From 8fe403b94d938a75b2cc30500958552a47f2205d Mon Sep 17 00:00:00 2001 From: Shadow Cat Date: Sun, 16 Nov 2025 16:50:34 -0500 Subject: [PATCH] disable auth for now --- src/bin/server.rs | 4 +++ src/net/client.rs | 90 ++++++++++++++++++++++++++++------------------ src/net/mod.rs | 4 +++ src/net/no_cert.rs | 56 +++++++++++++++++++++++++++++ src/net/server.rs | 49 +++++++++++++++++++++++++ src/server/mod.rs | 50 +------------------------- 6 files changed, 170 insertions(+), 83 deletions(-) create mode 100644 src/net/no_cert.rs create mode 100644 src/net/server.rs diff --git a/src/bin/server.rs b/src/bin/server.rs index 40fada8..f81241d 100644 --- a/src/bin/server.rs +++ b/src/bin/server.rs @@ -1,5 +1,9 @@ use openworm::server::run_server; fn main() { + quinn::rustls::crypto::aws_lc_rs::default_provider() + .install_default() + .unwrap(); + run_server(); } diff --git a/src/net/client.rs b/src/net/client.rs index 27512aa..d6cf69a 100644 --- a/src/net/client.rs +++ b/src/net/client.rs @@ -1,14 +1,18 @@ -use crate::client::{AppHandle, ClientEvent}; -use quinn::{crypto::rustls::QuicClientConfig, rustls::pki_types::CertificateDer}; +use crate::{ + client::{AppHandle, ClientEvent}, + net::{SERVER_NAME, no_cert::SkipServerVerification}, +}; +use quinn::{ClientConfig, Connection, Endpoint, crypto::rustls::QuicClientConfig}; use std::{ - fs, - io::ErrorKind, - net::{IpAddr, Ipv6Addr, SocketAddr}, + net::{Ipv6Addr, SocketAddr, SocketAddrV6}, str::FromStr, sync::Arc, }; use tokio::sync::mpsc::UnboundedSender; +pub const CLIENT_SOCKET: SocketAddr = + SocketAddr::V6(SocketAddrV6::new(Ipv6Addr::UNSPECIFIED, 0, 0, 0)); + pub fn connect(handle: AppHandle, ip: String) { std::thread::spawn(|| { connect_the(handle, ip).unwrap(); @@ -21,39 +25,57 @@ pub enum NetCmd { pub type NetSender = UnboundedSender; +// async fn connection_cert(addr: SocketAddr) -> anyhow::Result { +// let dirs = directories_next::ProjectDirs::from("", "", "openworm").unwrap(); +// let mut roots = quinn::rustls::RootCertStore::empty(); +// match fs::read(dirs.data_local_dir().join("cert.der")) { +// Ok(cert) => { +// roots.add(CertificateDer::from(cert))?; +// } +// Err(ref e) if e.kind() == ErrorKind::NotFound => { +// eprintln!("local server certificate not found"); +// } +// Err(e) => { +// eprintln!("failed to open local server certificate: {}", e); +// } +// } +// let client_crypto = quinn::rustls::ClientConfig::builder() +// .with_root_certificates(roots) +// .with_no_client_auth(); +// let client_config = ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?)); +// let mut endpoint = quinn::Endpoint::client(SocketAddr::from_str("[::]:0").unwrap())?; +// endpoint.set_default_client_config(client_config); +// endpoint +// .connect(addr, SERVER_NAME)? +// .await +// .map_err(|e| anyhow::anyhow!("failed to connect: {}", e)) +// } + +async fn connection_no_cert(addr: SocketAddr) -> anyhow::Result { + let mut endpoint = Endpoint::client(CLIENT_SOCKET)?; + + endpoint.set_default_client_config(ClientConfig::new(Arc::new(QuicClientConfig::try_from( + quinn::rustls::ClientConfig::builder() + .dangerous() + .with_custom_certificate_verifier(SkipServerVerification::new()) + .with_no_client_auth(), + )?))); + + // connect to server + endpoint + .connect(addr, SERVER_NAME) + .unwrap() + .await + .map_err(|e| anyhow::anyhow!("failed to connect: {e}")) +} + #[tokio::main] async fn connect_the(handle: AppHandle, ip: String) -> anyhow::Result<()> { - let dirs = directories_next::ProjectDirs::from("", "", "openworm").unwrap(); - let mut roots = quinn::rustls::RootCertStore::empty(); - match fs::read(dirs.data_local_dir().join("cert.der")) { - Ok(cert) => { - roots.add(CertificateDer::from(cert))?; - } - Err(ref e) if e.kind() == ErrorKind::NotFound => { - eprintln!