Replace tokio-native-tls with tokio-rustls

src/rs/server/Cargo.toml

@@ -25,7 +25,7 @@ http-body-util = "0.1.0"
 hyper = { version = "1", features = ["http1", "server"] }
 hyper-tungstenite = "0.13"
 hyper-util = { version = "0.1", default-features = false }
-tokio-native-tls = "0.3"
+tokio-rustls = "0.25"
 postgres-types = { version = "0.2", features = ["derive"] }
 ring = { version = "0.17", default-features = false }
 rand = "0.8"
@@ -35,6 +35,7 @@ serde_json = "1"
 httpdate = "1"
 tokio = { version = "1", features = ["full"] }
 tokio-stream = "0.1"
+webpki-roots = "0.26"
 
 [build-dependencies]
 serde = { version = "1", features = ["derive"] }

src/rs/server/src/handlews.rs

@@ -22,7 +22,7 @@ use tokio_stream::wrappers::UnboundedReceiverStream;
 use std::net::ToSocketAddrs;
 use tokio::io::{AsyncReadExt, AsyncWriteExt};
 use tokio::net::TcpStream;
-use tokio_native_tls::native_tls::TlsConnector;
+use tokio_rustls::{rustls::pki_types::ServerName, TlsConnector};
 
 use crate::cardpool::Cardpool;
 use crate::etgutil::{decode_code, encode_code, encode_count, iterraw};
@@ -327,6 +327,7 @@ pub async fn handle_ws(
 	users: AsyncUsers,
 	usersocks: AsyncUserSocks,
 	socks: AsyncSocks,
+	tls: TlsConnector,
 ) {
 	let sockid = NEXT_SOCK_ID.fetch_add(1, Ordering::Relaxed);
 
@@ -2228,106 +2229,126 @@ pub async fn handle_ws(
 							.and_then(|mut addr| addr.next())
 						{
 							if let Ok(stream) = TcpStream::connect(&addr).await {
-								let cx = TlsConnector::builder().build().expect("failed to setup tls");
-								let cx = tokio_native_tls::TlsConnector::from(cx);
-								if let Ok(mut socket) = cx.connect("api.kongregate.com", stream).await {
-									socket.write_all(format!("GET /api/authenticate.json?user_id={}&game_auth_token={}&api_key={} HTTP/1.0\r\nHost: api.kongregate.com\r\n\r\n", u, g, key).as_bytes()).await.expect("failed write");
-									let mut output = Vec::<u8>::new();
-									if socket.read_to_end(&mut output).await.is_ok() {
-										if let Some(pos) = (1..output.len()).into_iter().rev().find(|&idx| output[idx - 1] == b'\n' && output[idx] == b'{') {
-											println!("{}", String::from_utf8_lossy(&output));
-											if let Ok(Value::Object(body)) =
-												serde_json::from_slice::<Value>(&output[pos..])
-											{
-												let success = body
-													.get("success")
-													.and_then(|v| v.as_bool())
-													.unwrap_or(false);
-												if success {
-													let mut name = String::from("Kong:");
-													name.push_str(
-														body.get("username")
-															.and_then(|v| v.as_str())
-															.unwrap_or(""),
-													);
-													let mut wusers = users.write().await;
-													if let Some(user) = wusers.load(&*client, &name).await {
-														let mut user = user.lock().await;
-														user.auth = g.clone();
-														login_success(
-															&usersocks,
-															&tx,
-															sockid,
-															&mut user,
-															&name,
-															&mut client,
-														)
-														.await;
+								if let Ok(kong) = ServerName::try_from("api.kongregate.com") {
+									if let Ok(mut socket) = tls.connect(kong, stream).await {
+										socket.write_all(format!("GET /api/authenticate.json?user_id={}&game_auth_token={}&api_key={} HTTP/1.0\r\nHost: api.kongregate.com\r\n\r\n", u, g, key).as_bytes()).await.expect("failed write");
+										let mut output = Vec::<u8>::new();
+										if socket.read_to_end(&mut output).await.is_ok() {
+											if let Some(pos) =
+												(1..output.len()).into_iter().rev().find(|&idx| {
+													output[idx - 1] == b'\n' && output[idx] == b'{'
+												}) {
+												println!("{}", String::from_utf8_lossy(&output));
+												if let Ok(Value::Object(body)) =
+													serde_json::from_slice::<Value>(&output[pos..])
+												{
+													let success = body
+														.get("success")
+														.and_then(|v| v.as_bool())
+														.unwrap_or(false);
+													if success {
+														let mut name = String::from("Kong:");
+														name.push_str(
+															body.get("username")
+																.and_then(|v| v.as_str())
+																.unwrap_or(""),
+														);
+														let mut wusers = users.write().await;
+														if let Some(user) =
+															wusers.load(&*client, &name).await
+														{
+															let mut user = user.lock().await;
+															user.auth = g.clone();
+															login_success(
+																&usersocks,
+																&tx,
+																sockid,
+																&mut user,
+																&name,
+																&mut client,
+															)
+															.await;
+														} else {
+															let mut newuser = UserObject {
+																name: name.clone(),
+																id: -1,
+																auth: g.clone(),
+																salt: Vec::new(),
+																iter: 0,
+																algo: HashAlgo::Sha512,
+																data: Default::default(),
+															};
+															login_success(
+																&usersocks,
+																&tx,
+																sockid,
+																&mut newuser,
+																&name,
+																&mut client,
+															)
+															.await;
+															wusers.insert(
+																name,
+																Arc::new(Mutex::new(newuser)),
+															);
+														}
 													} else {
-														let mut newuser = UserObject {
-															name: name.clone(),
-															id: -1,
-															auth: g.clone(),
-															salt: Vec::new(),
-															iter: 0,
-															algo: HashAlgo::Sha512,
-															data: Default::default(),
-														};
-														login_success(
-															&usersocks,
+														sendmsg(
 															&tx,
-															sockid,
-															&mut newuser,
-															&name,
-															&mut client,
-														)
-														.await;
-														wusers.insert(name, Arc::new(Mutex::new(newuser)));
+															&WsResponse::loginfail {
+																err: &format!(
+																	"{}: {}",
+																	body["error"],
+																	body["error_description"]
+																),
+															},
+														);
 													}
 												} else {
 													sendmsg(
 														&tx,
 														&WsResponse::loginfail {
-															err: &format!(
-																"{}: {}",
-																body["error"], body["error_description"]
-															),
+															err: "Failed to parse Kongregate's response",
 														},
 													);
 												}
 											} else {
 												sendmsg(
 													&tx,
 													&WsResponse::loginfail {
-														err: "Failed to parse Kongregate's response",
+														err: "Kongregate's response wasn't json",
 													},
 												);
 											}
 										} else {
 											sendmsg(
 												&tx,
 												&WsResponse::loginfail {
-													err: "Kongregate's response wasn't json",
+													err: "Kongregate refused request",
 												},
 											);
 										}
 									} else {
 										sendmsg(
 											&tx,
-											&WsResponse::loginfail { err: "Kongregate refused request" },
+											&WsResponse::loginfail {
+												err: "Kongregate failed tls handshake",
+											},
 										);
 									}
 								} else {
 									sendmsg(
 										&tx,
-										&WsResponse::loginfail { err: "Kongregate failed tls handshake" },
+										&WsResponse::loginfail {
+											err: "Failed to connect to api.kongregate.com",
+										},
 									);
 								}
 							} else {
 								sendmsg(
 									&tx,
 									&WsResponse::loginfail {
-										err: "Failed to connect to api.kongregate.com",
+										err: "Failed to resolve to api.kongregate.com",
 									},
 								);
 							}

