mirror of
https://github.com/tlsnotary/tlsn.git
synced 2026-01-09 21:38:00 -05:00
Replace std::time::SystemTime::now to support wasm32 (#383)
* feat: use web-time to support wasm32 * remove unused import
This commit is contained in:
Kevin Mai-Husan Chia
committed by
GitHub
GitHub
parent
4be88ea7a7
commit
2fa4f50b50
@@ -52,3 +52,5 @@ rstest = "0.12"
|
||||
|
||||
# misc
|
||||
derive_builder = "0.12"
|
||||
|
||||
web-time = "0.2"
|
||||
|
||||
@@ -32,6 +32,7 @@ hmac.workspace = true
|
||||
sha2 = { workspace = true, features = ["compress"] }
|
||||
digest.workspace = true
|
||||
futures.workspace = true
|
||||
web-time.workspace = true
|
||||
|
||||
[features]
|
||||
default = ["logging", "tls12"]
|
||||
|
||||
@@ -7,8 +7,9 @@ use crate::{
|
||||
verify::{self, CertificateTransparencyPolicy},
|
||||
NoKeyLog,
|
||||
};
|
||||
use std::{sync::Arc, time::SystemTime};
|
||||
use std::sync::Arc;
|
||||
use tls_core::{key, suites::SupportedCipherSuite, versions};
|
||||
use web_time::SystemTime;
|
||||
|
||||
impl ConfigBuilder<WantsVerifier> {
|
||||
/// Choose how to verify client certificates.
|
||||
|
||||
@@ -754,7 +754,7 @@ impl State<ClientConnectionData> for ExpectServerDone {
|
||||
.cert_chain()
|
||||
.split_first()
|
||||
.ok_or(Error::NoCertificatesPresented)?;
|
||||
let now = std::time::SystemTime::now();
|
||||
let now = web_time::SystemTime::now();
|
||||
let cert_verified = match st.config.verifier.verify_server_cert(
|
||||
end_entity,
|
||||
intermediates,
|
||||
|
||||
@@ -606,7 +606,7 @@ impl State<ClientConnectionData> for ExpectCertificateVerify {
|
||||
.cert_chain()
|
||||
.split_first()
|
||||
.ok_or(Error::NoCertificatesPresented)?;
|
||||
let now = std::time::SystemTime::now();
|
||||
let now = web_time::SystemTime::now();
|
||||
let cert_verified = match self.config.verifier.verify_server_cert(
|
||||
end_entity,
|
||||
intermediates,
|
||||
|
||||
@@ -1,17 +1,15 @@
|
||||
use std::time;
|
||||
|
||||
/// The timebase for expiring and rolling tickets and ticketing
|
||||
/// keys. This is UNIX wall time in seconds.
|
||||
///
|
||||
/// This is guaranteed to be on or after the UNIX epoch.
|
||||
#[derive(Clone, Copy, Debug)]
|
||||
pub struct TimeBase(time::Duration);
|
||||
pub struct TimeBase(web_time::Duration);
|
||||
|
||||
impl TimeBase {
|
||||
#[inline]
|
||||
pub fn now() -> Result<Self, time::SystemTimeError> {
|
||||
pub fn now() -> Result<Self, web_time::SystemTimeError> {
|
||||
Ok(Self(
|
||||
time::SystemTime::now().duration_since(time::UNIX_EPOCH)?,
|
||||
web_time::SystemTime::now().duration_since(web_time::UNIX_EPOCH)?,
|
||||
))
|
||||
}
|
||||
|
||||
|
||||
@@ -5,10 +5,9 @@
|
||||
// etc. because it's unstable at the time of writing.
|
||||
|
||||
use crate::{anchors, verify, verify::ServerCertVerifier, OwnedTrustAnchor};
|
||||
use std::{
|
||||
convert::TryInto,
|
||||
time::{Duration, Instant, SystemTime},
|
||||
};
|
||||
use std::convert::TryInto;
|
||||
use web_time::{Duration, Instant, SystemTime};
|
||||
|
||||
use webpki_roots;
|
||||
|
||||
fn duration_nanos(d: Duration) -> u64 {
|
||||
|
||||
@@ -277,7 +277,7 @@ impl ClientCertVerifier for MockClientVerifier {
|
||||
&self,
|
||||
_end_entity: &Certificate,
|
||||
_intermediates: &[Certificate],
|
||||
_now: std::time::SystemTime,
|
||||
_now: web_time::SystemTime,
|
||||
) -> Result<ClientCertVerified, Error> {
|
||||
(self.verified)()
|
||||
}
|
||||
|
||||
@@ -158,7 +158,7 @@ impl ServerCertVerifier for MockServerVerifier {
|
||||
server_name: &rustls::ServerName,
|
||||
scts: &mut dyn Iterator<Item = &[u8]>,
|
||||
oscp_response: &[u8],
|
||||
now: std::time::SystemTime,
|
||||
now: web_time::SystemTime,
|
||||
) -> Result<ServerCertVerified, Error> {
|
||||
let scts: Vec<Vec<u8>> = scts.map(|x| x.to_owned()).collect();
|
||||
println!(
|
||||
|
||||
@@ -28,4 +28,5 @@ ring.workspace = true
|
||||
futures.workspace = true
|
||||
serde = { workspace = true, optional = true, features = ["derive"] }
|
||||
rustls-pemfile.workspace = true
|
||||
thiserror.workspace = true
|
||||
thiserror.workspace = true
|
||||
web-time.workspace = true
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
use std::time::SystemTime;
|
||||
use web_time::SystemTime;
|
||||
|
||||
use crate::{
|
||||
cert::ServerCertDetails, dns::ServerName, ke::ServerKxDetails, msgs::handshake::Random,
|
||||
|
||||
@@ -9,7 +9,8 @@ use crate::{
|
||||
},
|
||||
};
|
||||
use ring::digest::Digest;
|
||||
use std::{convert::TryFrom, time::SystemTime};
|
||||
use std::convert::TryFrom;
|
||||
use web_time::SystemTime;
|
||||
|
||||
type SignatureAlgorithms = &'static [&'static webpki::SignatureAlgorithm];
|
||||
|
||||
@@ -287,7 +288,14 @@ impl ServerCertVerifier for WebPkiVerifier {
|
||||
now: SystemTime,
|
||||
) -> Result<ServerCertVerified, Error> {
|
||||
let (cert, chain, trustroots) = prepare(end_entity, intermediates, &self.roots)?;
|
||||
let webpki_now = webpki::Time::try_from(now).map_err(|_| Error::FailedToGetCurrentTime)?;
|
||||
// `webpki::Time::try_from` does not work with `web_time::SystemTime`.
