Skip to content

Commit

Permalink
feat(tls): Use rustls_pki_types::CertificateDer to describe DER encod…
Browse files Browse the repository at this point in the history
…ed certificate (#1707)

* feat(tls): Add CertificateDer to describe DER encoded certificate

* feat(tls): Use rustls_pki_types::CertificateDer to describe DER encoded certificate

* chore(tls): Refactor internal connect info
  • Loading branch information
tottoto authored Jun 10, 2024
1 parent c783652 commit 96a8cbc
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 12 deletions.
6 changes: 4 additions & 2 deletions tonic/src/request.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@ use crate::metadata::{MetadataMap, MetadataValue};
#[cfg(feature = "transport")]
use crate::transport::server::TcpConnectInfo;
#[cfg(feature = "tls")]
use crate::transport::{server::TlsConnectInfo, Certificate};
use crate::transport::server::TlsConnectInfo;
use crate::Extensions;
#[cfg(feature = "transport")]
use std::net::SocketAddr;
#[cfg(feature = "tls")]
use std::sync::Arc;
use std::time::Duration;
#[cfg(feature = "tls")]
use tokio_rustls::rustls::pki_types::CertificateDer;
use tokio_stream::Stream;

/// A gRPC request and metadata from an RPC call.
Expand Down Expand Up @@ -258,7 +260,7 @@ impl<T> Request<T> {
/// TLS enabled connections.
#[cfg(feature = "tls")]
#[cfg_attr(docsrs, doc(cfg(feature = "tls")))]
pub fn peer_certs(&self) -> Option<Arc<Vec<Certificate>>> {
pub fn peer_certs(&self) -> Option<Arc<Vec<CertificateDer<'static>>>> {
self.extensions()
.get::<TlsConnectInfo<TcpConnectInfo>>()
.and_then(|i| i.peer_certs())
Expand Down
2 changes: 2 additions & 0 deletions tonic/src/transport/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ pub use self::service::grpc_timeout::TimeoutExpired;
pub use self::tls::Certificate;
pub use axum::{body::BoxBody as AxumBoxBody, Router as AxumRouter};
pub use hyper::{Body, Uri};
#[cfg(feature = "tls")]
pub use tokio_rustls::rustls::pki_types::CertificateDer;

pub(crate) use self::service::executor::Executor;

Expand Down
17 changes: 7 additions & 10 deletions tonic/src/transport/server/conn.rs
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ use hyper::server::conn::AddrStream;
use std::net::SocketAddr;
use tokio::net::TcpStream;

#[cfg(feature = "tls")]
use crate::transport::Certificate;
#[cfg(feature = "tls")]
use std::sync::Arc;
#[cfg(feature = "tls")]
use tokio_rustls::rustls::pki_types::CertificateDer;
#[cfg(feature = "tls")]
use tokio_rustls::server::TlsStream;

/// Trait that connected IO resources implement and use to produce info about the connection.
Expand Down Expand Up @@ -125,12 +125,9 @@ where
let (inner, session) = self.get_ref();
let inner = inner.connect_info();

let certs = if let Some(certs) = session.peer_certificates() {
let certs = certs.iter().map(Certificate::from_pem).collect();
Some(Arc::new(certs))
} else {
None
};
let certs = session
.peer_certificates()
.map(|certs| certs.to_owned().into());

TlsConnectInfo { inner, certs }
}
Expand All @@ -148,7 +145,7 @@ where
#[derive(Debug, Clone)]
pub struct TlsConnectInfo<T> {
inner: T,
certs: Option<Arc<Vec<Certificate>>>,
certs: Option<Arc<Vec<CertificateDer<'static>>>>,
}

#[cfg(feature = "tls")]
Expand All @@ -165,7 +162,7 @@ impl<T> TlsConnectInfo<T> {
}

/// Return the set of connected peer TLS certificates.
pub fn peer_certs(&self) -> Option<Arc<Vec<Certificate>>> {
pub fn peer_certs(&self) -> Option<Arc<Vec<CertificateDer<'static>>>> {
self.certs.clone()
}
}

0 comments on commit 96a8cbc

Please sign in to comment.