diff --git a/src/connection/mod.rs b/src/connection/mod.rs index 88cc2c4..e46e08a 100644 --- a/src/connection/mod.rs +++ b/src/connection/mod.rs @@ -40,7 +40,8 @@ impl Connection { if store.has_mailuser(&request.recipient.to_string()) { let id = Id::new()?; let msg = MessageParser::new(&id.to_string()).parse(&request.message)?; - store.add_message(&request.recipient.to_string(), "Inbox", msg) + store + .add_message(&request.recipient.to_string(), "Inbox", msg) .map_err(|e| Error::Storage(e.to_string()))?; true } else { diff --git a/src/connection/verifier.rs b/src/connection/verifier.rs index bfd7833..b7c15f5 100644 --- a/src/connection/verifier.rs +++ b/src/connection/verifier.rs @@ -1,6 +1,7 @@ -use crate::mailuser::Mailuser; +use crate::{fingerprint::GetFingerprint, mailuser::Mailuser}; use rustls::server::{ClientCertVerified, ClientCertVerifier}; -use std::sync::Mutex; +use std::{sync::{Arc, Mutex}, io::Read}; +use x509_parser::prelude::*; #[derive(Debug)] pub struct Verifier { @@ -24,6 +25,23 @@ impl ClientCertVerifier for Verifier { intermediates: &[rustls::Certificate], now: std::time::SystemTime, ) -> Result { + let fingerprint = end_entity.fingerprint()?; + if let Ok(store) = self.store.lock() { + if let Some(user) = store.get_mailuser(&fingerprint.fingerprint) { + let (_, pk) = X509Certificate::from_der(end_entity.as_ref()).map_err(|e| { + rustls::Error::InvalidCertificate(rustls::CertificateError::Other(Arc::new(e))) + })?; + let subject = pk.subject(); + let mut name_match = false; + subject.iter_common_name().for_each(|n| { + let mut val = n.attr_value().data; + let mut name = String::new(); + if val.read_to_string(&mut name).is_ok() { + name_match = name == user.to_string(); + } + }); + } + } todo!() } } diff --git a/src/fingerprint/error.rs b/src/fingerprint/error.rs index 8149a75..d4f1c12 100644 --- a/src/fingerprint/error.rs +++ b/src/fingerprint/error.rs @@ -1,4 +1,7 @@ -use {std::fmt, x509_parser::prelude::X509Error}; +use { + std::{fmt, sync::Arc}, + x509_parser::prelude::X509Error, +}; #[derive(Debug)] /// Errors which can occur when fingerprinting a certificate @@ -38,3 +41,15 @@ impl From> for Error { Self::X509(value.into()) } } + +impl From for rustls::Error { + fn from(value: Error) -> Self { + match value { + Error::Fmt => Self::General(String::from("Format Error")), + Error::InvalidForDate => Self::InvalidCertificate(rustls::CertificateError::Expired), + Error::X509(e) => { + Self::InvalidCertificate(rustls::CertificateError::Other(Arc::new(e))) + } + } + } +} diff --git a/src/message/id.rs b/src/message/id.rs index f77c0f7..750586f 100644 --- a/src/message/id.rs +++ b/src/message/id.rs @@ -1,7 +1,6 @@ use { std::{ - error, - fmt, + error, fmt, fs::File, io::{self, Read}, time::{SystemTime, SystemTimeError, UNIX_EPOCH}, diff --git a/src/message/mod.rs b/src/message/mod.rs index 8963f3f..a27d5e1 100644 --- a/src/message/mod.rs +++ b/src/message/mod.rs @@ -9,7 +9,12 @@ mod error; mod id; mod link; mod parser; -pub use {error::Error, id::{Error as IdError, Id}, link::Link, parser::Parser}; +pub use { + error::Error, + id::{Error as IdError, Id}, + link::Link, + parser::Parser, +}; #[derive(Clone, Debug, Default, PartialEq)] pub struct Recipients { diff --git a/src/prelude.rs b/src/prelude.rs index 24dd5b7..430ec50 100644 --- a/src/prelude.rs +++ b/src/prelude.rs @@ -6,7 +6,9 @@ pub use super::{ mailbox::{Error as ParseMailboxError, Mailbox}, mailstore::{Account, Domain, Filesystem, FilesystemError, Folder, MailStore}, mailuser::Mailuser, - message::{Error as ParseMessageError, Id, IdError, Link, Message, Parser as MessageParser, Recipients}, + message::{ + Error as ParseMessageError, Id, IdError, Link, Message, Parser as MessageParser, Recipients, + }, //receiver, request::{Error as ParseRequestError, Request}, response::{Error as ParseResponseError, Response},