mercuryworkshop-mirror/epoxy-tls
1
0
Fork 0
mirror of https://github.com/MercuryWorkshop/epoxy-tls.git synced 2025-05-13 06:20:02 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove external certs

Browse source
This commit is contained in:
Toshit Chawda 2024-07-25 21:32:35 -07:00
parent 4c9f689c3b
commit 453ec94772
No known key found for this signature in database
GPG key ID: 91480ED99E2B3D9D
10 changed files with 28 additions and 104 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Cargo.lock generated
View file

@ -299,14 +299,6 @@ version = "1.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f"
[[package]]
name = "certs-grabber"
version = "0.1.0"
dependencies = [
"rustls-pki-types",
"webpki-roots",
]
[[package]] [[package]]
name = "cfg-if" name = "cfg-if"
version = "1.0.0" version = "1.0.0"
@ -534,6 +526,7 @@ dependencies = [
"hyper 1.4.1", "hyper 1.4.1",
"hyper-util-wasm", "hyper-util-wasm",
"js-sys", "js-sys",
"lazy_static",
"parking_lot_core", "parking_lot_core",
"pin-project-lite", "pin-project-lite",
"ring", "ring",
@ -545,6 +538,7 @@ dependencies = [
"wasm-bindgen-futures", "wasm-bindgen-futures",
"wasm-streams", "wasm-streams",
"web-sys", "web-sys",
"webpki-roots",
"wisp-mux", "wisp-mux",
] ]

2
Cargo.toml
View file

@ -1,6 +1,6 @@
[workspace] [workspace]
resolver = "2" resolver = "2"
members = ["server", "client", "wisp", "simple-wisp-client", "certs-grabber"] members = ["server", "client", "wisp", "simple-wisp-client"]
[profile.release] [profile.release]
lto = true lto = true

8
certs-grabber/Cargo.toml
View file

@ -1,8 +0,0 @@
[package]
name = "certs-grabber"
version = "0.1.0"
edition = "2021"
[dependencies]
rustls-pki-types = "1.4.1"
webpki-roots = "0.26.1"

41
certs-grabber/src/main.rs
View file

@ -1,41 +0,0 @@
use std::fmt::Write;
use rustls_pki_types::TrustAnchor;
fn main() {
let mut code = String::with_capacity(256 * 1_024);
code.push_str("const ROOTS = [");
for anchor in webpki_roots::TLS_SERVER_ROOTS {
let TrustAnchor {
subject,
subject_public_key_info,
name_constraints,
} = anchor;
code.write_fmt(format_args!(
"{{subject:new Uint8Array([{}]),subject_public_key_info:new Uint8Array([{}]),name_constraints:{}}},",
subject
.as_ref()
.iter()
.map(|x| x.to_string())
.collect::<Vec<String>>().join(","),
subject_public_key_info
.as_ref()
.iter()
.map(|x| x.to_string())
.collect::<Vec<String>>().join(","),
if let Some(constraints) = name_constraints {
format!("new Uint8Array([{}])",constraints
.as_ref()
.iter()
.map(|x| x.to_string())
.collect::<Vec<String>>().join(","))
} else {
"null".into()
}
))
.unwrap();
}
code.pop();
code.push_str("];");
println!("{}", code);
}

2
client/Cargo.toml
View file

@ -23,6 +23,7 @@ http-body-util = "0.1.2"
hyper = "1.3.1" hyper = "1.3.1"
hyper-util-wasm = { git = "https://github.com/r58Playz/hyper-util-wasm", branch = "opinionated", version = "0.1.7", features = ["client-legacy", "http1"] } hyper-util-wasm = { git = "https://github.com/r58Playz/hyper-util-wasm", branch = "opinionated", version = "0.1.7", features = ["client-legacy", "http1"] }
js-sys = "0.3.69" js-sys = "0.3.69"
lazy_static = "1.5.0"
pin-project-lite = "0.2.14" pin-project-lite = "0.2.14"
send_wrapper = "0.4.0" send_wrapper = "0.4.0"
thiserror = "1.0.61" thiserror = "1.0.61"
@ -31,6 +32,7 @@ wasm-bindgen = "0.2.92"
wasm-bindgen-futures = "0.4.42" wasm-bindgen-futures = "0.4.42"
wasm-streams = "0.4.0" wasm-streams = "0.4.0"
web-sys = { version = "0.3.69", features = ["BinaryType", "Headers", "MessageEvent", "Request", "RequestInit", "Response", "ResponseInit", "WebSocket"] } web-sys = { version = "0.3.69", features = ["BinaryType", "Headers", "MessageEvent", "Request", "RequestInit", "Response", "ResponseInit", "WebSocket"] }
webpki-roots = "0.26.3"
wisp-mux = { path = "../wisp", features = ["wasm"] } wisp-mux = { path = "../wisp", features = ["wasm"] }
[dependencies.ring] [dependencies.ring]

