diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-07 15:20:45 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-07 15:20:45 +0100 |
| commit | cd7e5ad034b75d659d4d87a752ab7b11cf75de12 (patch) | |
| tree | 32773f9758b33188402e137d435bdd61ce01b280 /src/cert_store.rs | |
| parent | 5535c4951a832d65755afa53822a36e96681320f (diff) | |
| download | tricot-cd7e5ad034b75d659d4d87a752ab7b11cf75de12.tar.gz tricot-cd7e5ad034b75d659d4d87a752ab7b11cf75de12.zip | |
Got a reverse proxy
Diffstat (limited to 'src/cert_store.rs')
| -rw-r--r-- | src/cert_store.rs | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/cert_store.rs b/src/cert_store.rs index 6529395..1b1a478 100644 --- a/src/cert_store.rs +++ b/src/cert_store.rs @@ -6,9 +6,11 @@ use anyhow::Result; use chrono::Utc; use log::*; use tokio::sync::watch; +use tokio::task::block_in_place; use acme_micro::create_p384_key; use acme_micro::{Directory, DirectoryUrl}; +use rustls::sign::CertifiedKey; use crate::cert::{Cert, CertSer}; use crate::consul::Consul; @@ -93,7 +95,7 @@ impl CertStore { dir.load_account(std::str::from_utf8(&acc_privkey)?, contact)? } else { info!("Creating new Let's encrypt account"); - let acc = dir.register_account(contact.clone())?; + let acc = block_in_place(|| dir.register_account(contact.clone()))?; self.consul .kv_put( "letsencrypt_account_key.pem", @@ -119,17 +121,18 @@ impl CertStore { .await?; info!("Validating challenge"); - chall.validate(Duration::from_millis(5000))?; + block_in_place(|| chall.validate(Duration::from_millis(5000)))?; info!("Deleting challenge"); self.consul.kv_delete(&chall_key).await?; - ord_new.refresh()?; + block_in_place(|| ord_new.refresh())?; }; let pkey_pri = create_p384_key()?; - let ord_cert = ord_csr.finalize_pkey(pkey_pri, Duration::from_millis(5000))?; - let cert = ord_cert.download_cert()?; + let ord_cert = + block_in_place(|| ord_csr.finalize_pkey(pkey_pri, Duration::from_millis(5000)))?; + let cert = block_in_place(|| ord_cert.download_cert())?; info!("Keys and certificate obtained"); let key_pem = cert.private_key().to_string(); @@ -157,3 +160,13 @@ impl CertStore { Ok(cert) } } + +pub struct StoreResolver(pub Arc<CertStore>); + +impl rustls::server::ResolvesServerCert for StoreResolver { + fn resolve(&self, client_hello: rustls::server::ClientHello<'_>) -> Option<Arc<CertifiedKey>> { + let domain = client_hello.server_name()?; + let cert = futures::executor::block_on(self.0.get_cert(domain)).ok()?; + Some(cert.certkey.clone()) + } +} |