diff --git a/core/http/src/tls.rs b/core/http/src/tls.rs index b17e390f03..53ad6504b9 100644 --- a/core/http/src/tls.rs +++ b/core/http/src/tls.rs @@ -57,25 +57,22 @@ pub struct MutualTlsUser { impl MutualTlsUser { pub fn new(peer_cert: Certificate) -> Option { // Generate an x509 using the certificate provided - let x509 = X509::from_der(peer_cert.as_ref()); - if x509.is_err() { - return None; - } - let x509 = x509.expect("Failed to generate X509."); + let x509 = match X509::from_der(peer_cert.as_ref()) { + Ok(val) => val, + Err(_) => return None + }; // Retrieve alt names and store them into a Vec - let alt_names = x509.subject_alt_names(); - if alt_names.is_none() { - return None; - } - let alt_names = alt_names.expect("Alt names for certificate do not exist."); + let alt_names = match x509.subject_alt_names() { + Some(val) => val, + None => return None + }; let mut common_names = Vec::new(); for name in alt_names { - let name = name.dnsname(); - if name.is_none() { - return None; - } - let name = name.expect("Name does not exist."); + let name = match name.dnsname() { + Some(val) => val, + None => return None + }; common_names.push(format!("{}", name)); } diff --git a/core/lib/src/request/from_request.rs b/core/lib/src/request/from_request.rs index ba1cf2a1fd..3a4d705f9e 100644 --- a/core/lib/src/request/from_request.rs +++ b/core/lib/src/request/from_request.rs @@ -320,56 +320,50 @@ impl <'a, 'r> FromRequest<'a, 'r> for MutualTlsUser { fn from_request(request: &'a Request<'r>) -> Outcome { // Get peer's IP address - let ip_addr = request.client_ip(); - if ip_addr.is_none() { - return Forward(()); - } - let ip_addr = ip_addr.expect("Client's IP address could not be determined."); + let ip_addr = match request.client_ip() { + Some(val) => val, + None => return Forward(()) + }; // Reverse DNS lookup the peer's IP address - let name = lookup_addr(&ip_addr); - if name.is_err() { - return Forward(()); - } - let name = name.expect("Name of the client could not be determined."); + let name = match lookup_addr(&ip_addr) { + Ok(val) => val, + Err(_) => return Forward(()) + }; // Change name to DNSNameRef let name = Input::from(name.as_bytes()); - let common_name = DNSNameRef::try_from_ascii(name); - if common_name.is_err() { - return Forward(()); - } - let common_name = common_name.expect("Name of the client was not a valid DNS name."); + let common_name = match DNSNameRef::try_from_ascii(name) { + Ok(val) => val, + Err(_) => return Forward(()) + }; // Get certificates the peer provided - let certs = request.get_peer_certificates(); - if certs.is_none() { - return Forward(()); - } - let certs = certs.expect("Client did not supply any certificates."); + let certs = match request.get_peer_certificates() { + Some(val) => val, + None => return Forward(()) + }; // Iterate through the client certificates let certs_copy = certs.clone(); for (index, cert) in certs_copy.iter().enumerate() { let cert_input = Input::from(cert.as_ref()); - let end_entity = EndEntityCert::from(cert_input); - if end_entity.is_err() { - return Forward(()); - } - let end_entity = end_entity.expect("EndEntityCert could not be generated from certificate."); + let end_entity = match EndEntityCert::from(cert_input) { + Ok(val) => val, + Err(_) => return Forward(()) + }; // Compare certificate is valid for DNS name - let verification = end_entity.verify_is_valid_for_dns_name(common_name); - if verification.is_err() { - return Forward(()); - } + let _verification = match end_entity.verify_is_valid_for_dns_name(common_name) { + Ok(val) => val, + Err(_) => return Forward(()) + }; // Parse certificate - let mtls_user = MutualTlsUser::new(certs[index].clone()); - if mtls_user.is_none() { - return Forward(()); - } - let mtls_user = mtls_user.expect("MutualTlsUser could not be generated from the certificate provided."); + let mtls_user = match MutualTlsUser::new(certs[index].clone()) { + Some(val) => val, + None => return Forward(()) + }; return Success(mtls_user); } Forward(())