itsi 0.1.20 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1 -8
- data/Cargo.lock +2 -2
- data/LICENSE.txt +698 -0
- data/README.md +15 -4
- data/Rakefile +9 -5
- data/crates/itsi_acme/.gitignore +4 -0
- data/crates/itsi_acme/Cargo.toml +86 -0
- data/crates/itsi_acme/LICENSE-APACHE +201 -0
- data/crates/itsi_acme/LICENSE-MIT +23 -0
- data/crates/itsi_acme/README.md +9 -0
- data/crates/itsi_acme/examples/high_level.rs +63 -0
- data/crates/itsi_acme/examples/high_level_warp.rs +52 -0
- data/crates/itsi_acme/examples/low_level.rs +87 -0
- data/crates/itsi_acme/examples/low_level_axum.rs +66 -0
- data/crates/itsi_acme/src/acceptor.rs +81 -0
- data/crates/itsi_acme/src/acme.rs +354 -0
- data/crates/itsi_acme/src/axum.rs +86 -0
- data/crates/itsi_acme/src/cache.rs +39 -0
- data/crates/itsi_acme/src/caches/boxed.rs +80 -0
- data/crates/itsi_acme/src/caches/composite.rs +69 -0
- data/crates/itsi_acme/src/caches/dir.rs +106 -0
- data/crates/itsi_acme/src/caches/mod.rs +11 -0
- data/crates/itsi_acme/src/caches/no.rs +78 -0
- data/crates/itsi_acme/src/caches/test.rs +136 -0
- data/crates/itsi_acme/src/config.rs +172 -0
- data/crates/itsi_acme/src/https_helper.rs +69 -0
- data/crates/itsi_acme/src/incoming.rs +142 -0
- data/crates/itsi_acme/src/jose.rs +161 -0
- data/crates/itsi_acme/src/lib.rs +142 -0
- data/crates/itsi_acme/src/resolver.rs +59 -0
- data/crates/itsi_acme/src/state.rs +424 -0
- data/crates/itsi_rb_helpers/src/lib.rs +4 -3
- data/crates/itsi_scheduler/Cargo.toml +1 -1
- data/crates/itsi_scheduler/src/itsi_scheduler.rs +8 -2
- data/crates/itsi_scheduler/src/lib.rs +1 -0
- data/crates/itsi_server/Cargo.toml +1 -1
- data/crates/itsi_server/src/lib.rs +2 -1
- data/crates/itsi_server/src/ruby_types/itsi_http_request.rs +18 -1
- data/crates/itsi_server/src/ruby_types/itsi_server/file_watcher.rs +11 -3
- data/crates/itsi_server/src/ruby_types/itsi_server/itsi_server_config.rs +122 -63
- data/crates/itsi_server/src/ruby_types/itsi_server.rs +2 -0
- data/crates/itsi_server/src/server/binds/bind.rs +3 -0
- data/crates/itsi_server/src/server/binds/listener.rs +12 -5
- data/crates/itsi_server/src/server/binds/tls.rs +13 -5
- data/crates/itsi_server/src/server/middleware_stack/middlewares/allow_list.rs +12 -5
- data/crates/itsi_server/src/server/middleware_stack/middlewares/auth_api_key.rs +8 -1
- data/crates/itsi_server/src/server/middleware_stack/middlewares/auth_basic.rs +9 -1
- data/crates/itsi_server/src/server/middleware_stack/middlewares/auth_jwt.rs +48 -43
- data/crates/itsi_server/src/server/middleware_stack/middlewares/cache_control.rs +11 -2
- data/crates/itsi_server/src/server/middleware_stack/middlewares/compression.rs +39 -12
- data/crates/itsi_server/src/server/middleware_stack/middlewares/cors.rs +36 -27
- data/crates/itsi_server/src/server/middleware_stack/middlewares/csp.rs +25 -11
- data/crates/itsi_server/src/server/middleware_stack/middlewares/deny_list.rs +12 -3
- data/crates/itsi_server/src/server/middleware_stack/middlewares/error_response/default_responses.rs +74 -72
- data/crates/itsi_server/src/server/middleware_stack/middlewares/error_response.rs +15 -1
- data/crates/itsi_server/src/server/middleware_stack/middlewares/etag.rs +11 -8
- data/crates/itsi_server/src/server/middleware_stack/middlewares/intrusion_protection.rs +19 -11
- data/crates/itsi_server/src/server/middleware_stack/middlewares/log_requests.rs +5 -5
- data/crates/itsi_server/src/server/middleware_stack/middlewares/max_body.rs +2 -2
- data/crates/itsi_server/src/server/middleware_stack/middlewares/mod.rs +11 -5
- data/crates/itsi_server/src/server/middleware_stack/middlewares/proxy.rs +17 -20
- data/crates/itsi_server/src/server/middleware_stack/middlewares/rate_limit.rs +19 -8
- data/crates/itsi_server/src/server/middleware_stack/middlewares/redirect.rs +16 -37
- data/crates/itsi_server/src/server/middleware_stack/middlewares/request_headers.rs +22 -12
- data/crates/itsi_server/src/server/middleware_stack/middlewares/response_headers.rs +26 -11
- data/crates/itsi_server/src/server/middleware_stack/middlewares/static_assets.rs +7 -1
- data/crates/itsi_server/src/server/middleware_stack/middlewares/string_rewrite.rs +14 -4
- data/crates/itsi_server/src/server/middleware_stack/middlewares/token_source.rs +19 -0
- data/crates/itsi_server/src/server/middleware_stack/mod.rs +49 -13
- data/crates/itsi_server/src/server/mod.rs +1 -0
- data/crates/itsi_server/src/server/redirect_type.rs +26 -0
- data/crates/itsi_server/src/server/serve_strategy/cluster_mode.rs +22 -16
- data/crates/itsi_server/src/server/serve_strategy/single_mode.rs +49 -12
- data/crates/itsi_server/src/server/signal.rs +1 -0
- data/crates/itsi_server/src/server/size_limited_incoming.rs +6 -0
- data/crates/itsi_server/src/server/thread_worker.rs +5 -1
- data/crates/itsi_server/src/services/itsi_http_service.rs +20 -2
- data/crates/itsi_server/src/services/rate_limiter.rs +15 -4
- data/crates/itsi_server/src/services/static_file_server.rs +33 -19
- data/crates/itsi_tracing/src/lib.rs +42 -22
- data/docs/content/_index.md +1 -2
- data/docs/content/acknowledgements/_index.md +5 -2
- data/docs/content/configuration/_index.md +8 -5
- data/docs/content/contact/_index.md +8 -1
- data/docs/content/faqs/_index.md +5 -3
- data/docs/content/features/_index.md +56 -50
- data/docs/content/getting_started/_index.md +8 -5
- data/docs/content/getting_started/local_development.md +68 -8
- data/docs/content/getting_started/logging.md +16 -9
- data/docs/content/getting_started/running_itsi_in_production.md +5 -3
- data/docs/content/getting_started/signals.md +38 -0
- data/docs/content/itsi_scheduler/_index.md +8 -7
- data/docs/content/utilities/_index.md +13 -0
- data/docs/content/utilities/config_file_testing.md +17 -0
- data/docs/content/utilities/passfile_generator.md +41 -0
- data/docs/content/utilities/route_testing.md +27 -0
- data/docs/content/utilities/secrets_management.md +30 -0
- data/docs/hugo.yaml +1 -1
- data/fairytale.txt +3 -4
- data/gems/scheduler/Cargo.lock +1 -1
