aboutsummaryrefslogtreecommitdiff
path: root/src/cert_store.rs
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2021-12-07 15:20:45 +0100
committerAlex Auvolat <alex@adnab.me>2021-12-07 15:20:45 +0100
commitcd7e5ad034b75d659d4d87a752ab7b11cf75de12 (patch)
tree32773f9758b33188402e137d435bdd61ce01b280 /src/cert_store.rs
parent5535c4951a832d65755afa53822a36e96681320f (diff)
downloadtricot-cd7e5ad034b75d659d4d87a752ab7b11cf75de12.tar.gz
tricot-cd7e5ad034b75d659d4d87a752ab7b11cf75de12.zip
Got a reverse proxy
Diffstat (limited to 'src/cert_store.rs')
-rw-r--r--src/cert_store.rs23
1 files changed, 18 insertions, 5 deletions
diff --git a/src/cert_store.rs b/src/cert_store.rs
index 6529395..1b1a478 100644
--- a/src/cert_store.rs
+++ b/src/cert_store.rs
@@ -6,9 +6,11 @@ use anyhow::Result;
use chrono::Utc;
use log::*;
use tokio::sync::watch;
+use tokio::task::block_in_place;
use acme_micro::create_p384_key;
use acme_micro::{Directory, DirectoryUrl};
+use rustls::sign::CertifiedKey;
use crate::cert::{Cert, CertSer};
use crate::consul::Consul;
@@ -93,7 +95,7 @@ impl CertStore {
dir.load_account(std::str::from_utf8(&acc_privkey)?, contact)?
} else {
info!("Creating new Let's encrypt account");
- let acc = dir.register_account(contact.clone())?;
+ let acc = block_in_place(|| dir.register_account(contact.clone()))?;
self.consul
.kv_put(
"letsencrypt_account_key.pem",
@@ -119,17 +121,18 @@ impl CertStore {
.await?;
info!("Validating challenge");
- chall.validate(Duration::from_millis(5000))?;
+ block_in_place(|| chall.validate(Duration::from_millis(5000)))?;
info!("Deleting challenge");
self.consul.kv_delete(&chall_key).await?;
- ord_new.refresh()?;
+ block_in_place(|| ord_new.refresh())?;
};
let pkey_pri = create_p384_key()?;
- let ord_cert = ord_csr.finalize_pkey(pkey_pri, Duration::from_millis(5000))?;
- let cert = ord_cert.download_cert()?;
+ let ord_cert =
+ block_in_place(|| ord_csr.finalize_pkey(pkey_pri, Duration::from_millis(5000)))?;
+ let cert = block_in_place(|| ord_cert.download_cert())?;
info!("Keys and certificate obtained");
let key_pem = cert.private_key().to_string();
@@ -157,3 +160,13 @@ impl CertStore {
Ok(cert)
}
}
+
+pub struct StoreResolver(pub Arc<CertStore>);
+
+impl rustls::server::ResolvesServerCert for StoreResolver {
+ fn resolve(&self, client_hello: rustls::server::ClientHello<'_>) -> Option<Arc<CertifiedKey>> {
+ let domain = client_hello.server_name()?;
+ let cert = futures::executor::block_on(self.0.get_cert(domain)).ok()?;
+ Some(cert.certkey.clone())
+ }
+}