Skip to content

Commit

Permalink
Fix code formatting.
Browse files Browse the repository at this point in the history
  • Loading branch information
@wa5i
wa5i committed Nov 27, 2023
1 parent a84d745 commit d2fd6e8
Show file tree
Hide file tree
Showing 8 changed files with 102 additions and 108 deletions.
10 changes: 5 additions & 5 deletions src/modules/auth/expiration.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ use serde_json::{Value, Map};
use serde::{Serialize, Deserialize};
use delay_timer::prelude::*;
use crate::{
utils::{generate_uuid, serialize_system_time, deserialize_system_time},
utils::{generate_uuid, serialize_system_time, deserialize_system_time},
logical::{
Auth, SecretData, Request, Response,
},
Expand Down Expand Up @@ -163,7 +163,7 @@ impl ExpirationTask {
}

fn remove_task(&mut self, lease_id: &str) -> Result<(), RvError> {
log::debug!("remove task, lease_id: {}", lease_id);
log::debug!("remove task, lease_id: {}", lease_id);
if let Some(task_id) = self.task_id_map.remove(lease_id) {
self.task_id_remove_pending.push(task_id);
}
Expand All @@ -172,7 +172,7 @@ impl ExpirationTask {

fn clean_finish_task(&mut self) -> Result<(), RvError> {
for task_id in self.task_id_remove_pending.iter() {
log::debug!("clean finish task, task_id: {}", *task_id);
log::debug!("clean finish task, task_id: {}", *task_id);
self.task_timer.remove_task(*task_id)?;
}
self.task_id_remove_pending.clear();
Expand All @@ -182,8 +182,8 @@ impl ExpirationTask {

impl Drop for ExpirationTask {
fn drop(&mut self) {
log::debug!("expiration task timer stopping!");
let _ = self.task_timer.stop_delay_timer();
log::debug!("expiration task timer stopping!");
let _ = self.task_timer.stop_delay_timer();
}
}

