book: import more types

Author: djc

docs/book/src/bin/certificate.rs

@@ -4,36 +4,43 @@ use quinn::{
     ClientConfig,
     crypto::rustls::{NoInitialCipherSuite, QuicClientConfig},
 };
-use rustls::pki_types::pem::PemObject;
+use rustls::{
+    DigitallySignedStruct, SignatureScheme,
+    client::danger,
+    crypto::{CryptoProvider, verify_tls12_signature, verify_tls13_signature},
+    pki_types::{
+        CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer, ServerName, UnixTime, pem::PemObject,
+    },
+};
 
 // Implementation of `ServerCertVerifier` that verifies everything as trustworthy.
 #[derive(Debug)]
-struct SkipServerVerification(Arc<rustls::crypto::CryptoProvider>);
+struct SkipServerVerification(Arc<CryptoProvider>);
 
 impl SkipServerVerification {
     fn new() -> Arc<Self> {
         Arc::new(Self(Arc::new(rustls::crypto::ring::default_provider())))
     }
 }
 
-impl rustls::client::danger::ServerCertVerifier for SkipServerVerification {
+impl danger::ServerCertVerifier for SkipServerVerification {
     fn verify_server_cert(
         &self,
-        _end_entity: &rustls::pki_types::CertificateDer<'_>,
-        _intermediates: &[rustls::pki_types::CertificateDer<'_>],
-        _server_name: &rustls::pki_types::ServerName<'_>,
+        _end_entity: &CertificateDer<'_>,
+        _intermediates: &[CertificateDer<'_>],
+        _server_name: &ServerName<'_>,
         _ocsp: &[u8],
-        _now: rustls::pki_types::UnixTime,
-    ) -> Result<rustls::client::danger::ServerCertVerified, rustls::Error> {
-        Ok(rustls::client::danger::ServerCertVerified::assertion())
+        _now: UnixTime,
+    ) -> Result<danger::ServerCertVerified, rustls::Error> {
+        Ok(danger::ServerCertVerified::assertion())
     }
     fn verify_tls12_signature(
         &self,
         message: &[u8],
-        cert: &rustls::pki_types::CertificateDer<'_>,
-        dss: &rustls::DigitallySignedStruct,
-    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        rustls::crypto::verify_tls12_signature(
+        cert: &CertificateDer<'_>,
+        dss: &DigitallySignedStruct,
+    ) -> Result<danger::HandshakeSignatureValid, rustls::Error> {
+        verify_tls12_signature(
             message,
             cert,
             dss,
@@ -44,18 +51,18 @@ impl rustls::client::danger::ServerCertVerifier for SkipServerVerification {
     fn verify_tls13_signature(
         &self,
         message: &[u8],
-        cert: &rustls::pki_types::CertificateDer<'_>,
-        dss: &rustls::DigitallySignedStruct,
-    ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
-        rustls::crypto::verify_tls13_signature(
+        cert: &CertificateDer<'_>,
+        dss: &DigitallySignedStruct,
+    ) -> Result<danger::HandshakeSignatureValid, rustls::Error> {
+        verify_tls13_signature(
             message,
             cert,
             dss,
             &self.0.signature_verification_algorithms,
         )
     }
 
-    fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+    fn supported_verify_schemes(&self) -> Vec<SignatureScheme> {
         self.0.signature_verification_algorithms.supported_schemes()
     }
 }
@@ -72,31 +79,21 @@ fn configure_client() -> Result<ClientConfig, NoInitialCipherSuite> {
     )?)))
 }
 
-fn read_certs_from_file() -> Result<
-    (
-        Vec<rustls::pki_types::CertificateDer<'static>>,
-        rustls::pki_types::PrivateKeyDer<'static>,
-    ),
-    Box<dyn Error>,
-> {
-    let certs = rustls::pki_types::CertificateDer::pem_file_iter("./fullchain.pem")
+fn read_certs_from_file()
+-> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), Box<dyn Error>> {
+    let certs = CertificateDer::pem_file_iter("./fullchain.pem")
         .unwrap()
         .map(|cert| cert.unwrap())
         .collect();
-    let key = rustls::pki_types::PrivateKeyDer::from_pem_file("./privkey.pem").unwrap();
+    let key = PrivateKeyDer::from_pem_file("./privkey.pem").unwrap();
     Ok((certs, key))
 }
 
-fn generate_self_signed_cert() -> Result<
-    (
-        rustls::pki_types::CertificateDer<'static>,
-        rustls::pki_types::PrivatePkcs8KeyDer<'static>,
-    ),
-    Box<dyn Error>,
-> {
+fn generate_self_signed_cert()
+-> Result<(CertificateDer<'static>, PrivatePkcs8KeyDer<'static>), Box<dyn Error>> {
     let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_string()])?;
-    let cert_der = rustls::pki_types::CertificateDer::from(cert.cert);
-    let key = rustls::pki_types::PrivatePkcs8KeyDer::from(cert.key_pair.serialize_der());
+    let cert_der = CertificateDer::from(cert.cert);
+    let key = PrivatePkcs8KeyDer::from(cert.key_pair.serialize_der());
     Ok((cert_der, key))
 }
 

docs/book/src/quinn/certificate.md

@@ -19,13 +19,13 @@ rustls = { version = "*", features = ["dangerous_configuration", "quic"] }
 Then, allow the client to skip the certificate validation by implementing [ServerCertVerifier][ServerCertVerifier] and letting it assert verification for any server.
 
 ```rust
-{{#include ../bin/certificate.rs:8:60}}
+{{#include ../bin/certificate.rs:16:68}}
 ```
 
 After that, modify the [ClientConfig][ClientConfig] to use this [ServerCertVerifier][ServerCertVerifier] implementation.
 
 ```rust
-{{#include ../bin/certificate.rs:63:72}}
+{{#include ../bin/certificate.rs:71:80}}
 ```
 
 Finally, if you plug this [ClientConfig][ClientConfig] into the [Endpoint::set_default_client_config()][set_default_client_config] your client endpoint should verify all connections as trustworthy.
@@ -45,7 +45,7 @@ This example uses [rcgen][4] to generate a certificate.
 Let's look at an example:
 
 ```rust
-{{#include ../bin/certificate.rs:90:101}}
+{{#include ../bin/certificate.rs:92:98}}
 ```
 
 _Note that [generate_simple_self_signed][generate_simple_self_signed] returns a [Certificate][2] that can be serialized to both `.der` and `.pem` formats._
@@ -68,7 +68,7 @@ certbot asks for the required data and writes the certificates to `fullchain.pem
 These files can then be referenced in code.
 
 ```rust
-{{#include ../bin/certificate.rs:75:88}}
+{{#include ../bin/certificate.rs:82:90}}
 ```
 
 ### Configuring Certificates
@@ -79,15 +79,15 @@ After configuring plug the configuration into the `Endpoint`.
 **Configure Server**
 
 ```rust
-{{#include ../bin/certificate.rs:107}}
+{{#include ../bin/certificate.rs:104}}
 ```
 
 This is the only thing you need to do for your server to be secured.
 
 **Configure Client**
 
 ```rust
-{{#include ../bin/certificate.rs:108}}
+{{#include ../bin/certificate.rs:105}}
 ```
 
 This is the only thing you need to do for your client to trust a server certificate signed by a conventional certificate authority.