From 97d8a79d3680b17994e34d4a995ebc17d56fa61a Mon Sep 17 00:00:00 2001 From: Sanchayan Maity Date: Wed, 1 May 2024 11:41:08 +0530 Subject: [PATCH] net/quic: Drop private key type property Use read_all helper from rustls_pemfile and drop the requirement for the user having to specify the private key type. Part-of: --- net/quic/src/quinnquicsrc/imp.rs | 39 ++++++-------------------------- net/quic/src/quinnquicsrc/mod.rs | 10 -------- net/quic/src/utils.rs | 35 ++++++++++------------------ 3 files changed, 19 insertions(+), 65 deletions(-) diff --git a/net/quic/src/quinnquicsrc/imp.rs b/net/quic/src/quinnquicsrc/imp.rs index 73e96489..6546fb3b 100644 --- a/net/quic/src/quinnquicsrc/imp.rs +++ b/net/quic/src/quinnquicsrc/imp.rs @@ -7,7 +7,6 @@ // // SPDX-License-Identifier: MPL-2.0 -use super::QuicPrivateKeyType; use crate::utils::{ make_socket_addr, server_endpoint, wait, WaitError, CONNECTION_CLOSE_CODE, CONNECTION_CLOSE_MSG, }; @@ -36,7 +35,6 @@ static DEFAULT_SERVER_PORT: u16 = 5000; */ const DEFAULT_ALPN: &str = "gst-quinn"; const DEFAULT_TIMEOUT: u32 = 15; -const DEFAULT_PRIVATE_KEY_TYPE: QuicPrivateKeyType = QuicPrivateKeyType::Pkcs8; const DEFAULT_SECURE_CONNECTION: bool = true; static CAT: Lazy = Lazy::new(|| { @@ -70,7 +68,6 @@ struct Settings { caps: gst::Caps, use_datagram: bool, certificate_path: Option, - private_key_type: QuicPrivateKeyType, } impl Default for Settings { @@ -85,7 +82,6 @@ impl Default for Settings { caps: gst::Caps::new_any(), use_datagram: false, certificate_path: None, - private_key_type: DEFAULT_PRIVATE_KEY_TYPE, } } } @@ -111,8 +107,6 @@ impl GstObjectImpl for QuinnQuicSrc {} impl ElementImpl for QuinnQuicSrc { fn metadata() -> Option<&'static gst::subclass::ElementMetadata> { static ELEMENT_METADATA: Lazy = Lazy::new(|| { - #[cfg(feature = "doc")] - QuicPrivateKeyType::static_type().mark_as_plugin_api(gst::PluginAPIFlags::empty()); gst::subclass::ElementMetadata::new( "Quinn QUIC Source", "Source/Network/QUIC", @@ -218,10 +212,6 @@ impl ObjectImpl for QuinnQuicSrc { .blurb("Use datagram for lower latency, unreliable messaging") .default_value(false) .build(), - glib::ParamSpecEnum::builder_with_default::("private-key-type", DEFAULT_PRIVATE_KEY_TYPE) - .nick("Whether PKCS8 or RSA key type is considered for private key") - .blurb("Read given private key as PKCS8 or RSA") - .build(), ] }); @@ -276,11 +266,6 @@ impl ObjectImpl for QuinnQuicSrc { "use-datagram" => { settings.use_datagram = value.get().expect("type checked upstream"); } - "private-key-type" => { - settings.private_key_type = value - .get::() - .expect("type checked upstream"); - } _ => unimplemented!(), } } @@ -307,7 +292,6 @@ impl ObjectImpl for QuinnQuicSrc { certpath.and_then(|file| file.to_str()).to_value() } "use-datagram" => settings.use_datagram.to_value(), - "private-key-type" => settings.private_key_type.to_value(), _ => unimplemented!(), } } @@ -537,7 +521,6 @@ impl QuinnQuicSrc { let use_datagram; let secure_conn; let cert_path; - let private_key_type; { let settings = self.settings.lock().unwrap(); @@ -551,23 +534,15 @@ impl QuinnQuicSrc { use_datagram = settings.use_datagram; secure_conn = settings.secure_conn; cert_path = settings.certificate_path.clone(); - private_key_type = settings.private_key_type; } - let endpoint = server_endpoint( - server_addr, - &server_name, - secure_conn, - alpns, - cert_path, - private_key_type, - ) - .map_err(|err| { - WaitError::FutureError(gst::error_msg!