net/quic: Drop private key type property

Use read_all helper from rustls_pemfile and drop the requirement for the user having to specify the private key type. Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-rs/-/merge_requests/1036>
2024-12-22 18:16:28 +00:00 · 2024-05-01 11:41:08 +05:30 · 2024-05-01 11:41:08 +05:30 · 97d8a79d36
commit 97d8a79d36
parent a306b1ce94
3 changed files with 19 additions and 65 deletions
--- a/net/quic/src/quinnquicsrc/imp.rs
+++ b/net/quic/src/quinnquicsrc/imp.rs
@ -7,7 +7,6 @@
 //
 // SPDX-License-Identifier: MPL-2.0

-use super::QuicPrivateKeyType;
 use crate::utils::{
    make_socket_addr, server_endpoint, wait, WaitError, CONNECTION_CLOSE_CODE, CONNECTION_CLOSE_MSG,
 };
@ -36,7 +35,6 @@ static DEFAULT_SERVER_PORT: u16 = 5000;
 */
 const DEFAULT_ALPN: &str = "gst-quinn";
 const DEFAULT_TIMEOUT: u32 = 15;
-const DEFAULT_PRIVATE_KEY_TYPE: QuicPrivateKeyType = QuicPrivateKeyType::Pkcs8;
 const DEFAULT_SECURE_CONNECTION: bool = true;

 static CAT: Lazy<gst::DebugCategory> = Lazy::new(|| {
@ -70,7 +68,6 @@ struct Settings {
    caps: gst::Caps,
    use_datagram: bool,
    certificate_path: Option<PathBuf>,
-    private_key_type: QuicPrivateKeyType,
 }

 impl Default for Settings {
@ -85,7 +82,6 @@ impl Default for Settings {
            caps: gst::Caps::new_any(),
            use_datagram: false,
            certificate_path: None,
-            private_key_type: DEFAULT_PRIVATE_KEY_TYPE,
        }
    }
 }
@ -111,8 +107,6 @@ impl GstObjectImpl for QuinnQuicSrc {}
 impl ElementImpl for QuinnQuicSrc {
    fn metadata() -> Option<&'static gst::subclass::ElementMetadata> {
        static ELEMENT_METADATA: Lazy<gst::subclass::ElementMetadata> = Lazy::new(|| {
-            #[cfg(feature = "doc")]
-            QuicPrivateKeyType::static_type().mark_as_plugin_api(gst::PluginAPIFlags::empty());
            gst::subclass::ElementMetadata::new(
                "Quinn QUIC Source",
                "Source/Network/QUIC",
@ -218,10 +212,6 @@ impl ObjectImpl for QuinnQuicSrc {
                    .blurb("Use datagram for lower latency, unreliable messaging")
                    .default_value(false)
                    .build(),
-                glib::ParamSpecEnum::builder_with_default::<QuicPrivateKeyType>("private-key-type", DEFAULT_PRIVATE_KEY_TYPE)
-                    .nick("Whether PKCS8 or RSA key type is considered for private key")
-                    .blurb("Read given private key as PKCS8 or RSA")
-                    .build(),
            ]
        });

@ -276,11 +266,6 @@ impl ObjectImpl for QuinnQuicSrc {
            "use-datagram" => {
                settings.use_datagram = value.get().expect("type checked upstream");
            }
-            "private-key-type" => {
-                settings.private_key_type = value
-                    .get::<QuicPrivateKeyType>()
-                    .expect("type checked upstream");
-            }
            _ => unimplemented!(),
        }
    }
@ -307,7 +292,6 @@ impl ObjectImpl for QuinnQuicSrc {
                certpath.and_then(|file| file.to_str()).to_value()
            }
            "use-datagram" => settings.use_datagram.to_value(),
-            "private-key-type" => settings.private_key_type.to_value(),
            _ => unimplemented!(),
        }
    }
@ -537,7 +521,6 @@ impl QuinnQuicSrc {
        let use_datagram;
        let secure_conn;
        let cert_path;
-        let private_key_type;

        {
            let settings = self.settings.lock().unwrap();
@ -551,23 +534,15 @@ impl QuinnQuicSrc {
            use_datagram = settings.use_datagram;
            secure_conn = settings.secure_conn;
            cert_path = settings.certificate_path.clone();
-            private_key_type = settings.private_key_type;
        }