Expand Down
2 changes: 1 addition & 1 deletion src/modules/auth/token_store.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use serde_json::{json, Value};
use serde::{Serialize, Deserialize};
use humantime::parse_duration;
use crate::{
utils::{generate_uuid, sha1, is_str_subset},
utils::{generate_uuid, sha1, is_str_subset},
new_path, new_path_internal,
new_logical_backend, new_logical_backend_internal,
logical::{
Expand Down
146 changes: 73 additions & 73 deletions src/modules/pki/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,122 +98,122 @@ impl PkiBackend {
{
pattern: r"roles/(?P<name>\w[\w-]+\w)",
fields: {
"name": {
"name": {
field_type: FieldType::Str,
required: true,
description: r#"Name of the role."#
},
"ttl": {
description: r#"Name of the role."#
},
"ttl": {
field_type: FieldType::Str,
description: r#"
description: r#"
The lease duration (validity period of the certificate) if no specific lease
duration is requested. The lease duration controls the expiration of certificates
issued by this backend. defaults to the system default value or the value of
max_ttl, whichever is shorter."#
},
"max_ttl": {
},
"max_ttl": {
field_type: FieldType::Str,
required: true,
description: r#"
description: r#"
The maximum allowed lease duration. If not set, defaults to the system maximum lease TTL."#
},
"allow_localhost": {
},
"allow_localhost": {
field_type: FieldType::Bool,
default: true,
description: r#"
default: true,
description: r#"
Whether to allow "localhost" and "localdomain" as a valid common name in a request,
independent of allowed_domains value."#
},
"allowed_domains": {
field_type: FieldType::Str,
description: r#"
},
"allowed_domains": {
field_type: FieldType::Str,
description: r#"
Specifies the domains this role is allowed to issue certificates for.
This is used with the allow_bare_domains, allow_subdomains, and allow_glob_domains
to determine matches for the common name, DNS-typed SAN entries, and Email-typed
SAN entries of certificates. See the documentation for more information.
This parameter accepts a comma-separated string or list of domains."#
},
"allow_bare_domains": {
field_type: FieldType::Bool,
},
"allow_bare_domains": {
field_type: FieldType::Bool,
default: false,
description: r#"
description: r#"
If set, clients can request certificates for the base domains themselves,
e.g. "example.com" of domains listed in allowed_domains. This is a separate
option as in some cases this can be considered a security threat.
See the documentation for more information."#
},
"allow_subdomains": {
field_type: FieldType::Bool,
},
"allow_subdomains": {
field_type: FieldType::Bool,
default: false,
description: r#"
description: r#"
If set, clients can request certificates for subdomains of domains listed in
allowed_domains, including wildcard subdomains. See the documentation for more information."#
},
"allow_any_name": {
field_type: FieldType::Bool,
},
"allow_any_name": {
field_type: FieldType::Bool,
default: false,
description: r#"
description: r#"
If set, clients can request certificates for any domain, regardless of allowed_domains restrictions.
See the documentation for more information."#
},
"allow_ip_sans": {
field_type: FieldType::Bool,
default: true,
description: r#"
},
"allow_ip_sans": {
field_type: FieldType::Bool,
default: true,
description: r#"
If set, IP Subject Alternative Names are allowed. Any valid IP is accepted and No authorization checking is performed."#
},
"server_flag": {
field_type: FieldType::Bool,
default: true,
description: r#"
},
"server_flag": {
field_type: FieldType::Bool,
default: true,
description: r#"
If set, certificates are flagged for server auth use. defaults to true. See also RFC 5280 Section 4.2.1.12."#
},
"client_flag": {
field_type: FieldType::Bool,
default: true,
description: r#"
},
"client_flag": {
field_type: FieldType::Bool,
default: true,
description: r#"
If set, certificates are flagged for client auth use. defaults to true. See also RFC 5280 Section 4.2.1.12."#
},
"code_signing_flag": {
field_type: FieldType::Bool,
description: r#"
},
"code_signing_flag": {
field_type: FieldType::Bool,
description: r#"
If set, certificates are flagged for code signing use. defaults to false. See also RFC 5280 Section 4.2.1.12."#
},
"key_type": {
field_type: FieldType::Str,
default: "rsa",
description: r#"
},
"key_type": {
field_type: FieldType::Str,
default: "rsa",
description: r#"
The type of key to use; defaults to RSA. "rsa" "ec", "ed25519" and "any" are the only valid values."#
},
"key_bits": {
field_type: FieldType::Int,
default: 0,
description: r#"
},
"key_bits": {
field_type: FieldType::Int,
default: 0,
description: r#"
The number of bits to use. Allowed values are 0 (universal default); with rsa
key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default),
384, or 521; ignored with ed25519."#
},
"signature_bits": {
field_type: FieldType::Int,
default: 0,
description: r#"
},
"signature_bits": {
field_type: FieldType::Int,
default: 0,
description: r#"
The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256,
384 for SHA-2-384, and 512 for SHA-2-512. defaults to 0 to automatically detect
based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves)."#
},
"not_before_duration": {
field_type: FieldType::Int,
default: 30,
description: r#"
},
"not_before_duration": {
field_type: FieldType::Int,
default: 30,
description: r#"
The duration before now which the certificate needs to be backdated by."#
},
"not_after": {
field_type: FieldType::Str,
},
"not_after": {
field_type: FieldType::Str,
default: "",
description: r#"
description: r#"
Set the not after field of the certificate with specified date value.
The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ."#
},
},
"ou": {
required: false,
field_type: FieldType::Str,
Expand Down Expand Up @@ -282,7 +282,7 @@ or revoked, so this option is recommended only for certificates that are
non-sensitive, or extremely short-lived. This option implies a value of "false"
for "generate_lease"."#
}
},
},
operations: [
{op: Operation::Read, handler: pki_backend_ref1.read_path_role},
{op: Operation::Write, handler: pki_backend_ref2.create_path_role},
Expand Down
2 changes: 1 addition & 1 deletion src/modules/pki/path_config_ca.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ impl PkiBackendInner {
let pem_bundle_value = req.get_data("pem_bundle")?;
let pem_bundle = pem_bundle_value.as_str().unwrap();

let items = pem::parse_many(pem_bundle)?;
let items = pem::parse_many(pem_bundle)?;
let mut key_found = false;
let mut i = 0;

