feat(tls): Use rustls_pki_types::CertificateDer to describe DER encoded certificate (#1707)

* feat(tls): Add CertificateDer to describe DER encoded certificate

* feat(tls): Use rustls_pki_types::CertificateDer to describe DER encoded certificate

* chore(tls): Refactor internal connect info

Author: tottoto

tonic/src/request.rs

@@ -2,13 +2,15 @@ use crate::metadata::{MetadataMap, MetadataValue};
 #[cfg(feature = "transport")]
 use crate::transport::server::TcpConnectInfo;
 #[cfg(feature = "tls")]
-use crate::transport::{server::TlsConnectInfo, Certificate};
+use crate::transport::server::TlsConnectInfo;
 use crate::Extensions;
 #[cfg(feature = "transport")]
 use std::net::SocketAddr;
 #[cfg(feature = "tls")]
 use std::sync::Arc;
 use std::time::Duration;
+#[cfg(feature = "tls")]
+use tokio_rustls::rustls::pki_types::CertificateDer;
 use tokio_stream::Stream;
 
 /// A gRPC request and metadata from an RPC call.
@@ -258,7 +260,7 @@ impl<T> Request<T> {
     /// TLS enabled connections.
     #[cfg(feature = "tls")]
     #[cfg_attr(docsrs, doc(cfg(feature = "tls")))]
-    pub fn peer_certs(&self) -> Option<Arc<Vec<Certificate>>> {
+    pub fn peer_certs(&self) -> Option<Arc<Vec<CertificateDer<'static>>>> {
         self.extensions()
             .get::<TlsConnectInfo<TcpConnectInfo>>()
             .and_then(|i| i.peer_certs())

tonic/src/transport/mod.rs

@@ -109,6 +109,8 @@ pub use self::service::grpc_timeout::TimeoutExpired;
 pub use self::tls::Certificate;
 pub use axum::{body::BoxBody as AxumBoxBody, Router as AxumRouter};
 pub use hyper::{Body, Uri};
+#[cfg(feature = "tls")]
+pub use tokio_rustls::rustls::pki_types::CertificateDer;
 
 pub(crate) use self::service::executor::Executor;
 

tonic/src/transport/server/conn.rs

@@ -2,11 +2,11 @@ use hyper::server::conn::AddrStream;
 use std::net::SocketAddr;
 use tokio::net::TcpStream;
 
-#[cfg(feature = "tls")]
-use crate::transport::Certificate;
 #[cfg(feature = "tls")]
 use std::sync::Arc;
 #[cfg(feature = "tls")]
+use tokio_rustls::rustls::pki_types::CertificateDer;
+#[cfg(feature = "tls")]
 use tokio_rustls::server::TlsStream;
 
 /// Trait that connected IO resources implement and use to produce info about the connection.
@@ -125,12 +125,9 @@ where
         let (inner, session) = self.get_ref();
         let inner = inner.connect_info();
 
-        let certs = if let Some(certs) = session.peer_certificates() {
-            let certs = certs.iter().map(Certificate::from_pem).collect();
-            Some(Arc::new(certs))
-        } else {
-            None
-        };
+        let certs = session
+            .peer_certificates()
+            .map(|certs| certs.to_owned().into());
 
         TlsConnectInfo { inner, certs }
     }
@@ -148,7 +145,7 @@ where
 #[derive(Debug, Clone)]
 pub struct TlsConnectInfo<T> {
     inner: T,
-    certs: Option<Arc<Vec<Certificate>>>,
+    certs: Option<Arc<Vec<CertificateDer<'static>>>>,
 }
 
 #[cfg(feature = "tls")]
@@ -165,7 +162,7 @@ impl<T> TlsConnectInfo<T> {
     }
 
     /// Return the set of connected peer TLS certificates.
-    pub fn peer_certs(&self) -> Option<Arc<Vec<Certificate>>> {
+    pub fn peer_certs(&self) -> Option<Arc<Vec<CertificateDer<'static>>>> {
         self.certs.clone()
     }
 }