17
client/build.sh
View file

@ -11,8 +11,14 @@ echo "[epx] cargo finished"
wasm-bindgen --weak-refs --target no-modules --no-modules-global epoxy --out-dir out/ ../target/wasm32-unknown-unknown/release/epoxy_client.wasm wasm-bindgen --weak-refs --target no-modules --no-modules-global epoxy --out-dir out/ ../target/wasm32-unknown-unknown/release/epoxy_client.wasm
echo "[epx] wasm-bindgen finished" echo "[epx] wasm-bindgen finished"
if ! [ "${RELEASE:-0}" = "1" ]; then
WASMOPTFLAGS="-g"
else
WASMOPTFLAGS=""
fi
mv out/epoxy_client_bg.wasm out/epoxy_client_unoptimized.wasm mv out/epoxy_client_bg.wasm out/epoxy_client_unoptimized.wasm
time wasm-opt -Oz --vacuum --dce --enable-threads --enable-bulk-memory out/epoxy_client_unoptimized.wasm -o out/epoxy_client_bg.wasm time wasm-opt $WASMOPTFLAGS -Oz --vacuum --dce --enable-threads --enable-bulk-memory out/epoxy_client_unoptimized.wasm -o out/epoxy_client_bg.wasm
echo "[epx] wasm-opt finished" echo "[epx] wasm-opt finished"
AUTOGENERATED_SOURCE=$(<"out/epoxy_client.js") AUTOGENERATED_SOURCE=$(<"out/epoxy_client.js")
@ -51,14 +57,5 @@ echo -e "}\ndeclare function epoxy(maybe_memory?: WebAssembly.Memory): Promise<t
cp out/epoxy_client.d.ts pkg/epoxy.d.ts cp out/epoxy_client.d.ts pkg/epoxy.d.ts
cp out/epoxy_client_bg.wasm pkg/epoxy.wasm cp out/epoxy_client_bg.wasm pkg/epoxy.wasm
echo "[epx] fetching certs"
(
cd ../certs-grabber
cargo run
) > pkg/certs.js
cat pkg/certs.js > pkg/certs-module.js
echo "export default ROOTS;" >> pkg/certs-module.js
echo "[epx] fetching certs finished"
rm -r out/ rm -r out/
echo "[epx] done!" echo "[epx] done!"

1
client/package.json
View file

@ -21,7 +21,6 @@
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
"exports": { "exports": {
".": "./full/epoxy-module-bundled.js", ".": "./full/epoxy-module-bundled.js",
"./certs": "./full/certs-module.js",
"./epoxy": "./full/epoxy-module.js", "./epoxy": "./full/epoxy-module.js",
"./epoxy-bundled": "./full/epoxy-module-bundled.js", "./epoxy-bundled": "./full/epoxy-module-bundled.js",
"./minimal-epoxy": "./minimal/epoxy-module.js", "./minimal-epoxy": "./minimal/epoxy-module.js",

2
client/publish.sh
View file

@ -2,6 +2,8 @@
set -euo pipefail set -euo pipefail
shopt -s inherit_errexit shopt -s inherit_errexit
export RELEASE=1
rm -r full minimal || true rm -r full minimal || true
cargo clean cargo clean

3
client/src/lib.rs
View file

@ -224,7 +224,6 @@ impl EpoxyClient {
#[wasm_bindgen(constructor)] #[wasm_bindgen(constructor)]
pub fn new( pub fn new(
wisp_url: String, wisp_url: String,
certs: Array,
options: EpoxyClientOptions, options: EpoxyClientOptions,
) -> Result<EpoxyClient, EpoxyError> { ) -> Result<EpoxyClient, EpoxyError> {
let wisp_url: Uri = wisp_url.try_into()?; let wisp_url: Uri = wisp_url.try_into()?;
@ -232,7 +231,7 @@ impl EpoxyClient {
return Err(EpoxyError::InvalidUrlScheme); return Err(EpoxyError::InvalidUrlScheme);
} }
let stream_provider = Arc::new(StreamProvider::new(wisp_url.to_string(), certs, &options)?); let stream_provider = Arc::new(StreamProvider::new(wisp_url.to_string(), &options)?);
let service = StreamProviderService(stream_provider.clone()); let service = StreamProviderService(stream_provider.clone());
let client = Client::builder(WasmExecutor) let client = Client::builder(WasmExecutor)

