Skip to content

Commit 428f448

Browse files
eycorsicaneycorsican
committed
Support raw certificate configuration for JSON
1 parent 7474076 commit 428f448

File tree

10 files changed

+221
-54
lines changed

10 files changed

+221
-54
lines changed

leaf/src/app/outbound/manager.rs

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -310,10 +310,16 @@ impl OutboundManager {
310310
} else {
311311
Some(settings.certificate.clone())
312312
};
313+
let certificate_key = if settings.certificate_key.is_empty() {
314+
None
315+
} else {
316+
Some(settings.certificate_key.clone())
317+
};
313318
let stream = Arc::new(tls::outbound::StreamHandler::new(
314319
settings.server_name.clone(),
315320
settings.alpn.clone(),
316321
certificate,
322+
certificate_key,
317323
settings.insecure,
318324
)?);
319325
HandlerBuilder::default()
@@ -350,12 +356,18 @@ impl OutboundManager {
350356
} else {
351357
Some(settings.certificate.clone())
352358
};
359+
let certificate_key = if settings.certificate_key.is_empty() {
360+
None
361+
} else {
362+
Some(settings.certificate_key.clone())
363+
};
353364
let stream = Arc::new(quic::outbound::StreamHandler::new(
354365
settings.address.clone(),
355366
settings.port as u16,
356367
server_name,
357368
settings.alpn.clone(),
358369
certificate,
370+
certificate_key,
359371
dns_client.clone(),
360372
));
361373
HandlerBuilder::default()

leaf/src/config/common.rs

Lines changed: 62 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,10 @@ pub struct QuicInboundSettings {
8484
pub certificate: Option<String>,
8585
#[serde(rename = "certificateKey", alias = "certificate_key")]
8686
pub certificate_key: Option<String>,
87+
#[serde(rename = "rawCertificate", alias = "raw_certificate")]
88+
pub raw_certificate: Option<Vec<String>>,
89+
#[serde(rename = "rawCertificateKey", alias = "raw_certificate_key")]
90+
pub raw_certificate_key: Option<Vec<String>>,
8791
pub alpn: Option<Vec<String>>,
8892
}
8993

@@ -92,6 +96,10 @@ pub struct TlsInboundSettings {
9296
pub certificate: Option<String>,
9397
#[serde(rename = "certificateKey", alias = "certificate_key")]
9498
pub certificate_key: Option<String>,
99+
#[serde(rename = "rawCertificate", alias = "raw_certificate")]
100+
pub raw_certificate: Option<Vec<String>>,
101+
#[serde(rename = "rawCertificateKey", alias = "raw_certificate_key")]
102+
pub raw_certificate_key: Option<Vec<String>>,
95103
}
96104

97105
#[derive(Serialize, Deserialize, Debug, Clone)]
@@ -205,6 +213,12 @@ pub struct TlsOutboundSettings {
205213
pub server_name: Option<String>,
206214
pub alpn: Option<Vec<String>>,
207215
pub certificate: Option<String>,
216+
#[serde(rename = "certificateKey", alias = "certificate_key")]
217+
pub certificate_key: Option<String>,
218+
#[serde(rename = "rawCertificate", alias = "raw_certificate")]
219+
pub raw_certificate: Option<Vec<String>>,
220+
#[serde(rename = "rawCertificateKey", alias = "raw_certificate_key")]
221+
pub raw_certificate_key: Option<Vec<String>>,
208222
pub insecure: Option<bool>,
209223
}
210224

@@ -233,6 +247,12 @@ pub struct QuicOutboundSettings {
233247
#[serde(rename = "serverName", alias = "server_name")]
234248
pub server_name: Option<String>,
235249
pub certificate: Option<String>,
250+
#[serde(rename = "certificateKey", alias = "certificate_key")]
251+
pub certificate_key: Option<String>,
252+
#[serde(rename = "rawCertificate", alias = "raw_certificate")]
253+
pub raw_certificate: Option<Vec<String>>,
254+
#[serde(rename = "rawCertificateKey", alias = "raw_certificate_key")]
255+
pub raw_certificate_key: Option<Vec<String>>,
236256
pub alpn: Option<Vec<String>>,
237257
}
238258

