Merge pull request #20 from matter-labs/pemfile_2

chore(deps): rustls-pemfile 2
2025-07-21 15:13:56 +02:00 · 2024-02-15 10:30:29 +01:00 · 2024-02-15 10:30:29 +01:00 · 761d5463c5
commit 761d5463c5
parent 0c1018a7f1 2591bf0807
3 changed files with 17 additions and 19 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -2111,11 +2111,12 @@ dependencies = [

 [[package]]
 name = "rustls-pemfile"
-version = "1.0.4"
+version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c"
+checksum = "35e4980fa29e4c4b212ffb3db068a564cbf560e51d3944b7c88bd8bf5bec64f4"
 dependencies = [
 "base64",
+ "rustls-pki-types",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -91,7 +91,7 @@ rand = "0.8"
 ring = { version = "0.17.7", features = ["std"], default-features = false }
 rsa = { version = "0.9.6", features = ["sha2"] }
 rustls = { version = "0.22" }
-rustls-pemfile = "1"
+rustls-pemfile = "2"
 sec1 = { version = "0.7.3", features = ["der"], default-features = false }
 serde = { version = "1", features = ["derive", "rc"] }
 serde_json = "1"
--- a/bin/tee-vault-unseal/src/main.rs
+++ b/bin/tee-vault-unseal/src/main.rs
@ -14,7 +14,7 @@ use actix_web::http::header;
 use actix_web::rt::time::sleep;
 use actix_web::web::Data;
 use actix_web::{web, App, HttpServer};
-use anyhow::{Context, Result};
+use anyhow::{bail, Context, Result};
 use attestation::get_attestation;
 use awc::{Client, Connector};
 use clap::Parser;
@ -310,23 +310,20 @@ pub fn load_rustls_config() -> Result<(ServerConfig, Arc<ClientConfig>, [u8; 64]
    );

    // convert files to key/cert objects
-    let cert_chain: Vec<_> = certs(cert_file)
-        .unwrap()
-        .into_iter()
-        .map(rustls::pki_types::CertificateDer::from)
-        .collect();
-    let priv_key: rustls::pki_types::PrivateKeyDer = match read_one(key_file).unwrap() {
-        Some(rustls_pemfile::Item::RSAKey(key)) => {
-            rustls::pki_types::PrivatePkcs1KeyDer::from(key).into()
-        }
-        Some(rustls_pemfile::Item::PKCS8Key(key)) => {
-            rustls::pki_types::PrivatePkcs8KeyDer::from(key).into()
-        }
-        _ => panic!("no keys found"),
-    };
+    let cert_chain = certs(cert_file)
+        .collect::<Result<Vec<_>, _>>()
+        .context("Failed to load TLS cert file")?;
+
+    let priv_key: rustls::pki_types::PrivateKeyDer =
+        match read_one(key_file).context("Failed to read TLS key file")? {
+            Some(rustls_pemfile::Item::Sec1Key(key)) => key.into(),
+            Some(rustls_pemfile::Item::Pkcs1Key(key)) => key.into(),
+            Some(rustls_pemfile::Item::Pkcs8Key(key)) => key.into(),
+            _ => bail!("no keys found in TLS key file"),
+        };

    let tls_config = Arc::new(
-        rustls::ClientConfig::builder()
+        ClientConfig::builder()
            .dangerous()
            .with_custom_certificate_verifier(Arc::new(make_verifier(
                cert_chain[0].as_ref().into(),