From 6d09264db5c6c80c5b638b71ea742ae93e32ab50 Mon Sep 17 00:00:00 2001 From: dvdsk Date: Thu, 4 May 2023 23:55:08 +0200 Subject: [PATCH 1/4] clippy fix --- Cargo.lock | 2 +- main/src/cert.rs | 6 +----- main/src/cert/format.rs | 8 ++++---- main/src/cert/load.rs | 2 +- main/src/cert/store.rs | 10 +++++----- main/tests/format.rs | 1 - 6 files changed, 12 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5934c11..87b969f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1509,7 +1509,7 @@ checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c" [[package]] name = "renewc" -version = "0.1.1" +version = "0.2.0" dependencies = [ "async-trait", "axum", diff --git a/main/src/cert.rs b/main/src/cert.rs index 96504ab..001d09f 100644 --- a/main/src/cert.rs +++ b/main/src/cert.rs @@ -106,11 +106,7 @@ impl Signed

{ let private_key = PemItem::from_pem(private_key, Label::PrivateKey)?; - Ok(Self { - private_key, - certificate, - chain, - }) + Ok(Self { certificate, private_key, chain }) } } diff --git a/main/src/cert/format.rs b/main/src/cert/format.rs index a2e8c67..57b99ad 100644 --- a/main/src/cert/format.rs +++ b/main/src/cert/format.rs @@ -26,7 +26,7 @@ impl PemItem for Pem { } fn chain_into_bytes(pems: &[Self]) -> Vec { - pem::encode_many(&pems).into_bytes() + pem::encode_many(pems).into_bytes() } fn chain_from_pem(encoded: impl AsRef<[u8]>) -> eyre::Result> { @@ -82,7 +82,7 @@ impl Der { /// bytes must be valid der #[must_use] pub(crate) fn from_bytes(bytes: Vec) -> Self { - Self(bytes.into()) + Self(bytes) } #[must_use] @@ -107,7 +107,7 @@ mod tests { let missing_linefeeds = "-----CERTIFICATE-----12oien23ie4n23you4n23h4oyu23l4en2348u7l234n23ein4o23n42h3yu4l23y432el4uy23l4e-----END CERTIFICATE-----"; for invalid in [one_dash_too_much, missing_begin, missing_linefeeds] { - let _ = Pem::from_pem(invalid.to_owned(), Label::Certificate).unwrap_err(); + let _ = Pem::from_pem(invalid, Label::Certificate).unwrap_err(); } } @@ -115,7 +115,7 @@ mod tests { fn reversible() { const ROOT_CA: &[u8] = "-----BEGIN CERTIFICATE-----\r\nMIIBkDCCATagAwIBAgIIHXJD3lzIXyMwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwW\r\ncmNnZW4gc2VsZiBzaWduZWQgY2VydDAgFw03NTAxMDEwMDAwMDBaGA8yNTAwMDQy\r\nMTE2NTk0OVowITEfMB0GA1UEAwwWcmNnZW4gc2VsZiBzaWduZWQgY2VydDBZMBMG\r\nByqGSM49AgEGCCqGSM49AwEHA0IABHtP92/H2wTvW/xZ9iSiCMnWOfaydoSWEGFi\r\nWPHBvTO0FyLEUxQKOOrunv071KrBbYECyX00Q5efWj46brjzjJajVjBUMCIGA1Ud\r\nEQQbMBmCF1NUQUdJTkcubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBQjX8hc3kNy\r\nHXuj5yHSZipVhCHtQDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUC\r\nIQD7CpgwpL6KT3Ljedh5bL4x3LSY5guONLcWIfz2X9E8ngIgbrcaTmaryZfiYnnK\r\nETaDo04pY2cDOIsIy2ycUTJL084=\r\n-----END CERTIFICATE-----\r\n".as_bytes(); - let der = Pem::from_pem(ROOT_CA.to_vec(), Label::Certificate) + let der = Pem::from_pem(ROOT_CA, Label::Certificate) .unwrap() .der(); assert_ne!