|
1 | 1 | use std::sync::Arc; |
2 | 2 |
|
3 | 3 | use iroh_base::key::SecretKey; |
4 | | -use webpki::types::{pem::PemObject, CertificateDer, PrivateKeyDer}; |
| 4 | +use webpki::types::{pem::PemObject, CertificateDer, PrivateKeyDer, PrivatePkcs8KeyDer}; |
5 | 5 |
|
6 | 6 | use super::{certificate, CreateConfigError}; |
7 | 7 | use crate::tls::Authentication; |
@@ -29,23 +29,27 @@ impl AlwaysResolvesCert { |
29 | 29 | Authentication::RawPublicKey => { |
30 | 30 | // Directly use the key |
31 | 31 | let client_private_key = secret_key.serialize_secret_pem(); |
| 32 | + dbg!(&client_private_key); |
32 | 33 | let client_private_key = |
33 | | - PrivateKeyDer::from_pem_slice(client_private_key.as_bytes()) |
| 34 | + PrivatePkcs8KeyDer::from_pem_slice(client_private_key.as_bytes()) |
34 | 35 | .expect("cannot open private key file"); |
| 36 | + dbg!(&client_private_key); |
35 | 37 | let client_private_key = |
36 | | - rustls::crypto::ring::sign::any_ecdsa_type(&client_private_key)?; |
37 | | - |
| 38 | + rustls::crypto::ring::sign::any_eddsa_type(&client_private_key)?; |
| 39 | + dbg!(&client_private_key); |
38 | 40 | let client_public_key = client_private_key |
39 | 41 | .public_key() |
40 | 42 | .ok_or(rustls::Error::InconsistentKeys( |
41 | 43 | rustls::InconsistentKeys::Unknown, |
42 | 44 | )) |
43 | 45 | .expect("cannot load public key"); |
| 46 | + dbg!(&client_public_key); |
44 | 47 | let client_public_key_as_cert = CertificateDer::from(client_public_key.to_vec()); |
45 | 48 | let certified_key = rustls::sign::CertifiedKey::new( |
46 | 49 | vec![client_public_key_as_cert], |
47 | 50 | client_private_key, |
48 | 51 | ); |
| 52 | + dbg!(&certified_key); |
49 | 53 | Arc::new(certified_key) |
50 | 54 | } |
51 | 55 | }; |
|
0 commit comments