( - gst::ResourceError::Failed, - ["Failed to configure endpoint: {}", err] - )) - })?; + let endpoint = server_endpoint(server_addr, &server_name, secure_conn, alpns, cert_path) + .map_err(|err| { + WaitError::FutureError(gst::error_msg!( + gst::ResourceError::Failed, + ["Failed to configure endpoint: {}", err] + )) + })?; let incoming_conn = endpoint.accept().await.unwrap(); diff --git a/net/quic/src/quinnquicsrc/mod.rs b/net/quic/src/quinnquicsrc/mod.rs index 7af4afa9..0acf7876 100644 --- a/net/quic/src/quinnquicsrc/mod.rs +++ b/net/quic/src/quinnquicsrc/mod.rs @@ -12,16 +12,6 @@ use gst::prelude::*; mod imp; -#[derive(Debug, Eq, PartialEq, Ord, PartialOrd, Hash, Clone, Copy, glib::Enum)] -#[repr(u32)] -#[enum_type(name = "GstQuicPrivateKeyType")] -pub enum QuicPrivateKeyType { - #[enum_value(name = "PKCS8: PKCS #8 Private Key.", nick = "pkcs8")] - Pkcs8, - #[enum_value(name = "RSA: RSA Private Key.", nick = "rsa")] - Rsa, -} - glib::wrapper! { pub struct QuinnQuicSrc(ObjectSubclass) @extends gst_base::BaseSrc, gst::Element, gst::Object; } diff --git a/net/quic/src/utils.rs b/net/quic/src/utils.rs index 4c5f5152..8ced1636 100644 --- a/net/quic/src/utils.rs +++ b/net/quic/src/utils.rs @@ -7,7 +7,6 @@ // // SPDX-License-Identifier: MPL-2.0 -use crate::quinnquicsrc::QuicPrivateKeyType; use futures::future; use futures::prelude::*; use gst::ErrorMessage; @@ -158,7 +157,6 @@ fn configure_client(secure_conn: bool, alpns: Vec) -> Result, - private_key_type: QuicPrivateKeyType, ) -> Result<(Vec, rustls::PrivateKey), Box> { /* * NOTE: @@ -192,19 +190,18 @@ fn read_certs_from_file( let key: rustls::PrivateKey = { let key_file = File::open(key_file.as_path())?; let mut key_file_rdr = BufReader::new(key_file); - let mut key_vec; - // If the file starts with "BEGIN RSA PRIVATE KEY" - if let QuicPrivateKeyType::Rsa = private_key_type { - key_vec = rustls_pemfile::rsa_private_keys(&mut key_file_rdr)?; - } else { - // If the file starts with "BEGIN PRIVATE KEY" - key_vec = rustls_pemfile::pkcs8_private_keys(&mut key_file_rdr)?; + let keys_iter = rustls_pemfile::read_all(&mut key_file_rdr)?; + let key_item = keys_iter + .into_iter() + .next() + .ok_or("Certificate should have at least one private key")?; + + match key_item { + rustls_pemfile::Item::RSAKey(key) => rustls::PrivateKey(key), + rustls_pemfile::Item::PKCS8Key(key) => rustls::PrivateKey(key), + _ => unimplemented!(), } - - assert_eq!(key_vec.len(), 1); - - rustls::PrivateKey(key_vec.remove(0)) }; Ok((certs, key)) @@ -215,10 +212,9 @@ fn configure_server( secure_conn: bool, certificate_path: Option, alpns: Vec, - private_key_type: QuicPrivateKeyType, ) -> Result<(ServerConfig, Vec), Box> { let (cert, key) = if secure_conn { - read_certs_from_file(certificate_path, private_key_type).unwrap() + read_certs_from_file(certificate_path).unwrap() } else { let cert = rcgen::generate_simple_self_signed(vec![server_name.into()]).unwrap(); let cert_der = cert.serialize_der().unwrap(); @@ -258,15 +254,8 @@ pub fn server_endpoint( secure_conn: bool, alpns: Vec, certificate_path: Option, - private_key_type: QuicPrivateKeyType, ) -> Result> { - let (server_config, _) = configure_server( - server_name, - secure_conn, - certificate_path, - alpns, - private_key_type, - )?; + let (server_config, _) = configure_server(server_name, secure_conn, certificate_path, alpns)?; let endpoint = Endpoint::server(server_config, server_addr)?; Ok(endpoint)