("local server certificate not found"); - } - Err(e) => { - eprintln!("failed to open local server certificate: {}", e); - } - } - let client_crypto = quinn::rustls::ClientConfig::builder() - .with_root_certificates(roots) - .with_no_client_auth(); - let client_config = - quinn::ClientConfig::new(Arc::new(QuicClientConfig::try_from(client_crypto)?)); - let mut endpoint = quinn::Endpoint::client(SocketAddr::from_str("[::]:0").unwrap())?; - endpoint.set_default_client_config(client_config); - let remote = SocketAddr::from_str(&ip).unwrap(); - // let remote = SocketAddr::new(IpAddr::V6(Ipv6Addr::LOCALHOST), 4433); - let host = "localhost"; - let conn = endpoint - .connect(remote, host)? - .await - .map_err(|e| anyhow::anyhow!("failed to connect: {}", e))?; - let (client_send, mut client_recv) = tokio::sync::mpsc::unbounded_channel::(); handle.send(ClientEvent::Connect(client_send)); + let addr = SocketAddr::from_str(&ip).unwrap(); + let conn = connection_no_cert(addr).await?; while let Some(msg) = client_recv.recv().await { match msg { @@ -61,7 +83,7 @@ async fn connect_the(handle: AppHandle, ip: String) -> anyhow::Result<()> { let (mut send, recv) = conn .open_bi() .await - .map_err(|e| anyhow::anyhow!("failed to open stream: {}", e))?; + .map_err(|e| anyhow::anyhow!("failed to open stream: {e}"))?; drop(recv); diff --git a/src/net/mod.rs b/src/net/mod.rs index b225acd..be0b30c 100644 --- a/src/net/mod.rs +++ b/src/net/mod.rs @@ -1,4 +1,8 @@ pub mod client; +mod no_cert; +pub mod server; + +pub const SERVER_NAME: &str = "openworm"; pub enum ClientMsg { SendMsg { content: String }, diff --git a/src/net/no_cert.rs b/src/net/no_cert.rs new file mode 100644 index 0000000..df83323 --- /dev/null +++ b/src/net/no_cert.rs @@ -0,0 +1,56 @@ +use quinn::rustls::{self, pki_types::*}; +use std::sync::Arc; + +#[derive(Debug)] +pub struct SkipServerVerification(Arc); + +impl SkipServerVerification { + pub fn new() -> Arc { + Arc::new(Self(Arc::new(rustls::crypto::ring::default_provider()))) + } +} + +impl rustls::client::danger::ServerCertVerifier for SkipServerVerification { + fn verify_server_cert( + &self, + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], + _server_name: &ServerName<'_>, + _ocsp: &[u8], + _now: UnixTime, + ) -> Result { + Ok(rustls::client::danger::ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &rustls::DigitallySignedStruct, + ) -> Result { + rustls::crypto::verify_tls12_signature( + message, + cert, + dss, + &self.0.signature_verification_algorithms, + ) + } + + fn verify_tls13_signature( + &self, + message: &[u8], + cert: &CertificateDer<'_>, + dss: &rustls::DigitallySignedStruct, + ) -> Result { + rustls::crypto::verify_tls13_signature( + message, + cert, + dss, + &self.0.signature_verification_algorithms, + ) + } + + fn supported_verify_schemes(&self) -> Vec { + self.0.signature_verification_algorithms.supported_schemes() + } +} diff --git a/src/net/server.rs b/src/net/server.rs new file mode 100644 index 0000000..e65805f --- /dev/null +++ b/src/net/server.rs @@ -0,0 +1,49 @@ +use crate::net::SERVER_NAME; +use quinn::{ + Endpoint, ServerConfig, + rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}, +}; +use std::net::{Ipv6Addr, SocketAddr, SocketAddrV6}; +use std::{fs, path::Path}; + +pub const DEFAULT_PORT: u16 = 16839; +pub const SERVER_HOST: Ipv6Addr = Ipv6Addr::UNSPECIFIED; +pub const SERVER_SOCKET: SocketAddr = + SocketAddr::V6(SocketAddrV6::new(SERVER_HOST, DEFAULT_PORT, 0, 0)); + +pub fn listen(data_path: &Path) -> Endpoint { + let cert_path = data_path.join("cert.der"); + let key_path = data_path.join("key.der"); + let (cert, key) = match fs::read(&cert_path).and_then(|x| Ok((x, fs::read(&key_path)?))) { + Ok((cert, key)) => ( + CertificateDer::from(cert), + PrivateKeyDer::try_from(key).unwrap(), + ), + Err(ref e) if e.kind() == std::io::ErrorKind::NotFound => { + let cert = rcgen::generate_simple_self_signed([SERVER_NAME.into()]).unwrap(); + let key = PrivatePkcs8KeyDer::from(cert.signing_key.serialize_der()); + let cert = cert.cert.into(); + fs::create_dir_all(data_path).expect("failed to create certificate directory"); + fs::write(&cert_path, &cert).expect("failed to write certificate"); + fs::write(&key_path, key.secret_pkcs8_der()).expect("failed to write private key"); + (cert, key.into()) + } + Err(e) => { + panic!("failed to read certificate: {}", e); + } + }; + // let server_crypto = quinn::rustls::ServerConfig::builder() + // .with_no_client_auth() + // .with_single_cert(vec![cert], key) + // .unwrap(); + // + // let server_config = quinn::ServerConfig::with_crypto(Arc::new( + // QuicServerConfig::try_from(server_crypto).unwrap(), + // )); + + let server_config = ServerConfig::with_single_cert(vec![cert], key).unwrap(); + // let transport_config = Arc::get_mut(&mut server_config.transport).unwrap(); + // transport_config.max_concurrent_uni_streams(0_u8.into()); + + quinn::Endpoint::server(server_config, SERVER_SOCKET).unwrap() +} diff --git a/src/server/mod.rs b/src/server/mod.rs index 4342c95..36befb9 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -1,19 +1,8 @@ -use quinn::{ - Endpoint, - crypto::rustls::QuicServerConfig, - rustls::pki_types::{CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}, -}; -use std::{fs, net::SocketAddr, path::Path, str::FromStr, sync::Arc}; +use crate::net::{ClientMsg, server::listen}; use tracing::Instrument; -use crate::net::ClientMsg; - #[tokio::main] pub async fn run_server() { - quinn::rustls::crypto::aws_lc_rs::default_provider() - .install_default() - .unwrap(); - let dirs = directories_next::ProjectDirs::from("", "", "openworm").unwrap(); let path = dirs.data_local_dir(); let endpoint = listen(path); @@ -27,43 +16,6 @@ pub async fn run_server() { } }); } - - println!("hello world!"); -} - -pub fn listen(data_path: &Path) -> Endpoint { - let cert_path = data_path.join("cert.der"); - let key_path = data_path.join("key.der"); - let (cert, key) = match fs::read(&cert_path).and_then(|x| Ok((x, fs::read(&key_path)?))) { - Ok((cert, key)) => ( - CertificateDer::from(cert), - PrivateKeyDer::try_from(key).unwrap(), - ), - Err(ref e) if e.kind() == std::io::ErrorKind::NotFound => { - let cert = rcgen::generate_simple_self_signed(vec!["localhost".into()]).unwrap(); - let key = PrivatePkcs8KeyDer::from(cert.signing_key.serialize_der()); - let cert = cert.cert.into(); - fs::create_dir_all(data_path).expect("failed to create certificate directory"); - fs::write(&cert_path, &cert).expect("failed to write certificate"); - fs::write(&key_path, key.secret_pkcs8_der()).expect("failed to write private key"); - (cert, key.into()) - } - Err(e) => { - panic!("failed to read certificate: {}", e); - } - }; - let server_crypto = quinn::rustls::ServerConfig::builder() - .with_no_client_auth() - .with_single_cert(vec![cert], key) - .unwrap(); - - let mut server_config = quinn::ServerConfig::with_crypto(Arc::new( - QuicServerConfig::try_from(server_crypto).unwrap(), - )); - let transport_config = Arc::get_mut(&mut server_config.transport).unwrap(); - transport_config.max_concurrent_uni_streams(0_u8.into()); - - quinn::Endpoint::server(server_config, SocketAddr::from_str("[::1]:4433").unwrap()).unwrap() } async fn handle_connection(conn: quinn::Incoming) -> std::io::Result<()> {