matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Way better mas-listener demo

Browse Source
This commit is contained in:
Quentin Gliech
2022-10-12 15:33:11 +02:00
parent ee43f08cf7
commit 7986037b59
16 changed files with 347 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
crates/listener/Cargo.toml
View File

@ -20,9 +20,10 @@ tracing = "0.1.37"
libc = "0.2.135"
[dev-dependencies]
tokio-test = "0.4.2"
anyhow = "1.0.65"
rustls-pemfile = "1.0.1"
tokio = { version = "1.21.2", features = ["net", "rt", "macros", "signal", "time", "rt-multi-thread"] }
tokio-test = "0.4.2"
tracing-subscriber = "0.3.16"
[[example]]

27
crates/listener/examples/demo/certs/ca-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA58uTeW5C7RkjeO+SeBsBhMzkyTrLwLtyVOSTY85bGxiy6UST
1jFpPqdn+BZJEj/mM9QJ7MXxtYJHtXpEeAehjn0hU9n2ozq09BlqlXUvIV4Zuehu
lRdWEGIb5VkruGXeG4SRu9Iiw87x0w8AZ+deK9T1ZK9OeTrwPdfQtDOvazDdGpZB
RGyGKljuI1LGAXSwEaw9t1rMEqubNAJLZnpJxMcSfxHibN5kSaoqnbQ+PxltCwnJ
DNGtNIIzp4Q1gG8fanUiDlIdtEbrsmtwIgbWKZncqHURZJYIZZ785qExku4ydaDy
11a/VmQ5PtJ7Bwoxdq45gKXcHH/RaamrYpFy+wIDAQABAoIBAFiu6KOC7hQslAfH
ETDmlDQs+DONTTtV/C5Cral34B+D2Z+p3y4KBYw1HHAshpR24ipeK9Xs/cdGKw1h
1CRgNw1/Dms4b0aQRX9G4iKAjSGlEQ6xwO1F2mW2Q5oB/do1Dz9T/zXu9eIYoSjx
CmS2fq8icSiuccWsKRJgKbdoNus5MjBfcE79QdzxvCm1jo/SCf9gqaIBK3FogFcl
GMQJulpSopx0o7/jXkbrHbJ2liaxVXEBzqWQbTVmxRUz2xGEakc/uKdiQ7LOYHbm
3hzRqc5kYW87IVq2Nb1y956/1Nuld+DdhF8hCNlcZnnrHq/CVPsOIJ1KlZTlXZML
yJGBkqECgYEA/cr1kVy207tznYhVA2Xw/WH5V2pPTP9gVKxgf1vO1q6Iv1px6VS+
A80oTqxtqzH/9zAD442P1zEIE4TJdLfPab/OjxAtlOCfxj965DApspFu9+/Te0fo
EFbuD9hXB5iG8XX69eKbs0uJnRdEtb3vibzHEPLg7SWFaApRI6etTukCgYEA6c+k
RiXZ1LcvYr5hlrD9XA1WD95NK9wZvX9t2cCFcdx3aIgYoU4f8kdxakVmv9avxHJr
2tgxnW7INHlMgU5BNcMNU47trS7dxqszzF8mznG8bOc5DXyDVA0M4oB2B3lzU6Nm
JNllGfGvLeK5PNqAW4GYTSwHbljmlFS79Ptf7EMCgYEAy1p0qaTAWac5XGCAvdhQ
4LZAM+ra37dAWJhGOcY2VY5DxA+UdoGQPzuDsIY42ZOWpVmzxAEJ4ENJVVpwkTU2
3GTz/W3ZGBFj9FWpAm4U+x/M6p0ftwhGydDdr5SJJ2zvs0n1bE/GskM0YMrkIzut
U5APcWUrFNmbq2GY4hjYpQECgYEA4wzq/9vd7z183Kz4Y7e4Md4ZhwtfcYopzOWk
LWNRs0JfCrmvAWW2jDZoosSGhSDcSy66Iijz9WgRLzPj4WW22ZhypoQTtqveXgD/
KiX0r2GvkynvM3OIrOSHcKVC+PstzTjOBla+YTVb4nlbXQbqwvHUjoyFItleAQlQ
BRTfD7UCgYEAsmy5/tW1+X954cR64kvBDDv47KbYJZK8vb1veJOBdAGdK8+Cbv/9
sXDDML8wia66Pvn3gOZZszrbabqqYEC2BV7i56etjxrAYoLzoeF1WXKUBC+jWkfp
psaszCgX5xCf/GFpnLd4e0rZmQBQzNeL/RzrkRuvNGjx/VtSZ3amhTw=
-----END RSA PRIVATE KEY-----

