chore(tls): Change method to convert certificate and identity to rustls-pki-types type to independent function

Author: tottoto

tonic/src/transport/channel/service/tls.rs

@@ -9,7 +9,9 @@ use tokio_rustls::{
 };
 
 use super::io::BoxedIo;
-use crate::transport::service::tls::{TlsError, ALPN_H2};
+use crate::transport::service::tls::{
+    convert_certificate_to_pki_types, convert_identity_to_pki_types, TlsError, ALPN_H2,
+};
 use crate::transport::tls::{Certificate, Identity};
 
 #[derive(Clone)]
@@ -42,13 +44,13 @@ impl TlsConnector {
         }
 
         for cert in ca_certs {
-            roots.add_parsable_certificates(cert.parse()?);
+            roots.add_parsable_certificates(convert_certificate_to_pki_types(&cert)?);
         }
 
         let builder = builder.with_root_certificates(roots);
         let mut config = match identity {
             Some(identity) => {
-                let (client_cert, client_key) = identity.parse()?;
+                let (client_cert, client_key) = convert_identity_to_pki_types(&identity)?;
                 builder.with_client_auth_cert(client_cert, client_key)?
             }
             None => builder.with_no_client_auth(),

tonic/src/transport/server/service/tls.rs

@@ -7,7 +7,11 @@ use tokio_rustls::{
     TlsAcceptor as RustlsAcceptor,
 };
 
-use crate::transport::{server::Connected, service::tls::ALPN_H2, Certificate, Identity};
+use crate::transport::{
+    server::Connected,
+    service::tls::{convert_certificate_to_pki_types, convert_identity_to_pki_types, ALPN_H2},
+    Certificate, Identity,
+};
 
 #[derive(Clone)]
 pub(crate) struct TlsAcceptor {
@@ -26,7 +30,7 @@ impl TlsAcceptor {
             None => builder.with_no_client_auth(),
             Some(cert) => {
                 let mut roots = RootCertStore::empty();
-                roots.add_parsable_certificates(cert.parse()?);
+                roots.add_parsable_certificates(convert_certificate_to_pki_types(&cert)?);
                 let verifier = if client_auth_optional {
                     WebPkiClientVerifier::builder(roots.into()).allow_unauthenticated()
                 } else {
@@ -37,7 +41,7 @@ impl TlsAcceptor {
             }
         };
 
-        let (cert, key) = identity.parse()?;
+        let (cert, key) = convert_identity_to_pki_types(&identity)?;
         let mut config = builder.with_single_cert(cert, key)?;
 
         config.alpn_protocols.push(ALPN_H2.into());

tonic/src/transport/service/tls.rs

@@ -31,22 +31,20 @@ impl fmt::Display for TlsError {
 
 impl std::error::Error for TlsError {}
 
-impl Certificate {
-    pub(crate) fn parse(&self) -> Result<Vec<CertificateDer<'static>>, TlsError> {
-        rustls_pemfile::certs(&mut Cursor::new(&self.pem))
-            .collect::<Result<Vec<_>, _>>()
-            .map_err(|_| TlsError::CertificateParseError)
-    }
+pub(crate) fn convert_certificate_to_pki_types(
+    certificate: &Certificate,
+) -> Result<Vec<CertificateDer<'static>>, TlsError> {
+    rustls_pemfile::certs(&mut Cursor::new(certificate))
+        .collect::<Result<Vec<_>, _>>()
+        .map_err(|_| TlsError::CertificateParseError)
 }
 
-impl Identity {
-    pub(crate) fn parse(
-        &self,
-    ) -> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), TlsError> {
-        let cert = self.cert.parse()?;
-        let Ok(Some(key)) = rustls_pemfile::private_key(&mut Cursor::new(&self.key)) else {
-            return Err(TlsError::PrivateKeyParseError);
-        };
-        Ok((cert, key))
-    }
+pub(crate) fn convert_identity_to_pki_types(
+    identity: &Identity,
+) -> Result<(Vec<CertificateDer<'static>>, PrivateKeyDer<'static>), TlsError> {
+    let cert = convert_certificate_to_pki_types(&identity.cert)?;
+    let Ok(Some(key)) = rustls_pemfile::private_key(&mut Cursor::new(&identity.key)) else {
+        return Err(TlsError::PrivateKeyParseError);
+    };
+    Ok((cert, key))
 }