|
||||
// To workaround this we convert `SystemTime` to seconds and use
|
||||
// `webpki::Time::from_seconds_since_unix_epoch` instead.
|
||||
let duration_since_epoch = now
|
||||
.duration_since(web_time::UNIX_EPOCH)
|
||||
.map_err(|_| Error::FailedToGetCurrentTime)?;
|
||||
let seconds_since_unix_epoch = duration_since_epoch.as_secs();
|
||||
let webpki_now = webpki::Time::from_seconds_since_unix_epoch(seconds_since_unix_epoch);
|
||||
|
||||
let ServerName::DnsName(dns_name) = server_name;
|
||||
|
||||
@@ -572,7 +580,7 @@ fn verify_tls13(
|
||||
}
|
||||
|
||||
fn unix_time_millis(now: SystemTime) -> Result<u64, Error> {
|
||||
now.duration_since(std::time::UNIX_EPOCH)
|
||||
now.duration_since(SystemTime::UNIX_EPOCH)
|
||||
.map(|dur| dur.as_secs())
|
||||
.map_err(|_| Error::FailedToGetCurrentTime)
|
||||
.and_then(|secs| secs.checked_mul(1000).ok_or(Error::FailedToGetCurrentTime))
|
||||
|
||||
@@ -61,3 +61,5 @@ spansy = { git = "https://github.com/sinui0/spansy", rev = "becb33d" }
|
||||
tracing = "0.1"
|
||||
tracing-subscriber = "0.3"
|
||||
rstest = "0.17"
|
||||
|
||||
web-time = "0.2"
|
||||
|
||||
@@ -33,6 +33,8 @@ opaque-debug.workspace = true
|
||||
|
||||
bimap = { version = "0.6.3", features = ["serde"] }
|
||||
|
||||
web-time.workspace = true
|
||||
|
||||
[dev-dependencies]
|
||||
rstest.workspace = true
|
||||
hex.workspace = true
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
use std::time::{Duration, UNIX_EPOCH};
|
||||
use web_time::{Duration, SystemTime};
|
||||
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
@@ -94,7 +94,8 @@ impl SessionProof {
|
||||
.data()
|
||||
.verify(
|
||||
cert_verifier,
|
||||
UNIX_EPOCH + Duration::from_secs(self.header.handshake_summary().time()),
|
||||
SystemTime::UNIX_EPOCH
|
||||
+ Duration::from_secs(self.header.handshake_summary().time()),
|
||||
&server_name,
|
||||
)
|
||||
.map_err(|e| SessionProofError::InvalidServerCertificate(e.to_string()))?;
|
||||
@@ -134,8 +135,8 @@ mod tests {
|
||||
use rstest::*;
|
||||
|
||||
use crate::fixtures::cert::{appliedzkp, tlsnotary, TestData};
|
||||
use std::time::SystemTime;
|
||||
use tls_core::{dns::ServerName, key::Certificate};
|
||||
use web_time::SystemTime;
|
||||
|
||||
/// Expect chain verification to succeed
|
||||
#[rstest]
|
||||
|
||||
@@ -44,4 +44,6 @@ derive_builder.workspace = true
|
||||
opaque-debug.workspace = true
|
||||
bytes.workspace = true
|
||||
|
||||
tracing = { workspace = true, optional = true }
|
||||
tracing = { workspace = true, optional = true}
|
||||
|
||||
web-time.workspace = true
|
||||
|
||||
@@ -157,7 +157,7 @@ impl Prover<state::Setup> {
|
||||
|
||||
let (conn, conn_fut) = bind_client(socket, client);
|
||||
|
||||
let start_time = std::time::UNIX_EPOCH.elapsed().unwrap().as_secs();
|
||||
let start_time = web_time::UNIX_EPOCH.elapsed().unwrap().as_secs();
|
||||
|
||||
let fut = Box::pin({
|
||||
#[allow(clippy::let_and_return)]
|
||||
|
||||
Reference in New Issue
Block a user