- data/gems/scheduler/README.md +4 -5
- data/gems/scheduler/Rakefile +0 -4
- data/gems/scheduler/lib/itsi/scheduler/version.rb +1 -1
- data/gems/scheduler/lib/itsi/scheduler.rb +9 -4
- data/gems/scheduler/test/test_active_record.rb +12 -7
- data/gems/server/Cargo.lock +1 -1
- data/gems/server/Rakefile +0 -4
- data/gems/server/exe/itsi +13 -2
- data/gems/server/lib/itsi/http_request/response_status_shortcodes.rb +2 -0
- data/gems/server/lib/itsi/http_request.rb +40 -9
- data/gems/server/lib/itsi/http_response.rb +2 -1
- data/gems/server/lib/itsi/passfile.rb +0 -1
- data/gems/server/lib/itsi/server/config/config_helpers.rb +20 -8
- data/gems/server/lib/itsi/server/config/dsl.rb +20 -435
- data/gems/server/lib/itsi/server/config/known_paths.rb +4 -1
- data/gems/server/lib/itsi/server/config/middleware/_index.md +6 -4
- data/gems/server/lib/itsi/server/config/middleware/allow_list.md +46 -0
- data/gems/server/lib/itsi/server/config/middleware/allow_list.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/auth_api_key.md +90 -0
- data/gems/server/lib/itsi/server/config/middleware/auth_api_key.rb +51 -0
- data/gems/server/lib/itsi/server/config/middleware/auth_basic.md +45 -0
- data/gems/server/lib/itsi/server/config/middleware/auth_basic.rb +44 -0
- data/gems/server/lib/itsi/server/config/middleware/auth_jwt.md +82 -0
- data/gems/server/lib/itsi/server/config/middleware/auth_jwt.rb +38 -0
- data/gems/server/lib/itsi/server/config/middleware/cache_control.md +78 -0
- data/gems/server/lib/itsi/server/config/middleware/cache_control.rb +45 -0
- data/gems/server/lib/itsi/server/config/middleware/cidr_to_regex.rb +50 -0
- data/gems/server/lib/itsi/server/config/middleware/compression.md +50 -0
- data/gems/server/lib/itsi/server/config/middleware/compression.rb +37 -0
- data/gems/server/lib/itsi/server/config/middleware/cors.md +93 -0
- data/gems/server/lib/itsi/server/config/middleware/cors.rb +32 -0
- data/gems/server/lib/itsi/server/config/middleware/csp.md +37 -0
- data/gems/server/lib/itsi/server/config/middleware/csp.rb +44 -0
- data/gems/server/lib/itsi/server/config/middleware/deny_list.md +45 -0
- data/gems/server/lib/itsi/server/config/middleware/deny_list.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/_index.md +159 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/controller.md +186 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/controller.rb +33 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/delete.md +12 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/delete.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/endpoint.rb +99 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/get.md +12 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/get.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/http_request.md +44 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/http_response.md +39 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/patch.md +12 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/patch.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/post.md +12 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/post.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/put.md +12 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/put.rb +42 -0
- data/gems/server/lib/itsi/server/config/middleware/endpoint/schemas.md +122 -0
- data/gems/server/lib/itsi/server/config/middleware/error_response.md +61 -0
- data/gems/server/lib/itsi/server/config/middleware/error_response.rb +36 -0
- data/gems/server/lib/itsi/server/config/middleware/etag.md +59 -0
- data/gems/server/lib/itsi/server/config/middleware/etag.rb +27 -0
- data/gems/server/lib/itsi/server/config/middleware/grpc.md +172 -0
- data/gems/server/lib/itsi/server/config/middleware/grpc.rb +54 -0
- data/gems/server/lib/itsi/server/config/middleware/intrusion_protection.md +124 -0
- data/gems/server/lib/itsi/server/config/middleware/intrusion_protection.rb +61 -0
- data/gems/server/lib/itsi/server/config/middleware/location.md +107 -0
- data/gems/server/lib/itsi/server/config/middleware/location.rb +99 -0
- data/gems/server/lib/itsi/server/config/middleware/log_requests.md +13 -11
- data/gems/server/lib/itsi/server/config/middleware/log_requests.rb +1 -3
- data/gems/server/lib/itsi/server/config/middleware/max_body.md +18 -0
- data/gems/server/lib/itsi/server/config/middleware/max_body.rb +21 -0
- data/gems/server/lib/itsi/server/config/middleware/proxy.md +62 -0
- data/gems/server/lib/itsi/server/config/middleware/proxy.rb +41 -0
- data/gems/server/lib/itsi/server/config/middleware/rackup_file.md +54 -0
- data/gems/server/lib/itsi/server/config/middleware/rackup_file.rb +44 -0
- data/gems/server/lib/itsi/server/config/middleware/rate_limit.md +126 -0
- data/gems/server/lib/itsi/server/config/middleware/rate_limit.rb +34 -0
- data/gems/server/lib/itsi/server/config/middleware/rate_limit_store.rb +25 -0
- data/gems/server/lib/itsi/server/config/middleware/redirect.md +55 -0
- data/gems/server/lib/itsi/server/config/middleware/redirect.rb +25 -0
- data/gems/server/lib/itsi/server/config/middleware/request_headers.md +34 -0
- data/gems/server/lib/itsi/server/config/middleware/request_headers.rb +24 -0
- data/gems/server/lib/itsi/server/config/middleware/response_headers.md +33 -0
- data/gems/server/lib/itsi/server/config/middleware/response_headers.rb +25 -0
- data/gems/server/lib/itsi/server/config/middleware/run.md +60 -0
- data/gems/server/lib/itsi/server/config/middleware/run.rb +43 -0
- data/gems/server/lib/itsi/server/config/middleware/static_assets.md +73 -0
- data/gems/server/lib/itsi/server/config/middleware/static_assets.rb +87 -0
- data/gems/server/lib/itsi/server/config/middleware/static_response.md +44 -0
- data/gems/server/lib/itsi/server/config/middleware/static_response.rb +29 -0
- data/gems/server/lib/itsi/server/config/middleware/string_rewrite.md +67 -0
- data/gems/server/lib/itsi/server/config/middleware/token_source.rb +32 -0
- data/gems/server/lib/itsi/server/config/middleware.rb +4 -0
