ctrl_c().await;
println!("stopping server"); println!("stopping server");
println!("closing connections..."); println!("closing connections...");

17
src/bin/server/net.rs
View File

@@ -37,19 +37,12 @@ pub fn init_endpoint(port: u16, data_path: &Path) -> Endpoint {
panic!("failed to read certificate: {}", e); panic!("failed to read certificate: {}", e);
} }
}; };
// let server_crypto = quinn::rustls::ServerConfig::builder() print!("cert hex: ");
// .with_no_client_auth() for x in cert.iter() {
// .with_single_cert(vec![cert], key) print!("{:x}", x);
// .unwrap(); }
// println!();
// let server_config = quinn::ServerConfig::with_crypto(Arc::new(
// QuicServerConfig::try_from(server_crypto).unwrap(),
// ));
let server_config = ServerConfig::with_single_cert(vec![cert], key).unwrap(); let server_config = ServerConfig::with_single_cert(vec![cert], key).unwrap();
// let transport_config = Arc::get_mut(&mut server_config.transport).unwrap();
// transport_config.max_concurrent_uni_streams(0_u8.into());
let server_socket: SocketAddr = SocketAddr::V6(SocketAddrV6::new(SERVER_HOST, port, 0, 0)); let server_socket: SocketAddr = SocketAddr::V6(SocketAddrV6::new(SERVER_HOST, port, 0, 0));
quinn::Endpoint::server(server_config, server_socket).unwrap() quinn::Endpoint::server(server_config, server_socket).unwrap()
} }