cert work
This commit is contained in:
@@ -6,7 +6,7 @@ use openworm::net::{
|
|||||||
};
|
};
|
||||||
use quinn::{
|
use quinn::{
|
||||||
ClientConfig, Connection, Endpoint, IdleTimeout, TransportConfig,
|
ClientConfig, Connection, Endpoint, IdleTimeout, TransportConfig,
|
||||||
crypto::rustls::QuicClientConfig,
|
crypto::rustls::QuicClientConfig, rustls::pki_types::CertificateDer,
|
||||||
};
|
};
|
||||||
use std::{
|
use std::{
|
||||||
net::{Ipv6Addr, SocketAddr, SocketAddrV6, ToSocketAddrs},
|
net::{Ipv6Addr, SocketAddr, SocketAddrV6, ToSocketAddrs},
|
||||||
@@ -21,6 +21,7 @@ pub const CLIENT_SOCKET: SocketAddr =
|
|||||||
|
|
||||||
pub struct ConnectInfo {
|
pub struct ConnectInfo {
|
||||||
pub url: String,
|
pub url: String,
|
||||||
|
pub cert: Vec<u8>,
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct NetHandle {
|
pub struct NetHandle {
|
||||||
@@ -90,31 +91,20 @@ impl RequestMsg for CreateAccount {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// async fn connection_cert(addr: SocketAddr) -> NetResult<Connection> {
|
async fn connection_cert(addr: SocketAddr, cert: CertificateDer) -> NetResult<Connection> {
|
||||||
// let dirs = directories_next::ProjectDirs::from("", "", "openworm").unwrap();
|
let mut roots = quinn::rustls::RootCertStore::empty();
|
||||||
// let mut roots = quinn::rustls::RootCertStore::empty();
|
roots.add(cert);
|
||||||
// match fs::read(dirs.data_local_dir().join("cert.der")) {
|
let client_crypto = quinn::rustls::ClientConfig::builder()
|
||||||
// Ok(cert) => {
|
.with_root_certificates(roots)
|
||||||
// roots.add(CertificateDer::from(cert))?;
|
.with_no_client_auth();
|
||||||
// }
|
let client_config = ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?));
|
||||||
// Err(ref e) if e.kind() == ErrorKind::NotFound => {
|
let mut endpoint = quinn::Endpoint::client(SocketAddr::from_str("[::]:0").unwrap())?;
|
||||||
// eprintln!("local server certificate not found");
|
endpoint.set_default_client_config(client_config);
|
||||||
// }
|
endpoint
|
||||||
// Err(e) => {
|
.connect(addr, SERVER_NAME)?
|
||||||
// eprintln!("failed to open local server certificate: {}", e);
|
.await
|
||||||
// }
|
.map_err(|e| format!("failed to connect: {}", e))
|
||||||
// }
|
}
|
||||||
// let client_crypto = quinn::rustls::ClientConfig::builder()
|
|
||||||
// .with_root_certificates(roots)
|
|
||||||
// .with_no_client_auth();
|
|
||||||
// let client_config = ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?));
|
|
||||||
// let mut endpoint = quinn::Endpoint::client(SocketAddr::from_str("[::]:0").unwrap())?;
|
|
||||||
// endpoint.set_default_client_config(client_config);
|
|
||||||
// endpoint
|
|
||||||
// .connect(addr, SERVER_NAME)?