17
crates/listener/examples/demo/certs/ca.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICujCCAaICAQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lz
Y28xCzAJBgNVBAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNV
BAsTCk9yZyBVbml0IDExEjAQBgNVBAMTCU15IG93biBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAOfLk3luQu0ZI3jvkngbAYTM5Mk6y8C7clTkk2PO
WxsYsulEk9YxaT6nZ/gWSRI/5jPUCezF8bWCR7V6RHgHoY59IVPZ9qM6tPQZapV1
LyFeGbnobpUXVhBiG+VZK7hl3huEkbvSIsPO8dMPAGfnXivU9WSvTnk68D3X0LQz
r2sw3RqWQURshipY7iNSxgF0sBGsPbdazBKrmzQCS2Z6ScTHEn8R4mzeZEmqKp20
Pj8ZbQsJyQzRrTSCM6eENYBvH2p1Ig5SHbRG67JrcCIG1imZ3Kh1EWSWCGWe/Oah
MZLuMnWg8tdWv1ZkOT7SewcKMXauOYCl3Bx/0Wmpq2KRcvsCAwEAAaAAMA0GCSqG
SIb3DQEBCwUAA4IBAQBiCczhqMP1h0ArkBemwQXDCAlFm0wvAzBfPnnUobZwktu5
1H1MSIc8MSIPbU8Z+skVTJ7R8wHr+qV712v6CcSuC+CZqqdh4slXNNIe7VK/orzl
wJ342uAj9wUWhFlR7/5JhalsfCHtpt8M8Fi1Xt5wKQwuYnH377hKOfiI/30iyNAl
gfxLm+NFEVywAbtCuFYsBIkd9tIxHObdMiQEJaAfFXYgVUaBgAFgheXkgefRLmcy
/uVUAI38LENiVZhoKuY1Gbs2nH+W5ea4VEHc7CJjRWoNJ9XIubsxPYIHuowS7phK
ThfK14BqpyvNgvCDIDELNZ9a6GW9TZz7P8/ZmYwa
-----END CERTIFICATE REQUEST-----

16
crates/listener/examples/demo/certs/ca.json Normal file
View File

@ -0,0 +1,16 @@
{
"CN": "My own CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "CA",
"O": "My Company Name",
"ST": "San Francisco",
"OU": "Org Unit 1"
}
]
}