@@ -799,7 +819,9 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
799819
inbound.protocol = "quic".to_string();
800820
if let Some(ext_settings) = ext_settings {
801821
let mut settings = internal::QuicInboundSettings::new();
802-
if let Some(ext_certificate) = &ext_settings.certificate {
822+
if let Some(ext_raw_certificate) = &ext_settings.raw_certificate {
823+
settings.certificate = ext_raw_certificate.join("\n");
824+
} else if let Some(ext_certificate) = &ext_settings.certificate {
803825
if is_inline_certificate(ext_certificate) {
804826
settings.certificate = ext_certificate.clone();
805827
} else {
@@ -813,7 +835,9 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
813835
}
814836
}
815837
}
816-
if let Some(ext_certificate_key) = &ext_settings.certificate_key {
838+
if let Some(ext_raw_certificate_key) = &ext_settings.raw_certificate_key {
839+
settings.certificate_key = ext_raw_certificate_key.join("\n");
840+
} else if let Some(ext_certificate_key) = &ext_settings.certificate_key {
817841
let key = Path::new(&ext_certificate_key);
818842
if key.is_absolute() {
819843
settings.certificate_key = key.to_string_lossy().to_string();
@@ -839,7 +863,9 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
839863
inbound.protocol = "tls".to_string();
840864
if let Some(ext_settings) = ext_settings {
841865
let mut settings = internal::TlsInboundSettings::new();
842-
if let Some(ext_certificate) = &ext_settings.certificate {
866+
if let Some(ext_raw_certificate) = &ext_settings.raw_certificate {
867+
settings.certificate = ext_raw_certificate.join("\n");
868+
} else if let Some(ext_certificate) = &ext_settings.certificate {
843869
if is_inline_certificate(ext_certificate) {
844870
settings.certificate = ext_certificate.clone();
845871
} else {
@@ -853,7 +879,9 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
853879
}
854880
}
855881
}
856-
if let Some(ext_certificate_key) = &ext_settings.certificate_key {
882+
if let Some(ext_raw_certificate_key) = &ext_settings.raw_certificate_key {
883+
settings.certificate_key = ext_raw_certificate_key.join("\n");
884+
} else if let Some(ext_certificate_key) = &ext_settings.certificate_key {
857885
let key = Path::new(&ext_certificate_key);
858886
if key.is_absolute() {
859887
settings.certificate_key = key.to_string_lossy().to_string();
@@ -1098,7 +1126,9 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
10981126
if let Some(ext_alpn) = &ext_settings.alpn {
10991127
settings.alpn = ext_alpn.clone();
11001128
}
1101-
if let Some(ext_certificate) = &ext_settings.certificate {
1129+
if let Some(ext_raw_certificate) = &ext_settings.raw_certificate {
1130+
settings.certificate = ext_raw_certificate.join("\n");
1131+
} else if let Some(ext_certificate) = &ext_settings.certificate {
11021132
if is_inline_certificate(ext_certificate) {
11031133
settings.certificate = ext_certificate.clone();
11041134
} else {
@@ -1112,6 +1142,18 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
11121142
}
11131143
}
11141144
}
1145+
if let Some(ext_raw_certificate_key) = &ext_settings.raw_certificate_key {
1146+
settings.certificate_key = ext_raw_certificate_key.join("\n");
1147+
} else if let Some(ext_certificate_key) = &ext_settings.certificate_key {
1148+
let key = Path::new(&ext_certificate_key);
1149+
if key.is_absolute() {
1150+
settings.certificate_key = key.to_string_lossy().to_string();
1151+
} else {
1152+
let asset_loc = Path::new(&*crate::option::ASSET_LOCATION);
1153+
let path = asset_loc.join(key).to_string_lossy().to_string();
1154+
settings.certificate_key = path;
1155+
}
1156+
}
11151157
if let Some(ext_insecure) = ext_settings.insecure {
11161158
settings.insecure = ext_insecure;
11171159
}
@@ -1260,7 +1302,9 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
12601302
if let Some(ext_server_name) = &ext_settings.server_name {
12611303
settings.server_name = ext_server_name.clone();
12621304
}
1263-
if let Some(ext_certificate) = &ext_settings.certificate {
1305+
if let Some(ext_raw_certificate) = &ext_settings.raw_certificate {
1306+
settings.certificate = ext_raw_certificate.join("\n");
1307+
} else if let Some(ext_certificate) = &ext_settings.certificate {
12641308
if is_inline_certificate(ext_certificate) {
12651309
settings.certificate = ext_certificate.clone();
12661310
} else {
@@ -1274,6 +1318,18 @@ pub fn to_internal(mut config: Config) -> Result<internal::Config> {
12741318
}
12751319
}
12761320
}
1321+
if let Some(ext_raw_certificate_key) = &ext_settings.raw_certificate_key {
1322+
settings.certificate_key = ext_raw_certificate_key.join("\n");
1323+
} else if let Some(ext_certificate_key) = &ext_settings.certificate_key {
1324+
let key = Path::new(&ext_certificate_key);
1325+
if key.is_absolute() {
1326+
settings.certificate_key = key.to_string_lossy().to_string();
1327+
} else {
1328+
let asset_loc = Path::new(&*crate::option::ASSET_LOCATION);
1329+
let path = asset_loc.join(key).to_string_lossy().to_string();
1330+
settings.certificate_key = path;
1331+
}
1332+
}
12771333
if let Some(ext_alpns) = &ext_settings.alpn {
12781334
settings.alpn = ext_alpns.clone();
12791335
}

