common.rs source code [crates/rustls/src/client/common.rs]

1	use alloc::boxed::Box;
2	use alloc::vec::Vec;
3
4	use super::ResolvesClientCert;
5	use crate::log::{debug, trace};
6	use crate::msgs::enums::ExtensionType;
7	use crate::msgs::handshake::{CertificateChain, DistinguishedName, ServerExtension};
8	use crate::sync::Arc;
9	use crate::{SignatureScheme, compress, sign};
10
11	#[derive(Debug)]
12	pub(super) struct ServerCertDetails<'a> {
13	pub(super) cert_chain: CertificateChain<'a>,
14	pub(super) ocsp_response: Vec<u8>,
15	}
16
17	impl<'a> ServerCertDetails<'a> {
18	pub(super) fn new(cert_chain: CertificateChain<'a>, ocsp_response: Vec<u8>) -> Self {
19	Self {
20	cert_chain,
21	ocsp_response,
22	}
23	}
24
25	pub(super) fn into_owned(self) -> ServerCertDetails<'static> {
26	let Self {
27	cert_chain: CertificateChain<'a>,
28	ocsp_response: Vec,
29	} = self;
30	ServerCertDetails {
31	cert_chain: cert_chain.into_owned(),
32	ocsp_response,
33	}
34	}
35	}
36
37	pub(super) struct ClientHelloDetails {
38	pub(super) sent_extensions: Vec<ExtensionType>,
39	pub(super) extension_order_seed: u16,
40	pub(super) offered_cert_compression: bool,
41	}
42
43	impl ClientHelloDetails {
44	pub(super) fn new(extension_order_seed: u16) -> Self {
45	Self {
46	sent_extensions: Vec::new(),
47	extension_order_seed,
48	offered_cert_compression: `false`,
49	}
50	}
51
52	pub(super) fn server_sent_unsolicited_extensions(
53	&self,
54	received_exts: &[ServerExtension],
55	allowed_unsolicited: &[ExtensionType],
56	) -> bool {
57	for ext in received_exts {
58	let ext_type = ext.ext_type();
59	if !self.sent_extensions.contains(&ext_type) && !allowed_unsolicited.contains(&ext_type)
60	{
61	trace!("Unsolicited extension {:?}", ext_type);
62	return `true`;
63	}
64	}
65
66	`false`
67	}
68	}
69
70	pub(super) enum ClientAuthDetails {
71	/// Send an empty `Certificate` and no `CertificateVerify`.
72	Empty { auth_context_tls13: Option<Vec<u8>> },
73	/// Send a non-empty `Certificate` and a `CertificateVerify`.
74	Verify {
75	certkey: Arc<sign::CertifiedKey>,
76	signer: Box<dyn sign::Signer>,
77	auth_context_tls13: Option<Vec<u8>>,
78	compressor: Option<&'static dyn compress::CertCompressor>,
79	},
80	}
81
82	impl ClientAuthDetails {
83	pub(super) fn resolve(
84	resolver: &dyn ResolvesClientCert,
85	canames: Option<&[DistinguishedName]>,
86	sigschemes: &[SignatureScheme],
87	auth_context_tls13: Option<Vec<u8>>,
88	compressor: Option<&'static dyn compress::CertCompressor>,
89	) -> Self {
90	let acceptable_issuers = canames
91	.unwrap_or_default()
92	.iter()
93	.map(\|p\| p.as_ref())
94	.collect::<Vec<&[u8]>>();
95
96	if let Some(certkey) = resolver.resolve(&acceptable_issuers, sigschemes) {
97	if let Some(signer) = certkey.key.choose_scheme(sigschemes) {
98	debug!("Attempting client auth");
99	return Self::Verify {
100	certkey,
101	signer,
102	auth_context_tls13,
103	compressor,
104	};
105	}
106	}
107
108	debug!("Client auth requested but no cert/sigscheme available");
109	Self::Empty { auth_context_tls13 }
110	}
111	}
112