22
crates/listener/examples/demo/certs/ca.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgIUZJIz+zgaa4BBKcNcHNu03FOKS/cwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0yMjEwMTIxMzI4MDBaFw0yNzEw
MTExMzI4MDBaMHUxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1TYW4gRnJhbmNpc2Nv
MQswCQYDVQQHEwJDQTEYMBYGA1UEChMPTXkgQ29tcGFueSBOYW1lMRMwEQYDVQQL
EwpPcmcgVW5pdCAxMRIwEAYDVQQDEwlNeSBvd24gQ0EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDny5N5bkLtGSN475J4GwGEzOTJOsvAu3JU5JNjzlsb
GLLpRJPWMWk+p2f4FkkSP+Yz1AnsxfG1gke1ekR4B6GOfSFT2fajOrT0GWqVdS8h
Xhm56G6VF1YQYhvlWSu4Zd4bhJG70iLDzvHTDwBn514r1PVkr055OvA919C0M69r
MN0alkFEbIYqWO4jUsYBdLARrD23WswSq5s0AktmeknExxJ/EeJs3mRJqiqdtD4/
GW0LCckM0a00gjOnhDWAbx9qdSIOUh20Ruuya3AiBtYpmdyodRFklghlnvzmoTGS
7jJ1oPLXVr9WZDk+0nsHCjF2rjmApdwcf9FpqatikXL7AgMBAAGjQjBAMA4GA1Ud
DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTjbc5p6QbiplBV
VxQ2gmUJ+VTciDANBgkqhkiG9w0BAQsFAAOCAQEAFRsqSDiq5+Yvt8DC/5h5Ykgv
l41W8VQK1xlc2DKIfZ/Rnf1PP4kxxv0KyFtPAUuDeuJSJqaHsC4l9itLWMhM1M7K
g5qlrYP128C+KdC3cSkP8XttzVkhF/ffLWLPENRgRV2DldRW8G/omVbBeXdIKbK5
AYGEkliVK+zilNYax9VapgBdsAZEu/8O93/zWxVh1THa1PUvgLVy+xRNxhT3NenF
T/AMRPoRCyy3M0CsBC/k0uqtCGBB6n6HLj0kTG8cY1KiVu3aB+P8yUikxNMpYNgw
l2/J0nlPbsRiYPprT1PDcMEUto+ehGcrWZ6nSzbBEvRLeMvJhcJMNnKNKCsS8w==
-----END CERTIFICATE-----

27
crates/listener/examples/demo/certs/client-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzZAP8nRL/+enJwbTKDm6gyd6tmU6o+8YWUMJdriXmPhOlePA
nrWWKbFlVhZhCkjoOWR4K94rCFMZ2rjsxIEBBO46SjKZ2D5La6hSOmXxbCevZRTC
c+8rRX7fwF8zsvTdaSgCAW8OKlqMWIwm/2d6tvzakEwZsk8gJdqjww+VYIxvmbFU
dCe4I20PrfkARa/BH7ZkFGCyQgn7riaZmRUIqKcBWd5uEMhHTOySXXRrmS7vfyZ0
/X01U0nBqhxUgtDhKc1hll3lQ2BjvkU2dbt9+mWD4XZDsWenbMU+9sAX9rQTgqzD
YgJGotUK68n/XqNuDNEyOubdDyLICLD92ItnDQIDAQABAoIBADmrWu34NoIaqUhH
n+G/IFY/MywMhkELiNcx+Wu3KcCemN1wQc/EvdYAkJ9wM9VA0vWW/CfCcmwpdC1q
h/IxBuotM2kxfPuvrlULqdX8V5iyIYDILC1+QbODfp5nlwdzrtIbiUSBtYWoVYtZ
9m7cxw6jLWYiE2t0y14TUrIcoxmsiymmAemt1/8EuxU6ZIw4TlMAPcYxzy36iDJK
9er7iUeTl7GY/gojmD//tO92qjbOzTboAvL5NaYmAVTJTJg6z8c59884KgIx68gQ
R8gBmFJSNLm/+n9jkSmfABghJr18f2+Ys0d/d1ckITbzIbOUNhmtuYjD/t0UPdD5
cMUVWvkCgYEA/KtMrhle9rFz1ttqg449SxgYfgyXCxxDwdQYoidF5EgkgLrACcY+
eheCKaTiwGG7oT9j4Uak38sSrAYy3E3s82bhhzOd+CoSaRumW9VQ3WVaBSF80HLi
3gykSTP4QMzGGa6jSsXfPriugX9cF4tNfNbSB28GjAh4fqsakdPB7XMCgYEA0EXK
GoKNsjNj/KxGHX+LtgEtGzZwDJH+KzFP0ow3SYmgyFbt1MdFdX7SWZVnSi0a3MaG
GEDo3eGcGAYtHoRf7rxMFC4eZRZ3FPqd9w4BFN+j8cJ/q6vuA4grvakkz3gUZG0j
sOoSK/DJGrAQxnRgshxL0Fd0DSzUEqgW4o6oOX8CgYEAhSEw5u7BRZRcZ9H2flic
3QtWJFw33YfH/8HkNNQilFSavyUm+D93PddTIuQZAaq9NQn0c4dIag5SyUb+12tL
tTf5DsbYriBk0PLbpblwwSac1uU9IYvXE45vpY53eJUsr+1/Zm954E9oyxyzBkjE
zElYIsiSF4iDDKLU/g8oOBcCgYBTCiBkpXz9egP5sG5cQIhhzuI/IVtXh7YBXq3m
0sUQavFSL2awGauWBzSzRyBhsM4vDHBWpzqxjMyBv6SpsDnXo/fpa+HuiCB+mtX0
tP61Zd2l/NiOiARkIBzgh9oHZmcrC2DZntoT7vMf0uc9WRVcrm+D5/p7bk44ChDl
z98+3QKBgQDUoPGFF4j/pQPJztTDr3aXMUrHw7jTc7zilcYAkINijLhjgEEasQHU
AnQLRhRt7W8M++9Jjv42rvXVi/0lZs/bv1znnNde2w40W4rBPcairbVSiv+nug81
fD1DeBwtqnApSAurg6LOoMvcC1XmwJpgNqOgwtirN1df/fLMwltm7A==
-----END RSA PRIVATE KEY-----