- data/gems/server/lib/itsi/server/config/option.rb +5 -0
- data/gems/server/lib/itsi/server/config/options/_index.md +3 -2
- data/gems/server/lib/itsi/server/config/options/auto_reload_config.md +13 -0
- data/gems/server/lib/itsi/server/config/options/auto_reload_config.rb +41 -0
- data/gems/server/lib/itsi/server/config/options/bind.md +71 -0
- data/gems/server/lib/itsi/server/config/options/bind.rb +26 -0
- data/gems/server/lib/itsi/server/config/options/certificates.md +65 -0
- data/gems/server/lib/itsi/server/config/options/daemonize.md +14 -0
- data/gems/server/lib/itsi/server/config/options/daemonize.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/fiber_scheduler.md +1 -2
- data/gems/server/lib/itsi/server/config/options/fiber_scheduler.rb +6 -3
- data/gems/server/lib/itsi/server/config/options/header_read_timeout.md +17 -0
- data/gems/server/lib/itsi/server/config/options/header_read_timeout.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/hooks/_index.md +11 -0
- data/gems/server/lib/itsi/server/config/options/hooks/after_fork.md +13 -0
- data/gems/server/lib/itsi/server/config/options/hooks/after_fork.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/hooks/after_memory_limit_reached.md +14 -0
- data/gems/server/lib/itsi/server/config/options/hooks/after_memory_limit_reached.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/hooks/after_start.md +12 -0
- data/gems/server/lib/itsi/server/config/options/hooks/after_start.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/hooks/before_fork.md +13 -0
- data/gems/server/lib/itsi/server/config/options/hooks/before_fork.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/hooks/before_restart.md +12 -0
- data/gems/server/lib/itsi/server/config/options/hooks/before_restart.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/hooks/before_shutdown.md +12 -0
- data/gems/server/lib/itsi/server/config/options/hooks/before_shutdown.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/include.md +20 -0
- data/gems/server/lib/itsi/server/config/options/include.rb +36 -0
- data/gems/server/lib/itsi/server/config/options/listen_backlog.md +11 -0
- data/gems/server/lib/itsi/server/config/options/listen_backlog.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/log_format.md +18 -0
- data/gems/server/lib/itsi/server/config/options/log_format.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/log_level.md +34 -0
- data/gems/server/lib/itsi/server/config/options/log_level.rb +20 -0
- data/gems/server/lib/itsi/server/config/options/log_target.md +38 -0
- data/gems/server/lib/itsi/server/config/options/log_target.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/log_target_filters.md +17 -0
- data/gems/server/lib/itsi/server/config/options/log_target_filters.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/multithreaded_reactor.md +27 -0
- data/gems/server/lib/itsi/server/config/options/multithreaded_reactor.rb +24 -0
- data/gems/server/lib/itsi/server/config/options/nodelay.md +16 -0
- data/gems/server/lib/itsi/server/config/options/nodelay.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/oob_gc_responses_threshold.md +19 -0
- data/gems/server/lib/itsi/server/config/options/oob_gc_responses_threshold.rb +18 -0
- data/gems/server/lib/itsi/server/config/options/pin_worker_cores.md +17 -0
- data/gems/server/lib/itsi/server/config/options/pin_worker_cores.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/preload.md +21 -0
- data/gems/server/lib/itsi/server/config/options/preload.rb +18 -0
- data/gems/server/lib/itsi/server/config/options/recv_buffer_size.md +15 -0
- data/gems/server/lib/itsi/server/config/options/recv_buffer_size.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/redirect_http_to_https.md +21 -0
- data/gems/server/lib/itsi/server/config/options/redirect_http_to_https.rb +30 -0
- data/gems/server/lib/itsi/server/config/options/request_timeout.md +23 -0
- data/gems/server/lib/itsi/server/config/options/request_timeout.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/reuse_address.md +16 -0
- data/gems/server/lib/itsi/server/config/options/reuse_address.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/reuse_port.md +16 -0
- data/gems/server/lib/itsi/server/config/options/reuse_port.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/scheduler_threads.md +34 -0
- data/gems/server/lib/itsi/server/config/options/scheduler_threads.rb +17 -0
- data/gems/server/lib/itsi/server/config/options/shutdown_timeout.md +17 -0
- data/gems/server/lib/itsi/server/config/options/shutdown_timeout.rb +19 -0
- data/gems/server/lib/itsi/server/config/options/stream_body.md +32 -0
- data/gems/server/lib/itsi/server/config/options/stream_body.rb +18 -0
- data/gems/server/lib/itsi/server/config/options/threads.md +7 -2
- data/gems/server/lib/itsi/server/config/options/threads.rb +1 -1
- data/gems/server/lib/itsi/server/config/options/watch.md +16 -0
- data/gems/server/lib/itsi/server/config/options/watch.rb +28 -0
- data/gems/server/lib/itsi/server/config/options/worker_memory_limit.md +22 -0
- data/gems/server/lib/itsi/server/config/options/worker_memory_limit.rb +18 -0
- data/gems/server/lib/itsi/server/config/options/workers.md +1 -2
- data/gems/server/lib/itsi/server/config/options/workers.rb +1 -1
- data/gems/server/lib/itsi/server/config/typed_struct.rb +59 -20
- data/gems/server/lib/itsi/server/config.rb +77 -48
- data/gems/server/lib/itsi/server/default_config/Itsi.rb +3 -3
- data/gems/server/lib/itsi/server/grpc/grpc_call.rb +1 -1
- data/gems/server/lib/itsi/server/grpc/grpc_interface.rb +11 -4
- data/gems/server/lib/itsi/server/rack/handler/itsi.rb +3 -3
- data/gems/server/lib/itsi/server/route_tester.rb +58 -8
- data/gems/server/lib/itsi/server/signal_trap.rb +1 -1
- data/gems/server/lib/itsi/server/typed_handlers/param_parser.rb +14 -18
- data/gems/server/lib/itsi/server/typed_handlers/source_parser.rb +5 -4
- data/gems/server/lib/itsi/server/typed_handlers.rb +12 -4
