From db0d2d2e1509ede51bb448c1df1edfebde53ac80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Fri, 31 May 2024 01:45:25 +0200 Subject: [PATCH 01/27] wip --- Cargo.lock | 176 ++++++++++++++++++++++++++++++++-------------- Cargo.toml | 11 ++- ext/kv/Cargo.toml | 2 + ext/kv/remote.rs | 41 ++++++++++- 4 files changed, 175 insertions(+), 55 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7be41f3b9b8b5e..1fa333fcea83e6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -705,7 +705,7 @@ dependencies = [ "flaky_test", "http 1.1.0", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "nix 0.26.2", "once_cell", @@ -1525,7 +1525,7 @@ dependencies = [ "http-body-util", "httparse", "hyper 0.14.28", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "itertools", "memmem", @@ -1568,6 +1568,7 @@ dependencies = [ "anyhow", "async-trait", "base64 0.21.7", + "bytes", "chrono", "deno_core", "deno_fetch", @@ -1577,6 +1578,7 @@ dependencies = [ "denokv_remote", "denokv_sqlite", "faster-hex", + "http 1.1.0", "log", "num-bigint", "prost", @@ -1644,7 +1646,7 @@ dependencies = [ "dlopen2_derive", "once_cell", "rustls-native-certs", - "rustls-pemfile", + "rustls-pemfile 1.0.4", ] [[package]] @@ -1818,7 +1820,7 @@ dependencies = [ "http 1.1.0", "http-body-util", "hyper 0.14.28", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "libc", "log", @@ -1889,13 +1891,13 @@ version = "0.141.0" dependencies = [ "deno_core", "deno_native_certs", - "rustls", - "rustls-pemfile", + "rustls 0.21.11", + "rustls-pemfile 1.0.4", "rustls-tokio-stream", - "rustls-webpki", + "rustls-webpki 0.101.7", "serde", "tokio", - "webpki-roots", + "webpki-roots 0.25.4", ] [[package]] @@ -1970,7 +1972,7 @@ dependencies = [ "h2 0.4.4", "http 1.1.0", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "once_cell", "rustls-tokio-stream", @@ -2000,8 +2002,7 @@ dependencies = [ [[package]] name = "denokv_proto" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bd644ad038e7b6e8453463e96c278ba378e8bdc9f557959d511ac830ea0ec969" +source = "git+https://github.com/denoland/denokv?branch=main#7e6aa784034a29fba5826a49b27e438c2bbc40fb" dependencies = [ "anyhow", "async-trait", @@ -2009,7 +2010,6 @@ dependencies = [ "futures", "num-bigint", "prost", - "prost-build", "serde", "uuid", ] @@ -2017,8 +2017,7 @@ dependencies = [ [[package]] name = "denokv_remote" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23cfa4786f9c609711aab89ce173232ceda0617167881e58fd5e0b78868a6932" +source = "git+https://github.com/denoland/denokv?branch=main#7e6aa784034a29fba5826a49b27e438c2bbc40fb" dependencies = [ "anyhow", "async-stream", @@ -2027,10 +2026,10 @@ dependencies = [ "chrono", "denokv_proto", "futures", + "http 1.1.0", "log", "prost", "rand", - "reqwest", "serde", "serde_json", "tokio", @@ -2042,8 +2041,7 @@ dependencies = [ [[package]] name = "denokv_sqlite" version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f36c1c54cda2de93d0f4ded0392d0b6917bcd9b1d13c056dd7c309668aa43e17" +source = "git+https://github.com/denoland/denokv?branch=main#7e6aa784034a29fba5826a49b27e438c2bbc40fb" dependencies = [ "anyhow", "async-stream", @@ -2603,7 +2601,7 @@ checksum = "f63dd7b57f9b33b1741fa631c9522eb35d43e96dcca4a6a91d5e4ca7c93acdc1" dependencies = [ "base64 0.21.7", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "pin-project", "rand", @@ -3353,9 +3351,9 @@ dependencies = [ [[package]] name = "hyper" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb5aa53871fc917b1a9ed87b683a5d86db645e23acb32c2e0785a353e522fb75" +checksum = "9f24ce812868d86d19daa79bf3bf9175bc44ea323391147a5e3abde2a283871b" dependencies = [ "bytes", "futures-channel", @@ -3367,39 +3365,45 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", + "smallvec", "tokio", "want", ] [[package]] name = "hyper-rustls" -version = "0.24.2" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" dependencies = [ "futures-util", - "http 0.2.12", - "hyper 0.14.28", - "rustls", + "http 1.1.0", + "hyper 1.3.0", + "hyper-util", + "rustls 0.22.4", + "rustls-pki-types", "tokio", "tokio-rustls", + "tower-service", ] [[package]] name = "hyper-util" -version = "0.1.2" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdea9aac0dbe5a9240d68cfd9501e2db94222c6dc06843e06640b9e07f0fdc67" +checksum = "7b875924a60b96e5d7b9ae7b066540b1dd1cbd90d1828f54c92e02a283351c56" dependencies = [ "bytes", "futures-channel", "futures-util", "http 1.1.0", "http-body 1.0.0", - "hyper 1.1.0", + "hyper 1.3.0", "pin-project-lite", "socket2", "tokio", + "tower", + "tower-service", "tracing", ] @@ -3549,7 +3553,7 @@ dependencies = [ "socket2", "widestring", "windows-sys 0.48.0", - "winreg", + "winreg 0.50.0", ] [[package]] @@ -5237,21 +5241,21 @@ checksum = "e898588f33fdd5b9420719948f9f2a32c922a246964576f71ba7f24f80610fbc" [[package]] name = "reqwest" -version = "0.11.20" +version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1" +checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10" dependencies = [ "async-compression", - "base64 0.21.7", + "base64 0.22.1", "bytes", - "encoding_rs", "futures-core", "futures-util", - "h2 0.3.26", - "http 0.2.12", - "http-body 0.4.6", - "hyper 0.14.28", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "hyper 1.3.0", "hyper-rustls", + "hyper-util", "ipnet", "js-sys", "log", @@ -5259,11 +5263,13 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls", - "rustls-pemfile", + "rustls 0.22.4", + "rustls-pemfile 2.1.2", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", + "sync_wrapper", "tokio", "tokio-rustls", "tokio-socks", @@ -5274,8 +5280,8 @@ dependencies = [ "wasm-bindgen-futures", "wasm-streams", "web-sys", - "webpki-roots", - "winreg", + "webpki-roots 0.26.1", + "winreg 0.52.0", ] [[package]] @@ -5451,10 +5457,24 @@ checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4" dependencies = [ "log", "ring", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.4", + "subtle", + "zeroize", +] + [[package]] name = "rustls-native-certs" version = "0.6.3" @@ -5462,7 +5482,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "schannel", "security-framework", ] @@ -5476,6 +5496,22 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" +dependencies = [ + "base64 0.22.1", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" + [[package]] name = "rustls-tokio-stream" version = "0.2.24" @@ -5483,7 +5519,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd707225bb670bcd2876886bb571753d1ce03a9cedfa2e629a79984ca9a93cfb" dependencies = [ "futures", - "rustls", + "rustls 0.21.11", "socket2", "tokio", ] @@ -5498,6 +5534,17 @@ dependencies = [ "untrusted", ] +[[package]] +name = "rustls-webpki" +version = "0.102.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.15" @@ -6553,6 +6600,12 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + [[package]] name = "synstructure" version = "0.12.6" @@ -6669,7 +6722,7 @@ dependencies = [ "h2 0.4.4", "http 1.1.0", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "jsonc-parser", "lazy-regex", @@ -6685,7 +6738,7 @@ dependencies = [ "prost-build", "regex", "reqwest", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "rustls-tokio-stream", "semver 1.0.14", "serde", @@ -6835,11 +6888,12 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ - "rustls", + "rustls 0.22.4", + "rustls-pki-types", "tokio", ] @@ -6900,6 +6954,7 @@ dependencies = [ "futures-util", "pin-project", "pin-project-lite", + "tokio", "tower-layer", "tower-service", ] @@ -7473,9 +7528,9 @@ checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "wasm-streams" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4609d447824375f43e1ffbc051b50ad8f4b3ae8219680c94452ea05eb240ac7" +checksum = "b65dc4c90b63b118468cf747d8bf3566c1913ef60be765b5730ead9e0a3ba129" dependencies = [ "futures-util", "js-sys", @@ -7500,6 +7555,15 @@ version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +[[package]] +name = "webpki-roots" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "wgpu-core" version = "0.20.0" @@ -7827,6 +7891,16 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "winreg" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + [[package]] name = "winres" version = "0.1.12" diff --git a/Cargo.toml b/Cargo.toml index 4088950d367566..85cbed8a10608b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -117,8 +117,8 @@ http = "1.0" http-body-util = "0.1" http_v02 = { package = "http", version = "0.2.9" } httparse = "1.8.0" -hyper = { version = "=1.1.0", features = ["full"] } -hyper-util = { version = "=0.1.2", features = ["tokio", "server", "server-auto"] } +hyper = { version = "=1.3.0", features = ["full"] } +hyper-util = { version = "=0.1.5", features = ["tokio", "server", "server-auto"] } hyper_v014 = { package = "hyper", version = "0.14.26", features = ["runtime", "http1"] } indexmap = { version = "2", features = ["serde"] } jsonc-parser = { version = "=0.23.0", features = ["serde"] } @@ -145,7 +145,7 @@ prost = "0.11" prost-build = "0.11" rand = "=0.8.5" regex = "^1.7.0" -reqwest = { version = "=0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] } # pinned because of https://github.com/seanmonstar/reqwest/pull/1955 +reqwest = { version = "=0.12.4", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] } # pinned because of https://github.com/seanmonstar/reqwest/pull/1955 ring = "^0.17.0" rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] } # pinned because it was causing issues on cargo publish @@ -369,3 +369,8 @@ opt-level = 3 opt-level = 3 [profile.release.package.base64-simd] opt-level = 3 + +[patch.crates-io] +denokv_proto = { git = "https://github.com/denoland/denokv", branch = "main" } +denokv_remote = { git = "https://github.com/denoland/denokv", branch = "main" } +denokv_sqlite = { git = "https://github.com/denoland/denokv", branch = "main" } diff --git a/ext/kv/Cargo.toml b/ext/kv/Cargo.toml index f4304d28a25f0b..8cbaa1ed761f5a 100644 --- a/ext/kv/Cargo.toml +++ b/ext/kv/Cargo.toml @@ -17,6 +17,7 @@ path = "lib.rs" anyhow.workspace = true async-trait.workspace = true base64.workspace = true +bytes.workspace = true chrono = { workspace = true, features = ["now"] } deno_core.workspace = true deno_fetch.workspace = true @@ -26,6 +27,7 @@ denokv_proto.workspace = true denokv_remote.workspace = true denokv_sqlite.workspace = true faster-hex.workspace = true +http.workspace = true log.workspace = true num-bigint.workspace = true prost.workspace = true diff --git a/ext/kv/remote.rs b/ext/kv/remote.rs index 9d5e099c73b9d8..22e2d2812ee28d 100644 --- a/ext/kv/remote.rs +++ b/ext/kv/remote.rs @@ -8,10 +8,14 @@ use std::sync::Arc; use crate::DatabaseHandler; use anyhow::Context; use async_trait::async_trait; +use bytes::Bytes; use deno_core::error::type_error; use deno_core::error::AnyError; +use deno_core::futures::Stream; +use deno_core::futures::TryStreamExt as _; use deno_core::OpState; use deno_fetch::create_http_client; +use deno_fetch::reqwest; use deno_fetch::CreateHttpClientOptions; use deno_tls::rustls::RootCertStore; use deno_tls::Proxy; @@ -19,6 +23,8 @@ use deno_tls::RootCertStoreProvider; use deno_tls::TlsKeys; use denokv_remote::MetadataEndpoint; use denokv_remote::Remote; +use denokv_remote::RemoteResponse; +use denokv_remote::RemoteTransport; use url::Url; #[derive(Clone)] @@ -86,11 +92,44 @@ impl denokv_remote::RemotePermissions } } +#[derive(Clone)] +struct ReqwestClient(reqwest::Client); +struct ReqwestResponse(reqwest::Response); + +impl RemoteTransport for ReqwestClient { + type Response = ReqwestResponse; + async fn post( + &self, + url: Url, + headers: http::HeaderMap, + body: Bytes, + ) -> Result<(Url, http::StatusCode, Self::Response), anyhow::Error> { + let res = self.0.post(url).headers(headers).body(body).send().await?; + let url = res.url().clone(); + let status = res.status(); + Ok((url, status, ReqwestResponse(res))) + } +} + +impl RemoteResponse for ReqwestResponse { + async fn bytes(self) -> Result { + Ok(self.0.bytes().await?) + } + fn stream( + self, + ) -> impl Stream> + Send + Sync { + self.0.bytes_stream().map_err(|e| e.into()) + } + async fn text(self) -> Result { + Ok(self.0.text().await?) + } +} + #[async_trait(?Send)] impl DatabaseHandler for RemoteDbHandler

{ - type DB = Remote>; + type DB = Remote, ReqwestClient>; async fn open( &self, From 6f2b29262978e79fc74b5bbdfcdf514a33609992 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Fri, 31 May 2024 02:02:58 +0200 Subject: [PATCH 02/27] got to deno_kv --- Cargo.lock | 227 +++++++++++++++++++++++++++------- Cargo.toml | 6 +- ext/fetch/Cargo.toml | 1 + ext/fetch/fs_fetch_handler.rs | 2 +- ext/fetch/lib.rs | 13 +- ext/node/Cargo.toml | 4 +- ext/node/ops/http2.rs | 14 +-- 7 files changed, 201 insertions(+), 66 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7be41f3b9b8b5e..f36e445a319cef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -705,7 +705,7 @@ dependencies = [ "flaky_test", "http 1.1.0", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "nix 0.26.2", "once_cell", @@ -1143,7 +1143,7 @@ dependencies = [ "quick-junit", "rand", "regex", - "reqwest", + "reqwest 0.12.4", "ring", "runtimelib", "rustyline", @@ -1435,7 +1435,8 @@ dependencies = [ "deno_tls", "dyn-clone", "http 0.2.12", - "reqwest", + "http 1.1.0", + "reqwest 0.12.4", "serde", "serde_json", "tokio", @@ -1525,7 +1526,7 @@ dependencies = [ "http-body-util", "httparse", "hyper 0.14.28", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "itertools", "memmem", @@ -1644,7 +1645,7 @@ dependencies = [ "dlopen2_derive", "once_cell", "rustls-native-certs", - "rustls-pemfile", + "rustls-pemfile 1.0.4", ] [[package]] @@ -1687,10 +1688,10 @@ dependencies = [ "elliptic-curve", "errno 0.2.8", "faster-hex", - "h2 0.3.26", + "h2 0.4.4", "hkdf", "home", - "http 0.2.12", + "http 1.1.0", "idna 0.3.0", "indexmap", "k256", @@ -1712,7 +1713,7 @@ dependencies = [ "pin-project-lite", "rand", "regex", - "reqwest", + "reqwest 0.12.4", "ring", "ripemd", "rsa", @@ -1818,7 +1819,7 @@ dependencies = [ "http 1.1.0", "http-body-util", "hyper 0.14.28", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "libc", "log", @@ -1889,13 +1890,13 @@ version = "0.141.0" dependencies = [ "deno_core", "deno_native_certs", - "rustls", - "rustls-pemfile", + "rustls 0.21.11", + "rustls-pemfile 1.0.4", "rustls-tokio-stream", - "rustls-webpki", + "rustls-webpki 0.101.7", "serde", "tokio", - "webpki-roots", + "webpki-roots 0.25.4", ] [[package]] @@ -1970,7 +1971,7 @@ dependencies = [ "h2 0.4.4", "http 1.1.0", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "once_cell", "rustls-tokio-stream", @@ -2030,7 +2031,7 @@ dependencies = [ "log", "prost", "rand", - "reqwest", + "reqwest 0.11.27", "serde", "serde_json", "tokio", @@ -2603,7 +2604,7 @@ checksum = "f63dd7b57f9b33b1741fa631c9522eb35d43e96dcca4a6a91d5e4ca7c93acdc1" dependencies = [ "base64 0.21.7", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "pin-project", "rand", @@ -3353,9 +3354,9 @@ dependencies = [ [[package]] name = "hyper" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fb5aa53871fc917b1a9ed87b683a5d86db645e23acb32c2e0785a353e522fb75" +checksum = "9f24ce812868d86d19daa79bf3bf9175bc44ea323391147a5e3abde2a283871b" dependencies = [ "bytes", "futures-channel", @@ -3367,39 +3368,45 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", + "smallvec", "tokio", "want", ] [[package]] name = "hyper-rustls" -version = "0.24.2" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" dependencies = [ "futures-util", - "http 0.2.12", - "hyper 0.14.28", - "rustls", + "http 1.1.0", + "hyper 1.3.0", + "hyper-util", + "rustls 0.22.4", + "rustls-pki-types", "tokio", "tokio-rustls", + "tower-service", ] [[package]] name = "hyper-util" -version = "0.1.2" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bdea9aac0dbe5a9240d68cfd9501e2db94222c6dc06843e06640b9e07f0fdc67" +checksum = "7b875924a60b96e5d7b9ae7b066540b1dd1cbd90d1828f54c92e02a283351c56" dependencies = [ "bytes", "futures-channel", "futures-util", "http 1.1.0", "http-body 1.0.0", - "hyper 1.1.0", + "hyper 1.3.0", "pin-project-lite", "socket2", "tokio", + "tower", + "tower-service", "tracing", ] @@ -3549,7 +3556,7 @@ dependencies = [ "socket2", "widestring", "windows-sys 0.48.0", - "winreg", + "winreg 0.50.0", ] [[package]] @@ -5237,11 +5244,10 @@ checksum = "e898588f33fdd5b9420719948f9f2a32c922a246964576f71ba7f24f80610fbc" [[package]] name = "reqwest" -version = "0.11.20" +version = "0.11.