From c6b41ef06d539d040315208fd9edeba221093fa7 Mon Sep 17 00:00:00 2001 From: Sam Clark <3758302+goatgoose@users.noreply.github.com> Date: Fri, 31 Jan 2025 16:13:53 -0500 Subject: [PATCH] docs(s2n-tls-hyper): Add hyper client/server example (#5069) --- bindings/rust-examples/Cargo.toml | 4 +- bindings/rust-examples/certs/ca-cert.pem | 20 ++--- bindings/rust-examples/certs/generate.sh | 26 +++++++ .../rust-examples/certs/kangaroo-chain.pem | 42 +++++----- bindings/rust-examples/certs/kangaroo-key.pem | 8 +- .../rust-examples/certs/localhost-chain.pem | 24 ++++++ .../rust-examples/certs/localhost-key.pem | 6 ++ bindings/rust-examples/certs/wombat-chain.pem | 40 +++++----- bindings/rust-examples/certs/wombat-key.pem | 8 +- .../hyper-server-client/Cargo.toml | 19 +++++ .../hyper-server-client/README.md | 20 +++++ .../hyper-server-client/src/bin/client.rs | 60 ++++++++++++++ .../hyper-server-client/src/bin/server.rs | 78 +++++++++++++++++++ 13 files changed, 295 insertions(+), 60 deletions(-) create mode 100644 bindings/rust-examples/certs/localhost-chain.pem create mode 100644 bindings/rust-examples/certs/localhost-key.pem create mode 100644 bindings/rust-examples/hyper-server-client/Cargo.toml create mode 100644 bindings/rust-examples/hyper-server-client/README.md create mode 100644 bindings/rust-examples/hyper-server-client/src/bin/client.rs create mode 100644 bindings/rust-examples/hyper-server-client/src/bin/server.rs diff --git a/bindings/rust-examples/Cargo.toml b/bindings/rust-examples/Cargo.toml index a718b4ff287..50b365f2183 100644 --- a/bindings/rust-examples/Cargo.toml +++ b/bindings/rust-examples/Cargo.toml @@ -1,6 +1,8 @@ [workspace] members = [ - "client-hello-config-resolution", "tokio-server-client", + "client-hello-config-resolution", + "hyper-server-client", + "tokio-server-client", ] resolver = "2" diff --git a/bindings/rust-examples/certs/ca-cert.pem b/bindings/rust-examples/certs/ca-cert.pem index 18adfd4d6e9..939eacb78f8 100644 --- a/bindings/rust-examples/certs/ca-cert.pem +++ b/bindings/rust-examples/certs/ca-cert.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIB3DCCAWKgAwIBAgIUaAjZTaFhJNRyFtFQut1CdrY7RH0wCgYIKoZIzj0EAwMw -HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjQwMTI3MDAwODQ4WhgP -MjIwMzA3MDQwMDA4NDhaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEclmOmfFLoQR+mupZSc7J3IfZ6OV0IphUHWwv -iH9BvkGh4OX+RZfafa4hw90A5fk0ps520Dt04tHwotLBNkdQcWDJunOhw8ydebIP -TaP0V8OgxFs+P4kpBkMVNB3H+PK6o2MwYTAdBgNVHQ4EFgQU2ic6pZKpiyOr5aPt -YhABB9hJC5QwHwYDVR0jBBgwFoAU2ic6pZKpiyOr5aPtYhABB9hJC5QwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDaAAwZQIxAMtZ -+QqC0LGdqUxdr2woMr6pUNAaZYaxm6APPqyKsjVqNaKadiSueNbbbc+seKJXbwIw -Zl0HNHzmoNAMkpgx5BCukjL1v07C571diSW4Z/P96t8tUzi/2rUOoFlJYU0B8cib +MIIB2zCCAWKgAwIBAgIUFGw6MYghVw9GrlpnQwZUmB0HHbwwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEAzmebLd0GPptVlLK68gdNVVxmzTqI/ppHwYs +rn8D+0yUvD2SZj8Pkxq+Ow/gVK16CC2pY9o24xagYRhJ9RUgIrocC9k0c61QquXq +Sz58dWyajw5/gBGFxryWlaoRiC4uo2MwYTAdBgNVHQ4EFgQUSvDRw0hufm/4UxQS +m97QrxknijwwHwYDVR0jBBgwFoAUSvDRw0hufm/4UxQSm97QrxknijwwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDZwAwZAIwCnoD +mXfz4EZaUBZpfKbYBg6GxdGbpURJkWD4TaYK75JqWSYsQNZQQpCOOBG5zjcGAjAl +i5bAyEtIJW33HzZUuCpZpc6rhFLv97b4HIRdDd1kgSMYBwUfi371de/H24vuC/s= -----END CERTIFICATE----- diff --git a/bindings/rust-examples/certs/generate.sh b/bindings/rust-examples/certs/generate.sh index bc5df0a11f9..94d1a5efe46 100755 --- a/bindings/rust-examples/certs/generate.sh +++ b/bindings/rust-examples/certs/generate.sh @@ -36,6 +36,15 @@ openssl req -new -noenc \ -subj "/C=US/CN=kangaroo" \ -addext "subjectAltName = DNS:www.kangaroo.com" +echo "generating localhost private key and CSR" +openssl req -new -noenc \ + -newkey ec \ + -pkeyopt ec_paramgen_curve:P-384 \ + -keyout localhost-key.pem \ + -out localhost.csr \ + -subj "/C=US/CN=localhost" \ + -addext "subjectAltName = DNS:localhost" + echo "generating wombat server certificate and signing it" openssl x509 -days 65536 \ -req -in wombat.csr \ @@ -56,6 +65,16 @@ openssl x509 -days 65536 \ -out kangaroo-cert.pem \ -copy_extensions=copyall +echo "generating localhost certificate and signing it" +openssl x509 -days 65536 \ + -req -in localhost.csr \ + -SHA384 \ + -CA ca-cert.pem \ + -CAkey ca-key.pem \ + -CAcreateserial \ + -out localhost-cert.pem \ + -copy_extensions=copyall + touch wombat-chain.pem cat wombat-cert.pem >> wombat-chain.pem cat ca-cert.pem >> wombat-chain.pem @@ -64,17 +83,24 @@ touch kangaroo-chain.pem cat kangaroo-cert.pem >> kangaroo-chain.pem cat ca-cert.pem >> kangaroo-chain.pem +touch localhost-chain.pem +cat localhost-cert.pem >> localhost-chain.pem +cat ca-cert.pem >> localhost-chain.pem + echo "verifying server certificates" openssl verify -CAfile ca-cert.pem wombat-cert.pem openssl verify -CAfile ca-cert.pem kangaroo-cert.pem +openssl verify -CAfile ca-cert.pem localhost-cert.pem # certificate signing requests are never used after the certs are generated rm wombat.csr rm kangaroo.csr +rm localhost.csr rm ca-cert.srl # the private keys of the CA are never needed after signing rm ca-key.pem rm wombat-cert.pem rm kangaroo-cert.pem +rm localhost-cert.pem diff --git a/bindings/rust-examples/certs/kangaroo-chain.pem b/bindings/rust-examples/certs/kangaroo-chain.pem index aae7148621d..4cfb5fbfe3e 100644 --- a/bindings/rust-examples/certs/kangaroo-chain.pem +++ b/bindings/rust-examples/certs/kangaroo-chain.pem @@ -1,25 +1,25 @@ -----BEGIN CERTIFICATE----- -MIIB3TCCAWKgAwIBAgIUJhUgxiGTEOtg0JBtu9SrS7PPvo0wCgYIKoZIzj0EAwMw -HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjQwMTI3MDAwODQ4WhgP -MjIwMzA3MDQwMDA4NDhaMCAxCzAJBgNVBAYTAlVTMREwDwYDVQQDDAhrYW5nYXJv -bzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCzesg6GHI5tMP4JuMvpiVHsc+CStyTy -JQQZ4jyj4fVfgqCcPVo6qJq6DjPepMRkm5tLtFrdavl8/ZZpiCi5vLSymUxliFXD -9DD8GO5naaBnW2EmuYCcNrB0FJJfKZurVKNfMF0wGwYDVR0RBBQwEoIQd3d3Lmth -bmdhcm9vLmNvbTAdBgNVHQ4EFgQUNmsIZH0IDGVlSy7V6BYZTE6NX1QwHwYDVR0j -BBgwFoAU2ic6pZKpiyOr5aPtYhABB9hJC5QwCgYIKoZIzj0EAwMDaQAwZgIxAJzE -GC8hKsqTmDxI4r7bewI/vjtKyEUf0BDJfRrSLixPySYRTbx950iHMo6kXB0DEwIx -AO02gaF9weybuklR+DZ/j6EEZk4HlaRvN575vKmdDYIUF4KpFcT/8f85+5klj9Tl -Hg== +MIIB3TCCAWKgAwIBAgIUIbygx2K+SoQizZPmr+WpBYAyC+UwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMCAxCzAJBgNVBAYTAlVTMREwDwYDVQQDDAhrYW5nYXJv +bzB2MBAGByqGSM49AgEGBSuBBAAiA2IABJL7bfoMCdRnkr9f+OMYtZpoJ13hhGH8 +JqSdDQGSy/SfwEo8AbmDEF6tc3HGkCpx0/K1Q5lENshft6y+3n4Qn8q+9uy4aI/c ++fm8FHKbooe748nwxdHo+GczlzJwPR3I9qNfMF0wGwYDVR0RBBQwEoIQd3d3Lmth +bmdhcm9vLmNvbTAdBgNVHQ4EFgQUaLUgNRONUSKhwjyLrkuYSvOGDoIwHwYDVR0j +BBgwFoAUSvDRw0hufm/4UxQSm97QrxknijwwCgYIKoZIzj0EAwMDaQAwZgIxAPqf +TV3w4egUT/MeS4BowJ4//N0NoBr0ohN+Ea2aAv5REiMJXJ/VfScvJMOfcGdzbQIx +ANO56JKO/54WKd/14Xft0yKiHKCkRaazqngDw9L9jZo5QA1gEcDkWETBzjSdJ4ys +0w== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB3DCCAWKgAwIBAgIUaAjZTaFhJNRyFtFQut1CdrY7RH0wCgYIKoZIzj0EAwMw -HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjQwMTI3MDAwODQ4WhgP -MjIwMzA3MDQwMDA4NDhaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEclmOmfFLoQR+mupZSc7J3IfZ6OV0IphUHWwv -iH9BvkGh4OX+RZfafa4hw90A5fk0ps520Dt04tHwotLBNkdQcWDJunOhw8ydebIP -TaP0V8OgxFs+P4kpBkMVNB3H+PK6o2MwYTAdBgNVHQ4EFgQU2ic6pZKpiyOr5aPt -YhABB9hJC5QwHwYDVR0jBBgwFoAU2ic6pZKpiyOr5aPtYhABB9hJC5QwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDaAAwZQIxAMtZ -+QqC0LGdqUxdr2woMr6pUNAaZYaxm6APPqyKsjVqNaKadiSueNbbbc+seKJXbwIw -Zl0HNHzmoNAMkpgx5BCukjL1v07C571diSW4Z/P96t8tUzi/2rUOoFlJYU0B8cib +MIIB2zCCAWKgAwIBAgIUFGw6MYghVw9GrlpnQwZUmB0HHbwwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEAzmebLd0GPptVlLK68gdNVVxmzTqI/ppHwYs +rn8D+0yUvD2SZj8Pkxq+Ow/gVK16CC2pY9o24xagYRhJ9RUgIrocC9k0c61QquXq +Sz58dWyajw5/gBGFxryWlaoRiC4uo2MwYTAdBgNVHQ4EFgQUSvDRw0hufm/4UxQS +m97QrxknijwwHwYDVR0jBBgwFoAUSvDRw0hufm/4UxQSm97QrxknijwwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDZwAwZAIwCnoD +mXfz4EZaUBZpfKbYBg6GxdGbpURJkWD4TaYK75JqWSYsQNZQQpCOOBG5zjcGAjAl +i5bAyEtIJW33HzZUuCpZpc6rhFLv97b4HIRdDd1kgSMYBwUfi371de/H24vuC/s= -----END CERTIFICATE----- diff --git a/bindings/rust-examples/certs/kangaroo-key.pem b/bindings/rust-examples/certs/kangaroo-key.pem