- data/gems/server/lib/itsi/server/version.rb +1 -1
- data/gems/server/lib/itsi/server.rb +98 -14
- data/gems/server/lib/ruby_lsp/itsi/addon.rb +20 -18
- data/gems/server/test/helpers/test_helper.rb +89 -29
- data/gems/server/test/middleware/allow_list.rb +128 -0
- data/gems/server/test/middleware/auth_api_key.rb +141 -0
- data/gems/server/test/middleware/auth_basic.rb +91 -0
- data/gems/server/test/middleware/auth_jwt.rb +214 -0
- data/gems/server/test/middleware/cache_control.rb +82 -0
- data/gems/server/test/middleware/cidr_to_regex.rb +46 -0
- data/gems/server/test/middleware/compression.rb +89 -0
- data/gems/server/test/middleware/cors.rb +113 -0
- data/gems/server/test/middleware/csp.rb +62 -0
- data/gems/server/test/middleware/deny_list.rb +131 -0
- data/gems/server/test/middleware/endpoint.rb +300 -0
- data/gems/server/test/middleware/etag.rb +75 -0
- data/gems/server/test/middleware/grpc/grpc.rb +158 -0
- data/gems/server/test/middleware/grpc/test_service.proto +32 -0
- data/gems/server/test/middleware/grpc/test_service_impl.rb +28 -0
- data/gems/server/test/middleware/grpc/test_service_pb.rb +18 -0
- data/gems/server/test/middleware/grpc/test_service_services_pb.rb +30 -0
- data/gems/server/test/middleware/header_interpolation.rb +35 -0
- data/gems/server/test/middleware/intrusion_protection.rb +259 -0
- data/gems/server/test/middleware/location.rb +220 -0
- data/gems/server/test/middleware/max_body.rb +20 -0
- data/gems/server/test/middleware/proxy.rb +415 -0
- data/gems/server/test/middleware/rate_limit.rb +211 -0
- data/gems/server/test/middleware/redirect.rb +85 -0
- data/gems/server/test/middleware/request_headers.rb +50 -0
- data/gems/server/test/middleware/response_headers.rb +50 -0
- data/gems/server/test/middleware/static_assets.rb +374 -0
- data/gems/server/test/middleware/static_response.rb +56 -0
- data/gems/server/test/middleware/string_rewrite.rb +112 -0
- data/gems/server/test/options/bind.rb +47 -0
- data/gems/server/test/options/header_read_timeout.rb +23 -0
- data/gems/server/test/options/test_request_timeout.rb +16 -0
- data/gems/server/test/options/test_workers.rb +2 -4
- data/gems/server/test/{test_itsi_server.rb → rack/test_rack_server.rb} +2 -2
- data/grpc_test/Itsi.rb +11 -0
- data/grpc_test/echo.proto +14 -0
- data/grpc_test/echo_pb.rb +16 -0
- data/grpc_test/echo_service_impl.rb +8 -0
- data/grpc_test/echo_services_pb.rb +22 -0
- data/lib/itsi/version.rb +1 -1
- data/tasks.txt +15 -72
- metadata +210 -7
- data/gems/server/lib/itsi/server/default_config/Itsi-rackup.rb +0 -119
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
use crate::{AccountCache, CertCache};
|
|
2
|
+
use async_trait::async_trait;
|
|
3
|
+
|
|
4
|
+
pub struct CompositeCache<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> {
|
|
5
|
+
pub cert_cache: C,
|
|
6
|
+
pub account_cache: A,
|
|
7
|
+
}
|
|
8
|
+
|
|
9
|
+
impl<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> CompositeCache<C, A> {
|
|
10
|
+
pub fn new(cert_cache: C, account_cache: A) -> Self {
|
|
11
|
+
Self {
|
|
12
|
+
cert_cache,
|
|
13
|
+
account_cache,
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
pub fn into_inner(self) -> (C, A) {
|
|
17
|
+
(self.cert_cache, self.account_cache)
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
#[async_trait]
|
|
22
|
+
impl<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> CertCache for CompositeCache<C, A> {
|
|
23
|
+
type EC = C::EC;
|
|
24
|
+
async fn load_cert(
|
|
25
|
+
&self,
|
|
26
|
+
domains: &[String],
|
|
27
|
+
directory_url: &str,
|
|
28
|
+
) -> Result<Option<Vec<u8>>, Self::EC> {
|
|
29
|
+
self.cert_cache.load_cert(domains, directory_url).await
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
async fn store_cert(
|
|
33
|
+
&self,
|
|
34
|
+
domains: &[String],
|
|
35
|
+
directory_url: &str,
|
|
36
|
+
cert: &[u8],
|
|
37
|
+
) -> Result<(), Self::EC> {
|
|
38
|
+
self.cert_cache
|
|
39
|
+
.store_cert(domains, directory_url, cert)
|
|
40
|
+
.await
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
#[async_trait]
|
|
45
|
+
impl<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> AccountCache
|
|
46
|
+
for CompositeCache<C, A>
|
|
47
|
+
{
|
|
48
|
+
type EA = A::EA;
|
|
49
|
+
async fn load_account(
|
|
50
|
+
&self,
|
|
51
|
+
contact: &[String],
|
|
52
|
+
directory_url: &str,
|
|
53
|
+
) -> Result<Option<Vec<u8>>, Self::EA> {
|
|
54
|
+
self.account_cache
|
|
55
|
+
.load_account(contact, directory_url)
|
|
56
|
+
.await
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
async fn store_account(
|
|
60
|
+
&self,
|
|
61
|
+
contact: &[String],
|
|
62
|
+
directory_url: &str,
|
|
63
|
+
account: &[u8],
|
|
64
|
+
) -> Result<(), Self::EA> {
|
|
65
|
+
self.account_cache
|
|
66
|
+
.store_account(contact, directory_url, account)
|
|
67
|
+
.await
|
|
68
|
+
}
|
|
69
|
+
}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
use crate::{AccountCache, CertCache};
|
|
2
|
+
use async_trait::async_trait;
|
|
3
|
+
use base64::engine::general_purpose::URL_SAFE_NO_PAD;
|
|
4
|
+
use base64::Engine;
|
|
5
|
+
use ring::digest::{Context, SHA256};
|
|
6
|
+
use std::io::ErrorKind;
|
|
7
|
+
use std::path::Path;
|
|
8
|
+
use tokio::fs;
|
|
9
|
+
|
|
10
|
+
pub struct DirCache<P: AsRef<Path> + Send + Sync> {
|
|
11
|
+
inner: P,
|
|
12
|
+
}
|
|
13
|
+
|
|
14
|
+
impl<P: AsRef<Path> + Send + Sync> DirCache<P> {
|
|
15
|
+
pub fn new(dir: P) -> Self {
|
|
16
|
+
Self { inner: dir }
|
|
17
|
+
}
|
|
18
|
+
async fn read_if_exist(
|
|
19
|
+
&self,
|
|
20
|
+
file: impl AsRef<Path>,
|
|
21
|
+
) -> Result<Option<Vec<u8>>, std::io::Error> {
|
|
22
|
+
let path = self.inner.as_ref().join(file);
|
|
23
|
+
match fs::read(path).await {
|
|
24
|
+
Ok(content) => Ok(Some(content)),
|
|
25
|
+
Err(err) => match err.kind() {
|
|
26
|
+
ErrorKind::NotFound => Ok(None),
|
|
27
|
+
_ => Err(err),
|
|
28
|
+
},
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
async fn write(
|
|
32
|
+
&self,
|
|
33
|
+
file: impl AsRef<Path>,
|
|
34
|
+