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1" +checksum = "dd67538700a17451e7cba03ac727fb961abb7607553461627b97de0b89cf4a62" dependencies = [ - "async-compression", "base64 0.21.7", "bytes", "encoding_rs", @@ -5251,7 +5257,47 @@ dependencies = [ "http 0.2.12", "http-body 0.4.6", "hyper 0.14.28", + "ipnet", + "js-sys", + "log", + "mime", + "once_cell", + "percent-encoding", + "pin-project-lite", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "system-configuration", + "tokio", + "tokio-util", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "wasm-streams", + "web-sys", + "winreg 0.50.0", +] + +[[package]] +name = "reqwest" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "566cafdd92868e0939d3fb961bd0dc25fcfaaed179291093b3d43e6b3150ea10" +dependencies = [ + "async-compression", + "base64 0.22.1", + "bytes", + "futures-core", + "futures-util", + "h2 0.4.4", + "http 1.1.0", + "http-body 1.0.0", + "http-body-util", + "hyper 1.3.0", "hyper-rustls", + "hyper-util", "ipnet", "js-sys", "log", @@ -5259,11 +5305,13 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls", - "rustls-pemfile", + "rustls 0.22.4", + "rustls-pemfile 2.1.2", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", + "sync_wrapper", "tokio", "tokio-rustls", "tokio-socks", @@ -5274,8 +5322,8 @@ dependencies = [ "wasm-bindgen-futures", "wasm-streams", "web-sys", - "webpki-roots", - "winreg", + "webpki-roots 0.26.1", + "winreg 0.52.0", ] [[package]] @@ -5451,10 +5499,24 @@ checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4" dependencies = [ "log", "ring", - "rustls-webpki", + "rustls-webpki 0.101.7", "sct", ] +[[package]] +name = "rustls" +version = "0.22.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" +dependencies = [ + "log", + "ring", + "rustls-pki-types", + "rustls-webpki 0.102.4", + "subtle", + "zeroize", +] + [[package]] name = "rustls-native-certs" version = "0.6.3" @@ -5462,7 +5524,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" dependencies = [ "openssl-probe", - "rustls-pemfile", + "rustls-pemfile 1.0.4", "schannel", "security-framework", ] @@ -5476,6 +5538,22 @@ dependencies = [ "base64 0.21.7", ] +[[package]] +name = "rustls-pemfile" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29993a25686778eb88d4189742cd713c9bce943bc54251a33509dc63cbacf73d" +dependencies = [ + "base64 0.22.1", + "rustls-pki-types", +] + +[[package]] +name = "rustls-pki-types" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" + [[package]] name = "rustls-tokio-stream" version = "0.2.24" @@ -5483,7 +5561,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd707225bb670bcd2876886bb571753d1ce03a9cedfa2e629a79984ca9a93cfb" dependencies = [ "futures", - "rustls", + "rustls 0.21.11", "socket2", "tokio", ] @@ -5498,6 +5576,17 @@ dependencies = [ "untrusted", ] +[[package]] +name = "rustls-webpki" +version = "0.102.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e" +dependencies = [ + "ring", + "rustls-pki-types", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.15" @@ -6553,6 +6642,12 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + [[package]] name = "synstructure" version = "0.12.6" @@ -6585,6 +6680,27 @@ dependencies = [ "walkdir", ] +[[package]] +name = "system-configuration" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" +dependencies = [ + "bitflags 1.3.2", + "core-foundation", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "tap" version = "1.0.1" @@ -6669,7 +6785,7 @@ dependencies = [ "h2 0.4.4", "http 1.1.0", "http-body-util", - "hyper 1.1.0", + "hyper 1.3.0", "hyper-util", "jsonc-parser", "lazy-regex", @@ -6684,8 +6800,8 @@ dependencies = [ "prost", "prost-build", "regex", - "reqwest", - "rustls-pemfile", + "reqwest 0.12.4", + "rustls-pemfile 1.0.4", "rustls-tokio-stream", "semver 1.0.14", "serde", @@ -6835,11 +6951,12 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.24.1" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ - "rustls", + "rustls 0.22.4", + "rustls-pki-types", "tokio", ] @@ -6900,6 +7017,7 @@ dependencies = [ "futures-util", "pin-project", "pin-project-lite", + "tokio", "tower-layer", "tower-service", ] @@ -7473,9 +7591,9 @@ checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "wasm-streams" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4609d447824375f43e1ffbc051b50ad8f4b3ae8219680c94452ea05eb240ac7" +checksum = "b65dc4c90b63b118468cf747d8bf3566c1913ef60be765b5730ead9e0a3ba129" dependencies = [ "futures-util", "js-sys", @@ -7500,6 +7618,15 @@ version = "0.25.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +[[package]] +name = "webpki-roots" +version = "0.26.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "wgpu-core" version = "0.20.0" @@ -7827,6 +7954,16 @@ dependencies = [ "windows-sys 0.48.0", ] +[[package]] +name = "winreg" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a277a57398d4bfa075df44f501a17cfdf8542d224f0d36095a2adc7aee4ef0a5" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + [[package]] name = "winres" version = "0.1.12" diff --git a/Cargo.toml b/Cargo.toml index 4088950d367566..c0401321e748d3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -117,8 +117,8 @@ http = "1.0" http-body-util = "0.1" http_v02 = { package = "http", version = "0.2.9" } httparse = "1.8.0" -hyper = { version = "=1.1.0", features = ["full"] } -hyper-util = { version = "=0.1.2", features = ["tokio", "server", "server-auto"] } +hyper = { version = "=1.3.0", features = ["full"] } +hyper-util = { version = "=0.1.5", features = ["tokio", "server", "server-auto"] } hyper_v014 = { package = "hyper", version = "0.14.26", features = ["runtime", "http1"] } indexmap = { version = "2", features = ["serde"] } jsonc-parser = { version = "=0.23.0", features = ["serde"] } @@ -145,7 +145,7 @@ prost = "0.11" prost-build = "0.11" rand = "=0.8.5" regex = "^1.7.0" -reqwest = { version = "=0.11.20", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json"] } # pinned because of https://github.com/seanmonstar/reqwest/pull/1955 +reqwest = { version = "=0.12.4", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json", "http2"] } # pinned because of https://github.com/seanmonstar/reqwest/pull/1955 ring = "^0.17.0" rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] } # pinned because it was causing issues on cargo publish diff --git a/ext/fetch/Cargo.toml b/ext/fetch/Cargo.toml index 379fb0a04c3911..c86e8d5327b122 100644 --- a/ext/fetch/Cargo.toml +++ b/ext/fetch/Cargo.toml @@ -19,6 +19,7 @@ data-url.workspace = true deno_core.workspace = true deno_tls.workspace = true dyn-clone = "1" +http.workspace = true http_v02.workspace = true reqwest.workspace = true serde.workspace = true diff --git a/ext/fetch/fs_fetch_handler.rs b/ext/fetch/fs_fetch_handler.rs index 8f83cef882d5b7..29bad5992b6663 100644 --- a/ext/fetch/fs_fetch_handler.rs +++ b/ext/fetch/fs_fetch_handler.rs @@ -31,7 +31,7 @@ impl FetchHandler for FsFetchHandler { let file = tokio::fs::File::open(path).map_err(|_| ()).await?; let stream = ReaderStream::new(file); let body = reqwest::Body::wrap_stream(stream); - let response = http_v02::Response::builder() + let response = http::Response::builder() .status(StatusCode::OK) .body(body) .map_err(|_| ())? diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs index 21ca040277e33f..abd91a94fc9ae1 100644 --- a/ext/fetch/lib.rs +++ b/ext/fetch/lib.rs @@ -47,8 +47,8 @@ use data_url::DataUrl; use deno_tls::TlsKey; use deno_tls::TlsKeys; use deno_tls::TlsKeysHolder; -use http_v02::header::CONTENT_LENGTH; -use http_v02::Uri; +use http::header::CONTENT_LENGTH; +use http::Uri; use reqwest::header::HeaderMap; use reqwest::header::HeaderName; use reqwest::header::HeaderValue; @@ -429,12 +429,9 @@ where .decode_to_vec() .map_err(|e| type_error(format!("{e:?}")))?; - let response = http_v02::Response::builder() - .status(http_v02::StatusCode::OK) - .header( - http_v02::header::CONTENT_TYPE, - data_url.mime_type().to_string(), - ) + let response = http::Response::builder() + .status(http::StatusCode::OK) + .header(http::header::CONTENT_TYPE, data_url.mime_type().to_string()) .body(reqwest::Body::from(body))?; let fut = async move { Ok(Ok(Response::from(response))) }; diff --git a/ext/node/Cargo.toml b/ext/node/Cargo.toml index 6ed98105b51f10..4a1080a127737e 100644 --- a/ext/node/Cargo.toml +++ b/ext/node/Cargo.toml @@ -35,10 +35,10 @@ ecb.workspace = true elliptic-curve.workspace = true errno = "0.2.8" faster-hex.workspace = true -h2 = { version = "0.3.26", features = ["unstable"] } +h2.workspace = true hkdf.workspace = true home = "0.5.9" -http_v02.workspace = true +http.workspace = true idna = "0.3.0" indexmap.workspace = true k256 = "0.13.1" diff --git a/ext/node/ops/http2.rs b/ext/node/ops/http2.rs index d51da3b43f56a4..afbfab47bc5382 100644 --- a/ext/node/ops/http2.rs +++ b/ext/node/ops/http2.rs @@ -26,11 +26,11 @@ use deno_net::raw::NetworkStream; use h2; use h2::Reason; use h2::RecvStream; -use http_v02; -use http_v02::request::Parts; -use http_v02::HeaderMap; -use http_v02::Response; -use http_v02::StatusCode; +use http; +use http::request::Parts; +use http::HeaderMap; +use http::Response; +use http::StatusCode; use reqwest::header::HeaderName; use reqwest::header::HeaderValue; use url::Url; @@ -311,7 +311,7 @@ pub async fn op_http2_client_request( let url = url.join(&pseudo_path)?; - let mut req = http_v02::Request::builder() + let mut req = http::Request::builder() .uri(url.as_str()) .method(pseudo_method.as_str()); @@ -399,7 +399,7 @@ pub async fn op_http2_client_send_trailers( .get::(stream_rid)?; let mut stream = RcRef::map(&resource, |r| &r.stream).borrow_mut().await; - let mut trailers_map = http_v02::HeaderMap::new(); + let mut trailers_map = http::HeaderMap::new(); for (name, value) in trailers { trailers_map.insert( HeaderName::from_bytes(&name).unwrap(), From d515e019d196f86197881947410f13a0d4485d41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Fri, 31 May 2024 03:00:25 +0200 Subject: [PATCH 03/27] progress, but rustls is pain --- Cargo.lock | 36 ++----- Cargo.toml | 5 +- ext/fetch/lib.rs | 5 +- ext/tls/Cargo.toml | 2 +- ext/tls/lib.rs | 234 ++++++++++++++++++++++++++++++--------------- 5 files changed, 170 insertions(+), 112 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bcb8aad29d97b3..8d8d36b5e3565c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1892,7 +1892,7 @@ version = "0.141.0" dependencies = [ "deno_core", "deno_native_certs", - "rustls 0.21.11", + "rustls", "rustls-pemfile 1.0.4", "rustls-tokio-stream", "rustls-webpki 0.101.7", @@ -3381,7 +3381,7 @@ dependencies = [ "http 1.1.0", "hyper 1.3.0", "hyper-util", - "rustls 0.22.4", + "rustls", "rustls-pki-types", "tokio", "tokio-rustls", @@ -5265,7 +5265,7 @@ dependencies = [ "once_cell", "percent-encoding", "pin-project-lite", - "rustls 0.22.4", + "rustls", "rustls-pemfile 2.1.2", "rustls-pki-types", "serde", @@ -5451,18 +5451,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "rustls" -version = "0.21.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fecbfb7b1444f477b345853b1fce097a2c6fb637b2bfb87e6bc5db0f043fae4" -dependencies = [ - "log", - "ring", - "rustls-webpki 0.101.7", - "sct", -] - [[package]] name = "rustls" version = "0.22.4" @@ -5516,12 +5504,12 @@ checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d" [[package]] name = "rustls-tokio-stream" -version = "0.2.24" +version = "0.2.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd707225bb670bcd2876886bb571753d1ce03a9cedfa2e629a79984ca9a93cfb" +checksum = "c478c030dfd68498e6c59168d9eec4f8bead33152a5f3095ad4bdbdcea09d466" dependencies = [ "futures", - "rustls 0.21.11", + "rustls", "socket2", "tokio", ] @@ -5659,16 +5647,6 @@ dependencies = [ "sha2", ] -[[package]] -name = "sct" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "sec1" version = "0.7.3" @@ -6894,7 +6872,7 @@ version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "775e0c0f0adb3a2f22a00c4745d728b479985fc15ee7ca6a2608388c5569860f" dependencies = [ - "rustls 0.22.4", + "rustls", "rustls-pki-types", "tokio", ] diff --git a/Cargo.toml b/Cargo.toml index 835a0ef28eec76..ca6196306f6dd2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -148,10 +148,9 @@ regex = "^1.7.0" reqwest = { version = "=0.12.4", default-features = false, features = ["rustls-tls", "stream", "gzip", "brotli", "socks", "json", "http2"] } # pinned because of https://github.com/seanmonstar/reqwest/pull/1955 ring = "^0.17.0" rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] } -# pinned because it was causing issues on cargo publish -rustls = "=0.21.11" +rustls = "0.22.4" rustls-pemfile = "1.0.0" -rustls-tokio-stream = "=0.2.24" +rustls-tokio-stream = "=0.2.23" rustls-webpki = "0.101.4" rustyline = "=13.0.0" saffron = "=0.1.0" diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs index abd91a94fc9ae1..1004a9772db8db 100644 --- a/ext/fetch/lib.rs +++ b/ext/fetch/lib.rs @@ -960,7 +960,10 @@ pub fn create_http_client( } } - builder.build().map_err(|e| e.into()) + builder.build().map_err(|e| { + eprintln!("error building a client {:#?}", e); + e.into() + }) } #[op2] diff --git a/ext/tls/Cargo.toml b/ext/tls/Cargo.toml index bbf3cfc06def43..3e09204093d4ba 100644 --- a/ext/tls/Cargo.toml +++ b/ext/tls/Cargo.toml @@ -16,7 +16,7 @@ path = "lib.rs" [dependencies] deno_core.workspace = true deno_native_certs = "0.2.0" -rustls = { workspace = true, features = ["dangerous_configuration"] } +rustls.workspace = true rustls-pemfile.workspace = true rustls-tokio-stream.workspace = true rustls-webpki.workspace = true diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 5122264bf179ec..e98a23c43db040 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -1,7 +1,16 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. pub use deno_native_certs; +use deno_native_certs::load_native_certs; pub use rustls; +use rustls::pki_types::CertificateDer; +use rustls::pki_types::Der; +use rustls::pki_types::PrivateKeyDer; +use rustls::pki_types::PrivatePkcs1KeyDer; +use rustls::pki_types::PrivatePkcs8KeyDer; +use rustls::pki_types::PrivateSec1KeyDer; +use rustls::pki_types::ServerName; +use rustls::pki_types::TrustAnchor; pub use rustls_pemfile; pub use rustls_tokio_stream::*; pub use webpki; @@ -11,14 +20,13 @@ use deno_core::anyhow::anyhow; use deno_core::error::custom_error; use deno_core::error::AnyError; -use rustls::client::HandshakeSignatureValid; -use rustls::client::ServerCertVerified; -use rustls::client::ServerCertVerifier; -use rustls::client::WebPkiVerifier; +use rustls::client::danger::HandshakeSignatureValid; +use rustls::client::danger::ServerCertVerified; +use rustls::client::danger::ServerCertVerifier; +use rustls::client::WebPkiServerVerifier; use rustls::ClientConfig; use rustls::DigitallySignedStruct; use rustls::Error; -use rustls::ServerName; use rustls_pemfile::certs; use rustls_pemfile::ec_private_keys; use rustls_pemfile::pkcs8_private_keys; @@ -27,14 +35,11 @@ use serde::Deserialize; use std::io::BufRead; use std::io::BufReader; use std::io::Cursor; +use std::net::IpAddr; use std::sync::Arc; -use std::time::SystemTime; -mod tls_key; -pub use tls_key::*; - -pub type Certificate = rustls::Certificate; -pub type PrivateKey = rustls::PrivateKey; +pub type Certificate = rustls::pki_types::CertificateDer<'static>; +pub type PrivateKey = rustls::pki_types::PrivateKeyDer<'static>; pub type RootCertStore = rustls::RootCertStore; /// Lazily resolves the root cert store. @@ -48,40 +53,68 @@ pub trait RootCertStoreProvider: Send + Sync { // This extension has no runtime apis, it only exports some shared native functions. deno_core::extension!