17
crates/listener/examples/demo/certs/client.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICtTCCAZ0CAQAwQzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQDEwZjbGllbnQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDNkA/ydEv/56cnBtMoObqDJ3q2ZTqj7xhZQwl2uJeY
+E6V48CetZYpsWVWFmEKSOg5ZHgr3isIUxnauOzEgQEE7jpKMpnYPktrqFI6ZfFs
J69lFMJz7ytFft/AXzOy9N1pKAIBbw4qWoxYjCb/Z3q2/NqQTBmyTyAl2qPDD5Vg
jG+ZsVR0J7gjbQ+t+QBFr8EftmQUYLJCCfuuJpmZFQiopwFZ3m4QyEdM7JJddGuZ
Lu9/JnT9fTVTScGqHFSC0OEpzWGWXeVDYGO+RTZ1u336ZYPhdkOxZ6dsxT72wBf2
tBOCrMNiAkai1Qrryf9eo24M0TI65t0PIsgIsP3Yi2cNAgMBAAGgLTArBgkqhkiG
9w0BCQ4xHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0B
AQsFAAOCAQEAZi9gWV6e5cYNRpznUh82ASNHhF2FhA7wwjyK1I+4uJ47ZEPnle1G
j4x+7DWveX6b6DdMxzJdu4mXlYbAxqeCqBkBRS5tq03ZbioAuzjo4987jO5XO1SO
X+1VRIWWEP71Nov4v/2izZeH3XA1yGsb64ThVWeeytdMll/Ih93T9xb+O9i5ppuj
I/KtQodDPJpRZ1fQm7fCekt3dZxw/o57NmtcDk0/VaKqfajk+/Lxz5s2j+Ic+882
3XvXqnDpo3IxKhOXag/vuBlYh8stZr/NTlblN1kVvBr5hwFnQPjO4cYs8WDpGy4R
LfKf3YyAGNwHDX43RGjUxmMfIgcDuvzWTg==
-----END CERTIFICATE REQUEST-----

18
crates/listener/examples/demo/certs/client.json Normal file
View File

@ -0,0 +1,18 @@
{
"CN": "client",
"hosts": [
"localhost",
"127.0.0.1"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"ST": "CA",
"L": "San Francisco"
}
]
}

