book: order certificate code in top-down order

Author: djc

docs/book/src/bin/certificate.rs

@@ -13,6 +13,26 @@ use rustls::{
     },
 };
 
+#[allow(unused_variables)]
+fn main() {
+    let (self_signed_certs, self_signed_key) = generate_self_signed_cert().unwrap();
+    let (certs, key) = read_certs_from_file().unwrap();
+    let server_config = quinn::ServerConfig::with_single_cert(certs, key);
+    let client_config = quinn::ClientConfig::with_platform_verifier();
+}
+
+#[allow(dead_code)] // Included in `certificate.md`
+fn configure_client() -> Result<ClientConfig, NoInitialCipherSuite> {
+    let crypto = rustls::ClientConfig::builder()
+        .dangerous()
+        .with_custom_certificate_verifier(SkipServerVerification::new())
+        .with_no_client_auth();
+
+    Ok(ClientConfig::new(Arc::new(QuicClientConfig::try_from(
+        crypto,
+    )?)))
+}
+
 // Implementation of `ServerCertVerifier` that verifies everything as trustworthy.
 #[derive(Debug)]
 struct SkipServerVerification(Arc<CryptoProvider>);
@@ -67,16 +87,12 @@ impl danger::ServerCertVerifier for SkipServerVerification {
     }
 }
 
-#[allow(dead_code)] // Included in `certificate.md`
-fn configure_client() -> Result<ClientConfig, NoInitialCipherSuite> {
-    let crypto = rustls::ClientConfig::builder()
-        .dangerous()
-        .with_custom_certificate_verifier(SkipServerVerification::new())
-        .with_no_client_auth();
-
-    Ok(ClientConfig::new(Arc::new(QuicClientConfig::try_from(
-        crypto,
-    )?)))
+fn generate_self_signed_cert()
+-> Result<(CertificateDer<'static>, PrivatePkcs8KeyDer<'static>), Box<dyn Error>> {
+    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_string()])?;
+    let cert_der = CertificateDer::from(cert.cert);
+    let key = PrivatePkcs8KeyDer::from(cert.key_pair.serialize_der());
+    Ok((cert_der, key))
 }
 
 fn read_certs_from_file()
@@ -88,19 +104,3 @@ fn read_certs_from_file()
     let key = PrivateKeyDer::from_pem_file("./privkey.pem").unwrap();
     Ok((certs, key))
 }
-
-fn generate_self_signed_cert()
--> Result<(CertificateDer<'static>, PrivatePkcs8KeyDer<'static>), Box<dyn Error>> {
-    let cert = rcgen::generate_simple_self_signed(vec!["localhost".to_string()])?;
-    let cert_der = CertificateDer::from(cert.cert);
-    let key = PrivatePkcs8KeyDer::from(cert.key_pair.serialize_der());
-    Ok((cert_der, key))
-}
-
-#[allow(unused_variables)]
-fn main() {
-    let (self_signed_certs, self_signed_key) = generate_self_signed_cert().unwrap();
-    let (certs, key) = read_certs_from_file().unwrap();
-    let server_config = quinn::ServerConfig::with_single_cert(certs, key);
-    let client_config = quinn::ClientConfig::with_platform_verifier();
-}

docs/book/src/quinn/certificate.md

@@ -19,13 +19,13 @@ rustls = { version = "*", features = ["dangerous_configuration", "quic"] }
 Then, allow the client to skip the certificate validation by implementing [ServerCertVerifier][ServerCertVerifier] and letting it assert verification for any server.
 
 ```rust
-{{#include ../bin/certificate.rs:16:68}}
+{{#include ../bin/certificate.rs:36:88}}
 ```
 
 After that, modify the [ClientConfig][ClientConfig] to use this [ServerCertVerifier][ServerCertVerifier] implementation.
 
 ```rust
-{{#include ../bin/certificate.rs:71:80}}
+{{#include ../bin/certificate.rs:25:34}}
 ```
 
 Finally, if you plug this [ClientConfig][ClientConfig] into the [Endpoint::set_default_client_config()][set_default_client_config] your client endpoint should verify all connections as trustworthy.
@@ -45,7 +45,7 @@ This example uses [rcgen][4] to generate a certificate.
 Let's look at an example:
 
 ```rust
-{{#include ../bin/certificate.rs:92:98}}
+{{#include ../bin/certificate.rs:90:96}}
 ```
 
 _Note that [generate_simple_self_signed][generate_simple_self_signed] returns a [Certificate][2] that can be serialized to both `.der` and `.pem` formats._
@@ -68,7 +68,7 @@ certbot asks for the required data and writes the certificates to `fullchain.pem
 These files can then be referenced in code.
 
 ```rust
-{{#include ../bin/certificate.rs:82:90}}
+{{#include ../bin/certificate.rs:98:106}}
 ```
 
 ### Configuring Certificates
@@ -79,15 +79,15 @@ After configuring plug the configuration into the `Endpoint`.
 **Configure Server**
 
 ```rust
-{{#include ../bin/certificate.rs:104}}
+{{#include ../bin/certificate.rs:20}}
 ```
 
 This is the only thing you need to do for your server to be secured.
 
 **Configure Client**
 
 ```rust
-{{#include ../bin/certificate.rs:105}}
+{{#include ../bin/certificate.rs:21}}
 ```
 
 This is the only thing you need to do for your client to trust a server certificate signed by a conventional certificate authority.