contents: impl AsRef<[u8]>,
|
|
35
|
+
) -> Result<(), std::io::Error> {
|
|
36
|
+
fs::create_dir_all(&self.inner).await?;
|
|
37
|
+
let path = self.inner.as_ref().join(file);
|
|
38
|
+
fs::write(path, contents).await
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
fn cached_account_file_name(contact: &[String], directory_url: impl AsRef<str>) -> String {
|
|
42
|
+
let mut ctx = Context::new(&SHA256);
|
|
43
|
+
for el in contact {
|
|
44
|
+
ctx.update(el.as_ref());
|
|
45
|
+
ctx.update(&[0])
|
|
46
|
+
}
|
|
47
|
+
ctx.update(directory_url.as_ref().as_bytes());
|
|
48
|
+
let hash = URL_SAFE_NO_PAD.encode(ctx.finish());
|
|
49
|
+
format!("cached_account_{}", hash)
|
|
50
|
+
}
|
|
51
|
+
fn cached_cert_file_name(domains: &[String], directory_url: impl AsRef<str>) -> String {
|
|
52
|
+
let mut ctx = Context::new(&SHA256);
|
|
53
|
+
for domain in domains {
|
|
54
|
+
ctx.update(domain.as_ref());
|
|
55
|
+
ctx.update(&[0])
|
|
56
|
+
}
|
|
57
|
+
ctx.update(directory_url.as_ref().as_bytes());
|
|
58
|
+
let hash = URL_SAFE_NO_PAD.encode(ctx.finish());
|
|
59
|
+
format!("cached_cert_{}", hash)
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
#[async_trait]
|
|
64
|
+
impl<P: AsRef<Path> + Send + Sync> CertCache for DirCache<P> {
|
|
65
|
+
type EC = std::io::Error;
|
|
66
|
+
async fn load_cert(
|
|
67
|
+
&self,
|
|
68
|
+
domains: &[String],
|
|
69
|
+
directory_url: &str,
|
|
70
|
+
) -> Result<Option<Vec<u8>>, Self::EC> {
|
|
71
|
+
let file_name = Self::cached_cert_file_name(domains, directory_url);
|
|
72
|
+
self.read_if_exist(file_name).await
|
|
73
|
+
}
|
|
74
|
+
async fn store_cert(
|
|
75
|
+
&self,
|
|
76
|
+
domains: &[String],
|
|
77
|
+
directory_url: &str,
|
|
78
|
+
cert: &[u8],
|
|
79
|
+
) -> Result<(), Self::EC> {
|
|
80
|
+
let file_name = Self::cached_cert_file_name(domains, directory_url);
|
|
81
|
+
self.write(file_name, cert).await
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
#[async_trait]
|
|
86
|
+
impl<P: AsRef<Path> + Send + Sync> AccountCache for DirCache<P> {
|
|
87
|
+
type EA = std::io::Error;
|
|
88
|
+
async fn load_account(
|
|
89
|
+
&self,
|
|
90
|
+
contact: &[String],
|
|
91
|
+
directory_url: &str,
|
|
92
|
+
) -> Result<Option<Vec<u8>>, Self::EA> {
|
|
93
|
+
let file_name = Self::cached_account_file_name(contact, directory_url);
|
|
94
|
+
self.read_if_exist(file_name).await
|
|
95
|
+
}
|
|
96
|
+
|
|
97
|
+
async fn store_account(
|
|
98
|
+
&self,
|
|
99
|
+
contact: &[String],
|
|
100
|
+
directory_url: &str,
|
|
101
|
+
account: &[u8],
|
|
102
|
+
) -> Result<(), Self::EA> {
|
|
103
|
+
let file_name = Self::cached_account_file_name(contact, directory_url);
|
|
104
|
+
self.write(file_name, account).await
|
|
105
|
+
}
|
|
106
|
+
}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
use crate::{AccountCache, CertCache};
|
|
2
|
+
use async_trait::async_trait;
|
|
3
|
+
use std::convert::Infallible;
|
|
4
|
+
use std::fmt::Debug;
|
|
5
|
+
use std::marker::PhantomData;
|
|
6
|
+
use std::sync::atomic::AtomicPtr;
|
|
7
|
+
|
|
8
|
+
/// No-op cache, which does nothing.
|
|
9
|
+
/// ```rust
|
|
10
|
+
/// # use tokio_rustls_acme::caches::NoCache;
|
|
11
|
+
/// # type EC = std::io::Error;
|
|
12
|
+
/// # type EA = EC;
|
|
13
|
+
/// let no_cache = NoCache::<EC, EA>::new();
|
|
14
|
+
/// ```
|
|
15
|
+
#[derive(Copy, Clone)]
|
|
16
|
+
pub struct NoCache<EC: Debug = Infallible, EA: Debug = Infallible> {
|
|
17
|
+
_cert_error: PhantomData<AtomicPtr<Box<EC>>>,
|
|
18
|
+
_account_error: PhantomData<AtomicPtr<Box<EA>>>,
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
impl<EC: Debug, EA: Debug> Default for NoCache<EC, EA> {
|
|
22
|
+
fn default() -> Self {
|
|
23
|
+
Self {
|
|
24
|
+
_cert_error: Default::default(),
|
|
25
|
+
_account_error: Default::default(),
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
impl<EC: Debug, EA: Debug> NoCache<EC, EA> {
|
|
31
|
+
pub fn new() -> Self {
|
|
32
|
+
Self::default()
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
#[async_trait]
|
|
37
|
+
impl<EC: Debug, EA: Debug> CertCache for NoCache<EC, EA> {
|
|
38
|
+
type EC = EC;
|
|
39
|
+
async fn load_cert(
|
|
40
|
+
&self,
|
|
41
|
+
_domains: &[String],
|
|
42
|
+
_directory_url: &str,
|
|
43
|
+
) -> Result<Option<Vec<u8>>, Self::EC> {
|
|
44
|
+
log::info!("no cert cache configured, could not load certificate");
|
|
45
|
+
Ok(None)
|
|
46
|
+
}
|
|
47
|
+
async fn store_cert(
|
|
48
|
+
&self,
|
|
49
|
+
_domains: &[String],
|
|
50
|
+
_directory_url: &str,
|
|
51
|
+
_cert: &[u8],
|
|
52
|
+
) -> Result<(), Self::EC> {
|
|
53
|
+
log::info!("no cert cache configured, could not store certificate");
|
|
54
|
+
Ok(())
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
#[async_trait]
|
|
59
|
+
impl<EC: Debug, EA: Debug> AccountCache for NoCache<EC, EA> {
|
|
60
|
+
type EA = EA;
|
|
61
|
+
async fn load_account(
|
|
62
|
+
&self,
|
|
63
|
+
_contact: &[String],
|
|
64
|
+
_directory_url: &str,
|
|
65
|
+
) -> Result<Option<Vec<u8>>, Self::EA> {
|
|
66
|
+
log::info!("no account cache configured, could not load account");
|
|
67
|
+
Ok(None)
|
|
68
|
+
}
|
|
69
|
+
async fn store_account(
|
|
70
|
+
&self,
|
|
71
|
+
_contact: &[String],
|
|
72
|
+
_directory_url: &str,
|
|
73
|
+
_account: &[u8],
|
|
74
|
+
) -> Result<(), Self::EA> {
|
|
75
|
+
log::info!("no account cache configured, could not store account");
|
|
76
|
+
Ok(())
|
|
77
|
+
}
|
|
78
|
+
}
|
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
use crate::{AccountCache, CertCache};
|
|
2
|
+
use async_trait::async_trait;
|
|
3
|
+
use rcgen::{
|
|
4
|
+
date_time_ymd, BasicConstraints, CertificateParams, DistinguishedName, DnType, IsCa,
|
|
5
|
+
KeyUsagePurpose, PKCS_ECDSA_P256_SHA256,
|
|
6
|
+
};
|
|
7
|
+
use std::fmt::Debug;
|
|
8
|
+
use std::marker::PhantomData;
|
|
9
|
+
use std::sync::atomic::AtomicPtr;
|
|
10
|
+
use std::sync::Arc;
|
|
11
|
+
|
|
12
|
+
/// Test cache, which generates certificates for ACME incompatible test environments.
