solana_tls_utils/
skip_client_verification.rs1use {
2 crate::crypto_provider,
3 rustls::{
4 pki_types::{CertificateDer, UnixTime},
5 server::danger::ClientCertVerified,
6 DistinguishedName,
7 },
8 std::{fmt::Debug, sync::Arc},
9};
10
11#[derive(Debug)]
14pub struct SkipClientVerification(Arc<rustls::crypto::CryptoProvider>);
15
16impl SkipClientVerification {
17 pub fn new() -> Arc<Self> {
18 Arc::new(Self(Arc::new(crypto_provider())))
19 }
20}
21impl rustls::server::danger::ClientCertVerifier for SkipClientVerification {
22 fn verify_client_cert(
23 &self,
24 _end_entity: &CertificateDer,
25 _intermediates: &[CertificateDer],
26 _now: UnixTime,
27 ) -> Result<ClientCertVerified, rustls::Error> {
28 Ok(rustls::server::danger::ClientCertVerified::assertion())
29 }
30
31 fn root_hint_subjects(&self) -> &[DistinguishedName] {
32 &[]
33 }
34
35 fn verify_tls12_signature(
36 &self,
37 message: &[u8],
38 cert: &rustls::pki_types::CertificateDer<'_>,
39 dss: &rustls::DigitallySignedStruct,
40 ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
41 rustls::crypto::verify_tls12_signature(
42 message,
43 cert,
44 dss,
45 &self.0.signature_verification_algorithms,
46 )
47 }
48
49 fn verify_tls13_signature(
50 &self,
51 message: &[u8],
52 cert: &rustls::pki_types::CertificateDer<'_>,
53 dss: &rustls::DigitallySignedStruct,
54 ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error> {
55 rustls::crypto::verify_tls13_signature(
56 message,
57 cert,
58 dss,
59 &self.0.signature_verification_algorithms,
60 )
61 }
62
63 fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
64 self.0.signature_verification_algorithms.supported_schemes()
65 }
66
67 fn offer_client_auth(&self) -> bool {
68 true
69 }
70
71 fn client_auth_mandatory(&self) -> bool {
72 self.offer_client_auth()
73 }
74}