Expand Down
2 changes: 1 addition & 1 deletion src/modules/pki/path_roles.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use std::{
use humantime::parse_duration;
use serde::{Serialize, Deserialize};
use crate::{
utils::{serialize_duration, deserialize_duration},
utils::{serialize_duration, deserialize_duration},
logical::{
Backend, Request, Response,
},
Expand Down
18 changes: 6 additions & 12 deletions src/storage/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,18 +30,12 @@ impl Default for StorageEntry {
}

impl StorageEntry {
pub fn new(k: &str, v: &impl Serialize) -> Result<StorageEntry, RvError> {
/*
let mut buf = Vec::new();
let mut enc = serde_json::Serializer::new(&mut buf);
v.serialize(&mut enc)?;
*/
pub fn new(k: &str, v: &impl Serialize) -> Result<StorageEntry, RvError> {
let data = serde_json::to_string(v)?;

Ok(StorageEntry {
key: k.to_string(),
value: data.into_bytes(),
})
}
Ok(StorageEntry {
key: k.to_string(),
value: data.into_bytes(),
})
}
}
18 changes: 9 additions & 9 deletions src/utils/cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,8 @@ use openssl::{
ec::{EcGroup, EcKey},
bn::{BigNum, MsbOption},
hash::MessageDigest,
nid::Nid,
asn1::{Asn1OctetString, Asn1Time},
nid::Nid,
asn1::{Asn1OctetString, Asn1Time},
};
use libc::c_int;
use lazy_static::lazy_static;
Expand Down Expand Up @@ -104,16 +104,16 @@ where
}

pub fn is_ca_cert(cert: &X509) -> bool {
unsafe {
X509_check_ca(cert.as_ptr()) != 0
}
unsafe {
X509_check_ca(cert.as_ptr()) != 0
}
}

impl Default for CertBundle {
fn default() -> Self {
CertBundle {
certificate: X509_DEFAULT.clone(),
ca_chain: Vec::new(),
ca_chain: Vec::new(),
private_key: PKEY_DEFAULT.clone(),
private_key_type: String::new(),
serial_number: String::new(),
Expand Down Expand Up @@ -259,12 +259,12 @@ impl Certificate {

builder.append_extension(san_ext.build(&builder.x509v3_context(Some(ca_cert), None))?)?;

for ext in &self.extensions {
for ext in &self.extensions {
builder.append_extension2(ext)?;
}

if self.is_ca {
builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
builder.append_extension(BasicConstraints::new().critical().ca().build()?)?;
}

builder.append_extension(KeyUsage::new()
Expand Down Expand Up @@ -335,7 +335,7 @@ impl Certificate {

let cert_bundle = CertBundle {
certificate: cert,
ca_chain: vec![ca_cert.clone()],
ca_chain: vec![ca_cert.clone()],
private_key: priv_key.clone(),
private_key_type: self.key_type.clone(),
serial_number: serial_number_hex.to_lowercase(),
Expand Down
12 changes: 6 additions & 6 deletions src/utils/key.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ use openssl::{
pkey::{PKey},
rsa::{Rsa, Padding},
ec::{EcGroup, EcKey},
nid::Nid,
nid::Nid,
rand::rand_bytes,
hash::MessageDigest,
sign::{Signer, Verifier},
Expand Down Expand Up @@ -31,8 +31,8 @@ impl Default for KeyBundle {
id: generate_uuid(),
name: String::new(),
key_type: String::new(),
key: Vec::new(),
iv: Vec::new(),
key: Vec::new(),
iv: Vec::new(),
bits: 0,
}
}
Expand Down Expand Up @@ -110,9 +110,9 @@ impl KeyBundle {
return Ok(signer.sign_to_vec()?);
},
"ec" => {
let ec_key = EcKey::private_key_from_pem(&self.key)?;
let ec_key = EcKey::private_key_from_pem(&self.key)?;
let pkey = PKey::from_ec_key(ec_key)?;
let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?;
let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?;
signer.update(data)?;
return Ok(signer.sign_to_vec()?);
},
Expand All @@ -133,7 +133,7 @@ impl KeyBundle {
return Ok(verifier.verify(signature).unwrap_or(false));
},
"ec" => {
let ec_key = EcKey::private_key_from_pem(&self.key)?;
let ec_key = EcKey::private_key_from_pem(&self.key)?;
let pkey = PKey::from_ec_key(ec_key)?;
let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey)?;
verifier.update(data)?;
Expand Down

0 comments on commit d2fd6e8

Please sign in to comment.