verify_peer_certificate fn

2026-03-07 11:59:59 +03:00 · 2024-09-24 21:21:52 +02:00
parent 44707bd786
commit 94ece6dfe6
1 changed files with 28 additions and 23 deletions
--- a/src/connect.rs
+++ b/src/connect.rs
@@ -2,6 +2,7 @@ use crate::server::Server;
 use lan_mouse_ipc::{ClientHandle, DEFAULT_PORT};
 use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE};
 use local_channel::mpsc::{channel, Receiver, Sender};
+use rustls::pki_types::CertificateDer;
 use sha2::{Digest, Sha256};
 use std::{
    collections::{HashMap, HashSet},
@@ -36,6 +37,12 @@ pub(crate) enum LanMouseConnectionError {
    NotConnected,
 }

+type VerifyPeerCertificateFn = Arc<
+    dyn (Fn(&[Vec<u8>], &[CertificateDer<'static>]) -> Result<(), webrtc_dtls::Error>)
+        + Send
+        + Sync,
+>;
+
 async fn connect(
    addr: SocketAddr,
 ) -> Result<(Arc<dyn Conn + Sync + Send>, SocketAddr), LanMouseConnectionError> {
@@ -43,40 +50,38 @@ async fn connect(
    let conn = Arc::new(UdpSocket::bind("0.0.0.0:0").await?);
    conn.connect(addr).await?;
    let certificate = Certificate::generate_self_signed(["localhost".to_owned()])?;
+    let verify_peer_certificate: Option<VerifyPeerCertificateFn> = Some(Arc::new(
+        |certs: &[Vec<u8>], _chains: &[CertificateDer<'static>]| {
+            let fingerprints = certs
+                .into_iter()
+                .map(|cert| {
+                    let mut hash = Sha256::new();
+                    hash.update(cert);
+                    let bytes = hash
+                        .finalize()
+                        .iter()
+                        .map(|x| format!("{x:02x}"))
+                        .collect::<Vec<_>>();
+                    let fingerprint = bytes.join(":").to_lowercase();
+                    fingerprint
+                })
+                .collect::<Vec<_>>();
+            log::info!("fingerprints: {fingerprints:?}");
+            Ok(())
+        },
+    ));
    let config = Config {
        certificates: vec![certificate],
        insecure_skip_verify: true,
        extended_master_secret: ExtendedMasterSecretType::Require,
+        verify_peer_certificate,
        ..Default::default()
    };
    let dtls_conn = DTLSConn::new(conn, config, true, None).await?;
    log::info!("{addr} connected successfully!");
-    let peer_certificates = dtls_conn.connection_state().await.peer_certificates;
-    verify_peer_certificates(peer_certificates)?;
    Ok((Arc::new(dtls_conn), addr))
 }

-fn verify_peer_certificates(
-    peer_certificates: Vec<Vec<u8>>,
-) -> Result<(), LanMouseConnectionError> {
-    let fingerprints = peer_certificates
-        .into_iter()
-        .map(|cert| {
-            let mut hash = Sha256::new();
-            hash.update(cert);
-            let bytes = hash
-                .finalize()
-                .iter()
-                .map(|x| format!("{x:02x}"))
-                .collect::<Vec<_>>();
-            let fingerprint = bytes.join(":").to_lowercase();
-            fingerprint
-        })
-        .collect::<Vec<_>>();
-    log::info!("fingerprints: {fingerprints:?}");
-    Ok(())
-}
-
 async fn connect_any(
    addrs: &[SocketAddr],
 ) -> Result<(Arc<dyn Conn + Send + Sync>, SocketAddr), LanMouseConnectionError> {