leaf/src/config/conf/config.rs

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1146,6 +1146,9 @@ pub fn to_common(conf: &Config) -> Result<common::Config> {
11461146
Some(vec!["http/1.1".to_string()])
11471147
},
11481148
certificate: resolve_cert(&ext_proxy.tls_cert),
1149+
certificate_key: None,
1150+
raw_certificate: None,
1151+
raw_certificate_key: None,
11491152
insecure: ext_proxy.tls_insecure,
11501153
}),
11511154
},
@@ -1203,6 +1206,9 @@ pub fn to_common(conf: &Config) -> Result<common::Config> {
12031206
port: ext_proxy.port,
12041207
server_name: ext_proxy.sni.clone(),
12051208
certificate: resolve_cert(&ext_proxy.tls_cert),
1209+
certificate_key: None,
1210+
raw_certificate: None,
1211+
raw_certificate_key: None,
12061212
alpn: Some(vec!["http/1.1".to_string()]),
12071213
}),
12081214
},

leaf/src/config/internal/config.proto

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,7 @@ message TlsOutboundSettings {
156156
repeated string alpn = 2;
157157
string certificate = 3;
158158
bool insecure = 4;
159+
string certificate_key = 5;
159160
}
160161

161162
message WebSocketOutboundSettings {
@@ -189,6 +190,7 @@ message QuicOutboundSettings {
189190
string server_name = 3;
190191
string certificate = 4;
191192
repeated string alpn = 5;
193+
string certificate_key = 6;
192194
}
193195

194196
message VMessOutboundSettings {

leaf/src/config/internal/config.rs

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2742,6 +2742,8 @@ pub struct TlsOutboundSettings {
27422742
pub certificate: ::std::string::String,
27432743
// @@protoc_insertion_point(field:TlsOutboundSettings.insecure)
27442744
pub insecure: bool,
2745+
// @@protoc_insertion_point(field:TlsOutboundSettings.certificate_key)
2746+
pub certificate_key: ::std::string::String,
27452747
// special fields
27462748
// @@protoc_insertion_point(special_field:TlsOutboundSettings.special_fields)
27472749
pub special_fields: ::protobuf::SpecialFields,
@@ -2781,6 +2783,9 @@ impl ::protobuf::Message for TlsOutboundSettings {
27812783
32 => {
27822784
self.insecure = is.read_bool()?;
27832785
},
2786+
42 => {
2787+
self.certificate_key = is.read_string()?;
2788+
},
27842789
tag => {
27852790
::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?;
27862791
},
@@ -2805,6 +2810,9 @@ impl ::protobuf::Message for TlsOutboundSettings {
28052810
if self.insecure != false {
28062811
my_size += 1 + 1;
28072812
}
2813+
if !self.certificate_key.is_empty() {
2814+
my_size += ::protobuf::rt::string_size(5, &self.certificate_key);
2815+
}
28082816
my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields());
28092817
self.special_fields.cached_size().set(my_size as u32);
28102818
my_size
@@ -2823,6 +2831,9 @@ impl ::protobuf::Message for TlsOutboundSettings {
28232831
if self.insecure != false {
28242832
os.write_bool(4, self.insecure)?;
28252833
}
2834+
if !self.certificate_key.is_empty() {
2835+
os.write_string(5, &self.certificate_key)?;
2836+
}
28262837
os.write_unknown_fields(self.special_fields.unknown_fields())?;
28272838
::std::result::Result::Ok(())
28282839
}
@@ -2844,6 +2855,7 @@ impl ::protobuf::Message for TlsOutboundSettings {
28442855
self.alpn.clear();
28452856
self.certificate.clear();
28462857
self.insecure = false;
2858+
self.certificate_key.clear();
28472859
self.special_fields.clear();
28482860
}
28492861

