From 7667fefeadbb96be11f8af2b813f6984b444285b Mon Sep 17 00:00:00 2001 From: Lev Date: Mon, 27 Jun 2022 17:01:14 -0700 Subject: [PATCH] config check --- src/config.rs | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/tls.rs | 4 ++-- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/src/config.rs b/src/config.rs index 1700541..0e4b8d2 100644 --- a/src/config.rs +++ b/src/config.rs @@ -8,9 +8,11 @@ use std::sync::Arc; use tokio::fs::File; use tokio::io::AsyncReadExt; use toml; +use std::path::Path; use crate::errors::Error; use crate::{ClientServerMap, ConnectionPool}; +use crate::tls::{load_certs, load_keys}; /// Globally available configuration. static CONFIG: Lazy> = Lazy::new(|| ArcSwap::from_pointee(Config::default())); @@ -253,6 +255,25 @@ impl Config { info!("Primary reads: {}", self.query_router.primary_reads_enabled); info!("Query router: {}", self.query_router.query_parser_enabled); info!("Number of shards: {}", self.shards.len()); + + match self.general.tls_certificate.clone() { + Some(tls_certificate) => { + info!("TLS certificate: {}", tls_certificate); + + match self.general.tls_private_key.clone() { + Some(tls_private_key) => { + info!("TLS private key: {}", tls_private_key); + info!("TLS support is enabled"); + }, + + None => (), + } + } + + None => { + info!("TLS support is disabled"); + }, + }; } } @@ -372,6 +393,39 @@ pub async fn parse(path: &str) -> Result<(), Error> { } }; + // Validate TLS! + match config.general.tls_certificate.clone() { + Some(tls_certificate) => { + match load_certs(&Path::new(&tls_certificate)) { + Ok(_) => { + // Cert is okay, but what about the private key? + match config.general.tls_private_key.clone() { + Some(tls_private_key) => { + match load_keys(&Path::new(&tls_private_key)) { + Ok(_) => (), + Err(err) => { + error!("tls_private_key is incorrectly configured: {:?}", err); + return Err(Error::BadConfig); + } + } + } + + None => { + error!("tls_certificate is set, but the tls_private_key is not"); + return Err(Error::BadConfig); + } + }; + } + + Err(err) => { + error!("tls_certificate is incorrectly configured: {:?}", err); + return Err(Error::BadConfig); + } + } + }, + None => (), + }; + config.path = path.to_string(); // Update the configuration globally. diff --git a/src/tls.rs b/src/tls.rs index ab9fc40..3bc4a6a 100644 --- a/src/tls.rs +++ b/src/tls.rs @@ -10,13 +10,13 @@ use crate::config::get_config; use crate::errors::Error; // TLS -fn load_certs(path: &Path) -> std::io::Result> { +pub fn load_certs(path: &Path) -> std::io::Result> { certs(&mut std::io::BufReader::new(std::fs::File::open(path)?)) .map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid cert")) .map(|mut certs| certs.drain(..).map(Certificate).collect()) } -fn load_keys(path: &Path) -> std::io::Result> { +pub fn load_keys(path: &Path) -> std::io::Result> { rsa_private_keys(&mut std::io::BufReader::new(std::fs::File::open(path)?)) .map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid key")) .map(|mut keys| keys.drain(..).map(PrivateKey).collect())