TheLanc3/lan-mouse
1
0
Fork 0
mirror of https://github.com/feschber/lan-mouse.git synced 2026-04-12 05:51:28 +03:00
Code Issues Packages Projects Releases Wiki Activity

move cert verification to server

Browse Source
This commit is contained in:
Ferdinand Schober
2024-09-25 01:13:28 +02:00
parent 94ece6dfe6
commit c480bb6ea6
2 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/connect.rs
View File

@@ -2,8 +2,6 @@ use crate::server::Server;
use lan_mouse_ipc::{ClientHandle, DEFAULT_PORT}; use lan_mouse_ipc::{ClientHandle, DEFAULT_PORT};
use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE}; use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE};
use local_channel::mpsc::{channel, Receiver, Sender}; use local_channel::mpsc::{channel, Receiver, Sender};
use rustls::pki_types::CertificateDer;
use sha2::{Digest, Sha256};
use std::{ use std::{
collections::{HashMap, HashSet}, collections::{HashMap, HashSet},
io, io,
@@ -37,12 +35,6 @@ pub(crate) enum LanMouseConnectionError {
NotConnected, NotConnected,
} }
type VerifyPeerCertificateFn = Arc<
dyn (Fn(&[Vec<u8>], &[CertificateDer<'static>]) -> Result<(), webrtc_dtls::Error>)
+ Send
+ Sync,
>;
async fn connect( async fn connect(
addr: SocketAddr, addr: SocketAddr,
) -> Result<(Arc<dyn Conn + Sync + Send>, SocketAddr), LanMouseConnectionError> { ) -> Result<(Arc<dyn Conn + Sync + Send>, SocketAddr), LanMouseConnectionError> {
@@ -50,31 +42,10 @@ async fn connect(
let conn = Arc::new(UdpSocket::bind("0.0.0.0:0").await?); let conn = Arc::new(UdpSocket::bind("0.0.0.0:0").await?);
conn.connect(addr).await?; conn.connect(addr).await?;
let certificate = Certificate::generate_self_signed(["localhost".to_owned()])?; let certificate = Certificate::generate_self_signed(["localhost".to_owned()])?;
let verify_peer_certificate: Option<VerifyPeerCertificateFn> = Some(Arc::new(
|certs: &[Vec<u8>], _chains: &[CertificateDer<'static>]| {
let fingerprints = certs
.into_iter()
.map(|cert| {
let mut hash = Sha256::new();
hash.update(cert);
let bytes = hash
.finalize()
.iter()
.map(|x| format!("{x:02x}"))
.collect::<Vec<_>>();
let fingerprint = bytes.join(":").to_lowercase();
fingerprint
})
.collect::<Vec<_>>();
log::info!("fingerprints: {fingerprints:?}");
Ok(())
},
));
let config = Config { let config = Config {
certificates: vec![certificate], certificates: vec![certificate],
insecure_skip_verify: true, insecure_skip_verify: true,
extended_master_secret: ExtendedMasterSecretType::Require, extended_master_secret: ExtendedMasterSecretType::Require,
verify_peer_certificate,
..Default::default() ..Default::default()
}; };
let dtls_conn = DTLSConn::new(conn, config, true, None).await?; let dtls_conn = DTLSConn::new(conn, config, true, None).await?;

29
src/listen.rs
View File

@@ -1,6 +1,8 @@
use futures::{Stream, StreamExt}; use futures::{Stream, StreamExt};
use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE}; use lan_mouse_proto::{ProtoEvent, MAX_EVENT_SIZE};
use local_channel::mpsc::{channel, Receiver, Sender}; use local_channel::mpsc::{channel, Receiver, Sender};
use rustls::pki_types::CertificateDer;
use sha2::{Digest, Sha256};
use std::{net::SocketAddr, rc::Rc, sync::Arc, time::Duration}; use std::{net::SocketAddr, rc::Rc, sync::Arc, time::Duration};
use thiserror::Error; use thiserror::Error;
use tokio::{ use tokio::{
@@ -29,15 +31,42 @@ pub(crate) struct LanMouseListener {
conns: Rc<Mutex<Vec<(SocketAddr, Arc<dyn Conn + Send + Sync>)>>>, conns: Rc<Mutex<Vec<(SocketAddr, Arc<dyn Conn + Send + Sync>)>>>,
} }
type VerifyPeerCertificateFn = Arc<
dyn (Fn(&[Vec<u8>], &[CertificateDer<'static>]) -> Result<(), webrtc_dtls::Error>)
+ Send
+ Sync,
>;
impl LanMouseListener { impl LanMouseListener {
pub(crate) async fn new(port: u16) -> Result<Self, ListenerCreationError> { pub(crate) async fn new(port: u16) -> Result<Self, ListenerCreationError> {
let (listen_tx, listen_rx) = channel(); let (listen_tx, listen_rx) = channel();
let listen_addr = SocketAddr::new("0.0.0.0".parse().expect("invalid ip"), port); let listen_addr = SocketAddr::new("0.0.0.0".parse().expect("invalid ip"), port);
let certificate = Certificate::generate_self_signed(["localhost".to_owned()])?; let certificate = Certificate::generate_self_signed(["localhost".to_owned()])?;
let verify_peer_certificate: Option<VerifyPeerCertificateFn> = Some(Arc::new(
|certs: &[Vec<u8>], _chains: &[CertificateDer<'static>]| {
let fingerprints = certs
.into_iter()
.map(|cert| {
let mut hash = Sha256::new();
hash.update(cert);
let bytes = hash
.finalize()
.iter()
.map(|x| format!("{x:02x}"))
.collect::<Vec<_>>();
let fingerprint = bytes.join(":").to_lowercase();
fingerprint
})
.collect::<Vec<_>>();
log::info!("fingerprints: {fingerprints:?}");
Ok(())
},
));
let cfg = Config { let cfg = Config {
certificates: vec![certificate], certificates: vec![certificate],
extended_master_secret: ExtendedMasterSecretType::Require, extended_master_secret: ExtendedMasterSecretType::Require,
verify_peer_certificate,
..Default::default() ..Default::default()
}; };