(deno_tls); +#[derive(Debug)] struct DefaultSignatureVerification; impl ServerCertVerifier for DefaultSignatureVerification { + fn supported_verify_schemes(&self) -> Vec { + vec![] + } fn verify_server_cert( &self, - _end_entity: &Certificate, - _intermediates: &[Certificate], - _server_name: &ServerName, - _scts: &mut dyn Iterator, + _end_entity: &rustls::pki_types::CertificateDer<'_>, + _intermediates: &[rustls::pki_types::CertificateDer<'_>], + _server_name: &rustls::pki_types::ServerName<'_>, _ocsp_response: &[u8], - _now: SystemTime, + _now: rustls::pki_types::UnixTime, ) -> Result { Err(Error::General("Should not be used".to_string())) } + fn verify_tls12_signature( + &self, + _message: &[u8], + _cert: &rustls::pki_types::CertificateDer<'_>, + _dss: &DigitallySignedStruct, + ) -> Result { + Err(Error::General("Should not be used".to_string())) + } + fn verify_tls13_signature( + &self, + _message: &[u8], + _cert: &rustls::pki_types::CertificateDer<'_>, + _dss: &DigitallySignedStruct, + ) -> Result { + Err(Error::General("Should not be used".to_string())) + } } +#[derive(Debug)] pub struct NoCertificateVerification(pub Vec); impl ServerCertVerifier for NoCertificateVerification { + fn supported_verify_schemes(&self) -> Vec { + let root_store = create_default_root_cert_store(); + let verifier = WebPkiServerVerifier::builder(root_store.into()) + .build() + .unwrap(); + verifier.supported_verify_schemes() + } fn verify_server_cert( &self, - end_entity: &Certificate, - intermediates: &[Certificate], - server_name: &ServerName, - scts: &mut dyn Iterator, + end_entity: &rustls::pki_types::CertificateDer<'_>, + intermediates: &[rustls::pki_types::CertificateDer<'_>], + server_name: &rustls::pki_types::ServerName<'_>, ocsp_response: &[u8], - now: SystemTime, + now: rustls::pki_types::UnixTime, ) -> Result { if self.0.is_empty() { return Ok(ServerCertVerified::assertion()); } let dns_name_or_ip_address = match server_name { ServerName::DnsName(dns_name) => dns_name.as_ref().to_owned(), - ServerName::IpAddress(ip_address) => ip_address.to_string(), + ServerName::IpAddress(ip_address) => { + Into::::into(*ip_address).to_string() + } _ => { // NOTE(bartlomieju): `ServerName` is a non-exhaustive enum // so we have this catch all errors here. @@ -92,12 +125,13 @@ impl ServerCertVerifier for NoCertificateVerification { Ok(ServerCertVerified::assertion()) } else { let root_store = create_default_root_cert_store(); - let verifier = WebPkiVerifier::new(root_store, None); + let verifier = WebPkiServerVerifier::builder(root_store.into()) + .build() + .unwrap(); verifier.verify_server_cert( end_entity, intermediates, server_name, - scts, ocsp_response, now, ) @@ -107,7 +141,7 @@ impl ServerCertVerifier for NoCertificateVerification { fn verify_tls12_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &rustls::pki_types::CertificateDer, dss: &DigitallySignedStruct, ) -> Result { if self.0.is_empty() { @@ -121,7 +155,7 @@ impl ServerCertVerifier for NoCertificateVerification { fn verify_tls13_signature( &self, message: &[u8], - cert: &rustls::Certificate, + cert: &rustls::pki_types::CertificateDer, dss: &DigitallySignedStruct, ) -> Result { if self.0.is_empty() { @@ -150,16 +184,23 @@ pub struct BasicAuth { pub fn create_default_root_cert_store() -> RootCertStore { let mut root_cert_store = RootCertStore::empty(); - // TODO(@justinmchase): Consider also loading the system keychain here - root_cert_store.add_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.iter().map( - |ta| { - rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }, - )); + for ta in webpki_roots::TLS_SERVER_ROOTS { + root_cert_store.roots.push(ta.clone()); + } + debug_assert!(!root_cert_store.is_empty()); + root_cert_store +} + +pub fn create_platform_cert_store() -> RootCertStore { + let mut root_cert_store = RootCertStore::empty(); + let roots: Vec = + load_native_certs().expect("could not load platform certs"); + for root in roots { + root_cert_store + .add(Certificate::from(root.0)) + .expect("Failed to add platform cert to root cert store"); + } + debug_assert!(!root_cert_store.is_empty()); root_cert_store } @@ -178,12 +219,12 @@ pub fn create_client_config( root_cert_store: Option, ca_certs: Vec>, unsafely_ignore_certificate_errors: Option>, - maybe_cert_chain_and_key: TlsKeys, + maybe_cert_chain_and_key: Option, socket_use: SocketUse, ) -> Result { if let Some(ic_allowlist) = unsafely_ignore_certificate_errors { let client_config = ClientConfig::builder() - .with_safe_defaults() + .dangerous() .with_custom_certificate_verifier(Arc::new(NoCertificateVerification( ic_allowlist, ))); @@ -192,49 +233,51 @@ pub fn create_client_config( // However it's not really feasible to deduplicate it as the `client_config` instances // are not type-compatible - one wants "client cert", the other wants "transparency policy // or client cert". - let mut client = match maybe_cert_chain_and_key { - TlsKeys::Static(TlsKey(cert_chain, private_key)) => client_config - .with_client_auth_cert(cert_chain, private_key) - .expect("invalid client key or certificate"), - TlsKeys::Null => client_config.with_no_client_auth(), - TlsKeys::Resolver(_) => unimplemented!(), - }; + let mut client = + if let Some(TlsKey(cert_chain, private_key)) = maybe_cert_chain_and_key { + client_config + .with_client_auth_cert(cert_chain, private_key) + .expect("invalid client key or certificate") + } else { + client_config.with_no_client_auth() + }; add_alpn(&mut client, socket_use); return Ok(client); } - let client_config = ClientConfig::builder() - .with_safe_defaults() - .with_root_certificates({ - let mut root_cert_store = - root_cert_store.unwrap_or_else(create_default_root_cert_store); - // If custom certs are specified, add them to the store - for cert in ca_certs { - let reader = &mut BufReader::new(Cursor::new(cert)); - // This function does not return specific errors, if it fails give a generic message. - match rustls_pemfile::certs(reader) { - Ok(certs) => { - root_cert_store.add_parsable_certificates(&certs); - } - Err(e) => { - return Err(anyhow!( - "Unable to add pem file to certificate store: {}", - e - )); + let client_config = ClientConfig::builder().with_root_certificates({ + let mut root_cert_store = + root_cert_store.unwrap_or_else(create_default_root_cert_store); + // If custom certs are specified, add them to the store + for cert in ca_certs { + let reader = &mut BufReader::new(Cursor::new(cert)); + // This function does not return specific errors, if it fails give a generic message. + match rustls_pemfile::certs(reader) { + Ok(certs) => { + for cert in certs { + root_cert_store.add(CertificateDer::from(cert))?; } } + Err(e) => { + return Err(anyhow!( + "Unable to add pem file to certificate store: {}", + e + )); + } } - root_cert_store - }); - - let mut client = match maybe_cert_chain_and_key { - TlsKeys::Static(TlsKey(cert_chain, private_key)) => client_config - .with_client_auth_cert(cert_chain, private_key) - .expect("invalid client key or certificate"), - TlsKeys::Null => client_config.with_no_client_auth(), - TlsKeys::Resolver(_) => unimplemented!(), - }; + } + root_cert_store + }); + + let mut client = + if let Some(TlsKey(cert_chain, private_key)) = maybe_cert_chain_and_key { + client_config + .with_client_auth_cert(cert_chain, private_key) + .expect("invalid client key or certificate") + } else { + client_config.with_no_client_auth() + }; add_alpn(&mut client, socket_use); Ok(client) @@ -265,7 +308,7 @@ pub fn load_certs( return Err(cert_not_found_err()); } - Ok(certs.into_iter().map(rustls::Certificate).collect()) + Ok(certs.into_iter().map(CertificateDer::from).collect()) } fn key_decode_err() -> AnyError { @@ -283,19 +326,34 @@ fn cert_not_found_err() -> AnyError { /// Starts with -----BEGIN RSA PRIVATE KEY----- fn load_rsa_keys(mut bytes: &[u8]) -> Result, AnyError> { let keys = rsa_private_keys(&mut bytes).map_err(|_| key_decode_err())?; - Ok(keys.into_iter().map(rustls::PrivateKey).collect()) + Ok( + keys + .into_iter() + .map(|x| PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from(x))) + .collect(), + ) } /// Starts with -----BEGIN EC PRIVATE KEY----- fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { let keys = ec_private_keys(&mut bytes).map_err(|_| key_decode_err())?; - Ok(keys.into_iter().map(rustls::PrivateKey).collect()) + Ok( + keys + .into_iter() + .map(|x| PrivateKeyDer::Sec1(PrivateSec1KeyDer::from(x))) + .collect(), + ) } /// Starts with -----BEGIN PRIVATE KEY----- fn load_pkcs8_keys(mut bytes: &[u8]) -> Result, AnyError> { let keys = pkcs8_private_keys(&mut bytes).map_err(|_| key_decode_err())?; - Ok(keys.into_iter().map(rustls::PrivateKey).collect()) + Ok( + keys + .into_iter() + .map(|x| PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(x))) + .collect(), + ) } fn filter_invalid_encoding_err( @@ -309,7 +367,9 @@ fn filter_invalid_encoding_err( } } -pub fn load_private_keys(bytes: &[u8]) -> Result, AnyError> { +pub fn load_private_keys( + bytes: &[u8], +) -> Result>, AnyError> { let mut keys = load_rsa_keys(bytes)?; if keys.is_empty() { @@ -326,3 +386,21 @@ pub fn load_private_keys(bytes: &[u8]) -> Result, AnyError> { Ok(keys) } + +/// A loaded key. +// FUTURE(mmastrac): add resolver enum value to support dynamic SNI +pub enum TlsKeys { + // TODO(mmastrac): We need Option<&T> for cppgc -- this is a workaround + Null, + Static(TlsKey), +} + +/// A TLS certificate/private key pair. +#[derive(Debug)] +pub struct TlsKey(pub Vec>, pub PrivateKeyDer<'static>); + +impl Clone for TlsKey { + fn clone(&self) -> Self { + Self(self.0.clone(), self.1.clone_key()) + } +} From d3bfbd3ad076fcad105786876179c0d3fc82ea12 Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Mon, 3 Jun 2024 11:47:38 -0400 Subject: [PATCH 04/27] upgrade webpki-roots, fix syntax --- Cargo.lock | 10 ++-------- Cargo.toml | 2 +- ext/tls/lib.rs | 7 +++---- 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8d8d36b5e3565c..060cc9a05d781d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1898,7 +1898,7 @@ dependencies = [ "rustls-webpki 0.101.7", "serde", "tokio", - "webpki-roots 0.25.4", + "webpki-roots", ] [[package]] @@ -5282,7 +5282,7 @@ dependencies = [ "wasm-bindgen-futures", "wasm-streams", "web-sys", - "webpki-roots 0.26.1", + "webpki-roots", "winreg 0.52.0", ] @@ -7529,12 +7529,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "webpki-roots" -version = "0.25.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" - [[package]] name = "webpki-roots" version = "0.26.1" diff --git a/Cargo.toml b/Cargo.toml index ca6196306f6dd2..e87892c1e7b3b1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -177,7 +177,7 @@ twox-hash = "=1.6.3" # Upgrading past 2.4.1 may cause WPT failures url = { version = "< 2.5.0", features = ["serde", "expose_internals"] } uuid = { version = "1.3.0", features = ["v4"] } -webpki-roots = "0.25.2" +webpki-roots = "0.26.1" zeromq = { version = "=0.3.4", default-features = false, features = ["tcp-transport", "tokio-runtime"] } zstd = "=0.12.4" diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index e98a23c43db040..03de782882e0cf 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -183,10 +183,9 @@ pub struct BasicAuth { } pub fn create_default_root_cert_store() -> RootCertStore { - let mut root_cert_store = RootCertStore::empty(); - for ta in webpki_roots::TLS_SERVER_ROOTS { - root_cert_store.roots.push(ta.clone()); - } + let root_cert_store = rustls::RootCertStore { + roots: webpki_roots::TLS_SERVER_ROOTS.iter().cloned().collect(), + }; debug_assert!(!root_cert_store.is_empty()); root_cert_store } From 6389b1fa97aa21be67d3f800c8ccc7b0939ee25d Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Mon, 3 Jun 2024 13:20:02 -0400 Subject: [PATCH 05/27] wip --- Cargo.lock | 18 ++++-------------- Cargo.toml | 6 +++--- ext/tls/lib.rs | 38 +++++++++++++++++++++++--------------- ext/tls/tls_key.rs | 6 +++--- 4 files changed, 33 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 060cc9a05d781d..6e32b733343e36 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1893,9 +1893,9 @@ dependencies = [ "deno_core", "deno_native_certs", "rustls", - "rustls-pemfile 1.0.4", + "rustls-pemfile 2.1.2", "rustls-tokio-stream", - "rustls-webpki 0.101.7", + "rustls-webpki", "serde", "tokio", "webpki-roots", @@ -5460,7 +5460,7 @@ dependencies = [ "log", "ring", "rustls-pki-types", - "rustls-webpki 0.102.4", + "rustls-webpki", "subtle", "zeroize", ] @@ -5514,16 +5514,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "rustls-webpki" -version = "0.101.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "rustls-webpki" version = "0.102.4" @@ -6718,7 +6708,7 @@ dependencies = [ "prost-build", "regex", "reqwest", - "rustls-pemfile 1.0.4", + "rustls-pemfile 2.1.2", "rustls-tokio-stream", "semver 1.0.14", "serde", diff --git a/Cargo.toml b/Cargo.toml index e87892c1e7b3b1..28b5ef1669ab68 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -149,9 +149,9 @@ reqwest = { version = "=0.12.4", default-features = false, features = ["rustls-t ring = "^0.17.0" rusqlite = { version = "=0.29.0", features = ["unlock_notify", "bundled"] } rustls = "0.22.4" -rustls-pemfile = "1.0.0" +rustls-pemfile = "2" rustls-tokio-stream = "=0.2.23" -rustls-webpki = "0.101.4" +rustls-webpki = "0.102" rustyline = "=13.0.0" saffron = "=0.1.0" scopeguard = "1.2.0" @@ -177,7 +177,7 @@ twox-hash = "=1.6.3" # Upgrading past 2.4.1 may cause WPT failures url = { version = "< 2.5.0", features = ["serde", "expose_internals"] } uuid = { version = "1.3.0", features = ["v4"] } -webpki-roots = "0.26.1" +webpki-roots = "0.26" zeromq = { version = "=0.3.4", default-features = false, features = ["tcp-transport", "tokio-runtime"] } zstd = "=0.12.4" diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 03de782882e0cf..79298e921e0827 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -1,4 +1,5 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. +mod tls_key; pub use deno_native_certs; use deno_native_certs::load_native_certs; @@ -252,17 +253,17 @@ pub fn create_client_config( for cert in ca_certs { let reader = &mut BufReader::new(Cursor::new(cert)); // This function does not return specific errors, if it fails give a generic message. - match rustls_pemfile::certs(reader) { - Ok(certs) => { - for cert in certs { + for r in rustls_pemfile::certs(reader) { + match r { + Ok(cert) => { root_cert_store.add(CertificateDer::from(cert))?; } - } - Err(e) => { - return Err(anyhow!( - "Unable to add pem file to certificate store: {}", - e - )); + Err(e) => { + return Err(anyhow!