(der.clone().into_bytes(), ROOT_CA); diff --git a/main/src/cert/load.rs b/main/src/cert/load.rs index 41e3041..649d025 100644 --- a/main/src/cert/load.rs +++ b/main/src/cert/load.rs @@ -158,7 +158,7 @@ fn load_certificate(config: &Config) -> eyre::Result { let mut file = fs::OpenOptions::new().append(true).open(path)?; - return file + file .write_all(&bytes) - .wrap_err("Could not append signed certificate to pem file"); + .wrap_err("Could not append signed certificate to pem file") } Operation::Create(path) => { let mut file = fs::File::create(path)?; @@ -53,9 +53,9 @@ fn write_key( match operation { Operation::Append(path) => { let mut file = fs::OpenOptions::new().append(true).open(path)?; - return file + file .write_all(&bytes) - .wrap_err("Could not append private key to pem file"); + .wrap_err("Could not append private key to pem file") } Operation::Create(path) => { let mut file = fs::File::create(path) @@ -101,7 +101,7 @@ enum Operation<'a> { #[instrument(level = "debug", skip(config, signed), ret)] pub fn on_disk(config: &Config, signed: Signed

) -> eyre::Result<()> { - use Operation::*; + use Operation::{Append, Create}; let cert_path = cert_path(config)?; let key_path = key_path(config)?; let chain_path = chain_path(config)?; diff --git a/main/tests/format.rs b/main/tests/format.rs index 83440b2..51073ef 100644 --- a/main/tests/format.rs +++ b/main/tests/format.rs @@ -29,7 +29,6 @@ async fn der_and_pem_equal() { Output::PemAllSeperate, Output::Der, ] - .into_iter() { config.output.output = dbg!(&format).clone(); store::on_disk(&config, original.clone()).unwrap(); From d18be04bef6ac0bc6d32330ee435694d328a9316 Mon Sep 17 00:00:00 2001 From: dvdsk Date: Thu, 4 May 2023 23:57:32 +0200 Subject: [PATCH 2/4] clippy pedantic fix --- main/src/cert/load.rs | 10 +++++----- main/src/lib.rs | 2 +- main/src/ui.rs | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/main/src/cert/load.rs b/main/src/cert/load.rs index 649d025..67aeac1 100644 --- a/main/src/cert/load.rs +++ b/main/src/cert/load.rs @@ -20,7 +20,7 @@ pub enum Encoding { } impl Encoding { - pub(crate) fn extension(&self) -> &'static str { + pub(crate) fn extension(self) -> &'static str { match self { Encoding::PEM => "pem", Encoding::DER => "der", @@ -33,10 +33,10 @@ impl Encoding { impl From<&Output> for Encoding { fn from(output: &Output) -> Self { match output { - Output::Pem => Encoding::PEM, - Output::PemSeperateKey => Encoding::PEM, - Output::PemSeperateChain => Encoding::PEM, - Output::PemAllSeperate => Encoding::PEM, + Output::Pem + | Output::PemSeperateKey + | Output::PemSeperateChain + | Output::PemAllSeperate => Encoding::PEM, Output::Der => Encoding::DER, } } diff --git a/main/src/lib.rs b/main/src/lib.rs index 8f4970d..0ff4886 100644 --- a/main/src/lib.rs +++ b/main/src/lib.rs @@ -66,7 +66,7 @@ pub async fn run( } }; - match ui::precheck(config, cert, stdout) { + match ui::precheck(config, &cert, stdout) { CheckResult::Refuse { status: Some(status), warning, diff --git a/main/src/ui.rs b/main/src/ui.rs index 31099bd..922b102 100644 --- a/main/src/ui.rs +++ b/main/src/ui.rs @@ -61,7 +61,7 @@ impl CheckResult { } } -pub fn precheck(config: &Config, cert: Info, stdout: &mut impl Write) -> CheckResult { +pub fn precheck(config: &Config, cert: &Info, stdout: &mut impl Write) -> CheckResult { match (config.production, cert.staging, cert.should_renew()) { (false, true, _) => { CheckResult::accept( "Requesting