src/rs/server/src/main.rs

@@ -26,6 +26,10 @@ use hyper_tungstenite::{
 };
 use hyper_util::rt::TokioIo;
 use tokio::signal::unix::{signal, SignalKind};
+use tokio_rustls::{
+	rustls::{ClientConfig, RootCertStore},
+	TlsConnector,
+};
 
 use bb8_postgres::{bb8::Pool, tokio_postgres, PostgresConnectionManager};
 
@@ -79,6 +83,7 @@ struct Server {
 	pub socks: AsyncSocks,
 	pub cache: AsyncCache,
 	pub pgpool: PgPool,
+	pub tls: TlsConnector,
 }
 
 impl hyper::service::Service<Request<Incoming>> for Server {
@@ -92,12 +97,13 @@ impl hyper::service::Service<Request<Incoming>> for Server {
 		let usersocks = self.usersocks.clone();
 		let socks = self.socks.clone();
 		let cache = self.cache.clone();
+		let tls = self.tls.clone();
 		Box::pin(async move {
 			if hyper_tungstenite::is_upgrade_request(&req) {
 				if let Ok((response, socket)) = hyper_tungstenite::upgrade(&mut req, None) {
 					tokio::spawn(async move {
 						if let Ok(ws) = socket.await {
-							handlews::handle_ws(ws, pgpool, users, usersocks, socks).await
+							handlews::handle_ws(ws, pgpool, users, usersocks, socks, tls).await
 						}
 					});
 
@@ -161,6 +167,12 @@ async fn main() {
 	let mut gccloserx = closerx.clone();
 	let sigintusers = users.clone();
 	let sigintpgpool = pgpool.clone();
+	let tlsconfig = ClientConfig::builder()
+		.with_root_certificates(RootCertStore {
+			roots: webpki_roots::TLS_SERVER_ROOTS.iter().cloned().collect(),
+		})
+		.with_no_client_auth();
+	let tls = TlsConnector::from(Arc::new(tlsconfig));
 
 	let mut interval = tokio::time::interval(Duration::new(300, 0));
 	tokio::spawn(async move {
@@ -192,7 +204,7 @@ async fn main() {
 
 	let mut sigintstream = signal(SignalKind::interrupt()).expect("Failed to setup signal handler");
 	let listener = tokio::net::TcpListener::bind((Ipv4Addr::new(0, 0, 0, 0), listenport)).await.unwrap();
-	let server = Server { pgpool, users, usersocks, socks, cache };
+	let server = Server { pgpool, users, usersocks, socks, cache, tls };
 	let mut http = hyper::server::conn::http1::Builder::new();
 	http.keep_alive(true);