23
crates/listener/examples/demo/certs/client.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID2TCCAsGgAwIBAgIUPlKsaVgzM0KLAHeCoQElYYBk9rIwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0yMjEwMTIxMzI4MDBaFw0yNzEw
MTExMzI4MDBaMEMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMN
U2FuIEZyYW5jaXNjbzEPMA0GA1UEAxMGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzZAP8nRL/+enJwbTKDm6gyd6tmU6o+8YWUMJdriXmPhO
lePAnrWWKbFlVhZhCkjoOWR4K94rCFMZ2rjsxIEBBO46SjKZ2D5La6hSOmXxbCev
ZRTCc+8rRX7fwF8zsvTdaSgCAW8OKlqMWIwm/2d6tvzakEwZsk8gJdqjww+VYIxv
mbFUdCe4I20PrfkARa/BH7ZkFGCyQgn7riaZmRUIqKcBWd5uEMhHTOySXXRrmS7v
fyZ0/X01U0nBqhxUgtDhKc1hll3lQ2BjvkU2dbt9+mWD4XZDsWenbMU+9sAX9rQT
gqzDYgJGotUK68n/XqNuDNEyOubdDyLICLD92ItnDQIDAQABo4GSMIGPMA4GA1Ud
DwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
A1UdDgQWBBQTZnmyh9yldA1I/p45TvZTJwYeGTAfBgNVHSMEGDAWgBTjbc5p6Qbi
plBVVxQ2gmUJ+VTciDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJKoZI
hvcNAQELBQADggEBAF9wkW1bVCi4HW+3IQR8eVhfwAr6PILhwdVvW7iJyXv8c/oa
NP5SQeunvRXYZqUvplWCRF6GDfN2OXe/RXCKCevvHyU1kihoYEndMx2ETqJiNJEf
kXMdhHLqu9lx2pZ8uPJjsXbhT4T//fCtWhUZjsSKDa2Paa72jTzGbGwkD6lY3Fz6
KOAPeKiRecoY55w/NlXnVoqPhJ0qSIWl7F0PrgUPWFoOaRev6q9U/zDLWLnaWVWS
iA3eNSZSISm9vPqodt+FRJhTU8CYkY20fqBlfXRrnTeKS/Ydr6axNXRQxIjazs77
/XMw/YTeYzzimRkfUpQzBbe1wOL7yKA6IdaYhrs=
-----END CERTIFICATE-----

25
crates/listener/examples/demo/certs/config.json Normal file
View File

@ -0,0 +1,25 @@
{
"signing": {
"default": {
"expiry": "43800h"
},
"profiles": {
"server": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "43800h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
}
}
}
}

11
crates/listener/examples/demo/certs/gen.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# Script to regenerate the server and client certificate
set -eux
cd "$(dirname "$0")"
rm -f ./*.pem ./*.csr
cfssl gencert -config=config.json -initca ca.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=server server.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=config.json -profile=client client.json | cfssljson -bare client