index 38a1a1b4258..16d075136a8 100644 --- a/bindings/rust-examples/certs/kangaroo-key.pem +++ b/bindings/rust-examples/certs/kangaroo-key.pem @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB8OJA0z/nzPkogIasW -B8xhhROb0sDbHEqYwStAdDKEWGCLGyy46/5sMprtht8bBpahZANiAAQs3rIOhhyO -bTD+CbjL6YlR7HPgkrck8iUEGeI8o+H1X4KgnD1aOqiaug4z3qTEZJubS7Ra3Wr5 -fP2WaYgouby0splMZYhVw/Qw/BjuZ2mgZ1thJrmAnDawdBSSXymbq1Q= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDQb27I4N/bli1Akl+n +t2jd6CEXwqQbpcgD9lgEXBYigObKYfXb08UNZDC3HH4VVNahZANiAASS+236DAnU +Z5K/X/jjGLWaaCdd4YRh/CaknQ0Bksv0n8BKPAG5gxBerXNxxpAqcdPytUOZRDbI +X7esvt5+EJ/KvvbsuGiP3Pn5vBRym6KHu+PJ8MXR6PhnM5cycD0dyPY= -----END PRIVATE KEY----- diff --git a/bindings/rust-examples/certs/localhost-chain.pem b/bindings/rust-examples/certs/localhost-chain.pem new file mode 100644 index 00000000000..1cc1745381f --- /dev/null +++ b/bindings/rust-examples/certs/localhost-chain.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIB1TCCAVygAwIBAgIUIbygx2K+SoQizZPmr+WpBYAyC+YwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMCExCzAJBgNVBAYTAlVTMRIwEAYDVQQDDAlsb2NhbGhv +c3QwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR2LB4AO/2VunUoHiAtRESZM+by7BGs +T9rYfTfRksznhwhutBT1uEFlCMJdUWt48DYDPiURi8p0Tyeb/eXTtVsvRmXcg99J +Fnih1VZj7EORZxi+ERGnRE26Um+5Ki/UORyjWDBWMBQGA1UdEQQNMAuCCWxvY2Fs +aG9zdDAdBgNVHQ4EFgQUEcK0db2ctmhGC17lC0irWUAeVDEwHwYDVR0jBBgwFoAU +SvDRw0hufm/4UxQSm97QrxknijwwCgYIKoZIzj0EAwMDZwAwZAIwMp8U0i0Ibwyk +JOWyY3ZC36xMask8C9jomulEikG96+6fJpGywxDc40ZIqTD0ze74AjBWF10vPSZh +mW6WtIZ0Xf4yRxXb9EY6+LMWbQMHVkE2ec5+WEvfUFf72bGUTWPKWSw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2zCCAWKgAwIBAgIUFGw6MYghVw9GrlpnQwZUmB0HHbwwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEAzmebLd0GPptVlLK68gdNVVxmzTqI/ppHwYs +rn8D+0yUvD2SZj8Pkxq+Ow/gVK16CC2pY9o24xagYRhJ9RUgIrocC9k0c61QquXq +Sz58dWyajw5/gBGFxryWlaoRiC4uo2MwYTAdBgNVHQ4EFgQUSvDRw0hufm/4UxQS +m97QrxknijwwHwYDVR0jBBgwFoAUSvDRw0hufm/4UxQSm97QrxknijwwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDZwAwZAIwCnoD +mXfz4EZaUBZpfKbYBg6GxdGbpURJkWD4TaYK75JqWSYsQNZQQpCOOBG5zjcGAjAl +i5bAyEtIJW33HzZUuCpZpc6rhFLv97b4HIRdDd1kgSMYBwUfi371de/H24vuC/s= +-----END CERTIFICATE----- diff --git a/bindings/rust-examples/certs/localhost-key.pem b/bindings/rust-examples/certs/localhost-key.pem new file mode 100644 index 00000000000..9bf6b6ec7af --- /dev/null +++ b/bindings/rust-examples/certs/localhost-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDnJ1xbUHAxZthbja8u +7QZBCRQg+/lsKjZzswdK9EW6gzlL+RLg5JsMNAEHJgbRZcihZANiAAR2LB4AO/2V +unUoHiAtRESZM+by7BGsT9rYfTfRksznhwhutBT1uEFlCMJdUWt48DYDPiURi8p0 +Tyeb/eXTtVsvRmXcg99JFnih1VZj7EORZxi+ERGnRE26Um+5Ki/UORw= +-----END PRIVATE KEY----- diff --git a/bindings/rust-examples/certs/wombat-chain.pem b/bindings/rust-examples/certs/wombat-chain.pem index 303aaaae7f7..a9f525270c3 100644 --- a/bindings/rust-examples/certs/wombat-chain.pem +++ b/bindings/rust-examples/certs/wombat-chain.pem @@ -1,24 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIB2DCCAV6gAwIBAgIUJhUgxiGTEOtg0JBtu9SrS7PPvowwCgYIKoZIzj0EAwMw -HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjQwMTI3MDAwODQ4WhgP -MjIwMzA3MDQwMDA4NDhaMB4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQDDAZ3b21iYXQw -djAQBgcqhkjOPQIBBgUrgQQAIgNiAARUye9Qgw5N7T8nk6DFoUwPVzSnQy9v4v0V -8SOUZmRwBqmFSJ9Vm988BwAcPFHdmQ13Za4XTkDbQvMmgzntIIIziiyaJQAazRFG -Y2Ex4V/YBiIsuh5wPOXjtvOtgVMXBgijXTBbMBkGA1UdEQQSMBCCDnd3dy53b21i -YXQuY29tMB0GA1UdDgQWBBS+Tbl0gagSNimLM5q2EgeBIMEAfzAfBgNVHSMEGDAW -gBTaJzqlkqmLI6vlo+1iEAEH2EkLlDAKBggqhkjOPQQDAwNoADBlAjAKqbrvk9by -G278VLs7F8uvc1mFYYWv/ZnnQIEJT8srO+P57PtC5FBId5oK28P41EUCMQCim4LR -KzY/PcdY8NlAcHu/caWvGH2+FWm7jFyr8As5oXT0swbqYmMqpaK6E2EZNIk= +MIIB2DCCAV6gAwIBAgIUIbygx2K+SoQizZPmr+WpBYAyC+QwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMB4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQDDAZ3b21iYXQw +djAQBgcqhkjOPQIBBgUrgQQAIgNiAAS+0VxsqVGqGA00CH7TNweWiBQCo8077bxm +YL67K1IbKUL9A7/E0QvpXKX+ZL5avFf+Xuq73YwjHDluvciNfyYp7S2GOa9bB3Yj +X1O6VWye3LP2IPqDRPfrECsULfZ47rGjXTBbMBkGA1UdEQQSMBCCDnd3dy53b21i +YXQuY29tMB0GA1UdDgQWBBTQuywWPes6160/3Gkd99q/Ay+0BjAfBgNVHSMEGDAW +gBRK8NHDSG5+b/hTFBKb3tCvGSeKPDAKBggqhkjOPQQDAwNoADBlAjBUr2pSfpp+ +nXtuaH371DPGycbZK+BiV4GsKd2JHhDc8+3j+lPqWfPzzmLwZjtqpCwCMQCQ5kvk +BT842pRPe8K5zsD3tw8cuQIMUUY2joifFG2YUcku7KMIrJzn3HmdglCh98E= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB3DCCAWKgAwIBAgIUaAjZTaFhJNRyFtFQut1CdrY7RH0wCgYIKoZIzj0EAwMw -HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjQwMTI3MDAwODQ4WhgP -MjIwMzA3MDQwMDA4NDhaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEclmOmfFLoQR+mupZSc7J3IfZ6OV0IphUHWwv -iH9BvkGh4OX+RZfafa4hw90A5fk0ps520Dt04tHwotLBNkdQcWDJunOhw8ydebIP -TaP0V8OgxFs+P4kpBkMVNB3H+PK6o2MwYTAdBgNVHQ4EFgQU2ic6pZKpiyOr5aPt -YhABB9hJC5QwHwYDVR0jBBgwFoAU2ic6pZKpiyOr5aPtYhABB9hJC5QwDwYDVR0T -AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDaAAwZQIxAMtZ -+QqC0LGdqUxdr2woMr6pUNAaZYaxm6APPqyKsjVqNaKadiSueNbbbc+seKJXbwIw -Zl0HNHzmoNAMkpgx5BCukjL1v07C571diSW4Z/P96t8tUzi/2rUOoFlJYU0B8cib +MIIB2zCCAWKgAwIBAgIUFGw6MYghVw9GrlpnQwZUmB0HHbwwCgYIKoZIzj0EAwMw +HDELMAkGA1UEBhMCVVMxDTALBgNVBAMMBHJvb3QwIBcNMjUwMTI4MjEyNDU2WhgP +MjIwNDA3MDUyMTI0NTZaMBwxCzAJBgNVBAYTAlVTMQ0wCwYDVQQDDARyb290MHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEAzmebLd0GPptVlLK68gdNVVxmzTqI/ppHwYs +rn8D+0yUvD2SZj8Pkxq+Ow/gVK16CC2pY9o24xagYRhJ9RUgIrocC9k0c61QquXq +Sz58dWyajw5/gBGFxryWlaoRiC4uo2MwYTAdBgNVHQ4EFgQUSvDRw0hufm/4UxQS +m97QrxknijwwHwYDVR0jBBgwFoAUSvDRw0hufm/4UxQSm97QrxknijwwDwYDVR0T +AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAgQwCgYIKoZIzj0EAwMDZwAwZAIwCnoD +mXfz4EZaUBZpfKbYBg6GxdGbpURJkWD4TaYK75JqWSYsQNZQQpCOOBG5zjcGAjAl +i5bAyEtIJW33HzZUuCpZpc6rhFLv97b4HIRdDd1kgSMYBwUfi371de/H24vuC/s= -----END CERTIFICATE----- diff --git a/bindings/rust-examples/certs/wombat-key.pem b/bindings/rust-examples/certs/wombat-key.pem index a21d33a6273..e437a0e9af1 100644 --- a/bindings/rust-examples/certs/wombat-key.pem +++ b/bindings/rust-examples/certs/wombat-key.pem @@ -1,6 +1,6 @@ -----BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDO2TkDRDnGfKAvjH9+ -SliejJgLp6ONEdNAgfimOEDWgfMJiyYEPp9WhZkASDVTaB2hZANiAARUye9Qgw5N -7T8nk6DFoUwPVzSnQy9v4v0V8SOUZmRwBqmFSJ9Vm988BwAcPFHdmQ13Za4XTkDb -QvMmgzntIIIziiyaJQAazRFGY2Ex4V/YBiIsuh5wPOXjtvOtgVMXBgg= +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCKRIdzyeIA/FHH3W4p +ZsAyrZJgeJSwwAksPKP2gSzCfgk0xMETNLix0+2wwDfrFOChZANiAAS+0VxsqVGq +GA00CH7TNweWiBQCo8077bxmYL67K1IbKUL9A7/E0QvpXKX+ZL5avFf+Xuq73Ywj +HDluvciNfyYp7S2GOa9bB3YjX1O6VWye3LP2IPqDRPfrECsULfZ47rE= -----END PRIVATE KEY----- diff --git a/bindings/rust-examples/hyper-server-client/Cargo.toml b/bindings/rust-examples/hyper-server-client/Cargo.toml new file mode 100644 index 00000000000..e2b4407f138 --- /dev/null +++ b/bindings/rust-examples/hyper-server-client/Cargo.toml @@ -0,0 +1,19 @@ +[package] +name = "hyper-server-client" +version.workspace = true +authors.workspace = true +publish.workspace = true +license.workspace = true +edition.workspace = true + +[dependencies] +s2n-tls = { path = "../../rust/extended/s2n-tls" } +s2n-tls-tokio = { path = "../../rust/extended/s2n-tls-tokio" } +s2n-tls-hyper = { path = "../../rust/standard/s2n-tls-hyper" } +tokio = { version = "1", features = ["full"] } +hyper = { version = "1" } +hyper-util = { version = "0.1", features = ["client-legacy", "server", "tokio", "http1", "http2"]} +http-body-util = { version = "0.1" } +clap = { version = "4", features = ["derive"]} +http = { version = "1" } +bytes = { version = "1" } diff --git a/bindings/rust-examples/hyper-server-client/README.md b/bindings/rust-examples/hyper-server-client/README.md new file mode 100644 index 00000000000..675761285d9 --- /dev/null +++ b/bindings/rust-examples/hyper-server-client/README.md @@ -0,0 +1,20 @@ +This example demonstrates how to use s2n-tls with the [hyper](https://hyper.rs/) HTTP library. + +The server example demonstrates how to use s2n-tls with the [hyper-util server](https://docs.rs/hyper-util/latest/hyper_util/server/conn/auto/struct.Builder.html). The client example demonstrates how to use s2n-tls with the [hyper-util