jeang3nie/dory
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Begin implementing client certificate validator

Browse source
This commit is contained in:
Nathan Fisher 2023-08-18 19:01:14 -04:00
parent 8dcd8455d4
commit 8cc3c13389
6 changed files with 48 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/connection/mod.rs
View file

@ -40,7 +40,8 @@ impl Connection {
if store.has_mailuser(&request.recipient.to_string()) {
let id = Id::new()?;
let msg = MessageParser::new(&id.to_string()).parse(&request.message)?;
store.add_message(&request.recipient.to_string(), "Inbox", msg)
store
.add_message(&request.recipient.to_string(), "Inbox", msg)
.map_err(|e| Error::Storage(e.to_string()))?;
true
} else {

22
src/connection/verifier.rs
View file

@ -1,6 +1,7 @@
use crate::mailuser::Mailuser;
use crate::{fingerprint::GetFingerprint, mailuser::Mailuser};
use rustls::server::{ClientCertVerified, ClientCertVerifier};
use std::sync::Mutex;
use std::{sync::{Arc, Mutex}, io::Read};
use x509_parser::prelude::*;
#[derive(Debug)]
pub struct Verifier<S: FingerPrintStore> {
@ -24,6 +25,23 @@ impl<S: FingerPrintStore> ClientCertVerifier for Verifier<S> {
intermediates: &[rustls::Certificate],
now: std::time::SystemTime,
) -> Result<ClientCertVerified, rustls::Error> {
let fingerprint = end_entity.fingerprint()?;
if let Ok(store) = self.store.lock() {
if let Some(user) = store.get_mailuser(&fingerprint.fingerprint) {
let (_, pk) = X509Certificate::from_der(end_entity.as_ref()).map_err(|e| {
rustls::Error::InvalidCertificate(rustls::CertificateError::Other(Arc::new(e)))
})?;
let subject = pk.subject();
let mut name_match = false;
subject.iter_common_name().for_each(|n| {
let mut val = n.attr_value().data;
let mut name = String::new();
if val.read_to_string(&mut name).is_ok() {
name_match = name == user.to_string();
}
});
}
}
todo!()
}
}

17
src/fingerprint/error.rs
View file

@ -1,4 +1,7 @@
use {std::fmt, x509_parser::prelude::X509Error};
use {
std::{fmt, sync::Arc},
x509_parser::prelude::X509Error,
};
#[derive(Debug)]
/// Errors which can occur when fingerprinting a certificate
@ -38,3 +41,15 @@ impl From<x509_parser::nom::Err<x509_parser::error::X509Error>> for Error {
Self::X509(value.into())
}
}
impl From<Error> for rustls::Error {
fn from(value: Error) -> Self {
match value {
Error::Fmt => Self::General(String::from("Format Error")),
Error::InvalidForDate => Self::InvalidCertificate(rustls::CertificateError::Expired),
Error::X509(e) => {
Self::InvalidCertificate(rustls::CertificateError::Other(Arc::new(e)))
}
}
}
}

3
src/message/id.rs
View file

@ -1,7 +1,6 @@
use {
std::{
error,
fmt,
error, fmt,
fs::File,
io::{self, Read},
time::{SystemTime, SystemTimeError, UNIX_EPOCH},

7
src/message/mod.rs
View file

@ -9,7 +9,12 @@ mod error;
mod id;
mod link;
mod parser;
pub use {error::Error, id::{Error as IdError, Id}, link::Link, parser::Parser};
pub use {
error::Error,
id::{Error as IdError, Id},
link::Link,
parser::Parser,
};
#[derive(Clone, Debug, Default, PartialEq)]
pub struct Recipients {

4
src/prelude.rs
View file

@ -6,7 +6,9 @@ pub use super::{
mailbox::{Error as ParseMailboxError, Mailbox},
mailstore::{Account, Domain, Filesystem, FilesystemError, Folder, MailStore},
mailuser::Mailuser,
message::{Error as ParseMessageError, Id, IdError, Link, Message, Parser as MessageParser, Recipients},
message::{
Error as ParseMessageError, Id, IdError, Link, Message, Parser as MessageParser, Recipients,
},
//receiver,
request::{Error as ParseRequestError, Request},
response::{Error as ParseResponseError, Response},