|
|
13
|
+
/// ```rust
|
|
14
|
+
/// # use tokio_rustls_acme::{AcmeConfig};
|
|
15
|
+
/// # use tokio_rustls_acme::caches::{DirCache, TestCache};
|
|
16
|
+
/// # let test_environment = true;
|
|
17
|
+
/// let mut config = AcmeConfig::new(["example.com"])
|
|
18
|
+
/// .cache(DirCache::new("./cache"));
|
|
19
|
+
/// if test_environment {
|
|
20
|
+
/// config = config.cache(TestCache::new());
|
|
21
|
+
/// }
|
|
22
|
+
/// ```
|
|
23
|
+
#[derive(Clone)]
|
|
24
|
+
pub struct TestCache<EC: Debug = std::io::Error, EA: Debug = std::io::Error> {
|
|
25
|
+
ca_cert: Arc<rcgen::Certificate>,
|
|
26
|
+
ca_pem: Arc<String>,
|
|
27
|
+
ca_key_pair: Arc<rcgen::KeyPair>,
|
|
28
|
+
_cert_error: PhantomData<AtomicPtr<Box<EC>>>,
|
|
29
|
+
_account_error: PhantomData<AtomicPtr<Box<EA>>>,
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
impl<EC: Debug, EA: Debug> Default for TestCache<EC, EA> {
|
|
33
|
+
fn default() -> Self {
|
|
34
|
+
let mut params = CertificateParams::default();
|
|
35
|
+
let mut distinguished_name = DistinguishedName::new();
|
|
36
|
+
distinguished_name.push(DnType::CountryName, "US");
|
|
37
|
+
distinguished_name.push(DnType::OrganizationName, "Test CA");
|
|
38
|
+
distinguished_name.push(DnType::CommonName, "Test CA");
|
|
39
|
+
params.distinguished_name = distinguished_name;
|
|
40
|
+
|
|
41
|
+
params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
|
|
42
|
+
params.key_usages = vec![KeyUsagePurpose::KeyCertSign, KeyUsagePurpose::CrlSign];
|
|
43
|
+
params.not_before = date_time_ymd(2000, 1, 1);
|
|
44
|
+
params.not_after = date_time_ymd(3000, 1, 1);
|
|
45
|
+
|
|
46
|
+
let key_pair = rcgen::KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
|
|
47
|
+
let ca_cert = params.self_signed(&key_pair).unwrap();
|
|
48
|
+
let ca_pem = ca_cert.pem();
|
|
49
|
+
Self {
|
|
50
|
+
ca_cert: ca_cert.into(),
|
|
51
|
+
ca_key_pair: key_pair.into(),
|
|
52
|
+
ca_pem: ca_pem.into(),
|
|
53
|
+
_cert_error: Default::default(),
|
|
54
|
+
_account_error: Default::default(),
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
impl<EC: Debug, EA: Debug> TestCache<EC, EA> {
|
|
60
|
+
pub fn new() -> Self {
|
|
61
|
+
Self::default()
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
pub fn ca_pem(&self) -> &str {
|
|
65
|
+
&self.ca_pem
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
#[async_trait]
|
|
70
|
+
impl<EC: Debug, EA: Debug> CertCache for TestCache<EC, EA> {
|
|
71
|
+
type EC = EC;
|
|
72
|
+
async fn load_cert(
|
|
73
|
+
&self,
|
|
74
|
+
domains: &[String],
|
|
75
|
+
_directory_url: &str,
|
|
76
|
+
) -> Result<Option<Vec<u8>>, Self::EC> {
|
|
77
|
+
let key_pair = rcgen::KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
|
|
78
|
+
let mut params = CertificateParams::new(domains).unwrap();
|
|
79
|
+
let mut distinguished_name = DistinguishedName::new();
|
|
80
|
+
distinguished_name.push(DnType::CommonName, "Test Cert");
|
|
81
|
+
params.distinguished_name = distinguished_name;
|
|
82
|
+
params.not_before = date_time_ymd(2000, 1, 1);
|
|
83
|
+
params.not_after = date_time_ymd(3000, 1, 1);
|
|
84
|
+
|
|
85
|
+
let cert = match params.signed_by(&key_pair, &self.ca_cert, &self.ca_key_pair) {
|
|
86
|
+
Ok(cert) => cert,
|
|
87
|
+
Err(err) => {
|
|
88
|
+
log::error!("test cache: generation error: {:?}", err);
|
|
89
|
+
return Ok(None);
|
|
90
|
+
}
|
|
91
|
+
};
|
|
92
|
+
|
|
93
|
+
let cert_pem = cert.pem();
|
|
94
|
+
|
|
95
|
+
let pem = [
|
|
96
|
+
&key_pair.serialize_pem(),
|
|
97
|
+
"\n",
|
|
98
|
+
&cert_pem,
|
|
99
|
+
"\n",
|
|
100
|
+
&self.ca_pem,
|
|
101
|
+
]
|
|
102
|
+
.concat();
|
|
103
|
+
Ok(Some(pem.into_bytes()))
|
|
104
|
+
}
|
|
105
|
+
async fn store_cert(
|
|
106
|
+
&self,
|
|
107
|
+
_domains: &[String],
|
|
108
|
+
_directory_url: &str,
|
|
109
|
+
_cert: &[u8],
|
|
110
|
+
) -> Result<(), Self::EC> {
|
|
111
|
+
log::info!("test cache configured, could not store certificate");
|
|
112
|
+
Ok(())
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
#[async_trait]
|
|
117
|
+
impl<EC: Debug, EA: Debug> AccountCache for TestCache<EC, EA> {
|
|
118
|
+
type EA = EA;
|
|
119
|
+
async fn load_account(
|
|
120
|
+
&self,
|
|
121
|
+
_contact: &[String],
|
|
122
|
+
_directory_url: &str,
|
|
123
|
+
) -> Result<Option<Vec<u8>>, Self::EA> {
|
|
124
|
+
log::info!("test cache configured, could not load account");
|
|
125
|
+
Ok(None)
|
|
126
|
+
}
|
|
127
|
+
async fn store_account(
|
|
128
|
+
&self,
|
|
129
|
+
_contact: &[String],
|
|
130
|
+
_directory_url: &str,
|
|
131
|
+
_account: &[u8],
|
|
132
|
+
) -> Result<(), Self::EA> {
|
|
133
|
+
log::info!("test cache configured, could not store account");
|
|
134
|
+
Ok(())
|
|
135
|
+
}
|
|
136
|
+
}
|
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
use crate::acme::{
|
|
2
|
+
ExternalAccountKey, LETS_ENCRYPT_PRODUCTION_DIRECTORY, LETS_ENCRYPT_STAGING_DIRECTORY,
|
|
3
|
+
};
|
|
4
|
+
use crate::caches::{BoxedErrCache, CompositeCache, NoCache};
|
|
5
|
+
use crate::{AccountCache, Cache, CertCache};
|
|
6
|
+
use crate::{AcmeState, Incoming};
|
|
7
|
+
use futures::Stream;
|
|
8
|
+
use rustls::{ClientConfig, RootCertStore};
|
|
9
|
+
use std::convert::Infallible;
|
|
10
|
+
use std::fmt::Debug;
|
|
11
|
+
use std::sync::Arc;
|
|
12
|
+
use tokio::io::{AsyncRead, AsyncWrite};
|
|
13
|
+
use webpki_roots::TLS_SERVER_ROOTS;
|
|
14
|
+
|
|
15
|
+
/// Configuration for an ACME resolver.