27
crates/listener/examples/demo/certs/server-key.pem Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAyZLpvV/upF9rm5WgWsWuXJDmST615NKEJ8PgahH7ix9G9LrG
h9ZDsAcrDbjOuIMx9SN4TH8ZOBVqG2RFOsvhyaYgRoy1ofq6Vgkay35iLVvw6cKH
qQ/T6Lt1ku8j1kS7y2PF3na/yXRAoCroXV8wKusKeXJmNc/cr0paucOYwOOhPsvh
4OA0BZ9yhosuAHwJ+HShujrk9UK7qUOj+xUBQpZBlun9bu5vwI1r6uLH+EwgoJ4V
iSj9Mio8fyc7GyHp7qreUmW59xKWoupsWrlfS5cnSGRiDMdOkoui9p2kO6o119aD
liHlAWkKK+hGHJIlMDAsH0jZT7y/KmYSAo/X6QIDAQABAoIBAHDTrceVSdNxoZ7N
ipskaStg47V9x3xUJSrI5fUZKa4+jI3xeayQzwRZjsy4c+Utciofd3eB8NDGk8TP
RDzb3/7p4Mj8e7I10FTV9cyPak6vVtLRUvPbayaqvu3Gs0183YzDxP53g3Q0gPPl
8HhLDoAHXa6KzREzzvfC67Ns+zSDdi1AOjZiOplgirG7t4qOKpRdJ1c+1e9l4ifF
838Qh4ZdrDiYYsM1ixyWMaBKTeLjn8GAllFm3a4Ayjwf0ooiNMm3BmeqHBLRt7oG
faGoEJjCYsYUiWYwAYdnvJjk0lNGqdmEvr3YwcccncNIhsqW1vyNSLq/rrAG0uDZ
O9Z9UYECgYEA9Xwr6y3nxnb8ygv4bFI4DJpAY7Mz7mrNNd+umfSbdPGTPqWU3iH+
FwV1DOcxFO620iF40y85pfdNrnIyZir5/s9B+wLufC8yHvdPuGDENP1o3K5EvJIj
7pivcsSdAa8/N7f5f1aRmqLgudaFvBqqVkGe5TkDee5sHQkjBKU7W/kCgYEA0jU9
iGAaJjIVL2rONM59AwYmCSPXT6hHxfdOUm+vhjmKfffv5ounhYMm1/ApRXafO5q6
4IKHXxFkCbMyIM3QwwtlZdJI+zYbZFH2FauaVB+AF5Wc+w3NaN757K3LfZTj4kyQ
l0dSCwR4L9djp7jTuDamEIc0QfsZ6fbNe+xX93ECgYAT49GzJm8HF5D31ex06lx8
OOtKqLRmduTVnqAI/VazLPefNc9QCDUMLHcFap4Bci4B7JBbnBHxro3uunX27TiA
Os6/xccI7NIEzEj7SWvcV0PtzXjoRnb+2AQvKlsGTeqzWwauGJeHjfbjV8xSJ17x
yjNTo0Dy2iyMVbcuoyyiEQKBgQDLz/E8ZCmWdSLTWdRboQXWw8RnQkgGJRyKFpHr
HfzqwKnGH3qMZ0XjDtm/r0zk2/HiAdFF02lbxOng+c0Vv1i1dDw5MF2wrLJ8X3eh
ZUP6Ypx4wYh2ZtiN4Pwj/hJ6Tb1yclgTRYSHyCqcAFPQkEU/rETxa5ZAjy1+Ct0L
VYmpEQKBgQC3fwjnDk6CmT9p140J7PBybJ/yTl266y6j35JDqGqEupc7DNb0C8dc
3IbOF+yWd9nxJ66URBPen83wn5864hmTeU9rmDRrh2jkzxKuyOFbPBtM1Q7Uy6it
HpDDA/ky4m2sVyuv4TuE93WkDQbXlxtYc0wnCWx0mkPIYkAxmUO4Rg==
-----END RSA PRIVATE KEY-----

17
crates/listener/examples/demo/certs/server.csr Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICuDCCAaACAQAwRjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDJkum9X+6kX2ublaBaxa5ckOZJPrXk0oQnw+Bq
EfuLH0b0usaH1kOwBysNuM64gzH1I3hMfxk4FWobZEU6y+HJpiBGjLWh+rpWCRrL
fmItW/DpwoepD9Pou3WS7yPWRLvLY8Xedr/JdECgKuhdXzAq6wp5cmY1z9yvSlq5
w5jA46E+y+Hg4DQFn3KGiy4AfAn4dKG6OuT1QrupQ6P7FQFClkGW6f1u7m/AjWvq
4sf4TCCgnhWJKP0yKjx/JzsbIenuqt5SZbn3Epai6mxauV9LlydIZGIMx06Si6L2
naQ7qjXX1oOWIeUBaQor6EYckiUwMCwfSNlPvL8qZhICj9fpAgMBAAGgLTArBgkq
hkiG9w0BCQ4xHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG
9w0BAQsFAAOCAQEAoDYizxvrx9zCwJwVkoyTesNpv/TEXSyUJUA0obAwCmRxYfAI
8/C3OglQwlrMKTgeBsfzBnLHgdZ4mKmuQpRNGrt+MncN09x7IqT4zbijWBJu6VbI
a7B+BElzrt/rsEo/h2ZKy1P42XIW/icADRFoCDqhOG3kYQ5unIoNawN/4okJDxg6
z+M5FSifRee3QSc9UOHIGNTuVS07Gxmhoi+c9samuxZYqxR1j46LGY4OOWEW8RVB
ZhybsfhXgzkoAvIjCJiNqJGsNmMlr6Psq1cKCTaM17RlxlqSAtlQ2igk1ptAo7Xo
q+EVnJHmkWbjksQKykOia91eOOlGArZfSGBgYw==
-----END CERTIFICATE REQUEST-----