46
client/src/stream_provider.rs
View file

@ -10,11 +10,10 @@ use futures_util::{
AsyncRead, AsyncWrite, Future, AsyncRead, AsyncWrite, Future,
}; };
use hyper_util_wasm::client::legacy::connect::{ConnectSvc, Connected, Connection}; use hyper_util_wasm::client::legacy::connect::{ConnectSvc, Connected, Connection};
use js_sys::{Array, Reflect, Uint8Array}; use lazy_static::lazy_static;
use pin_project_lite::pin_project; use pin_project_lite::pin_project;
use rustls_pki_types::{Der, TrustAnchor};
use wasm_bindgen::{JsCast, JsValue};
use wasm_bindgen_futures::spawn_local; use wasm_bindgen_futures::spawn_local;
use webpki_roots::TLS_SERVER_ROOTS;
use wisp_mux::{ use wisp_mux::{
extensions::{udp::UdpProtocolExtensionBuilder, ProtocolExtensionBuilder}, extensions::{udp::UdpProtocolExtensionBuilder, ProtocolExtensionBuilder},
ClientMux, MuxStreamAsyncRW, MuxStreamIo, StreamType, ClientMux, MuxStreamAsyncRW, MuxStreamIo, StreamType,
@ -22,18 +21,15 @@ use wisp_mux::{
use crate::{console_log, ws_wrapper::WebSocketWrapper, EpoxyClientOptions, EpoxyError}; use crate::{console_log, ws_wrapper::WebSocketWrapper, EpoxyClientOptions, EpoxyError};
fn object_to_trustanchor(obj: JsValue) -> Result<TrustAnchor<'static>, JsValue> { lazy_static! {
let subject: Uint8Array = Reflect::get(&obj, &"subject".into())?.dyn_into()?; static ref CLIENT_CONFIG: Arc<ClientConfig> = {
let pub_key_info: Uint8Array = let certstore = RootCertStore::from_iter(TLS_SERVER_ROOTS.iter().cloned());
Reflect::get(&obj, &"subject_public_key_info".into())?.dyn_into()?; Arc::new(
let name_constraints: Option<Uint8Array> = Reflect::get(&obj, &"name_constraints".into()) ClientConfig::builder()
.and_then(|x| x.dyn_into()) .with_root_certificates(certstore)
.ok(); .with_no_client_auth(),
Ok(TrustAnchor { )
subject: Der::from(subject.to_vec()), };
subject_public_key_info: Der::from(pub_key_info.to_vec()),
name_constraints: name_constraints.map(|x| Der::from(x.to_vec())),
})
} }
pub struct StreamProvider { pub struct StreamProvider {
@ -43,8 +39,6 @@ pub struct StreamProvider {
udp_extension: bool, udp_extension: bool,
websocket_protocols: Vec<String>, websocket_protocols: Vec<String>,
client_config: Arc<ClientConfig>,
current_client: Arc<Mutex<Option<ClientMux>>>, current_client: Arc<Mutex<Option<ClientMux>>>,
} }
@ -54,27 +48,13 @@ pub type ProviderTlsAsyncRW = TlsStream<ProviderUnencryptedAsyncRW>;
pub type ProviderAsyncRW = Either<ProviderTlsAsyncRW, ProviderUnencryptedAsyncRW>; pub type ProviderAsyncRW = Either<ProviderTlsAsyncRW, ProviderUnencryptedAsyncRW>;
impl StreamProvider { impl StreamProvider {
pub fn new( pub fn new(wisp_url: String, options: &EpoxyClientOptions) -> Result<Self, EpoxyError> {
wisp_url: String,
certs: Array,
options: &EpoxyClientOptions,
) -> Result<Self, EpoxyError> {
let certs: Result<Vec<TrustAnchor>, JsValue> =
certs.iter().map(object_to_trustanchor).collect();
let certstore = RootCertStore::from_iter(certs.map_err(|_| EpoxyError::InvalidCertStore)?);
let client_config = Arc::new(
ClientConfig::builder()
.with_root_certificates(certstore)
.with_no_client_auth(),
);
Ok(Self { Ok(Self {
wisp_url, wisp_url,
current_client: Arc::new(Mutex::new(None)), current_client: Arc::new(Mutex::new(None)),
wisp_v2: options.wisp_v2, wisp_v2: options.wisp_v2,
udp_extension: options.udp_extension_required, udp_extension: options.udp_extension_required,
websocket_protocols: options.websocket_protocols.clone(), websocket_protocols: options.websocket_protocols.clone(),
client_config,
}) })
} }
@ -153,7 +133,7 @@ impl StreamProvider {
let stream = self let stream = self
.get_asyncread(StreamType::Tcp, host.clone(), port) .get_asyncread(StreamType::Tcp, host.clone(), port)
.await?; .await?;
let connector = TlsConnector::from(self.client_config.clone()); let connector = TlsConnector::from(CLIENT_CONFIG.clone());
Ok(connector.connect(host.try_into()?, stream).await?.into()) Ok(connector.connect(host.try_into()?, stream).await?.into())
} }
} }