client](https://docs.rs/hyper-util/latest/hyper_util/client/legacy/struct.Builder.html), via the [s2n-tls-hyper](../../rust/standard/s2n-tls-hyper) compatibility crate. + +Start the example server as follows: +``` +cargo run --bin server +``` + +The server will listen for incoming TLS connections, and echo the contents of HTTP requests back to the client in an HTTP response. + +Connect to the server with the example client as follows: +``` +cargo run --bin client -- --body "some text to send to the server" +``` + +The example client simply sends a GET request to the server, and can be configured to use a different server address: +``` +cargo run --bin client -- --addr www.amazon.com +``` diff --git a/bindings/rust-examples/hyper-server-client/src/bin/client.rs b/bindings/rust-examples/hyper-server-client/src/bin/client.rs new file mode 100644 index 00000000000..fb4e9739287 --- /dev/null +++ b/bindings/rust-examples/hyper-server-client/src/bin/client.rs @@ -0,0 +1,60 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +use bytes::Bytes; +use clap::Parser; +use http_body_util::{BodyExt, Full}; +use hyper_util::{client::legacy::Client, rt::TokioExecutor}; +use std::error::Error; +use std::str::FromStr; + +/// NOTE: this CA is to be used for demonstration purposes only! +const CA: &[u8] = include_bytes!(concat!(env!("CARGO_MANIFEST_DIR"), "/../certs/ca-cert.pem")); + +#[derive(Parser)] +struct Args { + #[clap(short, long, default_value = "localhost:8888")] + addr: String, + #[clap(short, long, default_value = "")] + body: String, +} + +async fn run_client(addr: &str, request_body: Vec) -> Result<(), Box> { + // Configure the s2n-tls client. + let config = { + let mut builder = s2n_tls::config::Builder::new(); + builder.trust_pem(CA)?; + builder.build()? + }; + + // Create a hyper-util client with this configuration, using the s2n-tls-hyper HttpsConnector. + let connector = s2n_tls_hyper::connector::HttpsConnector::new(config); + let client: Client<_, Full> = Client::builder(TokioExecutor::new()).build(connector); + + // Create an HTTP request to send to the server. + let uri = http::Uri::from_str(format!("https://{addr}/").as_str())?; + let request: http::Request> = http::Request::builder() + .method(http::Method::GET) + .uri(uri) + .body(Full::from(request_body.clone()))?; + + // Send the request to the server. + let response = client.request(request).await?; + assert_eq!(response.status(), http::StatusCode::OK); + + // Get the response body. + let response_body = response.into_body().collect().await?.to_bytes(); + println!