( + "Unable to add pem file to certificate store: {}", + e + )); + } } } } @@ -300,7 +301,9 @@ fn add_alpn(client: &mut ClientConfig, socket_use: SocketUse) { pub fn load_certs( reader: &mut dyn BufRead, ) -> Result, AnyError> { - let certs = certs(reader) + let certs: Result, _> = certs(reader).collect(); + + let certs = certs .map_err(|_| custom_error("InvalidData", "Unable to decode certificate"))?; if certs.is_empty() { @@ -324,7 +327,8 @@ fn cert_not_found_err() -> AnyError { /// Starts with -----BEGIN RSA PRIVATE KEY----- fn load_rsa_keys(mut bytes: &[u8]) -> Result, AnyError> { - let keys = rsa_private_keys(&mut bytes).map_err(|_| key_decode_err())?; + let keys: Result, _> = rsa_private_keys(&mut bytes).collect(); + let keys = keys.map_err(|_| key_decode_err())?; Ok( keys .into_iter() @@ -335,9 +339,11 @@ fn load_rsa_keys(mut bytes: &[u8]) -> Result, AnyError> { /// Starts with -----BEGIN EC PRIVATE KEY----- fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { - let keys = ec_private_keys(&mut bytes).map_err(|_| key_decode_err())?; + let keys: Result, std::io::Error> = + ec_private_keys(&mut bytes).collect(); + let keys2 = keys.map_err(|_| key_decode_err())?; Ok( - keys + keys2 .into_iter() .map(|x| PrivateKeyDer::Sec1(PrivateSec1KeyDer::from(x))) .collect(), @@ -346,9 +352,11 @@ fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { /// Starts with -----BEGIN PRIVATE KEY----- fn load_pkcs8_keys(mut bytes: &[u8]) -> Result, AnyError> { - let keys = pkcs8_private_keys(&mut bytes).map_err(|_| key_decode_err())?; + let keys: Result, std::io::Error> = + pkcs8_private_keys(&mut bytes).collect(); + let keys2 = keys.map_err(|_| key_decode_err())?; Ok( - keys + keys2 .into_iter() .map(|x| PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(x))) .collect(), diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs index 18064a91a05155..2d69b59e2f406d 100644 --- a/ext/tls/tls_key.rs +++ b/ext/tls/tls_key.rs @@ -36,10 +36,11 @@ use tokio::sync::oneshot; type ErrorType = Rc; /// A TLS certificate/private key pair. -#[derive(Clone, Debug, PartialEq, Eq)] +/// see https://docs.rs/rustls-pki-types/latest/rustls_pki_types/#cloning-private-keys +#[derive(Debug, PartialEq, Eq)] pub struct TlsKey(pub Vec, pub PrivateKey); -#[derive(Clone, Debug, Default)] +#[derive(Debug, Default)] pub enum TlsKeys { // TODO(mmastrac): We need Option<&T> for cppgc -- this is a workaround #[default] @@ -109,7 +110,6 @@ impl TlsKeyResolver { let key = self.resolve(sni).await?; let mut tls_config = ServerConfig::builder() - .with_safe_defaults() .with_no_client_auth() .with_single_cert(key.0, key.1)?; tls_config.alpn_protocols = alpn; From 23b7ef1d4cc7a3d587b6827920d2d412005e4f36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Mon, 3 Jun 2024 23:08:08 +0200 Subject: [PATCH 06/27] progress --- ext/net/ops_tls.rs | 3 -- ext/tls/lib.rs | 53 ++++++++++------------------------ ext/tls/tls_key.rs | 23 +++++++++------ tests/util/server/src/https.rs | 36 +++++++++++------------ tests/wpt/suite | 2 +- 5 files changed, 49 insertions(+), 68 deletions(-) diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs index c529859087c578..488173cc099396 100644 --- a/ext/net/ops_tls.rs +++ b/ext/net/ops_tls.rs @@ -31,9 +31,7 @@ use deno_tls::create_client_config; use deno_tls::load_certs; use deno_tls::load_private_keys; use deno_tls::new_resolver; -use deno_tls::rustls::Certificate; use deno_tls::rustls::ClientConnection; -use deno_tls::rustls::PrivateKey; use deno_tls::rustls::ServerConfig; use deno_tls::rustls::ServerName; use deno_tls::ServerConfigProvider; @@ -48,7 +46,6 @@ use serde::Deserialize; use std::borrow::Cow; use std::cell::RefCell; use std::convert::From; -use std::convert::TryFrom; use std::fs::File; use std::io::BufReader; use std::io::ErrorKind; diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 79298e921e0827..9b0d452fd882dd 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -1,17 +1,10 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. -mod tls_key; - pub use deno_native_certs; use deno_native_certs::load_native_certs; pub use rustls; use rustls::pki_types::CertificateDer; -use rustls::pki_types::Der; use rustls::pki_types::PrivateKeyDer; -use rustls::pki_types::PrivatePkcs1KeyDer; -use rustls::pki_types::PrivatePkcs8KeyDer; -use rustls::pki_types::PrivateSec1KeyDer; use rustls::pki_types::ServerName; -use rustls::pki_types::TrustAnchor; pub use rustls_pemfile; pub use rustls_tokio_stream::*; pub use webpki; @@ -39,8 +32,11 @@ use std::io::Cursor; use std::net::IpAddr; use std::sync::Arc; -pub type Certificate = rustls::pki_types::CertificateDer<'static>; -pub type PrivateKey = rustls::pki_types::PrivateKeyDer<'static>; +mod tls_key; +pub use tls_key::*; + +// pub type Certificate = rustls::pki_types::CertificateDer<'static>; +// pub type PrivateKey = rustls::pki_types::PrivateKeyDer<'static>; pub type RootCertStore = rustls::RootCertStore; /// Lazily resolves the root cert store. @@ -185,7 +181,7 @@ pub struct BasicAuth { pub fn create_default_root_cert_store() -> RootCertStore { let root_cert_store = rustls::RootCertStore { - roots: webpki_roots::TLS_SERVER_ROOTS.iter().cloned().collect(), + roots: webpki_roots::TLS_SERVER_ROOTS.to_vec(), }; debug_assert!(!root_cert_store.is_empty()); root_cert_store @@ -197,7 +193,7 @@ pub fn create_platform_cert_store() -> RootCertStore { load_native_certs().expect("could not load platform certs"); for root in roots { root_cert_store - .add(Certificate::from(root.0)) + .add(CertificateDer::from(root.0)) .expect("Failed to add platform cert to root cert store"); } debug_assert!(!root_cert_store.is_empty()); @@ -256,7 +252,7 @@ pub fn create_client_config( for r in rustls_pemfile::certs(reader) { match r { Ok(cert) => { - root_cert_store.add(CertificateDer::from(cert))?; + root_cert_store.add(cert)?; } Err(e) => { return Err(anyhow!( @@ -300,7 +296,7 @@ fn add_alpn(client: &mut ClientConfig, socket_use: SocketUse) { pub fn load_certs( reader: &mut dyn BufRead, -) -> Result, AnyError> { +) -> Result, AnyError> { let certs: Result, _> = certs(reader).collect(); let certs = certs @@ -326,41 +322,26 @@ fn cert_not_found_err() -> AnyError { } /// Starts with -----BEGIN RSA PRIVATE KEY----- -fn load_rsa_keys(mut bytes: &[u8]) -> Result, AnyError> { +fn load_rsa_keys(mut bytes: &[u8]) -> Result, AnyError> { let keys: Result, _> = rsa_private_keys(&mut bytes).collect(); let keys = keys.map_err(|_| key_decode_err())?; - Ok( - keys - .into_iter() - .map(|x| PrivateKeyDer::Pkcs1(PrivatePkcs1KeyDer::from(x))) - .collect(), - ) + Ok(keys.into_iter().map(PrivateKeyDer::Pkcs1).collect()) } /// Starts with -----BEGIN EC PRIVATE KEY----- -fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { +fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { let keys: Result, std::io::Error> = ec_private_keys(&mut bytes).collect(); let keys2 = keys.map_err(|_| key_decode_err())?; - Ok( - keys2 - .into_iter() - .map(|x| PrivateKeyDer::Sec1(PrivateSec1KeyDer::from(x))) - .collect(), - ) + Ok(keys2.into_iter().map(PrivateKeyDer::Sec1).collect()) } /// Starts with -----BEGIN PRIVATE KEY----- -fn load_pkcs8_keys(mut bytes: &[u8]) -> Result, AnyError> { +fn load_pkcs8_keys(mut bytes: &[u8]) -> Result, AnyError> { let keys: Result, std::io::Error> = pkcs8_private_keys(&mut bytes).collect(); let keys2 = keys.map_err(|_| key_decode_err())?; - Ok( - keys2 - .into_iter() - .map(|x| PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(x))) - .collect(), - ) + Ok(keys2.into_iter().map(PrivateKeyDer::Pkcs8).collect()) } fn filter_invalid_encoding_err( @@ -374,9 +355,7 @@ fn filter_invalid_encoding_err( } } -pub fn load_private_keys( - bytes: &[u8], -) -> Result>, AnyError> { +pub fn load_private_keys(bytes: &[u8]) -> Result, AnyError> { let mut keys = load_rsa_keys(bytes)?; if keys.is_empty() { diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs index 2d69b59e2f406d..9d83c1a03038f1 100644 --- a/ext/tls/tls_key.rs +++ b/ext/tls/tls_key.rs @@ -11,8 +11,6 @@ //! key lookup can handle closing one end of the pair, in which case they will just //! attempt to clean up the associated resources. -use crate::Certificate; -use crate::PrivateKey; use deno_core::anyhow::anyhow; use deno_core::error::AnyError; use deno_core::futures::future::poll_fn; @@ -32,13 +30,18 @@ use std::sync::Arc; use tokio::sync::broadcast; use tokio::sync::mpsc; use tokio::sync::oneshot; +use webpki::types::CertificateDer; +use webpki::types::PrivateKeyDer; type ErrorType = Rc; /// A TLS certificate/private key pair. /// see https://docs.rs/rustls-pki-types/latest/rustls_pki_types/#cloning-private-keys -#[derive(Debug, PartialEq, Eq)] -pub struct TlsKey(pub Vec, pub PrivateKey); +#[derive(Clone, Debug, PartialEq, Eq)] +pub struct TlsKey( + pub Vec>, + pub Rc>, +); #[derive(Debug, Default)] pub enum TlsKeys { @@ -111,7 +114,7 @@ impl TlsKeyResolver { let mut tls_config = ServerConfig::builder() .with_no_client_auth() - .with_single_cert(key.0, key.1)?; + .with_single_cert(key.0, key.1.clone_key())?; tls_config.alpn_protocols = alpn; Ok(tls_config.into()) } @@ -251,13 +254,15 @@ impl TlsKeyLookup { pub mod tests { use super::*; use deno_core::unsync::spawn; - use rustls::Certificate; - use rustls::PrivateKey; + use webpki::types::CertificateDer; + use webpki::types::PrivateKeyDer; fn tls_key_for_test(sni: &str) -> TlsKey { TlsKey( - vec![Certificate(format!("{sni}-cert").into_bytes())], - PrivateKey(format!("{sni}-key").into_bytes()), + vec![CertificateDer::from(format!("{sni}-cert").into_bytes())], + Rc::new( + PrivateKeyDer::try_from(format!("{sni}-key").into_bytes()).unwrap(), + ), ) } diff --git a/tests/util/server/src/https.rs b/tests/util/server/src/https.rs index 8a2524dca9622d..3b8bfd07f12100 100644 --- a/tests/util/server/src/https.rs +++ b/tests/util/server/src/https.rs @@ -2,9 +2,9 @@ use anyhow::anyhow; use futures::Stream; use futures::StreamExt; -use rustls::Certificate; -use rustls::PrivateKey; use rustls_tokio_stream::rustls; +use rustls_tokio_stream::rustls::pki_types::CertificateDer; +use rustls_tokio_stream::rustls::pki_types::PrivateKeyDer; use rustls_tokio_stream::TlsStream; use std::io; use std::num::NonZeroUsize; @@ -68,30 +68,31 @@ pub fn get_tls_config( let key_file = std::fs::File::open(key_path)?; let ca_file = std::fs::File::open(ca_path)?; - let certs: Vec = { + let certs_result: Result>, io::Error> = { let mut cert_reader = io::BufReader::new(cert_file); rustls_pemfile::certs(&mut cert_reader) - .unwrap() .into_iter() - .map(Certificate) .collect() }; + let certs = certs_result?; let mut ca_cert_reader = io::BufReader::new(ca_file); let ca_cert = rustls_pemfile::certs(&mut ca_cert_reader) - .expect("Cannot load CA certificate") - .remove(0); + .collect::>() + .remove(0)?; let mut key_reader = io::BufReader::new(key_file); let key = { - let pkcs8_key = rustls_pemfile::pkcs8_private_keys(&mut key_reader) - .expect("Cannot load key file"); - let rsa_key = rustls_pemfile::rsa_private_keys(&mut key_reader) - .expect("Cannot load key file"); - if !pkcs8_key.is_empty() { - Some(pkcs8_key[0].clone()) - } else if !rsa_key.is_empty() { - Some(rsa_key[0].clone()) + let pkcs8_keys = + rustls_pemfile::pkcs8_private_keys(&mut key_reader).collect::>(); + let rsa_keys = + rustls_pemfile::rsa_private_keys(&mut key_reader).collect::>(); + if !pkcs8_keys.is_empty() { + let key = pkcs8_keys[0]?.clone_key(); + Some(PrivateKeyDer::from(key)) + } else if !rsa_keys.is_empty() { + let key = rsa_keys[0]?.clone_key(); + Some(PrivateKeyDer::from(key)) } else { None } @@ -100,18 +101,17 @@ pub fn get_tls_config( match key { Some(key) => { let mut root_cert_store = rustls::RootCertStore::empty(); - root_cert_store.add(&rustls::Certificate(ca_cert)).unwrap(); + root_cert_store.add(ca_cert).unwrap(); // Allow (but do not require) client authentication. let mut config = rustls::ServerConfig::builder() - .with_safe_defaults() .with_client_cert_verifier(Arc::new( rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new( root_cert_store, ), )) - .with_single_cert(certs, PrivateKey(key)) + .with_single_cert(certs, key) .map_err(|e| anyhow!("Error setting cert: {:?}", e)) .unwrap(); diff --git a/tests/wpt/suite b/tests/wpt/suite index a14e908e1fd7c6..abcbb64783af5b 160000 --- a/tests/wpt/suite +++ b/tests/wpt/suite @@ -1 +1 @@ -Subproject commit a14e908e1fd7c6e848ef60df044af1c040a012d2 +Subproject commit abcbb64783af5b776a3c5f4e13cf4d8756217830 From b452d2ab9af157d972f014122c445e00c5e219dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Mon, 3 Jun 2024 23:48:46 +0200 Subject: [PATCH 07/27] clippy passes! --- cli/args/mod.rs | 18 +++------ ext/fetch/lib.rs | 5 +-- ext/net/ops_tls.rs | 25 ++++++------ ext/tls/lib.rs | 70 ++++++++++++++-------------------- ext/tls/tls_key.rs | 19 ++++----- ext/websocket/lib.rs | 11 +++--- tests/integration/run_tests.rs | 19 +++++---- tests/util/server/src/https.rs | 32 +++++++++------- 8 files changed, 93 insertions(+), 106 deletions(-) diff --git a/cli/args/mod.rs b/cli/args/mod.rs index 766ddf52dde5f4..d57d8e635fd765 100644 --- a/cli/args/mod.rs +++ b/cli/args/mod.rs @@ -695,21 +695,13 @@ pub fn get_root_cert_store( for store in ca_stores.iter() { match store.as_str() { "mozilla" => { - root_cert_store.add_trust_anchors( - webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| { - rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( - ta.subject, - ta.spki, - ta.name_constraints, - ) - }), - ); + root_cert_store.extend(webpki_roots::TLS_SERVER_ROOTS.to_vec()); } "system" => { let roots = load_native_certs().expect("could not load platform certs"); for root in roots { root_cert_store - .add(&rustls::Certificate(root.0)) + .add(rustls::pki_types::CertificateDer::from(root.0)) .expect("Failed to add platform cert to root cert store"); } } @@ -733,17 +725,17 @@ pub fn get_root_cert_store( RootCertStoreLoadError::CaFileOpenError(err.to_string()) })?; let mut reader = BufReader::new(certfile); - rustls_pemfile::certs(&mut reader) + rustls_pemfile::certs(&mut reader).collect::, _>>() } CaData::Bytes(data) => { let mut reader = BufReader::new(Cursor::new(data)); - rustls_pemfile::certs(&mut reader) + rustls_pemfile::certs(&mut reader).collect::, _>>() } }; match result { Ok(certs) => { - root_cert_store.add_parsable_certificates(&certs); + root_cert_store.add_parsable_certificates(certs); } Err(e) => { return Err(RootCertStoreLoadError::FailedAddPemFile(e.to_string())); diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs index 1004a9772db8db..abd91a94fc9ae1 100644 --- a/ext/fetch/lib.rs +++ b/ext/fetch/lib.rs @@ -960,10 +960,7 @@ pub fn create_http_client( } } - builder.build().map_err(|e| { - eprintln!("error building a client {:#?}", e); - e.into() - }) + builder.build().map_err(|e| e.into()) } #[op2] diff --git a/ext/net/ops_tls.rs b/ext/net/ops_tls.rs index 488173cc099396..ccea8eb758f09e 100644 --- a/ext/net/ops_tls.rs +++ b/ext/net/ops_tls.rs @@ -31,9 +31,11 @@ use deno_tls::create_client_config; use deno_tls::load_certs; use deno_tls::load_private_keys; use deno_tls::new_resolver; +use deno_tls::rustls::pki_types::ServerName; use deno_tls::rustls::ClientConnection; use deno_tls::rustls::ServerConfig; -use deno_tls::rustls::ServerName; +use deno_tls::webpki::types::CertificateDer; +use deno_tls::webpki::types::PrivateKeyDer; use deno_tls::ServerConfigProvider; use deno_tls::SocketUse; use deno_tls::TlsKey; @@ -301,14 +303,14 @@ where { let rid = args.rid; let hostname = match &*args.hostname { - "" => "localhost", - n => n, + "" => "localhost".to_string(), + n => n.to_string(), }; { let mut s = state.borrow_mut(); let permissions = s.borrow_mut::(); - permissions.check_net(&(hostname, Some(0)), "Deno.startTls()")?; + permissions.check_net(&(&hostname, Some(0)), "Deno.startTls()")?; } let ca_certs = args @@ -317,8 +319,8 @@ where .map(|s| s.into_bytes()) .collect::>(); - let hostname_dns = - ServerName::try_from(hostname).map_err(|_| invalid_hostname(hostname))?; + let hostname_dns = ServerName::try_from(hostname.to_string()) + .map_err(|_| invalid_hostname(&hostname))?; let unsafely_ignore_certificate_errors = state .borrow() @@ -419,9 +421,9 @@ where .borrow::() .root_cert_store()?; let hostname_dns = if let Some(server_name) = args.server_name { - ServerName::try_from(server_name.as_str()) + ServerName::try_from(server_name) } else { - ServerName::try_from(&*addr.hostname) + ServerName::try_from(addr.hostname.clone()) } .map_err(|_| invalid_hostname(&addr.hostname))?; let connect_addr = resolve_addr(&addr.hostname, addr.port) @@ -463,7 +465,9 @@ where Ok((rid, IpAddr::from(local_addr), IpAddr::from(remote_addr))) } -fn load_certs_from_file(path: &str) -> Result, AnyError> { +fn load_certs_from_file( + path: &str, +) -> Result>, AnyError> { let cert_file = File::open(path)?; let reader = &mut BufReader::new(cert_file); load_certs(reader) @@ -471,7 +475,7 @@ fn load_certs_from_file(path: &str) -> Result, AnyError> { fn load_private_keys_from_file( path: &str, -) -> Result, AnyError> { +) -> Result>, AnyError> { let key_bytes = std::fs::read(path)?; load_private_keys(&key_bytes) } @@ -520,7 +524,6 @@ where TlsKeys::Null => Err(anyhow!("Deno.listenTls requires a key")), TlsKeys::Static(TlsKey(cert, key)) => { let mut tls_config = ServerConfig::builder() - .with_safe_defaults() .with_no_client_auth() .with_single_cert(cert, key) .map_err(|e| anyhow!(e))?; diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 9b0d452fd882dd..57851f9a8eccff 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -215,7 +215,7 @@ pub fn create_client_config( root_cert_store: Option, ca_certs: Vec>, unsafely_ignore_certificate_errors: Option>, - maybe_cert_chain_and_key: Option, + maybe_cert_chain_and_key: TlsKeys, socket_use: SocketUse, ) -> Result { if let Some(ic_allowlist) = unsafely_ignore_certificate_errors { @@ -229,14 +229,13 @@ pub fn create_client_config( // However it's not really feasible to deduplicate it as the `client_config` instances // are not type-compatible - one wants "client cert", the other wants "transparency policy // or client cert". - let mut client = - if let Some(TlsKey(cert_chain, private_key)) = maybe_cert_chain_and_key { - client_config - .with_client_auth_cert(cert_chain, private_key) - .expect("invalid client key or certificate") - } else { - client_config.with_no_client_auth() - }; + let mut client = match maybe_cert_chain_and_key { + TlsKeys::Static(TlsKey(cert_chain, private_key)) => client_config + .with_client_auth_cert(cert_chain, private_key.clone_key()) + .expect("invalid client key or certificate"), + TlsKeys::Null => client_config.with_no_client_auth(), + TlsKeys::Resolver(_) => unimplemented!