|
|
||||||
// .await
|
|
||||||
// .map_err(|e| format!("failed to connect: {}", e))
|
|
||||||
// }
|
|
||||||
|
|
||||||
async fn connection_no_cert(addr: SocketAddr) -> NetResult<(Endpoint, Connection)> {
|
async fn connection_no_cert(addr: SocketAddr) -> NetResult<(Endpoint, Connection)> {
|
||||||
let mut endpoint = Endpoint::client(CLIENT_SOCKET).map_err(|e| e.to_string())?;
|
let mut endpoint = Endpoint::client(CLIENT_SOCKET).map_err(|e| e.to_string())?;
|
||||||
@@ -147,59 +137,62 @@ async fn connection_no_cert(addr: SocketAddr) -> NetResult<(Endpoint, Connection
|
|||||||
Ok((endpoint, con))
|
Ok((endpoint, con))
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn connect(msg: impl MsgHandler, info: ConnectInfo) -> Result<NetHandle, String> {
|
impl NetHandle {
|
||||||
let (send, mut ui_recv) = tokio::sync::mpsc::unbounded_channel::<NetCtrlMsg>();
|
pub async fn connect(msg: impl MsgHandler, info: ConnectInfo) -> Result<Self, String> {
|
||||||
|
let (send, mut ui_recv) = tokio::sync::mpsc::unbounded_channel::<NetCtrlMsg>();
|
||||||
|
|
||||||
let addr = info
|
let cert = CertificateDer::from_slice(&info.cert);
|
||||||
.url
|
let addr = info
|
||||||
.to_socket_addrs()
|
.url
|
||||||
.map_err(|e| e.to_string())?
|
.to_socket_addrs()
|
||||||
.next()
|
.map_err(|e| e.to_string())?
|
||||||
.ok_or("no addresses found".to_string())?;
|
.next()
|
||||||
let (endpoint, conn) = connection_no_cert(addr).await?;
|
.ok_or("no addresses found".to_string())?;
|
||||||
let conn_ = conn.clone();
|
let (endpoint, conn) = connection_cert(addr).await?;
|
||||||
|
let conn_ = conn.clone();
|
||||||
|
|
||||||
let mut req_id = RequestId::first();
|
let mut req_id = RequestId::first();
|
||||||
let recv = Arc::new(ServerRecv {
|
let recv = Arc::new(ServerRecv {
|
||||||
msg,
|
msg,
|
||||||
requests: DashMap::default(),
|
requests: DashMap::default(),
|
||||||
});
|
});
|
||||||
tokio::spawn(recv_uni(conn_, recv.clone()));
|
tokio::spawn(recv_uni(conn_, recv.clone()));
|
||||||
tokio::spawn(async move {
|
tokio::spawn(async move {
|
||||||
while let Some(msg) = ui_recv.recv().await {
|
while let Some(msg) = ui_recv.recv().await {
|
||||||
let request_id = req_id.next();
|
let request_id = req_id.next();
|
||||||
match msg {
|
match msg {
|
||||||
NetCtrlMsg::Send(msg) => {
|
NetCtrlMsg::Send(msg) => {
|
||||||
let msg = ClientRequestMsg {
|
let msg = ClientRequestMsg {
|
||||||
id: request_id,
|
id: request_id,
|
||||||
msg: msg.into(),
|
msg: msg.into(),
|
||||||
};
|
};
|
||||||
if send_uni(&conn, msg).await.is_err() {
|
if send_uni(&conn, msg).await.is_err() {
|
||||||
println!("disconnected from server");
|
println!("disconnected from server");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
NetCtrlMsg::Request(msg, send) => {
|
||||||
|
let msg = ClientRequestMsg {
|
||||||
|
id: request_id,
|
||||||
|
msg: msg.into(),
|
||||||
|
};
|
||||||
|
recv.requests.insert(request_id, send);
|
||||||
|
if send_uni(&conn, msg).await.is_err() {
|
||||||
|
println!("disconnected from server");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
NetCtrlMsg::Exit => {
|
||||||
|
conn.close(0u32.into(), &[]);
|
||||||
|
endpoint.wait_idle().await;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
NetCtrlMsg::Request(msg, send) => {
|
|
||||||
let msg = ClientRequestMsg {
|
|
||||||
id: request_id,
|
|
||||||
msg: msg.into(),
|
|
||||||
};
|
|
||||||
recv.requests.insert(request_id, send);
|
|
||||||
if send_uni(&conn, msg).await.is_err() {
|
|
||||||
println!("disconnected from server");