@@ -2853,6 +2865,7 @@ impl ::protobuf::Message for TlsOutboundSettings {
28532865
alpn: ::std::vec::Vec::new(),
28542866
certificate: ::std::string::String::new(),
28552867
insecure: false,
2868+
certificate_key: ::std::string::String::new(),
28562869
special_fields: ::protobuf::SpecialFields::new(),
28572870
};
28582871
&instance
@@ -3367,6 +3380,8 @@ pub struct QuicOutboundSettings {
33673380
pub certificate: ::std::string::String,
33683381
// @@protoc_insertion_point(field:QuicOutboundSettings.alpn)
33693382
pub alpn: ::std::vec::Vec<::std::string::String>,
3383+
// @@protoc_insertion_point(field:QuicOutboundSettings.certificate_key)
3384+
pub certificate_key: ::std::string::String,
33703385
// special fields
33713386
// @@protoc_insertion_point(special_field:QuicOutboundSettings.special_fields)
33723387
pub special_fields: ::protobuf::SpecialFields,
@@ -3409,6 +3424,9 @@ impl ::protobuf::Message for QuicOutboundSettings {
34093424
42 => {
34103425
self.alpn.push(is.read_string()?);
34113426
},
3427+
50 => {
3428+
self.certificate_key = is.read_string()?;
3429+
},
34123430
tag => {
34133431
::protobuf::rt::read_unknown_or_skip_group(tag, is, self.special_fields.mut_unknown_fields())?;
34143432
},
@@ -3436,6 +3454,9 @@ impl ::protobuf::Message for QuicOutboundSettings {
34363454
for value in &self.alpn {
34373455
my_size += ::protobuf::rt::string_size(5, &value);
34383456
};
3457+
if !self.certificate_key.is_empty() {
3458+
my_size += ::protobuf::rt::string_size(6, &self.certificate_key);
3459+
}
34393460
my_size += ::protobuf::rt::unknown_fields_size(self.special_fields.unknown_fields());
34403461
self.special_fields.cached_size().set(my_size as u32);
34413462
my_size
@@ -3457,6 +3478,9 @@ impl ::protobuf::Message for QuicOutboundSettings {
34573478
for v in &self.alpn {
34583479
os.write_string(5, &v)?;
34593480
};
3481+
if !self.certificate_key.is_empty() {
3482+
os.write_string(6, &self.certificate_key)?;
3483+
}
34603484
os.write_unknown_fields(self.special_fields.unknown_fields())?;
34613485
::std::result::Result::Ok(())
34623486
}
@@ -3479,6 +3503,7 @@ impl ::protobuf::Message for QuicOutboundSettings {
34793503
self.server_name.clear();
34803504
self.certificate.clear();
34813505
self.alpn.clear();
3506+
self.certificate_key.clear();
34823507
self.special_fields.clear();
34833508
}
34843509

@@ -3489,6 +3514,7 @@ impl ::protobuf::Message for QuicOutboundSettings {
34893514
server_name: ::std::string::String::new(),
34903515
certificate: ::std::string::String::new(),
34913516
alpn: ::std::vec::Vec::new(),
3517+
certificate_key: ::std::string::String::new(),
34923518
special_fields: ::protobuf::SpecialFields::new(),
34933519
};
34943520
&instance

leaf/src/proxy/failover/mod.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,7 @@ async fn single_health_check(
7979
String::from(""),
8080
vec![],
8181
None,
82+
None,
8283
false,
8384
) else {
8485
return Measure::new(idx, u128::MAX, tag);

0 commit comments

Comments
 (0)