( + "Response body: \n{}", + String::from_utf8_lossy(&response_body) + ); + + Ok(()) +} + +#[tokio::main] +async fn main() -> Result<(), Box> { + let args = Args::parse(); + run_client(&args.addr, args.body.into_bytes()).await?; + Ok(()) +} diff --git a/bindings/rust-examples/hyper-server-client/src/bin/server.rs b/bindings/rust-examples/hyper-server-client/src/bin/server.rs new file mode 100644 index 00000000000..0e36da87ac8 --- /dev/null +++ b/bindings/rust-examples/hyper-server-client/src/bin/server.rs @@ -0,0 +1,78 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +use clap::Parser; +use http_body_util::{combinators::BoxBody, BodyExt}; +use hyper::body::Bytes; +use hyper::service::service_fn; +use hyper::{Request, Response}; +use hyper_util::rt::TokioExecutor; +use std::error::Error; +use tokio::net::TcpListener; + +/// NOTE: this certificate and key are to be used for demonstration purposes only! +pub const CERT_PEM: &[u8] = include_bytes!(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../certs/localhost-chain.pem" +)); +pub const KEY_PEM: &[u8] = include_bytes!(concat!( + env!("CARGO_MANIFEST_DIR"), + "/../certs/localhost-key.pem" +)); + +#[derive(Parser)] +struct Args { + #[clap(short, long, default_value = "localhost:8888")] + addr: String, +} + +/// Echo the request body back to the client in the response. +pub async fn echo( + req: Request, +) -> Result>, hyper::Error> { + Ok(Response::new(req.into_body().boxed())) +} + +async fn run_server(addr: &str) -> Result<(), Box> { + // Configure the s2n-tls server. + let config = { + let mut builder = s2n_tls::config::Builder::new(); + builder.load_pem(CERT_PEM, KEY_PEM)?; + // Enable HTTP/2 by including it in the server's supported ALPN values. The "http2" + // hyper-util feature must also be enabled. + builder.set_application_protocol_preference([b"h2"])?; + builder.build()? + }; + + // Create a TlsAcceptor based on this configuration. + let acceptor = s2n_tls_tokio::TlsAcceptor::new(config); + + // Listen for incoming TCP connections at the provided address. + let tcp_listener = TcpListener::bind(addr).await?; + loop { + // Wait for a client to connect. + let (tcp, _) = tcp_listener.accept().await?; + + // Spawn a new task to handle the incoming TCP connection. + let acceptor = acceptor.clone(); + tokio::spawn(async move { + // Perform the TLS handshake. + let tls_stream = acceptor.accept(tcp).await?; + + // Use the hyper server with the `echo` service to respond to the client's HTTP request + // over the TlsStream. + let io = hyper_util::rt::TokioIo::new(tls_stream); + let server = hyper_util::server::conn::auto::Builder::new(TokioExecutor::new()); + server.serve_connection(io, service_fn(echo)).await?; + + Ok::<(), Box>(()) + }); + } +} + +#[tokio::main] +async fn main() -> Result<(), Box> { + let args = Args::parse(); + run_server(&args.addr).await?; + Ok(()) +}