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
NetCtrlMsg::Exit => {
|
|
||||||
conn.close(0u32.into(), &[]);
|
|
||||||
endpoint.wait_idle().await;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
});
|
||||||
});
|
|
||||||
|
|
||||||
Ok(NetHandle { send })
|
Ok(NetHandle { send })
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub trait MsgHandler: Sync + Send + 'static {
|
pub trait MsgHandler: Sync + Send + 'static {
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
use openworm::net::{CreateAccount, CreateAccountResp};
|
use openworm::net::{CreateAccount, CreateAccountResp};
|
||||||
|
|
||||||
use crate::net::{self, ConnectInfo};
|
use crate::net::{ConnectInfo, NetHandle};
|
||||||
|
|
||||||
use super::*;
|
use super::*;
|
||||||
|
|
||||||
@@ -41,17 +41,23 @@ pub fn start(rsc: &mut Rsc) -> WeakWidget {
|
|||||||
pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
|
pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
|
||||||
let url = field("", "server", rsc);
|
let url = field("", "server", rsc);
|
||||||
let token = field("", "account creation token", rsc);
|
let token = field("", "account creation token", rsc);
|
||||||
|
let cert = field("", "certificate hex", rsc);
|
||||||
let username = field("", "username", rsc);
|
let username = field("", "username", rsc);
|
||||||
let password = field("", "password", rsc);
|
let password = field("", "password", rsc);
|
||||||
|
|
||||||
let create = Button::submit("create", rsc);
|
let create = Button::submit("create", rsc);
|
||||||
rsc.events.register(create, Submit, move |ctx, rsc| {
|
rsc.events.register(create, Submit, move |ctx, rsc| {
|
||||||
create.disable(rsc);
|
|
||||||
let url = rsc[url].content();
|
let url = rsc[url].content();
|
||||||
let token = rsc[token].content();
|
let token = rsc[token].content();
|
||||||
|
let cert = rsc[cert].content();
|
||||||
|
let Ok(cert) = decode_hex(&cert) else {
|
||||||
|
rsc[ctx.state.notif].inner = Some(werror("Invalid certificate hex", rsc));
|
||||||
|
return;
|
||||||
|
};
|
||||||
let username = rsc[username].content();
|
let username = rsc[username].content();
|
||||||
let password = rsc[password].content();
|
let password = rsc[password].content();
|
||||||
let login_key = ctx.state.data.login_key(&username);
|
let login_key = ctx.state.data.login_key(&username);
|
||||||
|
create.disable(rsc);
|
||||||
rsc.spawn_task(async move |mut ctx| {
|
rsc.spawn_task(async move |mut ctx| {
|
||||||
let mut fail = move |reason| {
|
let mut fail = move |reason| {
|
||||||
ctx.update(move |ctx, rsc| {
|
ctx.update(move |ctx, rsc| {
|
||||||
@@ -59,11 +65,11 @@ pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
|
|||||||
create.enable(rsc);
|
create.enable(rsc);
|
||||||
})
|
})
|
||||||
};
|
};
|
||||||
let Ok(net) = net::connect(
|
let Ok(net) = NetHandle::connect(
|
||||||
async |msg| {
|
async |msg| {
|
||||||
println!("msg recv :joy:");
|
println!("msg recv :joy:");
|
||||||
},
|
},
|
||||||
ConnectInfo { url },
|
ConnectInfo { url, cert },
|
||||||
)
|
)
|
||||||
.await
|
.await
|
||||||
else {
|
else {
|
||||||
@@ -98,6 +104,7 @@ pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
|
|||||||
wtext("Create Account").text_align(Align::CENTER).size(30),
|
wtext("Create Account").text_align(Align::CENTER).size(30),
|
||||||
field_box(url, rsc),
|
field_box(url, rsc),
|
||||||
field_box(token, rsc),
|
field_box(token, rsc),
|
||||||
|
field_box(cert, rsc),
|
||||||
field_box(username, rsc),
|
field_box(username, rsc),
|
||||||