18
crates/listener/examples/demo/certs/server.json Normal file
View File

@ -0,0 +1,18 @@
{
"CN": "localhost",
"hosts": [
"localhost",
"127.0.0.1"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"ST": "CA",
"L": "San Francisco"
}
]
}

23
crates/listener/examples/demo/certs/server.pem Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID3DCCAsSgAwIBAgIUXV73OL40WuMFPhEf1BT5I9wWilQwDQYJKoZIhvcNAQEL
BQAwdTELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDVNhbiBGcmFuY2lzY28xCzAJBgNV
BAcTAkNBMRgwFgYDVQQKEw9NeSBDb21wYW55IE5hbWUxEzARBgNVBAsTCk9yZyBV
bml0IDExEjAQBgNVBAMTCU15IG93biBDQTAeFw0yMjEwMTIxMzI4MDBaFw0yNzEw
MTExMzI4MDBaMEYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMN
U2FuIEZyYW5jaXNjbzESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAyZLpvV/upF9rm5WgWsWuXJDmST615NKEJ8PgahH7
ix9G9LrGh9ZDsAcrDbjOuIMx9SN4TH8ZOBVqG2RFOsvhyaYgRoy1ofq6Vgkay35i
LVvw6cKHqQ/T6Lt1ku8j1kS7y2PF3na/yXRAoCroXV8wKusKeXJmNc/cr0paucOY
wOOhPsvh4OA0BZ9yhosuAHwJ+HShujrk9UK7qUOj+xUBQpZBlun9bu5vwI1r6uLH
+EwgoJ4ViSj9Mio8fyc7GyHp7qreUmW59xKWoupsWrlfS5cnSGRiDMdOkoui9p2k
O6o119aDliHlAWkKK+hGHJIlMDAsH0jZT7y/KmYSAo/X6QIDAQABo4GSMIGPMA4G
A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBQ5FqZm6QZH0ryYjHsPfPLLco+hHTAfBgNVHSMEGDAWgBTjbc5p
6QbiplBVVxQ2gmUJ+VTciDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJ
KoZIhvcNAQELBQADggEBAAESeOqIzNByls+z+Ah8i5Ge4MfkomD2dHipvJNOKtY4
JUxffHslgid6O4zE5uw4mLnM4tvaUhsO1DwyfqQ0dj0JAx0xOSZuPfXag1fHxJ4Q
YJImrP13Hcm18Jr/ie5En6v25Uq0DR5NqbqSBXdIwQB84yAV23555YU9sqJhDh4g
wTugRTcNefTIO4lD0eFu4PLGyt7J6KNdur9n4RrTJzIoJx7cK+vrAAHhQKzetLQm
VnHs2U7ckgNLEjxo/9qziQ5bPXb4MnsrZgN00oeDwEMfIkANmSPUu/6Ei31SXfmE
s5ukdV0z+OX59/vEsG3IPiZpZG/dOjBeFjPvG/7EOoc=
-----END CERTIFICATE-----