staging cert, certificates will not be valid") From 6c04ceda8ca466bd8b0c73ed0e67004d044cf1cd Mon Sep 17 00:00:00 2001 From: dvdsk Date: Fri, 5 May 2023 00:10:22 +0200 Subject: [PATCH 3/4] email added to acme account, version incr --- CHANGELOG.md | 6 ++++++ main/Cargo.toml | 8 ++++---- main/src/cert/format.rs | 6 ++---- main/src/config.rs | 2 +- main/src/renew.rs | 29 +++++++++++++++++------------ main/tests/behaviour.rs | 2 +- 6 files changed, 31 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8fa8092..48356d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [0.2.1] - 2023-05-05 + +### Fixes + - Email is now actually added to acme account info + ## [0.2.0] - 2023-05-04 ### Added diff --git a/main/Cargo.toml b/main/Cargo.toml index 982bc3a..eac924c 100644 --- a/main/Cargo.toml +++ b/main/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "renewc" -version = "0.2.0" +version = "0.2.1" edition = "2021" description = "Certificate renewal, with advanced diagnostics without installing anything" license = "Apache-2.0 OR MIT" @@ -36,9 +36,9 @@ rand = "0.8" owo-colors = { version = "3.5" } yasna = "0.5" der = "0.7" -async-trait = "0.1.68" -data-encoding = "2.3.3" -pem = "2.0.1" +async-trait = "0.1" +data-encoding = "2.3" +pem = "2" [dev-dependencies] libc = "0.2" diff --git a/main/src/cert/format.rs b/main/src/cert/format.rs index 57b99ad..61d953e 100644 --- a/main/src/cert/format.rs +++ b/main/src/cert/format.rs @@ -107,7 +107,7 @@ mod tests { let missing_linefeeds = "-----CERTIFICATE-----12oien23ie4n23you4n23h4oyu23l4en2348u7l234n23ein4o23n42h3yu4l23y432el4uy23l4e-----END CERTIFICATE-----"; for invalid in [one_dash_too_much, missing_begin, missing_linefeeds] { - let _ = Pem::from_pem(invalid, Label::Certificate).unwrap_err(); + let _: eyre::Report = Pem::from_pem(invalid, Label::Certificate).unwrap_err(); } } @@ -115,9 +115,7 @@ mod tests { fn reversible() { const ROOT_CA: &[u8] = "-----BEGIN CERTIFICATE-----\r\nMIIBkDCCATagAwIBAgIIHXJD3lzIXyMwCgYIKoZIzj0EAwIwITEfMB0GA1UEAwwW\r\ncmNnZW4gc2VsZiBzaWduZWQgY2VydDAgFw03NTAxMDEwMDAwMDBaGA8yNTAwMDQy\r\nMTE2NTk0OVowITEfMB0GA1UEAwwWcmNnZW4gc2VsZiBzaWduZWQgY2VydDBZMBMG\r\nByqGSM49AgEGCCqGSM49AwEHA0IABHtP92/H2wTvW/xZ9iSiCMnWOfaydoSWEGFi\r\nWPHBvTO0FyLEUxQKOOrunv071KrBbYECyX00Q5efWj46brjzjJajVjBUMCIGA1Ud\r\nEQQbMBmCF1NUQUdJTkcubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBQjX8hc3kNy\r\nHXuj5yHSZipVhCHtQDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUC\r\nIQD7CpgwpL6KT3Ljedh5bL4x3LSY5guONLcWIfz2X9E8ngIgbrcaTmaryZfiYnnK\r\nETaDo04pY2cDOIsIy2ycUTJL084=\r\n-----END CERTIFICATE-----\r\n".as_bytes(); - let der = Pem::from_pem(ROOT_CA, Label::Certificate) - .unwrap() - .der(); + let der = Pem::from_pem(ROOT_CA, Label::Certificate).unwrap().der(); assert_ne!(der.clone().into_bytes(), ROOT_CA); let pem: Pem = der.to_pem(Label::Certificate); assert_eq!(pem.into_bytes(), ROOT_CA); diff --git a/main/src/config.rs b/main/src/config.rs index 20b6a16..d8685ae 100644 --- a/main/src/config.rs +++ b/main/src/config.rs @@ -102,7 +102,7 @@ impl Config { pub fn test(port: u16) -> Self { Config { domains: vec!