field_box(password, rsc),
|
field_box(password, rsc),
|
||||||
create,
|
create,
|
||||||
@@ -108,6 +115,13 @@ pub fn create_account(rsc: &mut Rsc) -> WeakWidget {
|
|||||||
.add(rsc)
|
.add(rsc)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn decode_hex(s: &str) -> Result<Vec<u8>, std::num::ParseIntError> {
|
||||||
|
(0..s.len())
|
||||||
|
.step_by(2)
|
||||||
|
.map(|i| u8::from_str_radix(&s[i..i + 2], 16))
|
||||||
|
.collect()
|
||||||
|
}
|
||||||
|
|
||||||
// pub fn connect_screen(client: &mut Client, ui: &mut Ui, state: &UiState) -> WeakWidget {
|
// pub fn connect_screen(client: &mut Client, ui: &mut Ui, state: &UiState) -> WeakWidget {
|
||||||
// let Client { data, proxy, .. } = client;
|
// let Client { data, proxy, .. } = client;
|
||||||
// let ip = field_widget(&data.ip, "ip", ui);
|
// let ip = field_widget(&data.ip, "ip", ui);
|
||||||
|
|||||||
@@ -42,8 +42,8 @@ fn main() {
|
|||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
pub async fn run_server(port: u16) {
|
pub async fn run_server(port: u16) {
|
||||||
let dir = DataDir::default();
|
let dir = DataDir::default();
|
||||||
let path = dir.get();
|
let path = dir.get().join("server");
|
||||||
let db = Db::open(path.join("server_db"));
|
let db = Db::open(path.join("db"));
|
||||||
let handler = ServerListener {
|
let handler = ServerListener {
|
||||||
senders: Default::default(),
|
senders: Default::default(),
|
||||||
count: 0.into(),
|
count: 0.into(),
|
||||||
@@ -53,7 +53,7 @@ pub async fn run_server(port: u16) {
|
|||||||
let token = account_token(&db, ServerPerms::ACCOUNT_TOKENS);
|
let token = account_token(&db, ServerPerms::ACCOUNT_TOKENS);
|
||||||
println!("no users found, token for admin: {token}");
|
println!("no users found, token for admin: {token}");
|
||||||
}
|
}
|
||||||
let (endpoint, handle) = listen(port, path, handler);
|
let (endpoint, handle) = listen(port, &path, handler);
|
||||||
let _ = ctrl_c().await;
|
let _ = ctrl_c().await;
|
||||||
println!("stopping server");
|
println!("stopping server");
|
||||||
println!("closing connections...");
|
println!("closing connections...");
|
||||||
|
|||||||
@@ -37,19 +37,12 @@ pub fn init_endpoint(port: u16, data_path: &Path) -> Endpoint {
|
|||||||
panic!("failed to read certificate: {}", e);
|
panic!("failed to read certificate: {}", e);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
// let server_crypto = quinn::rustls::ServerConfig::builder()
|
print!("cert hex: ");
|
||||||
// .with_no_client_auth()
|
for x in cert.iter() {
|
||||||
// .with_single_cert(vec![cert], key)
|
print!("{:x}", x);
|
||||||
// .unwrap();
|
}
|
||||||
//
|
println!();
|
||||||
// let server_config = quinn::ServerConfig::with_crypto(Arc::new(
|
|
||||||
// QuicServerConfig::try_from(server_crypto).unwrap(),
|
|
||||||
// ));
|
|
||||||
|
|
||||||
let server_config = ServerConfig::with_single_cert(vec![cert], key).unwrap();
|
let server_config = ServerConfig::with_single_cert(vec![cert], key).unwrap();
|
||||||
// let transport_config = Arc::get_mut(&mut server_config.transport).unwrap();
|
|
||||||
// transport_config.max_concurrent_uni_streams(0_u8.into());
|
|
||||||
|
|
||||||
let server_socket: SocketAddr = SocketAddr::V6(SocketAddrV6::new(SERVER_HOST, port, 0, 0));
|
let server_socket: SocketAddr = SocketAddr::V6(SocketAddrV6::new(SERVER_HOST, port, 0, 0));
|
||||||
quinn::Endpoint::server(server_config, server_socket).unwrap()
|
quinn::Endpoint::server(server_config, server_socket).unwrap()
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user