(), + }; add_alpn(&mut client, socket_use); return Ok(client); @@ -266,14 +265,13 @@ pub fn create_client_config( root_cert_store }); - let mut client = - if let Some(TlsKey(cert_chain, private_key)) = maybe_cert_chain_and_key { - client_config - .with_client_auth_cert(cert_chain, private_key) - .expect("invalid client key or certificate") - } else { - client_config.with_no_client_auth() - }; + let mut client = match maybe_cert_chain_and_key { + TlsKeys::Static(TlsKey(cert_chain, private_key)) => client_config + .with_client_auth_cert(cert_chain, private_key.clone_key()) + .expect("invalid client key or certificate"), + TlsKeys::Null => client_config.with_no_client_auth(), + TlsKeys::Resolver(_) => unimplemented!(), + }; add_alpn(&mut client, socket_use); Ok(client) @@ -296,7 +294,7 @@ fn add_alpn(client: &mut ClientConfig, socket_use: SocketUse) { pub fn load_certs( reader: &mut dyn BufRead, -) -> Result, AnyError> { +) -> Result>, AnyError> { let certs: Result, _> = certs(reader).collect(); let certs = certs @@ -306,7 +304,7 @@ pub fn load_certs( return Err(cert_not_found_err()); } - Ok(certs.into_iter().map(CertificateDer::from).collect()) + Ok(certs.into_iter().map(|x| x.into_owned()).collect()) } fn key_decode_err() -> AnyError { @@ -322,14 +320,18 @@ fn cert_not_found_err() -> AnyError { } /// Starts with -----BEGIN RSA PRIVATE KEY----- -fn load_rsa_keys(mut bytes: &[u8]) -> Result, AnyError> { +fn load_rsa_keys( + mut bytes: &[u8], +) -> Result>, AnyError> { let keys: Result, _> = rsa_private_keys(&mut bytes).collect(); let keys = keys.map_err(|_| key_decode_err())?; Ok(keys.into_iter().map(PrivateKeyDer::Pkcs1).collect()) } /// Starts with -----BEGIN EC PRIVATE KEY----- -fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { +fn load_ec_keys( + mut bytes: &[u8], +) -> Result>, AnyError> { let keys: Result, std::io::Error> = ec_private_keys(&mut bytes).collect(); let keys2 = keys.map_err(|_| key_decode_err())?; @@ -337,7 +339,9 @@ fn load_ec_keys(mut bytes: &[u8]) -> Result, AnyError> { } /// Starts with -----BEGIN PRIVATE KEY----- -fn load_pkcs8_keys(mut bytes: &[u8]) -> Result, AnyError> { +fn load_pkcs8_keys( + mut bytes: &[u8], +) -> Result>, AnyError> { let keys: Result, std::io::Error> = pkcs8_private_keys(&mut bytes).collect(); let keys2 = keys.map_err(|_| key_decode_err())?; @@ -355,7 +359,9 @@ fn filter_invalid_encoding_err( } } -pub fn load_private_keys(bytes: &[u8]) -> Result, AnyError> { +pub fn load_private_keys( + bytes: &[u8], +) -> Result>, AnyError> { let mut keys = load_rsa_keys(bytes)?; if keys.is_empty() { @@ -372,21 +378,3 @@ pub fn load_private_keys(bytes: &[u8]) -> Result, AnyError> { Ok(keys) } - -/// A loaded key. -// FUTURE(mmastrac): add resolver enum value to support dynamic SNI -pub enum TlsKeys { - // TODO(mmastrac): We need Option<&T> for cppgc -- this is a workaround - Null, - Static(TlsKey), -} - -/// A TLS certificate/private key pair. -#[derive(Debug)] -pub struct TlsKey(pub Vec>, pub PrivateKeyDer<'static>); - -impl Clone for TlsKey { - fn clone(&self) -> Self { - Self(self.0.clone(), self.1.clone_key()) - } -} diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs index 9d83c1a03038f1..66c60093786dc8 100644 --- a/ext/tls/tls_key.rs +++ b/ext/tls/tls_key.rs @@ -37,13 +37,16 @@ type ErrorType = Rc; /// A TLS certificate/private key pair. /// see https://docs.rs/rustls-pki-types/latest/rustls_pki_types/#cloning-private-keys -#[derive(Clone, Debug, PartialEq, Eq)] -pub struct TlsKey( - pub Vec>, - pub Rc>, -); +#[derive(Debug, PartialEq, Eq)] +pub struct TlsKey(pub Vec>, pub PrivateKeyDer<'static>); -#[derive(Debug, Default)] +impl Clone for TlsKey { + fn clone(&self) -> Self { + Self(self.0.clone(), self.1.clone_key()) + } +} + +#[derive(Clone, Debug, Default)] pub enum TlsKeys { // TODO(mmastrac): We need Option<&T> for cppgc -- this is a workaround #[default] @@ -260,9 +263,7 @@ pub mod tests { fn tls_key_for_test(sni: &str) -> TlsKey { TlsKey( vec![CertificateDer::from(format!("{sni}-cert").into_bytes())], - Rc::new( - PrivateKeyDer::try_from(format!("{sni}-key").into_bytes()).unwrap(), - ), + PrivateKeyDer::try_from(format!("{sni}-key").into_bytes()).unwrap(), ) } diff --git a/ext/websocket/lib.rs b/ext/websocket/lib.rs index 06a75faabd9b64..0e65961a133ff9 100644 --- a/ext/websocket/lib.rs +++ b/ext/websocket/lib.rs @@ -36,14 +36,13 @@ use http::Request; use http::StatusCode; use http::Uri; use once_cell::sync::Lazy; +use rustls_tokio_stream::rustls::pki_types::ServerName; use rustls_tokio_stream::rustls::RootCertStore; -use rustls_tokio_stream::rustls::ServerName; use rustls_tokio_stream::TlsStream; use serde::Serialize; use std::borrow::Cow; use std::cell::Cell; use std::cell::RefCell; -use std::convert::TryFrom; use std::fmt; use std::future::Future; use std::num::NonZeroUsize; @@ -234,8 +233,8 @@ async fn handshake_http1_wss( ) -> Result<(WebSocket, http::HeaderMap), AnyError> { let tcp_socket = TcpStream::connect(addr).await?; let tls_config = create_ws_client_config(state, SocketUse::Http1Only)?; - let dnsname = - ServerName::try_from(domain).map_err(|_| invalid_hostname(domain))?; + let dnsname = ServerName::try_from(domain.to_string()) + .map_err(|_| invalid_hostname(domain))?; let mut tls_connector = TlsStream::new_client_side( tcp_socket, ClientConnection::new(tls_config.into(), dnsname)?, @@ -259,8 +258,8 @@ async fn handshake_http2_wss( ) -> Result<(WebSocket, http::HeaderMap), AnyError> { let tcp_socket = TcpStream::connect(addr).await?; let tls_config = create_ws_client_config(state, SocketUse::Http2Only)?; - let dnsname = - ServerName::try_from(domain).map_err(|_| invalid_hostname(domain))?; + let dnsname = ServerName::try_from(domain.to_string()) + .map_err(|_| invalid_hostname(domain))?; // We need to better expose the underlying errors here let mut tls_connector = TlsStream::new_client_side( tcp_socket, diff --git a/tests/integration/run_tests.rs b/tests/integration/run_tests.rs index 55841b90180627..65fc8b18e42eee 100644 --- a/tests/integration/run_tests.rs +++ b/tests/integration/run_tests.rs @@ -5298,17 +5298,19 @@ async fn listen_tls_alpn() { let mut reader = &mut BufReader::new(Cursor::new(include_bytes!( "../testdata/tls/RootCA.crt" ))); - let certs = rustls_pemfile::certs(&mut reader).unwrap(); + let certs = rustls_pemfile::certs(&mut reader) + .collect::, _>>() + .unwrap(); let mut root_store = rustls::RootCertStore::empty(); - root_store.add_parsable_certificates(&certs); + root_store.add_parsable_certificates(certs); let mut cfg = rustls::ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); cfg.alpn_protocols.push(b"foobar".to_vec()); let cfg = Arc::new(cfg); - let hostname = rustls::ServerName::try_from("localhost").unwrap(); + let hostname = + rustls::pki_types::ServerName::try_from("localhost".to_string()).unwrap(); let tcp_stream = tokio::net::TcpStream::connect("localhost:4504") .await @@ -5350,17 +5352,18 @@ async fn listen_tls_alpn_fail() { let mut reader = &mut BufReader::new(Cursor::new(include_bytes!( "../testdata/tls/RootCA.crt" ))); - let certs = rustls_pemfile::certs(&mut reader).unwrap(); + let certs = rustls_pemfile::certs(&mut reader) + .collect::, _>>() + .unwrap(); let mut root_store = rustls::RootCertStore::empty(); - root_store.add_parsable_certificates(&certs); + root_store.add_parsable_certificates(certs); let mut cfg = rustls::ClientConfig::builder() - .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); cfg.alpn_protocols.push(b"boofar".to_vec()); let cfg = Arc::new(cfg); - let hostname = rustls::ServerName::try_from("localhost").unwrap(); + let hostname = rustls::pki_types::ServerName::try_from("localhost").unwrap(); let tcp_stream = tokio::net::TcpStream::connect("localhost:4505") .await diff --git a/tests/util/server/src/https.rs b/tests/util/server/src/https.rs index 3b8bfd07f12100..bc17c70e3faaf0 100644 --- a/tests/util/server/src/https.rs +++ b/tests/util/server/src/https.rs @@ -70,9 +70,7 @@ pub fn get_tls_config( let certs_result: Result>, io::Error> = { let mut cert_reader = io::BufReader::new(cert_file); - rustls_pemfile::certs(&mut cert_reader) - .into_iter() - .collect() + rustls_pemfile::certs(&mut cert_reader).collect() }; let certs = certs_result?; @@ -83,15 +81,19 @@ pub fn get_tls_config( let mut key_reader = io::BufReader::new(key_file); let key = { - let pkcs8_keys = - rustls_pemfile::pkcs8_private_keys(&mut key_reader).collect::>(); - let rsa_keys = - rustls_pemfile::rsa_private_keys(&mut key_reader).collect::>(); + let pkcs8_keys_result = rustls_pemfile::pkcs8_private_keys(&mut key_reader) + .collect::, _>>(); + let pkcs8_keys = pkcs8_keys_result?; + + let rsa_keys_result = rustls_pemfile::rsa_private_keys(&mut key_reader) + .collect::, _>>(); + let rsa_keys = rsa_keys_result?; + if !pkcs8_keys.is_empty() { - let key = pkcs8_keys[0]?.clone_key(); + let key = pkcs8_keys[0].clone_key(); Some(PrivateKeyDer::from(key)) } else if !rsa_keys.is_empty() { - let key = rsa_keys[0]?.clone_key(); + let key = rsa_keys[0].clone_key(); Some(PrivateKeyDer::from(key)) } else { None @@ -104,13 +106,15 @@ pub fn get_tls_config( root_cert_store.add(ca_cert).unwrap(); // Allow (but do not require) client authentication. + let client_verifier = rustls::server::WebPkiClientVerifier::builder( + Arc::new(root_cert_store), + ) + .allow_unauthenticated() + .build() + .unwrap(); let mut config = rustls::ServerConfig::builder() - .with_client_cert_verifier(Arc::new( - rustls::server::AllowAnyAnonymousOrAuthenticatedClient::new( - root_cert_store, - ), - )) + .with_client_cert_verifier(client_verifier) .with_single_cert(certs, key) .map_err(|e| anyhow!("Error setting cert: {:?}", e)) .unwrap(); From c95b0744b48023bfd51c5a6c1b6bff6fc018417c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Tue, 4 Jun 2024 00:18:05 +0200 Subject: [PATCH 08/27] checkout wpt --- tests/wpt/suite | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/wpt/suite b/tests/wpt/suite index abcbb64783af5b..a14e908e1fd7c6 160000 --- a/tests/wpt/suite +++ b/tests/wpt/suite @@ -1 +1 @@ -Subproject commit abcbb64783af5b776a3c5f4e13cf4d8756217830 +Subproject commit a14e908e1fd7c6e848ef60df044af1c040a012d2 From 4c433a1dea51246f3f0d980f560ce056372a011f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Tue, 4 Jun 2024 00:27:52 +0200 Subject: [PATCH 09/27] Address some todos --- Cargo.lock | 1 - ext/fetch/Cargo.toml | 1 - ext/tls/lib.rs | 61 ++++++++++++++++---------------------------- ext/tls/tls_key.rs | 2 -- 4 files changed, 22 insertions(+), 43 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6e32b733343e36..adcc4c37643ee0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1434,7 +1434,6 @@ dependencies = [ "deno_core", "deno_tls", "dyn-clone", - "http 0.2.12", "http 1.1.0", "reqwest", "serde", diff --git a/ext/fetch/Cargo.toml b/ext/fetch/Cargo.toml index c86e8d5327b122..8d277384f6e0fe 100644 --- a/ext/fetch/Cargo.toml +++ b/ext/fetch/Cargo.toml @@ -20,7 +20,6 @@ deno_core.workspace = true deno_tls.workspace = true dyn-clone = "1" http.workspace = true -http_v02.workspace = true reqwest.workspace = true serde.workspace = true serde_json.workspace = true diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 57851f9a8eccff..196b3aa1798840 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -1,6 +1,5 @@ // Copyright 2018-2024 the Deno authors. All rights reserved. MIT license. pub use deno_native_certs; -use deno_native_certs::load_native_certs; pub use rustls; use rustls::pki_types::CertificateDer; use rustls::pki_types::PrivateKeyDer; @@ -21,6 +20,7 @@ use rustls::client::WebPkiServerVerifier; use rustls::ClientConfig; use rustls::DigitallySignedStruct; use rustls::Error; +use rustls::RootCertStore; use rustls_pemfile::certs; use rustls_pemfile::ec_private_keys; use rustls_pemfile::pkcs8_private_keys; @@ -35,10 +35,6 @@ use std::sync::Arc; mod tls_key; pub use tls_key::*; -// pub type Certificate = rustls::pki_types::CertificateDer<'static>; -// pub type PrivateKey = rustls::pki_types::PrivateKeyDer<'static>; -pub type RootCertStore = rustls::RootCertStore; - /// Lazily resolves the root cert store. /// /// This was done because the root cert store is not needed in all cases @@ -187,19 +183,6 @@ pub fn create_default_root_cert_store() -> RootCertStore { root_cert_store } -pub fn create_platform_cert_store() -> RootCertStore { - let mut root_cert_store = RootCertStore::empty(); - let roots: Vec = - load_native_certs().expect("could not load platform certs"); - for root in roots { - root_cert_store - .add(CertificateDer::from(root.0)) - .expect("Failed to add platform cert to root cert store"); - } - debug_assert!(!root_cert_store.is_empty()); - root_cert_store -} - pub enum SocketUse { /// General SSL: No ALPN GeneralSsl, @@ -241,29 +224,29 @@ pub fn create_client_config( return Ok(client); } - let client_config = ClientConfig::builder().with_root_certificates({ - let mut root_cert_store = - root_cert_store.unwrap_or_else(create_default_root_cert_store); - // If custom certs are specified, add them to the store - for cert in ca_certs { - let reader = &mut BufReader::new(Cursor::new(cert)); - // This function does not return specific errors, if it fails give a generic message. - for r in rustls_pemfile::certs(reader) { - match r { - Ok(cert) => { - root_cert_store.add(cert)?; - } - Err(e) => { - return Err(anyhow!( - "Unable to add pem file to certificate store: {}", - e - )); - } + let mut root_cert_store = + root_cert_store.unwrap_or_else(create_default_root_cert_store); + // If custom certs are specified, add them to the store + for cert in ca_certs { + let reader = &mut BufReader::new(Cursor::new(cert)); + // This function does not return specific errors, if it fails give a generic message. + for r in rustls_pemfile::certs(reader) { + match r { + Ok(cert) => { + root_cert_store.add(cert)?; + } + Err(e) => { + return Err(anyhow!