-        let endpoint = server_endpoint(
-            server_addr,
-            &server_name,
-            secure_conn,
-            alpns,
-            cert_path,
-            private_key_type,
-        )
-        .map_err(|err| {
-            WaitError::FutureError(gst::error_msg!(
-                gst::ResourceError::Failed,
-                ["Failed to configure endpoint: {}", err]
-            ))
-        })?;
+        let endpoint = server_endpoint(server_addr, &server_name, secure_conn, alpns, cert_path)
+            .map_err(|err| {
+                WaitError::FutureError(gst::error_msg!(
+                    gst::ResourceError::Failed,
+                    ["Failed to configure endpoint: {}", err]
+                ))
+            })?;

        let incoming_conn = endpoint.accept().await.unwrap();

--- a/net/quic/src/quinnquicsrc/mod.rs
+++ b/net/quic/src/quinnquicsrc/mod.rs
@ -12,16 +12,6 @@ use gst::prelude::*;

 mod imp;

-#[derive(Debug, Eq, PartialEq, Ord, PartialOrd, Hash, Clone, Copy, glib::Enum)]
-#[repr(u32)]
-#[enum_type(name = "GstQuicPrivateKeyType")]
-pub enum QuicPrivateKeyType {
-    #[enum_value(name = "PKCS8: PKCS #8 Private Key.", nick = "pkcs8")]
-    Pkcs8,
-    #[enum_value(name = "RSA: RSA Private Key.", nick = "rsa")]
-    Rsa,
-}
-
 glib::wrapper! {
    pub struct QuinnQuicSrc(ObjectSubclass<imp::QuinnQuicSrc>) @extends gst_base::BaseSrc, gst::Element, gst::Object;
 }
--- a/net/quic/src/utils.rs
+++ b/net/quic/src/utils.rs
@ -7,7 +7,6 @@
 //
 // SPDX-License-Identifier: MPL-2.0

-use crate::quinnquicsrc::QuicPrivateKeyType;
 use futures::future;
 use futures::prelude::*;
 use gst::ErrorMessage;
@ -158,7 +157,6 @@ fn configure_client(secure_conn: bool, alpns: Vec<String>) -> Result<ClientConfi

 fn read_certs_from_file(
    certificate_path: Option<PathBuf>,
-    private_key_type: QuicPrivateKeyType,
 ) -> Result<(Vec<rustls::Certificate>, rustls::PrivateKey), Box<dyn Error>> {
    /*
     * NOTE:
@ -192,19 +190,18 @@ fn read_certs_from_file(
    let key: rustls::PrivateKey = {
        let key_file = File::open(key_file.as_path())?;
        let mut key_file_rdr = BufReader::new(key_file);
-        let mut key_vec;

-        // If the file starts with "BEGIN RSA PRIVATE KEY"
-        if let QuicPrivateKeyType::Rsa = private_key_type {
-            key_vec = rustls_pemfile::rsa_private_keys(&mut key_file_rdr)?;
-        } else {
-            // If the file starts with "BEGIN PRIVATE KEY"
-            key_vec = rustls_pemfile::pkcs8_private_keys(&mut key_file_rdr)?;
+        let keys_iter = rustls_pemfile::read_all(&mut key_file_rdr)?;
+        let key_item = keys_iter
+            .into_iter()
+            .next()
+            .ok_or("Certificate should have at least one private key")?;
+
+        match key_item {
+            rustls_pemfile::Item::RSAKey(key) => rustls::PrivateKey(key),
+            rustls_pemfile::Item::PKCS8Key(key) => rustls::PrivateKey(key),
+            _ => unimplemented!(),
        }
-
-        assert_eq!(key_vec.len(), 1);
-
-        rustls::PrivateKey(key_vec.remove(0))
    };

    Ok((certs, key))
@ -215,10 +212,9 @@ fn configure_server(
    secure_conn: bool,
    certificate_path: Option<PathBuf>,
    alpns: Vec<String>,
-    private_key_type: QuicPrivateKeyType,
 ) -> Result<(ServerConfig, Vec<rustls::Certificate>), Box<dyn Error>> {
    let (cert, key) = if secure_conn {
-        read_certs_from_file(certificate_path, private_key_type).unwrap()
+        read_certs_from_file(certificate_path).unwrap()
    } else {
        let cert = rcgen::generate_simple_self_signed(vec![server_name.into()]).unwrap();
        let cert_der = cert.serialize_der().unwrap();
@ -258,15 +254,8 @@ pub fn server_endpoint(
    secure_conn: bool,
    alpns: Vec<String>,
    certificate_path: Option<PathBuf>,
-    private_key_type: QuicPrivateKeyType,
 ) -> Result<Endpoint, Box<dyn Error>> {
-    let (server_config, _) = configure_server(
-        server_name,
-        secure_conn,
-        certificate_path,
-        alpns,
-        private_key_type,
-    )?;
+    let (server_config, _) = configure_server(server_name, secure_conn, certificate_path, alpns)?;
    let endpoint = Endpoint::server(server_config, server_addr)?;

    Ok(endpoint)