|
|
16
|
+
///
|
|
17
|
+
/// The type parameters represent the error types for the certificate cache and account cache.
|
|
18
|
+
pub struct AcmeConfig<EC: Debug, EA: Debug = EC> {
|
|
19
|
+
pub(crate) client_config: Arc<ClientConfig>,
|
|
20
|
+
pub(crate) directory_url: String,
|
|
21
|
+
pub(crate) domains: Vec<String>,
|
|
22
|
+
pub(crate) contact: Vec<String>,
|
|
23
|
+
pub(crate) cache: Box<dyn Cache<EC = EC, EA = EA>>,
|
|
24
|
+
pub(crate) eab: Option<ExternalAccountKey>,
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
impl AcmeConfig<Infallible, Infallible> {
|
|
28
|
+
/// Creates a new [AcmeConfig] instance.
|
|
29
|
+
///
|
|
30
|
+
/// The new [AcmeConfig] instance will initially have no cache, and its type parameters for
|
|
31
|
+
/// error types will be `Infallible` since the cache cannot return an error. The methods to set
|
|
32
|
+
/// a cache will change the error types to match those returned by the supplied cache.
|
|
33
|
+
///
|
|
34
|
+
/// ```rust
|
|
35
|
+
/// # use tokio_rustls_acme::AcmeConfig;
|
|
36
|
+
/// use tokio_rustls_acme::caches::DirCache;
|
|
37
|
+
/// let config = AcmeConfig::new(["example.com"]).cache(DirCache::new("./rustls_acme_cache"));
|
|
38
|
+
/// ```
|
|
39
|
+
///
|
|
40
|
+
/// Due to limited support for type parameter inference in Rust (see
|
|
41
|
+
/// [RFC213](https://github.com/rust-lang/rfcs/blob/master/text/0213-defaulted-type-params.md)),
|
|
42
|
+
/// [AcmeConfig::new] is not (yet) generic over the [AcmeConfig]'s type parameters.
|
|
43
|
+
/// An uncached instance of [AcmeConfig] with particular type parameters can be created using
|
|
44
|
+
/// [NoCache].
|
|
45
|
+
///
|
|
46
|
+
/// ```rust
|
|
47
|
+
/// # use tokio_rustls_acme::AcmeConfig;
|
|
48
|
+
/// use tokio_rustls_acme::caches::NoCache;
|
|
49
|
+
/// # type EC = std::io::Error;
|
|
50
|
+
/// # type EA = EC;
|
|
51
|
+
/// let config: AcmeConfig<EC, EA> = AcmeConfig::new(["example.com"]).cache(NoCache::new());
|
|
52
|
+
/// ```
|
|
53
|
+
///
|
|
54
|
+
pub fn new(domains: impl IntoIterator<Item = impl AsRef<str>>) -> Self {
|
|
55
|
+
let mut root_store = RootCertStore::empty();
|
|
56
|
+
root_store.extend(
|
|
57
|
+
TLS_SERVER_ROOTS
|
|
58
|
+
.iter()
|
|
59
|
+
.map(|ta| rustls::pki_types::TrustAnchor {
|
|
60
|
+
subject: ta.subject.clone(),
|
|
61
|
+
subject_public_key_info: ta.subject_public_key_info.clone(),
|
|
62
|
+
name_constraints: ta.name_constraints.clone(),
|
|
63
|
+
}),
|
|
64
|
+
);
|
|
65
|
+
let client_config = Arc::new(
|
|
66
|
+
ClientConfig::builder()
|
|
67
|
+
.with_root_certificates(root_store)
|
|
68
|
+
.with_no_client_auth(),
|
|
69
|
+
);
|
|
70
|
+
AcmeConfig {
|
|
71
|
+
client_config,
|
|
72
|
+
directory_url: LETS_ENCRYPT_STAGING_DIRECTORY.into(),
|
|
73
|
+
domains: domains.into_iter().map(|s| s.as_ref().into()).collect(),
|
|
74
|
+
contact: vec![],
|
|
75
|
+
cache: Box::new(NoCache::new()),
|
|
76
|
+
eab: None,
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
impl<EC: 'static + Debug, EA: 'static + Debug> AcmeConfig<EC, EA> {
|
|
82
|
+
/// Set custom `rustls::ClientConfig` for ACME API calls.
|
|
83
|
+
pub fn client_tls_config(mut self, client_config: Arc<ClientConfig>) -> Self {
|
|
84
|
+
self.client_config = client_config;
|
|
85
|
+
self
|
|
86
|
+
}
|
|
87
|
+
pub fn directory(mut self, directory_url: impl AsRef<str>) -> Self {
|
|
88
|
+
self.directory_url = directory_url.as_ref().into();
|
|
89
|
+
self
|
|
90
|
+
}
|
|
91
|
+
pub fn directory_lets_encrypt(mut self, production: bool) -> Self {
|
|
92
|
+
self.directory_url = match production {
|
|
93
|
+
true => LETS_ENCRYPT_PRODUCTION_DIRECTORY,
|
|
94
|
+
false => LETS_ENCRYPT_STAGING_DIRECTORY,
|
|
95
|
+
}
|
|
96
|
+
.into();
|
|
97
|
+
self
|
|
98
|
+
}
|
|
99
|
+
pub fn domains(mut self, contact: impl IntoIterator<Item = impl AsRef<str>>) -> Self {
|
|
100
|
+
self.domains = contact.into_iter().map(|s| s.as_ref().into()).collect();
|
|
101
|
+
self
|
|
102
|
+
}
|
|
103
|
+
pub fn domains_push(mut self, contact: impl AsRef<str>) -> Self {
|
|
104
|
+
self.domains.push(contact.as_ref().into());
|
|
105
|
+
self
|
|
106
|
+
}
|
|
107
|
+
|
|
108
|
+
pub fn external_account_binding(mut self, kid: impl AsRef<str>, key: impl AsRef<[u8]>) -> Self {
|
|
109
|
+
self.eab = Some(ExternalAccountKey::new(kid.as_ref().into(), key.as_ref()));
|
|
110
|
+
self
|
|
111
|
+
}
|
|
112
|
+
|
|
113
|
+
/// Provide a list of contacts for the account.