( + "Unable to add pem file to certificate store: {}", + e + )); } } } - root_cert_store - }); + } + + let client_config = + ClientConfig::builder().with_root_certificates(root_cert_store); let mut client = match maybe_cert_chain_and_key { TlsKeys::Static(TlsKey(cert_chain, private_key)) => client_config @@ -304,7 +287,7 @@ pub fn load_certs( return Err(cert_not_found_err()); } - Ok(certs.into_iter().map(|x| x.into_owned()).collect()) + Ok(certs) } fn key_decode_err() -> AnyError { diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs index 66c60093786dc8..6c94bd727299e2 100644 --- a/ext/tls/tls_key.rs +++ b/ext/tls/tls_key.rs @@ -257,8 +257,6 @@ impl TlsKeyLookup { pub mod tests { use super::*; use deno_core::unsync::spawn; - use webpki::types::CertificateDer; - use webpki::types::PrivateKeyDer; fn tls_key_for_test(sni: &str) -> TlsKey { TlsKey( From 697683b99e4866c3680c96719619150bebb131a0 Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Tue, 4 Jun 2024 06:06:07 -0400 Subject: [PATCH 10/27] avoid rustls-pemfile 1.0.4 - deno_native_certs changes --- Cargo.lock | 27 +++++++++------------------ ext/tls/Cargo.toml | 2 +- 2 files changed, 10 insertions(+), 19 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index adcc4c37643ee0..e6b3bd76249514 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1639,14 +1639,13 @@ dependencies = [ [[package]] name = "deno_native_certs" version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4785d0bdc13819b665b71e4fb7e119d859568471e4c245ec5610857e70c9345" +source = "git+https://github.com/denoland/deno_native_certs?branch=upgrade-pemfile2#e77d8fda3a4ec4cff11d50c140551d33bdb5f430" dependencies = [ "dlopen2", "dlopen2_derive", "once_cell", "rustls-native-certs", - "rustls-pemfile 1.0.4", + "rustls-pemfile", ] [[package]] @@ -1892,7 +1891,7 @@ dependencies = [ "deno_core", "deno_native_certs", "rustls", - "rustls-pemfile 2.1.2", + "rustls-pemfile", "rustls-tokio-stream", "rustls-webpki", "serde", @@ -5265,7 +5264,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "rustls", - "rustls-pemfile 2.1.2", + "rustls-pemfile", "rustls-pki-types", "serde", "serde_json", @@ -5466,25 +5465,17 @@ dependencies = [ [[package]] name = "rustls-native-certs" -version = "0.6.3" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9aace74cb666635c918e9c12bc0d348266037aa8eb599b5cba565709a8dff00" +checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792" dependencies = [ "openssl-probe", - "rustls-pemfile 1.0.4", + "rustls-pemfile", + "rustls-pki-types", "schannel", "security-framework", ] -[[package]] -name = "rustls-pemfile" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" -dependencies = [ - "base64 0.21.7", -] - [[package]] name = "rustls-pemfile" version = "2.1.2" @@ -6707,7 +6698,7 @@ dependencies = [ "prost-build", "regex", "reqwest", - "rustls-pemfile 2.1.2", + "rustls-pemfile", "rustls-tokio-stream", "semver 1.0.14", "serde", diff --git a/ext/tls/Cargo.toml b/ext/tls/Cargo.toml index 3e09204093d4ba..672284d926dd90 100644 --- a/ext/tls/Cargo.toml +++ b/ext/tls/Cargo.toml @@ -15,7 +15,7 @@ path = "lib.rs" [dependencies] deno_core.workspace = true -deno_native_certs = "0.2.0" +deno_native_certs = { git = "https://github.com/denoland/deno_native_certs", branch = "upgrade-pemfile2" } rustls.workspace = true rustls-pemfile.workspace = true rustls-tokio-stream.workspace = true From feeb37fe975ca262720e68fb9090ea94fc754eab Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Tue, 4 Jun 2024 07:47:49 -0400 Subject: [PATCH 11/27] fix tls_key_for_test --- ext/tls/testdata/README | 4 ++++ ext/tls/testdata/example1_cert.der | Bin 0 -> 929 bytes ext/tls/testdata/example1_prikey.der | Bin 0 -> 1190 bytes ext/tls/testdata/example2_cert.der | Bin 0 -> 929 bytes ext/tls/testdata/example2_prikey.der | Bin 0 -> 1191 bytes ext/tls/tls_key.rs | 26 ++++++++++++++++---------- 6 files changed, 20 insertions(+), 10 deletions(-) create mode 100644 ext/tls/testdata/README create mode 100644 ext/tls/testdata/example1_cert.der create mode 100644 ext/tls/testdata/example1_prikey.der create mode 100644 ext/tls/testdata/example2_cert.der create mode 100644 ext/tls/testdata/example2_prikey.der diff --git a/ext/tls/testdata/README b/ext/tls/testdata/README new file mode 100644 index 00000000000000..b2ed3b4530ce47 --- /dev/null +++ b/ext/tls/testdata/README @@ -0,0 +1,4 @@ + +penssl req -x509 -newkey rsa:2048 -nodes -keyout example2_prikey.pem -out example2_cert.der -subj "/C=US/ST=State/L=Locality/O=Organization/CN=example2.com" -outform der + +openssl pkey -in example2_prikey.pem -out example2_prikey.der -outform der diff --git a/ext/tls/testdata/example1_cert.der b/ext/tls/testdata/example1_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..fb1b2e64b2510fb1028bd4ecaeaebb29e3ac0ad8 GIT binary patch literal 929 zcmXqLVxDWz#MHWgnTe5!NyM|i;{MjIT`H#6f4+I0cUj@=*ZGePc-c6$+C196^D;7W zvoaXO8FCwNvN4CUun9AT1{?Aj@PIfRJgmVbi6yCqf(HB`K06PGPkwS@PG(7^p{Ri{ zNQjGv$G<2&F)yW~+7mQHj6);z;T>7M|l8TGp=*={+13PVMfbAS6Cr_K2e=#Q^ z?9u|SuC^(xdOsJL$vyO0VmE)2MceX;yO#c5oxnN2o2%wjN63Q>-H!aL9a%nm^$A9{ z-O$cW*WR{d!$kjdsTyGn=9U{Cn3t;k z`Pl9)rKfY;ZX|~UI34|OxIe;v{(++Z%#(J8_ts3>{%BuNbyMRd$9reuLjMB}r8qtT7=ZPt9YU-6>-!Epn~U-T!H) zFXbC_{`lg@k;t-83Nz98e}HD)el?bKUa>o9|7RPiU$_^`@?+H`zturj$ z?6T>2PJpE7Qbq{TGX$0wWMo9;JOBA9==c?Q}; z_79M*=7#kPUZM{7R+^=r*JrEccMsCjyEXq`pcRwY!TKb$8FObSo<3WR1%7io?$ycs zp-l|bcL`VMGfvr-l9(9+0|5X50)hbmAPq@YhcIKeLtpoxg+E9VVw%hS@F74g9CT51 z@*buIa`|6zqN+;aB0Mk1*@YfHmpKyFGRC{~ouh=g&y(Le1h~#Wx7?eO?lSb;F*(;FXd_pm zohRl>jw$(9suxlie6X2Fu#VpD!o`u0)c@5?K%9Or@kYVCQkw3c};T-E3Pm<@w?JJ8|Lc5 z+@$1sR&-t%Sk(WBRQ;3T1}|k-`_hvby_?TCa#p_7iA)B|SN`OXA10@jz{F+hX1WGI zh&R&Ov&yMz0RdXG6$lx!ozsXfNM4P#8!{vSo!Ax#sm{0)c@5 z#PjG-oGzt%%fugCcq~m9l&$ZkzD^YC)uh~Ym= z^dMH3McLF~BKEqjsCqAdVlIDR&&V=KV8^fBg@`X}@|z-) zb}SpzP?^Y+##h4X68A_X5UbYqMRE6%^>89Wf*}@zJ-ct9%ALv$_JXubU5FNyu!gm( z8DV2B7nv2g?$?`0WFNQ#->OjXkykV&A#qM+=)nO9(T;59aKPR;er|&_0j?P5;on^X zfq-VMFNtqy9E3$;!-3t0#q;@Q0P5tR@cKBJ<3Xpusb5Du-IhL0Q7xolUhPq;EHN`0 z$bUX6r9|t4)I6xN73nOCq9Dr)bkL-TH&X~Nq(iWDMd*&VPnrxztElcnG1JF#tuP0x z1V|tEORR_~N#NtzBL0qQ-iHR)jy=a?c2NR>fJE<~2U)9YWPa1ARRkYgUcd zEjs3P$sz4CM*VNN!#j?F-exnB*PK{r9+tZVP&3%|7{X4Hjp!fz%XD;%d_H9e;WEu% zw#TyOE}5$fpDMeL6|x432Z}@LITLt{Z;d&DR38shQ#D;WT6lDVcI8JL?G`56qF7`d357#SH3a2DO+%B<4(rye=)n*2Hb?*B5IS2gSX zvioOtv}5axx|81Fp=Z4Q9of5UgoS*xYwx!HCaDL1AOApRjonoDv z$)=I)8@X@Qc>~VuM|;a%GE`>!F6v%7d4@PkpV)mjGe-m6nu$-NK3HTtNl(6`gvRtGKiJH}4^4Gqn<{ME|8D2p zPfH4QZvUIPsH;lnKv&yCflT)-Yh2-m|zB2}ceY$b+PnStJa^8n7z>B@|gwn=l8efF?v-n2{e@``zl4vW`& zZ{-xctmu$Qs-Dz>sknLW0_t>Ll&u{i$ YV&a~=g{Lg4egDjYk8hQ>c|QmO0O~1ZSO5S3 literal 0 HcmV?d00001 diff --git a/ext/tls/testdata/example2_prikey.der b/ext/tls/testdata/example2_prikey.der new file mode 100644 index 0000000000000000000000000000000000000000..8bdef8df382c4577b4a9ed68410926cf15866533 GIT binary patch literal 1191 zcmV;Y1X%kpf&`-i0RRGm0RaHO33A*DX?iIBCt04>AI=Yp{~WWbgD(0${x-#kwU~a% zOIKCQO8&&Xx~bU_C|=A-SS4bAc?t85BDQ3hz|XYL(%{ZI$_1Ti1}I}qS-z^zFbQko zy>~=tB%4j5i=~s87X*$L-$ph;FfDwMZnWBn%EWnD6;(B>M z4WTK$n(^0V&WhJd9E9xe^D{CX9*AG?@7-|S^t&z>%H_=iw&-rD#H99n_;Dm1#W(t8 zQTX#mu^pp`6tVwPK!s&nLhyLomLC21Ls=25NEW4&WL+urEEV2yk0TbY{@li_ZIpPXh zY{t|L)H?2W5kSl3X(-~oOVwOY%|{iR8F`=n$SOC}#t)s22ALJ_7wh87yqLt6$DCMSV~C&n3w?=;QW)nb zc;}~1XvcMnl<+}R;k+ZM^9$1uzMvn&0)c=tm1vH0?np`O(Zn}|44C7^X3V${g3-CZ z86BCUK#_TibH|yG2F_#7@RS?#&JTBZJw)%PE7C&Ql3t)rVeR_mS=R~!gw(*KCFe)= zgR-KNRZ`JoG|@1t?)%XlSwSRIAz>k!(rh3#ZKqHs&7`%2Q7Y!Hy1+18;E1uW;-_T- zfq)v*o|2j~sM*Q| zBo>iYTrpI#q`&`}B%L7lW&e5@+<-SXBp(8SfdI{1XoFy7BAIQA=`-tJr&L#tJ2W=% zKmPNjt%O4NTBoTsDkaF?d?d$iqt&QGLj*^2&J0FQ zQg-g6Ej2#E+!j~IKha4mGC=p~kqxg^$u601`cH)WP_JL#T^-N%(n$M`iXkswoY(MV Fq87UwR!jf@ literal 0 HcmV?d00001 diff --git a/ext/tls/tls_key.rs b/ext/tls/tls_key.rs index 6c94bd727299e2..1e60e7cf0a964c 100644 --- a/ext/tls/tls_key.rs +++ b/ext/tls/tls_key.rs @@ -259,10 +259,16 @@ pub mod tests { use deno_core::unsync::spawn; fn tls_key_for_test(sni: &str) -> TlsKey { - TlsKey( - vec![CertificateDer::from(format!("{sni}-cert").into_bytes())], - PrivateKeyDer::try_from(format!("{sni}-key").into_bytes()).unwrap(), - ) + let manifest_dir = + std::path::PathBuf::from(std::env::var("CARGO_MANIFEST_DIR").unwrap()); + let sni = sni.replace(".com", ""); + let cert_file = manifest_dir.join(format!("testdata/{}_cert.der", sni)); + let prikey_file = manifest_dir.join(format!("testdata/{}_prikey.der", sni)); + let cert = std::fs::read(cert_file).unwrap(); + let prikey = std::fs::read(prikey_file).unwrap(); + let cert = CertificateDer::from(cert); + let prikey = PrivateKeyDer::try_from(prikey).unwrap(); + TlsKey(vec![cert], prikey) } #[tokio::test] @@ -274,8 +280,8 @@ pub mod tests { } }); - let key = resolver.resolve("example.com".to_owned()).await.unwrap(); - assert_eq!(tls_key_for_test("example.com"), key); + let key = resolver.resolve("example1.com".to_owned()).await.unwrap(); + assert_eq!(tls_key_for_test("example1.com"), key); drop(resolver); task.await.unwrap(); @@ -290,13 +296,13 @@ pub mod tests { } }); - let f1 = resolver.resolve("example.com".to_owned()); - let f2 = resolver.resolve("example.com".to_owned()); + let f1 = resolver.resolve("example1.com".to_owned()); + let f2 = resolver.resolve("example1.com".to_owned()); let key = f1.await.unwrap(); - assert_eq!(tls_key_for_test("example.com"), key); + assert_eq!(tls_key_for_test("example1.com"), key); let key = f2.await.unwrap(); - assert_eq!(tls_key_for_test("example.com"), key); + assert_eq!(tls_key_for_test("example1.com"), key); drop(resolver); task.await.unwrap(); From c94f0f907c78302b7442ed118dc8a4db16d4df5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Tue, 4 Jun 2024 14:30:33 +0200 Subject: [PATCH 12/27] fix after merge --- cli/http_util.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/http_util.rs b/cli/http_util.rs index 5042f5078c484e..0a8e192f7f3992 100644 --- a/cli/http_util.rs +++ b/cli/http_util.rs @@ -567,7 +567,7 @@ mod test { use std::collections::HashSet; use std::hash::RandomState; - use deno_runtime::deno_tls::RootCertStore; + use deno_runtime::deno_tls::rustls::RootCertStore; use crate::version; From 983a92fbce7eae447000857463e682ad97925415 Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Tue, 4 Jun 2024 11:17:17 -0400 Subject: [PATCH 13/27] use updated deno_native_certs 0.3.0 --- Cargo.lock | 5 +++-- ext/tls/Cargo.toml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e6b3bd76249514..e06615aeef1bbf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1638,8 +1638,9 @@ dependencies = [ [[package]] name = "deno_native_certs" -version = "0.2.0" -source = "git+https://github.com/denoland/deno_native_certs?branch=upgrade-pemfile2#e77d8fda3a4ec4cff11d50c140551d33bdb5f430" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c867603d2a5dfea31f55cecebb572554caa395437786d058faa9a2814c8d6eb9" dependencies = [ "dlopen2", "dlopen2_derive", diff --git a/ext/tls/Cargo.toml b/ext/tls/Cargo.toml index 672284d926dd90..12615987f73c9f 100644 --- a/ext/tls/Cargo.toml +++ b/ext/tls/Cargo.toml @@ -15,7 +15,7 @@ path = "lib.rs" [dependencies] deno_core.workspace = true -deno_native_certs = { git = "https://github.com/denoland/deno_native_certs", branch = "upgrade-pemfile2" } +deno_native_certs = "0.3.0" rustls.workspace = true rustls-pemfile.workspace = true rustls-tokio-stream.workspace = true From a85e8763b532fffd68c60d5130b53c8d7d76fc17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 5 Jun 2024 17:17:02 +0200 Subject: [PATCH 14/27] fix some fetch tests --- tests/unit/fetch_test.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/unit/fetch_test.ts b/tests/unit/fetch_test.ts index 4176f39ace218a..b549be9a438a87 100644 --- a/tests/unit/fetch_test.ts +++ b/tests/unit/fetch_test.ts @@ -67,7 +67,7 @@ Deno.test( await fetch(`http://localhost:${port}`); }, TypeError, - "error trying to connect", + "error sending request for url", ); }, ); @@ -80,7 +80,7 @@ Deno.test( await fetch("http://nil/"); }, TypeError, - "error trying to connect", + "error sending request for url", ); }, ); @@ -1824,7 +1824,7 @@ Deno.test( await fetch(`http://${addr}/`); }, TypeError, - "invalid content-length parsed", + "error sending request", ); listener.close(); @@ -1880,7 +1880,7 @@ Deno.test( await response.arrayBuffer(); }, Error, - "end of file before message length reached", + "error decoding response body", ); listener.close(); From 4cbe97c2da4c6657340fdda1522b82b3fa05e58e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 5 Jun 2024 17:22:03 +0200 Subject: [PATCH 15/27] fix some http and serve tests --- tests/unit/http_test.ts | 4 ++-- tests/unit/serve_test.ts | 12 ++---------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/tests/unit/http_test.ts b/tests/unit/http_test.ts index f4fa62fa6b6174..c4704b8dea18bf 100644 --- a/tests/unit/http_test.ts +++ b/tests/unit/http_test.ts @@ -2573,7 +2573,7 @@ for (const compression of [true, false]) { assertEquals(result.value, new Uint8Array([65])); const err = await assertRejects(() => reader.read()); assert(err instanceof TypeError); - assert(err.message.includes("unexpected EOF")); + assert(err.message.includes("error decoding response body")); const httpConn = await server; httpConn.close(); @@ -2609,7 +2609,7 @@ for (const compression of [true, false]) { assertEquals(result.value, new Uint8Array([65])); const err = await assertRejects(() => reader.read()); assert(err instanceof TypeError); - assert(err.message.includes("unexpected internal error encountered")); + assert(err.message.includes("error decoding response body")); const httpConn = await server; httpConn.close(); diff --git a/tests/unit/serve_test.ts b/tests/unit/serve_test.ts index ff77578e613a76..36366706610ba7 100644 --- a/tests/unit/serve_test.ts +++ b/tests/unit/serve_test.ts @@ -3522,11 +3522,7 @@ Deno.test( fail(); } catch (clientError) { assert(clientError instanceof TypeError); - assert( - clientError.message.endsWith( - "connection closed before message completed", - ), - ); + assert(clientError.message.includes("error sending request for url")); } finally { ac.abort(); await server.finished; @@ -3574,11 +3570,7 @@ Deno.test({ fail(); } catch (clientError) { assert(clientError instanceof TypeError); - assert( - clientError.message.endsWith( - "connection closed before message completed", - ), - ); + assert(clientError.message.includes("error sending request for url")); } finally { ac.abort(); await server.finished; From 92e8d4ba7c906bea74a2cbceb79982858bb42df2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Thu, 6 Jun 2024 13:40:35 +0200 Subject: [PATCH 16/27] bump hyper --- Cargo.lock | 22 +++++++++++----------- Cargo.toml | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8b5c2f271c2694..7a76e09275f63a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -705,7 +705,7 @@ dependencies = [ "flaky_test", "http 1.1.0", "http-body-util", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "nix 0.26.2", "once_cell", @@ -1525,7 +1525,7 @@ dependencies = [ "http-body-util", "httparse", "hyper 0.14.28", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "itertools", "memmem", @@ -1820,7 +1820,7 @@ dependencies = [ "http 1.1.0", "http-body-util", "hyper 0.14.28", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "libc", "log", @@ -1972,7 +1972,7 @@ dependencies = [ "h2 0.4.4", "http 1.1.0", "http-body-util", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "once_cell", "rustls-tokio-stream", @@ -2610,7 +2610,7 @@ checksum = "f63dd7b57f9b33b1741fa631c9522eb35d43e96dcca4a6a91d5e4ca7c93acdc1" dependencies = [ "base64 0.21.7", "http-body-util", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "pin-project", "rand", @@ -3360,9 +3360,9 @@ dependencies = [ [[package]] name = "hyper" -version = "1.3.0" +version = "1.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f24ce812868d86d19daa79bf3bf9175bc44ea323391147a5e3abde2a283871b" +checksum = "fe575dd17d0862a9a33781c8c4696a55c320909004a67a00fb286ba8b1bc496d" dependencies = [ "bytes", "futures-channel", @@ -3387,7 +3387,7 @@ checksum = "a0bea761b46ae2b24eb4aef630d8d1c398157b6fc29e6350ecf090a0b70c952c" dependencies = [ "futures-util", "http 1.1.0", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "rustls", "rustls-pki-types", @@ -3407,7 +3407,7 @@ dependencies = [ "futures-util", "http 1.1.0", "http-body 1.0.0", - "hyper 1.3.0", + "hyper 1.3.1", "pin-project-lite", "socket2", "tokio", @@ -5246,7 +5246,7 @@ dependencies = [ "http 1.1.0", "http-body 1.0.0", "http-body-util", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-rustls", "hyper-util", "ipnet", @@ -6684,7 +6684,7 @@ dependencies = [ "h2 0.4.4", "http 1.1.0", "http-body-util", - "hyper 1.3.0", + "hyper 1.3.1", "hyper-util", "jsonc-parser", "lazy-regex", diff --git a/Cargo.toml b/Cargo.toml index b59b7d6ae261f7..a2fdd7cd4473ea 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -117,7 +117,7 @@ http = "1.0" http-body-util = "0.1" http_v02 = { package = "http", version = "0.2.9" } httparse = "1.8.0" -hyper = { version = "=1.3.0", features = ["full"] } +hyper = { version = "=1.3.1", features = ["full"] } hyper-util = { version = "=0.1.5", features = ["tokio", "server", "server-auto"] } hyper_v014 = { package = "hyper", version = "0.14.26", features = ["runtime", "http1"] } indexmap = { version = "2", features = ["serde"] } From 3f0781e78ec47b717bc6da345f876daf81da312f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Sun, 9 Jun 2024 03:06:11 +0200 Subject: [PATCH 17/27] wip --- node_server.js | 26 +++++++++++++++++++ tests/node_compat/test.ts | 2 +- .../test/parallel/test-http-url.parse-path.js | 2 +- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 node_server.js diff --git a/node_server.js b/node_server.js new file mode 100644 index 00000000000000..6245b7a75eb7be --- /dev/null +++ b/node_server.js @@ -0,0 +1,26 @@ +import http from "node:http"; +import url from "node:url"; + +const server = http.createServer(function (request, response) { + // Run the check function + console.log(request.url); + response.writeHead(200, {}); + response.end("ok"); + server.close(); +}); + +server.listen(0, function () { + // console.log("server listening", this.address().port); + const testURL = url.parse(`http://localhost:${this.address().port}/asdf`); + + // // make the request + http.request(testURL).end(); + // setTimeout(() => http.request(testURL).end(), 1000); + // req.on("error", (e) => { + // console.log("error in req", req); + // }); + + // req.end(); +}); + +// setTimeout(() => {}, 100_000); diff --git a/tests/node_compat/test.ts b/tests/node_compat/test.ts index db4ba4f52d2eee..dfad2d45e0da80 100644 --- a/tests/node_compat/test.ts +++ b/tests/node_compat/test.ts @@ -128,7 +128,7 @@ async function runTest(t: Deno.TestContext, path: string): Promise { } const stderrOutput = decoder.decode(stderr); const repeatCmd = magenta( - `./target/debug/deno test -A tests/node_compat/test.ts -- ${path}`, + `./target/debug/deno test -A --config tests/node_compat/deno.json tests/node_compat/test.ts -- ${path}`, ); const msg = `"${magenta(path)}" failed: diff --git a/tests/node_compat/test/parallel/test-http-url.parse-path.js b/tests/node_compat/test/parallel/test-http-url.parse-path.js index f0c07887f2d6c2..8fc4fed8d4ac49 100644 --- a/tests/node_compat/test/parallel/test-http-url.parse-path.js +++ b/tests/node_compat/test/parallel/test-http-url.parse-path.js @@ -49,5 +49,5 @@ server.listen(0, function() { const testURL = url.parse(`http://localhost:${this.address().port}/asdf`); // make the request - http.request(testURL).end(); + setTimeout(() => http.request(testURL).end(), 10); }); From ea110058abc15ae65a16378911f5f8b1b6b03711 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Sun, 9 Jun 2024 23:38:33 +0200 Subject: [PATCH 18/27] wip --- ext/node/polyfills/http.ts | 14 +++++++++++--- .../test/parallel/test-http-url.parse-path.js | 2 +- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/ext/node/polyfills/http.ts b/ext/node/polyfills/http.ts index ec3fe6e0b4f67f..85c4f4a163f672 100644 --- a/ext/node/polyfills/http.ts +++ b/ext/node/polyfills/http.ts @@ -756,9 +756,11 @@ class ClientRequest extends OutgoingMessage { { incoming._bodyRid = res.responseRid; } + console.log("response", incoming); this.emit("response", incoming); } } catch (err) { + console.log("fetch failed", err); if (this._req.cancelHandleRid !