use std::net::{Ipv4Addr, Ipv6Addr};
use super::{CertConfig, QuicConfig, RelayConfig, ServerConfig, StunConfig, TlsConfig};
pub fn stun_config() -> StunConfig {
StunConfig {
bind_addr: (Ipv4Addr::LOCALHOST, 0).into(),
}
}
pub fn self_signed_tls_certs_and_config() -> (
Vec<rustls::pki_types::CertificateDer<'static>>,
rustls::ServerConfig,
) {
let cert = rcgen::generate_simple_self_signed(vec![
"localhost".to_string(),
"127.0.0.1".to_string(),
"::1".to_string(),
])
.expect("valid");
let rustls_cert = cert.cert.der();
let private_key = rustls::pki_types::PrivatePkcs8KeyDer::from(cert.key_pair.serialize_der());
let private_key = rustls::pki_types::PrivateKeyDer::from(private_key);
let certs = vec![rustls_cert.clone()];
let server_config = rustls::ServerConfig::builder_with_provider(std::sync::Arc::new(
rustls::crypto::ring::default_provider(),
))
.with_safe_default_protocol_versions()
.expect("protocols supported by ring")
.with_no_client_auth();
let server_config = server_config
.with_single_cert(certs.clone(), private_key)
.expect("valid");
(certs, server_config)
}
pub fn tls_config() -> TlsConfig<()> {
let (certs, server_config) = self_signed_tls_certs_and_config();
TlsConfig {
server_config,
cert: CertConfig::<(), ()>::Manual { certs },
https_bind_addr: (Ipv4Addr::LOCALHOST, 0).into(),
quic_bind_addr: (Ipv4Addr::UNSPECIFIED, 0).into(),
}
}
pub fn relay_config() -> RelayConfig<()> {
RelayConfig {
http_bind_addr: (Ipv4Addr::LOCALHOST, 0).into(),
tls: Some(tls_config()),
limits: Default::default(),
}
}
pub fn quic_config() -> QuicConfig {
let (_, server_config) = self_signed_tls_certs_and_config();
QuicConfig {
bind_addr: (Ipv6Addr::UNSPECIFIED, 0).into(),
server_config,
}
}
pub fn server_config() -> ServerConfig<()> {
ServerConfig {
relay: Some(relay_config()),
stun: Some(stun_config()),
quic: Some(quic_config()),
#[cfg(feature = "metrics")]
metrics_addr: None,
}
}