63
crates/listener/examples/demo/main.rs
View File

@ -14,13 +14,21 @@
use std::{
convert::Infallible,
io::BufReader,
net::{Ipv4Addr, TcpListener},
sync::Arc,
time::Duration,
};
use anyhow::Context;
use hyper::{service::service_fn, Request, Response};
use mas_listener::{server::Server, shutdown::ShutdownStream, ConnectionInfo};
use tokio::signal::unix::SignalKind;
use tokio_streams_util::{server::Server, shutdown::ShutdownStream, ConnectionInfo};
use tokio_rustls::rustls::{Certificate, PrivateKey, RootCertStore, ServerConfig};
static CA_CERT_PEM: &[u8] = include_bytes!("./certs/ca.pem");
static SERVER_CERT_PEM: &[u8] = include_bytes!("./certs/server.pem");
static SERVER_KEY_PEM: &[u8] = include_bytes!("./certs/server-key.pem");
async fn handler(req: Request<hyper::Body>) -> Result<Response<String>, Infallible> {
tracing::info!("Handling request");
@ -34,16 +42,59 @@ async fn handler(req: Request<hyper::Body>) -> Result<Response<String>, Infallib
async fn main() -> Result<(), anyhow::Error> {
tracing_subscriber::fmt::init();
let listener = TcpListener::bind((Ipv4Addr::LOCALHOST, 3000))?;
let service = service_fn(handler);
let server = Server::try_new(listener, service)?;
let tls_config = load_tls_config()?;
tracing::info!("Listening on 127.0.0.1:3000");
let listener = TcpListener::bind((Ipv4Addr::LOCALHOST, 3000))?;
let proxy_protocol_listener = TcpListener::bind((Ipv4Addr::LOCALHOST, 3001))?;
let tls_listener = TcpListener::bind((Ipv4Addr::LOCALHOST, 3002))?;
let tls_proxy_protocol_listener = TcpListener::bind((Ipv4Addr::LOCALHOST, 3003))?;
let servers = vec![
Server::try_new(listener, service_fn(handler))?,
Server::try_new(proxy_protocol_listener, service_fn(handler))?.with_proxy(),
Server::try_new(tls_listener, service_fn(handler))?.with_tls(tls_config.clone()),
Server::try_new(tls_proxy_protocol_listener, service_fn(handler))?
.with_proxy()
.with_tls(tls_config.clone()),
];
tracing::info!("Listening on http://127.0.0.1:3000, http(proxy)://127.0.0.1:3001, https://127.0.0.1:3002 and https(proxy)://127.0.0.1:3003");
let shutdown = ShutdownStream::default()
.with_signal(SignalKind::interrupt())?
.with_signal(SignalKind::terminate())?;
server.run(shutdown).await;
mas_listener::server::run_servers(servers, shutdown).await;
Ok(())
}
fn load_tls_config() -> Result<Arc<ServerConfig>, anyhow::Error> {
let mut ca_cert_reader = BufReader::new(CA_CERT_PEM);
let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader).context("Invalid CA certificate")?;
let mut ca_cert_store = RootCertStore::empty();
ca_cert_store.add_parsable_certificates(&ca_cert);
let mut server_cert_reader = BufReader::new(SERVER_CERT_PEM);
let server_cert: Vec<_> = rustls_pemfile::certs(&mut server_cert_reader)
.context("Invalid server certificate")?
.into_iter()
.map(Certificate)
.collect();
let mut server_key_reader = BufReader::new(SERVER_KEY_PEM);
let mut server_key = rustls_pemfile::rsa_private_keys(&mut server_key_reader)
.context("Invalid server TLS keys")?;
let server_key = PrivateKey(server_key.pop().context("Missing server TLS key")?);
let tls_config = ServerConfig::builder()
.with_safe_defaults()
.with_client_cert_verifier(
tokio_rustls::rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new(
ca_cert_store,
),
)
.with_single_cert(server_cert, server_key)?;
Ok(Arc::new(tls_config))
}