== null) { core.tryClose(this._req.cancelHandleRid); } @@ -1717,7 +1719,10 @@ export class ServerImpl extends EventEmitter { if (this.#unref) { this.#server.unref(); } - this.#server.finished.then(() => this.#serveDeferred!.resolve()); + this.#server.finished.then(() => { + console.log("server finished, resolving serveDeferred"); + this.#serveDeferred!.resolve(); + }); } setTimeout() { @@ -1754,8 +1759,11 @@ export class ServerImpl extends EventEmitter { } if (listening && this.#ac) { - this.#ac.abort(); - this.#ac = undefined; + console.log("shutting down the server"); + this.#server.shutdown(); + // TODO(bartlomieju): this should be called for `Server.closeAllConnections()` + // this.#ac.abort(); + // this.#ac = undefined; } else { this.#serveDeferred!.resolve(); } diff --git a/tests/node_compat/test/parallel/test-http-url.parse-path.js b/tests/node_compat/test/parallel/test-http-url.parse-path.js index 8fc4fed8d4ac49..f0c07887f2d6c2 100644 --- a/tests/node_compat/test/parallel/test-http-url.parse-path.js +++ b/tests/node_compat/test/parallel/test-http-url.parse-path.js @@ -49,5 +49,5 @@ server.listen(0, function() { const testURL = url.parse(`http://localhost:${this.address().port}/asdf`); // make the request - setTimeout(() => http.request(testURL).end(), 10); + http.request(testURL).end(); }); From 49456f98e44a5293c78935d75398dbf414d6f944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Tue, 11 Jun 2024 23:50:06 +0200 Subject: [PATCH 19/27] remove file --- node_server.js | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 node_server.js diff --git a/node_server.js b/node_server.js deleted file mode 100644 index 6245b7a75eb7be..00000000000000 --- a/node_server.js +++ /dev/null @@ -1,26 +0,0 @@ -import http from "node:http"; -import url from "node:url"; - -const server = http.createServer(function (request, response) { - // Run the check function - console.log(request.url); - response.writeHead(200, {}); - response.end("ok"); - server.close(); -}); - -server.listen(0, function () { - // console.log("server listening", this.address().port); - const testURL = url.parse(`http://localhost:${this.address().port}/asdf`); - - // // make the request - http.request(testURL).end(); - // setTimeout(() => http.request(testURL).end(), 1000); - // req.on("error", (e) => { - // console.log("error in req", req); - // }); - - // req.end(); -}); - -// setTimeout(() => {}, 100_000); From c47d685867574f462b41112be057814b5e2aafa6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Tue, 11 Jun 2024 23:53:07 +0200 Subject: [PATCH 20/27] remove broken tests --- tests/node_compat/config.jsonc | 6 -- tests/node_compat/runner/TODO.md | 6 ++ ...p-url.parse-auth-with-header-in-request.js | 59 ----------------- .../test/parallel/test-http-url.parse-auth.js | 55 ---------------- .../parallel/test-http-url.parse-basic.js | 65 ------------------- .../test/parallel/test-http-url.parse-path.js | 53 --------------- .../test/parallel/test-http-url.parse-post.js | 61 ----------------- .../parallel/test-http-url.parse-search.js | 54 --------------- 8 files changed, 6 insertions(+), 353 deletions(-) delete mode 100644 tests/node_compat/test/parallel/test-http-url.parse-auth-with-header-in-request.js delete mode 100644 tests/node_compat/test/parallel/test-http-url.parse-auth.js delete mode 100644 tests/node_compat/test/parallel/test-http-url.parse-basic.js delete mode 100644 tests/node_compat/test/parallel/test-http-url.parse-path.js delete mode 100644 tests/node_compat/test/parallel/test-http-url.parse-post.js delete mode 100644 tests/node_compat/test/parallel/test-http-url.parse-search.js diff --git a/tests/node_compat/config.jsonc b/tests/node_compat/config.jsonc index 612c5558a7b24e..bc5580c1df582e 100644 --- a/tests/node_compat/config.jsonc +++ b/tests/node_compat/config.jsonc @@ -383,14 +383,8 @@ // "test-http-outgoing-message-inheritance.js", "test-http-outgoing-renderHeaders.js", "test-http-outgoing-settimeout.js", - "test-http-url.parse-auth-with-header-in-request.js", - "test-http-url.parse-auth.js", - "test-http-url.parse-basic.js", "test-http-url.parse-https.request.js", "test-http-url.parse-only-support-http-https-protocol.js", - "test-http-url.parse-path.js", - "test-http-url.parse-post.js", - "test-http-url.parse-search.js", "test-net-access-byteswritten.js", "test-net-better-error-messages-listen-path.js", "test-net-better-error-messages-path.js", diff --git a/tests/node_compat/runner/TODO.md b/tests/node_compat/runner/TODO.md index ebd6f192f09169..0d5bcc6261282f 100644 --- a/tests/node_compat/runner/TODO.md +++ b/tests/node_compat/runner/TODO.md @@ -1316,6 +1316,12 @@ NOTE: This file should not be manually edited. Please edit `tests/node_compat/co - [parallel/test-http-upgrade-reconsume-stream.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-upgrade-reconsume-stream.js) - [parallel/test-http-upgrade-server.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-upgrade-server.js) - [parallel/test-http-upgrade-server2.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-upgrade-server2.js) +- [parallel/test-http-url.parse-auth-with-header-in-request.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-url.parse-auth-with-header-in-request.js) +- [parallel/test-http-url.parse-auth.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-url.parse-auth.js) +- [parallel/test-http-url.parse-basic.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-url.parse-basic.js) +- [parallel/test-http-url.parse-path.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-url.parse-path.js) +- [parallel/test-http-url.parse-post.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-url.parse-post.js) +- [parallel/test-http-url.parse-search.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-url.parse-search.js) - [parallel/test-http-wget.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-wget.js) - [parallel/test-http-writable-true-after-close.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-writable-true-after-close.js) - [parallel/test-http-write-callbacks.js](https://github.com/nodejs/node/tree/v18.12.1/test/parallel/test-http-write-callbacks.js) diff --git a/tests/node_compat/test/parallel/test-http-url.parse-auth-with-header-in-request.js b/tests/node_compat/test/parallel/test-http-url.parse-auth-with-header-in-request.js deleted file mode 100644 index eaa63bab73af09..00000000000000 --- a/tests/node_compat/test/parallel/test-http-url.parse-auth-with-header-in-request.js +++ /dev/null @@ -1,59 +0,0 @@ -// deno-fmt-ignore-file -// deno-lint-ignore-file - -// Copyright Joyent and Node contributors. All rights reserved. MIT license. -// Taken from Node 18.12.1 -// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually. - -// Copyright Joyent, Inc. and other Node contributors. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -'use strict'; -require('../common'); -const assert = require('assert'); -const http = require('http'); -const url = require('url'); - -function check(request) { - // The correct authorization header is be passed - assert.strictEqual(request.headers.authorization, 'NoAuthForYOU'); -} - -const server = http.createServer(function(request, response) { - // Run the check function - check(request); - response.writeHead(200, {}); - response.end('ok'); - server.close(); -}); - -server.listen(0, function() { - const testURL = - url.parse(`http://asdf:qwer@localhost:${this.address().port}`); - // The test here is if you set a specific authorization header in the - // request we should not override that with basic auth - testURL.headers = { - Authorization: 'NoAuthForYOU' - }; - - // make the request - http.request(testURL).end(); -}); diff --git a/tests/node_compat/test/parallel/test-http-url.parse-auth.js b/tests/node_compat/test/parallel/test-http-url.parse-auth.js deleted file mode 100644 index 3bf3242c970c93..00000000000000 --- a/tests/node_compat/test/parallel/test-http-url.parse-auth.js +++ /dev/null @@ -1,55 +0,0 @@ -// deno-fmt-ignore-file -// deno-lint-ignore-file - -// Copyright Joyent and Node contributors. All rights reserved. MIT license. -// Taken from Node 18.12.1 -// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually. - -// Copyright Joyent, Inc. and other Node contributors. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -'use strict'; -require('../common'); -const assert = require('assert'); -const http = require('http'); -const url = require('url'); - -function check(request) { - // The correct authorization header is be passed - assert.strictEqual(request.headers.authorization, 'Basic dXNlcjpwYXNzOg=='); -} - -const server = http.createServer(function(request, response) { - // Run the check function - check(request); - response.writeHead(200, {}); - response.end('ok'); - server.close(); -}); - -server.listen(0, function() { - const port = this.address().port; - // username = "user", password = "pass:" - const testURL = url.parse(`http://user:pass%3A@localhost:${port}`); - - // make the request - http.request(testURL).end(); -}); diff --git a/tests/node_compat/test/parallel/test-http-url.parse-basic.js b/tests/node_compat/test/parallel/test-http-url.parse-basic.js deleted file mode 100644 index 7018cd41097b10..00000000000000 --- a/tests/node_compat/test/parallel/test-http-url.parse-basic.js +++ /dev/null @@ -1,65 +0,0 @@ -// deno-fmt-ignore-file -// deno-lint-ignore-file - -// Copyright Joyent and Node contributors. All rights reserved. MIT license. -// Taken from Node 18.12.1 -// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually. - -// Copyright Joyent, Inc. and other Node contributors. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -'use strict'; -require('../common'); -const assert = require('assert'); -const http = require('http'); -const url = require('url'); - -let testURL; - -// Make sure the basics work -function check(request) { - // Default method should still be 'GET' - assert.strictEqual(request.method, 'GET'); - // There are no URL params, so you should not see any - assert.strictEqual(request.url, '/'); - // The host header should use the url.parse.hostname - assert.strictEqual(request.headers.host, - `${testURL.hostname}:${testURL.port}`); -} - -const server = http.createServer(function(request, response) { - // Run the check function - check(request); - response.writeHead(200, {}); - response.end('ok'); - server.close(); -}); - -server.listen(0, function() { - testURL = url.parse(`http://localhost:${this.address().port}`); - - // make the request - const clientRequest = http.request(testURL); - // Since there is a little magic with the agent - // make sure that an http request uses the http.Agent - assert.ok(clientRequest.agent instanceof http.Agent); - clientRequest.end(); -}); diff --git a/tests/node_compat/test/parallel/test-http-url.parse-path.js b/tests/node_compat/test/parallel/test-http-url.parse-path.js deleted file mode 100644 index f0c07887f2d6c2..00000000000000 --- a/tests/node_compat/test/parallel/test-http-url.parse-path.js +++ /dev/null @@ -1,53 +0,0 @@ -// deno-fmt-ignore-file -// deno-lint-ignore-file - -// Copyright Joyent and Node contributors. All rights reserved. MIT license. -// Taken from Node 18.12.1 -// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually. - -// Copyright Joyent, Inc. and other Node contributors. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -'use strict'; -require('../common'); -const assert = require('assert'); -const http = require('http'); -const url = require('url'); - -function check(request) { - // A path should come over - assert.strictEqual(request.url, '/asdf'); -} - -const server = http.createServer(function(request, response) { - // Run the check function - check(request); - response.writeHead(200, {}); - response.end('ok'); - server.close(); -}); - -server.listen(0, function() { - const testURL = url.parse(`http://localhost:${this.address().port}/asdf`); - - // make the request - http.request(testURL).end(); -}); diff --git a/tests/node_compat/test/parallel/test-http-url.parse-post.js b/tests/node_compat/test/parallel/test-http-url.parse-post.js deleted file mode 100644 index c591146035f957..00000000000000 --- a/tests/node_compat/test/parallel/test-http-url.parse-post.js +++ /dev/null @@ -1,61 +0,0 @@ -// deno-fmt-ignore-file -// deno-lint-ignore-file - -// Copyright Joyent and Node contributors. All rights reserved. MIT license. -// Taken from Node 18.12.1 -// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually. - -// Copyright Joyent, Inc. and other Node contributors. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -'use strict'; -require('../common'); -const assert = require('assert'); -const http = require('http'); -const url = require('url'); - -let testURL; - -function check(request) { - // url.parse should not mess with the method - assert.strictEqual(request.method, 'POST'); - // Everything else should be right - assert.strictEqual(request.url, '/asdf?qwer=zxcv'); - // The host header should use the url.parse.hostname - assert.strictEqual(request.headers.host, - `${testURL.hostname}:${testURL.port}`); -} - -const server = http.createServer(function(request, response) { - // Run the check function - check(request); - response.writeHead(200, {}); - response.end('ok'); - server.close(); -}); - -server.listen(0, function() { - testURL = url.parse(`http://localhost:${this.address().port}/asdf?qwer=zxcv`); - testURL.method = 'POST'; - - // make the request - http.request(testURL).end(); -}); diff --git a/tests/node_compat/test/parallel/test-http-url.parse-search.js b/tests/node_compat/test/parallel/test-http-url.parse-search.js deleted file mode 100644 index 8725331618c15a..00000000000000 --- a/tests/node_compat/test/parallel/test-http-url.parse-search.js +++ /dev/null @@ -1,54 +0,0 @@ -// deno-fmt-ignore-file -// deno-lint-ignore-file - -// Copyright Joyent and Node contributors. All rights reserved. MIT license. -// Taken from Node 18.12.1 -// This file is automatically generated by `tests/node_compat/runner/setup.ts`. Do not modify this file manually. - -// Copyright Joyent, Inc. and other Node contributors. -// -// Permission is hereby granted, free of charge, to any person obtaining a -// copy of this software and associated documentation files (the -// "Software"), to deal in the Software without restriction, including -// without limitation the rights to use, copy, modify, merge, publish, -// distribute, sublicense, and/or sell copies of the Software, and to permit -// persons to whom the Software is furnished to do so, subject to the -// following conditions: -// -// The above copyright notice and this permission notice shall be included -// in all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN -// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, -// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE -// USE OR OTHER DEALINGS IN THE SOFTWARE. - -'use strict'; -require('../common'); -const assert = require('assert'); -const http = require('http'); -const url = require('url'); - -function check(request) { - // A path should come over with params - assert.strictEqual(request.url, '/asdf?qwer=zxcv'); -} - -const server = http.createServer(function(request, response) { - // Run the check function - check(request); - response.writeHead(200, {}); - response.end('ok'); - server.close(); -}); - -server.listen(0, function() { - const port = this.address().port; - const testURL = url.parse(`http://localhost:${port}/asdf?qwer=zxcv`); - - // make the request - http.request(testURL).end(); -}); From 1fbd5039080d5976a42baf01edfe44824b57ae5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 12 Jun 2024 00:43:44 +0200 Subject: [PATCH 21/27] bump --- Cargo.lock | 18 ++++++++++++------ Cargo.toml | 11 +++-------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 625bcf90020698..8abf5c8879f6a1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2009,8 +2009,9 @@ dependencies = [ [[package]] name = "denokv_proto" -version = "0.7.0" -source = "git+https://github.com/denoland/denokv?branch=main#7e6aa784034a29fba5826a49b27e438c2bbc40fb" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b3f6e8d662ace097c9909a13e2af1a4fae16cb90214f859027c5a6308cf306bd" dependencies = [ "anyhow", "async-trait", @@ -2024,8 +2025,9 @@ dependencies = [ [[package]] name = "denokv_remote" -version = "0.7.0" -source = "git+https://github.com/denoland/denokv?branch=main#7e6aa784034a29fba5826a49b27e438c2bbc40fb" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ca69a2ef676e68c6b98b673b67a2cbeb33e56b354c2592ae3bb90cfd5a11337" dependencies = [ "anyhow", "async-stream", @@ -2048,8 +2050,9 @@ dependencies = [ [[package]] name = "denokv_sqlite" -version = "0.7.0" -source = "git+https://github.com/denoland/denokv?branch=main#7e6aa784034a29fba5826a49b27e438c2bbc40fb" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5427d4ed9b3c2257e60ec8d963086d7cf7b05546385b3501a4e0d2555744929" dependencies = [ "anyhow", "async-stream", @@ -6900,7 +6903,10 @@ dependencies = [ "futures-core", "futures-io", "futures-sink", + "futures-util", + "hashbrown", "pin-project-lite", + "slab", "tokio", "tracing", ] diff --git a/Cargo.toml b/Cargo.toml index 4116ac1d9e8544..bc357e0001304a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -55,10 +55,10 @@ deno_terminal = "0.1.1" napi_sym = { version = "0.85.0", path = "./cli/napi/sym" } test_util = { package = "test_server", path = "./tests/util/server" } -denokv_proto = "0.7.0" -denokv_remote = "0.7.0" +denokv_proto = "0.8.0" +denokv_remote = "0.8.0" # denokv_sqlite brings in bundled sqlite if we don't disable the default features -denokv_sqlite = { default-features = false, version = "0.7.0" } +denokv_sqlite = { default-features = false, version = "0.8.0" } # exts deno_broadcast_channel = { version = "0.149.0", path = "./ext/broadcast_channel" } @@ -368,8 +368,3 @@ opt-level = 3 opt-level = 3 [profile.release.package.base64-simd] opt-level = 3 - -[patch.crates-io] -denokv_proto = { git = "https://github.com/denoland/denokv", branch = "main" } -denokv_remote = { git = "https://github.com/denoland/denokv", branch = "main" } -denokv_sqlite = { git = "https://github.com/denoland/denokv", branch = "main" } From 7737ac0a7e644b926d2b98e7f9e054b248cc4299 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 12 Jun 2024 00:43:59 +0200 Subject: [PATCH 22/27] build: fix 'deno_core' PR title lint --- tools/verify_pr_title.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/verify_pr_title.js b/tools/verify_pr_title.js index 9b420ee78fb79b..d7b393bcd35b57 100644 --- a/tools/verify_pr_title.js +++ b/tools/verify_pr_title.js @@ -8,8 +8,8 @@ if (prTitle == null) { console.log("PR title:", prTitle); if ( - prTitle.startsWith("chore:") && prTitle.contains("deno_core") && - (prTitle.contains("upgrade") || prTitle.contains("update")) + prTitle.startsWith("chore:") && prTitle.includes("deno_core") && + (prTitle.includes("upgrade") || prTitle.includes("update")) ) { console.error([ "Please categorize this deno_core upgrade as a 'feat:', 'fix:' or a ", From d15c9f0676081bf64fe63b964e424d25cc9b0751 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Wed, 12 Jun 2024 01:34:49 +0200 Subject: [PATCH 23/27] revert --- ext/node/polyfills/http.ts | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/ext/node/polyfills/http.ts b/ext/node/polyfills/http.ts index ba493df432ea24..32e69772d6cdd7 100644 --- a/ext/node/polyfills/http.ts +++ b/ext/node/polyfills/http.ts @@ -756,11 +756,9 @@ class ClientRequest extends OutgoingMessage { { incoming._bodyRid = res.responseRid; } - console.log("response", incoming); this.emit("response", incoming); } } catch (err) { - console.log("fetch failed", err); if (this._req.cancelHandleRid !== null) { core.tryClose(this._req.cancelHandleRid); } @@ -1740,10 +1738,7 @@ export class ServerImpl extends EventEmitter { if (this.#unref) { this.#server.unref(); } - this.#server.finished.then(() => { - console.log("server finished, resolving serveDeferred"); - this.#serveDeferred!.resolve(); - }); + this.#server.finished.then(() => this.#serveDeferred!.resolve()); } setTimeout() { @@ -1780,11 +1775,8 @@ export class ServerImpl extends EventEmitter { } if (listening && this.#ac) { - console.log("shutting down the server"); - this.#server.shutdown(); - // TODO(bartlomieju): this should be called for `Server.closeAllConnections()` - // this.#ac.abort(); - // this.#ac = undefined; + this.#ac.abort(); + this.#ac = undefined; } else { this.#serveDeferred!.resolve(); } From 3b3260bdf57a56d4f9a236435f487752d5218556 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Thu, 13 Jun 2024 00:50:10 +0200 Subject: [PATCH 24/27] bump denokv --- Cargo.lock | 12 ++++++------ Cargo.toml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8abf5c8879f6a1..d466d32c5ddebf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2009,9 +2009,9 @@ dependencies = [ [[package]] name = "denokv_proto" -version = "0.8.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3f6e8d662ace097c9909a13e2af1a4fae16cb90214f859027c5a6308cf306bd" +checksum = "114538d2cacd2b219f05faa753d80950f95416e47c77904c7452d5f41e157059" dependencies = [ "anyhow", "async-trait", @@ -2025,9 +2025,9 @@ dependencies = [ [[package]] name = "denokv_remote" -version = "0.8.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ca69a2ef676e68c6b98b673b67a2cbeb33e56b354c2592ae3bb90cfd5a11337" +checksum = "d57717b5123e8d1ec5f52973a67f98e3621274d362d18b245038967b402082df" dependencies = [ "anyhow", "async-stream", @@ -2050,9 +2050,9 @@ dependencies = [ [[package]] name = "denokv_sqlite" -version = "0.8.0" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5427d4ed9b3c2257e60ec8d963086d7cf7b05546385b3501a4e0d2555744929" +checksum = "188b792af19082cbfc7b666e71979775300482877d8b80601f4a5a86a80098a3" dependencies = [ "anyhow", "async-stream", diff --git a/Cargo.toml b/Cargo.toml index bc357e0001304a..edd9eea43230c7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -55,10 +55,10 @@ deno_terminal = "0.1.1" napi_sym = { version = "0.85.0", path = "./cli/napi/sym" } test_util = { package = "test_server", path = "./tests/util/server" } -denokv_proto = "0.8.0" -denokv_remote = "0.8.0" +denokv_proto = "0.8.1" +denokv_remote = "0.8.1" # denokv_sqlite brings in bundled sqlite if we don't disable the default features -denokv_sqlite = { default-features = false, version = "0.8.0" } +denokv_sqlite = { default-features = false, version = "0.8.1" } # exts deno_broadcast_channel = { version = "0.149.0", path = "./ext/broadcast_channel" } From fa416d7841aee38c9e876aadfe22fce0d8f9348f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Thu, 13 Jun 2024 01:51:26 +0200 Subject: [PATCH 25/27] update tls code --- ext/tls/lib.rs | 82 +++++++------------ .../localhost_unsafe_ssl.ts.out | 2 +- 2 files changed, 31 insertions(+), 53 deletions(-) diff --git a/ext/tls/lib.rs b/ext/tls/lib.rs index 196b3aa1798840..c4d548ccf21dd8 100644 --- a/ext/tls/lib.rs +++ b/ext/tls/lib.rs @@ -47,51 +47,29 @@ pub trait RootCertStoreProvider: Send + Sync { deno_core::extension!(deno_tls); #[derive(Debug)] -struct DefaultSignatureVerification; +pub struct NoCertificateVerification { + pub ic_allowlist: Vec, + default_verifier: Arc, +} -impl ServerCertVerifier for DefaultSignatureVerification { - fn supported_verify_schemes(&self) -> Vec { - vec![] - } - fn verify_server_cert( - &self, - _end_entity: &rustls::pki_types::CertificateDer<'_>, - _intermediates: &[rustls::pki_types::CertificateDer<'_>], - _server_name: &rustls::pki_types::ServerName<'_>, - _ocsp_response: &[u8], - _now: rustls::pki_types::UnixTime, - ) -> Result { - Err(Error::General("Should not be used".to_string())) - } - fn verify_tls12_signature( - &self, - _message: &[u8], - _cert: &rustls::pki_types::CertificateDer<'_>, - _dss: &DigitallySignedStruct, - ) -> Result { - Err(Error::General("Should not be used".to_string())) - } - fn verify_tls13_signature( - &self, - _message: &[u8], - _cert: &rustls::pki_types::CertificateDer<'_>, - _dss: &DigitallySignedStruct, - ) -> Result { - Err(Error::General("Should not be used".to_string())) +impl NoCertificateVerification { + pub fn new(ic_allowlist: Vec) -> Self { + Self { + ic_allowlist, + default_verifier: WebPkiServerVerifier::builder( + create_default_root_cert_store().into(), + ) + .build() + .unwrap(), + } } } -#[derive(Debug)] -pub struct NoCertificateVerification(pub Vec); - impl ServerCertVerifier for NoCertificateVerification { fn supported_verify_schemes(&self) -> Vec { - let root_store = create_default_root_cert_store(); - let verifier = WebPkiServerVerifier::builder(root_store.into()) - .build() - .unwrap(); - verifier.supported_verify_schemes() + self.default_verifier.supported_verify_schemes() } + fn verify_server_cert( &self, end_entity: &rustls::pki_types::CertificateDer<'_>, @@ -100,7 +78,7 @@ impl ServerCertVerifier for NoCertificateVerification { ocsp_response: &[u8], now: rustls::pki_types::UnixTime, ) -> Result { - if self.0.is_empty() { + if self.ic_allowlist.is_empty() { return Ok(ServerCertVerified::assertion()); } let dns_name_or_ip_address = match server_name { @@ -114,14 +92,10 @@ impl ServerCertVerifier for NoCertificateVerification { return Err(Error::General("Unknown `ServerName` variant".to_string())); } }; - if self.0.contains(&dns_name_or_ip_address) { + if self.ic_allowlist.contains(&dns_name_or_ip_address) { Ok(ServerCertVerified::assertion()) } else { - let root_store = create_default_root_cert_store(); - let verifier = WebPkiServerVerifier::builder(root_store.into()) - .build() - .unwrap(); - verifier.verify_server_cert( + self.default_verifier.verify_server_cert( end_entity, intermediates, server_name, @@ -137,11 +111,13 @@ impl ServerCertVerifier for NoCertificateVerification { cert: &rustls::pki_types::CertificateDer, dss: &DigitallySignedStruct, ) -> Result { - if self.0.is_empty() { + if self.ic_allowlist.is_empty() { return Ok(HandshakeSignatureValid::assertion()); } filter_invalid_encoding_err( - DefaultSignatureVerification.verify_tls12_signature(message, cert, dss), + self + .default_verifier + .verify_tls12_signature(message, cert, dss), ) } @@ -151,11 +127,13 @@ impl ServerCertVerifier for NoCertificateVerification { cert: &rustls::pki_types::CertificateDer, dss: &DigitallySignedStruct, ) -> Result { - if self.0.is_empty() { + if self.ic_allowlist.is_empty() { return Ok(HandshakeSignatureValid::assertion()); } filter_invalid_encoding_err( - DefaultSignatureVerification.verify_tls13_signature(message, cert, dss), + self + .default_verifier + .verify_tls13_signature(message, cert, dss), ) } } @@ -204,9 +182,9 @@ pub fn create_client_config( if let Some(ic_allowlist) = unsafely_ignore_certificate_errors { let client_config = ClientConfig::builder() .dangerous() - .with_custom_certificate_verifier(Arc::new(NoCertificateVerification( - ic_allowlist, - ))); + .with_custom_certificate_verifier(Arc::new( + NoCertificateVerification::new(ic_allowlist), + )); // NOTE(bartlomieju): this if/else is duplicated at the end of the body of this function. // However it's not really feasible to deduplicate it as the `client_config` instances diff --git a/tests/specs/cert/localhost_unsafe_ssl/localhost_unsafe_ssl.ts.out b/tests/specs/cert/localhost_unsafe_ssl/localhost_unsafe_ssl.ts.out index 81e490c1cd9ebb..3067fffae2edad 100644 --- a/tests/specs/cert/localhost_unsafe_ssl/localhost_unsafe_ssl.ts.out +++ b/tests/specs/cert/localhost_unsafe_ssl/localhost_unsafe_ssl.ts.out @@ -1,3 +1,3 @@ DANGER: TLS certificate validation is disabled for: deno.land -error: Import 'https://localhost:5545/subdir/mod2.ts' failed: error sending request for url (https://localhost:5545/subdir/mod2.ts): error trying to connect: invalid peer certificate: UnknownIssuer +error: Import 'https://localhost:5545/subdir/mod2.ts' failed: error sending request for url (https://localhost:5545/subdir/mod2.ts) at file:///[WILDCARD]/cafile_url_imports.ts:[WILDCARD] From 31117467447af5a8f83cde918fb4478d39eaaead Mon Sep 17 00:00:00 2001 From: Ryan Dahl Date: Thu, 13 Jun 2024 09:49:07 -0400 Subject: [PATCH 26/27] Update ext/tls/testdata/README Co-authored-by: Divy Srivastava Signed-off-by: Ryan Dahl --- ext/tls/testdata/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/tls/testdata/README b/ext/tls/testdata/README index b2ed3b4530ce47..12046561c244e7 100644 --- a/ext/tls/testdata/README +++ b/ext/tls/testdata/README @@ -1,4 +1,4 @@ -penssl req -x509 -newkey rsa:2048 -nodes -keyout example2_prikey.pem -out example2_cert.der -subj "/C=US/ST=State/L=Locality/O=Organization/CN=example2.com" -outform der +openssl req -x509 -newkey rsa:2048 -nodes -keyout example2_prikey.pem -out example2_cert.der -subj "/C=US/ST=State/L=Locality/O=Organization/CN=example2.com" -outform der openssl pkey -in example2_prikey.pem -out example2_prikey.der -outform der From 3cf9d353b84785b69764398c58fe569c3f2338d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bartek=20Iwa=C5=84czuk?= Date: Thu, 13 Jun 2024 15:52:35 +0200 Subject: [PATCH 27/27] Update tests/util/server/src/https.rs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Divy Srivastava Signed-off-by: Bartek IwaƄczuk --- tests/util/server/src/https.rs | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tests/util/server/src/https.rs b/tests/util/server/src/https.rs index bc17c70e3faaf0..617fd5cae29d44 100644 --- a/tests/util/server/src/https.rs +++ b/tests/util/server/src/https.rs @@ -81,13 +81,10 @@ pub fn get_tls_config( let mut key_reader = io::BufReader::new(key_file); let key = { - let pkcs8_keys_result = rustls_pemfile::pkcs8_private_keys(&mut key_reader) - .collect::, _>>(); - let pkcs8_keys = pkcs8_keys_result?; - - let rsa_keys_result = rustls_pemfile::rsa_private_keys(&mut key_reader) - .collect::, _>>(); - let rsa_keys = rsa_keys_result?; + let pkcs8_keys = rustls_pemfile::pkcs8_private_keys(&mut key_reader) + .collect::, _>>()?; + let rsa_keys = rustls_pemfile::rsa_private_keys(&mut key_reader) + .collect::, _>>()?; if !pkcs8_keys.is_empty() { let key = pkcs8_keys[0].clone_key();