|
|
114
|
+
///
|
|
115
|
+
/// Note that email addresses must include a `mailto:` prefix.
|
|
116
|
+
pub fn contact(mut self, contact: impl IntoIterator<Item = impl AsRef<str>>) -> Self {
|
|
117
|
+
self.contact = contact.into_iter().map(|s| s.as_ref().into()).collect();
|
|
118
|
+
self
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
/// Provide a contact for the account.
|
|
122
|
+
///
|
|
123
|
+
/// Note that an email address must include a `mailto:` prefix.
|
|
124
|
+
pub fn contact_push(mut self, contact: impl AsRef<str>) -> Self {
|
|
125
|
+
self.contact.push(contact.as_ref().into());
|
|
126
|
+
self
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
pub fn cache<C: 'static + Cache>(self, cache: C) -> AcmeConfig<C::EC, C::EA> {
|
|
130
|
+
AcmeConfig {
|
|
131
|
+
client_config: self.client_config,
|
|
132
|
+
directory_url: self.directory_url,
|
|
133
|
+
domains: self.domains,
|
|
134
|
+
contact: self.contact,
|
|
135
|
+
cache: Box::new(cache),
|
|
136
|
+
eab: self.eab,
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
pub fn cache_compose<CC: 'static + CertCache, CA: 'static + AccountCache>(
|
|
140
|
+
self,
|
|
141
|
+
cert_cache: CC,
|
|
142
|
+
account_cache: CA,
|
|
143
|
+
) -> AcmeConfig<CC::EC, CA::EA> {
|
|
144
|
+
self.cache(CompositeCache::new(cert_cache, account_cache))
|
|
145
|
+
}
|
|
146
|
+
pub fn cache_with_boxed_err<C: 'static + Cache>(self, cache: C) -> AcmeConfig<Box<dyn Debug>> {
|
|
147
|
+
self.cache(BoxedErrCache::new(cache))
|
|
148
|
+
}
|
|
149
|
+
pub fn cache_option<C: 'static + Cache>(self, cache: Option<C>) -> AcmeConfig<C::EC, C::EA> {
|
|
150
|
+
match cache {
|
|
151
|
+
Some(cache) => self.cache(cache),
|
|
152
|
+
None => self.cache(NoCache::<C::EC, C::EA>::new()),
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
pub fn state(self) -> AcmeState<EC, EA> {
|
|
156
|
+
AcmeState::new(self)
|
|
157
|
+
}
|
|
158
|
+
/// Turn a stream of TCP connections into a stream of TLS connections.
|
|
159
|
+
///
|
|
160
|
+
/// Specify supported protocol names in `alpn_protocols`, most preferred first. If emtpy (`Vec::new()`), we don't do ALPN.
|
|
161
|
+
pub fn incoming<
|
|
162
|
+
TCP: AsyncRead + AsyncWrite + Unpin,
|
|
163
|
+
ETCP,
|
|
164
|
+
ITCP: Stream<Item = Result<TCP, ETCP>> + Unpin,
|
|
165
|
+
>(
|
|
166
|
+
self,
|
|
167
|
+
tcp_incoming: ITCP,
|
|
168
|
+
alpn_protocols: Vec<Vec<u8>>,
|
|
169
|
+
) -> Incoming<TCP, ETCP, ITCP, EC, EA> {
|
|
170
|
+
self.state().incoming(tcp_incoming, alpn_protocols)
|
|
171
|
+
}
|
|
172
|
+
}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
use rustls::{pki_types::InvalidDnsNameError, ClientConfig};
|
|
2
|
+
use thiserror::Error;
|
|
3
|
+
|
|
4
|
+
pub use reqwest::Response;
|
|
5
|
+
|
|
6
|
+
#[derive(Copy, Clone)]
|
|
7
|
+
pub enum Method {
|
|
8
|
+
Post,
|
|
9
|
+
Get,
|
|
10
|
+
Head,
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
impl From<Method> for reqwest::Method {
|
|
14
|
+
fn from(m: Method) -> Self {
|
|
15
|
+
match m {
|
|
16
|
+
Method::Post => reqwest::Method::POST,
|
|
17
|
+
Method::Get => reqwest::Method::GET,
|
|
18
|
+
Method::Head => reqwest::Method::HEAD,
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
pub(crate) async fn https(
|
|
24
|
+
client_config: &ClientConfig,
|
|
25
|
+
url: impl AsRef<str>,
|
|
26
|
+
method: Method,
|
|
27
|
+
body: Option<String>,
|
|
28
|
+
) -> Result<Response, HttpsRequestError> {
|
|
29
|
+
let method: reqwest::Method = method.into();
|
|
30
|
+
let client = reqwest::ClientBuilder::new()
|
|
31
|
+
.use_preconfigured_tls(client_config.clone())
|
|
32
|
+
.build()?;
|
|
33
|
+
let mut request = client.request(method, url.as_ref());
|
|
34
|
+
if let Some(body) = body {
|
|
35
|
+
request = request
|
|
36
|
+
.body(body)
|
|
37
|
+
.header("Content-Type", "application/jose+json");
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
let response = request.send().await?;
|
|
41
|
+
let status = response.status();
|
|
42
|
+
if !status.is_success() {
|
|
43
|
+
return Err(HttpsRequestError::Non2xxStatus {
|
|
44
|
+
status_code: status.into(),
|
|
45
|
+
body: response.text().await?,
|
|
46
|
+
});
|
|
47
|
+
}
|
|
48
|
+
Ok(response)
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
impl From<reqwest::Error> for HttpsRequestError {
|
|
52
|
+
fn from(e: reqwest::Error) -> Self {
|
|
53
|
+
Self::Http(e.into())
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
#[derive(Error, Debug)]
|
|
58
|
+
pub enum HttpsRequestError {
|
|
59
|
+
#[error("io error: {0:?}")]
|
|
60
|
+
Io(#[from] std::io::Error),
|
|
61
|
+
#[error("invalid dns name: {0:?}")]
|
|
62
|
+
InvalidDnsName(#[from] InvalidDnsNameError),
|
|
63
|
+
#[error("http error: {0:?}")]
|
|
64
|
+
Http(Box<dyn std::error::Error + Send + Sync + 'static>),
|
|
65
|
+
#[error("non 2xx http status: {status_code} {body:?}")]
|
|
66
|
+
Non2xxStatus { status_code: u16, body: String },
|
|
67
|
+
#[error("could not determine host from url")]
|
|
68
|
+
UndefinedHost,
|
|
69
|
+
}
|