["testdomain.org".into()], - email: vec!["test_email".into()], + email: vec!["test@testdomain.org".into()], production: false, port, output: args::OutputConfig::test(), diff --git a/main/src/renew.rs b/main/src/renew.rs index 4fa42b3..7df59e2 100644 --- a/main/src/renew.rs +++ b/main/src/renew.rs @@ -1,4 +1,5 @@ use std::io::Read; +use std::string::String; use std::time::Duration; use color_eyre::eyre::{self, Context}; @@ -24,15 +25,25 @@ use server::Http01Challenge; // Alternatively, restore an account from serialized credentials by // using `Account::from_credentials()`. #[tracing::instrument(skip_all)] -async fn account(production: bool) -> Result { - let url = if production { +async fn account(config: &Config) -> Result { + let url = if config.production { LetsEncrypt::Production.url() } else { LetsEncrypt::Staging.url() }; + let contact: Vec<_> = config + .email + .iter() + .map(|addr| format!("mailto:{addr}")) + .collect(); + Account::create( &NewAccount { - contact: &[], + contact: contact + .iter() + .map(String::as_str) + .collect::>() + .as_slice(), terms_of_service_agreed: true, only_return_existing: false, }, @@ -150,17 +161,11 @@ fn prepare_sign_request(names: &[String]) -> Result<(Certificate, Vec), rcge #[tracing::instrument(skip_all)] pub async fn request(config: &Config, debug: bool) -> eyre::Result> { - let Config { - domains: ref names, - production, - .. - } = config; - - let account = account(*production).await?; - let mut order = order(&account, names) + let account = account(config).await?; + let mut order = order(&account, &config.domains) .await .wrap_err("Certificate authority can not issue a certificate") - .with_note(|| format!("names: {names:?}"))?; + .with_note(|| format!("names: {:?}", config.domains))?; let challenges = prepare_challenge(&mut order).await?; diff --git a/main/tests/behaviour.rs b/main/tests/behaviour.rs index 2739c16..b5800d9 100644 --- a/main/tests/behaviour.rs +++ b/main/tests/behaviour.rs @@ -90,7 +90,7 @@ async fn staging_does_not_overwrite_production() { assert!( output.contains(end), "stdout did not contain:\n\t{end:#?}\ninstead it was:\n\t{output:#?}" - ) + ); } #[tokio::test] From 8f452999775c26268edc6a8e53bb2cab2683e0e2 Mon Sep 17 00:00:00 2001 From: dvdsk Date: Fri, 5 May 2023 00:10:48 +0200 Subject: [PATCH 4/4] fix wrong license in Cargo.toml --- Cargo.lock | 2 +- main/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 87b969f..9335290 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1509,7 +1509,7 @@ checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c" [[package]] name = "renewc" -version = "0.2.0" +version = "0.2.1" dependencies = [ "async-trait", "axum", diff --git a/main/Cargo.toml b/main/Cargo.toml index eac924c..3b1f1e3 100644 --- a/main/Cargo.toml +++ b/main/Cargo.toml @@ -3,7 +3,7 @@ name = "renewc" version = "0.2.1" edition = "2021" description = "Certificate renewal, with advanced diagnostics without installing anything" -license = "Apache-2.0 OR MIT" +license = "GNUv3" [dependencies] instant-acme = { version = "0.2", git = "https://github.com/instant-labs/instant-acme", rev="c9a7b9d" }