From d2fd6e80731e1814243483113dcb3d9350731349 Mon Sep 17 00:00:00 2001 From: Jin Jiu <zuxi.wzx@alibaba-inc.com> Date: Mon, 27 Nov 2023 08:24:10 +0800 Subject: [PATCH] Fix code formatting. --- src/modules/auth/expiration.rs | 10 +- src/modules/auth/token_store.rs | 2 +- src/modules/pki/mod.rs | 146 +++++++++++++++--------------- src/modules/pki/path_config_ca.rs | 2 +- src/modules/pki/path_roles.rs | 2 +- src/storage/mod.rs | 18 ++-- src/utils/cert.rs | 18 ++-- src/utils/key.rs | 12 +-- 8 files changed, 102 insertions(+), 108 deletions(-) diff --git a/src/modules/auth/expiration.rs b/src/modules/auth/expiration.rs index b1a96918..6b0c3ec3 100644 --- a/src/modules/auth/expiration.rs +++ b/src/modules/auth/expiration.rs @@ -9,7 +9,7 @@ use serde_json::{Value, Map}; use serde::{Serialize, Deserialize}; use delay_timer::prelude::*; use crate::{ - utils::{generate_uuid, serialize_system_time, deserialize_system_time}, + utils::{generate_uuid, serialize_system_time, deserialize_system_time}, logical::{ Auth, SecretData, Request, Response, }, @@ -163,7 +163,7 @@ impl ExpirationTask { } fn remove_task(&mut self, lease_id: &str) -> Result<(), RvError> { - log::debug!("remove task, lease_id: {}", lease_id); + log::debug!("remove task, lease_id: {}", lease_id); if let Some(task_id) = self.task_id_map.remove(lease_id) { self.task_id_remove_pending.push(task_id); } @@ -172,7 +172,7 @@ impl ExpirationTask { fn clean_finish_task(&mut self) -> Result<(), RvError> { for task_id in self.task_id_remove_pending.iter() { - log::debug!("clean finish task, task_id: {}", *task_id); + log::debug!("clean finish task, task_id: {}", *task_id); self.task_timer.remove_task(*task_id)?; } self.task_id_remove_pending.clear(); @@ -182,8 +182,8 @@ impl ExpirationTask { impl Drop for ExpirationTask { fn drop(&mut self) { - log::debug!("expiration task timer stopping!"); - let _ = self.task_timer.stop_delay_timer(); + log::debug!("expiration task timer stopping!"); + let _ = self.task_timer.stop_delay_timer(); } } diff --git a/src/modules/auth/token_store.rs b/src/modules/auth/token_store.rs index b2816e37..0263672d 100644 --- a/src/modules/auth/token_store.rs +++ b/src/modules/auth/token_store.rs @@ -10,7 +10,7 @@ use serde_json::{json, Value}; use serde::{Serialize, Deserialize}; use humantime::parse_duration; use crate::{ - utils::{generate_uuid, sha1, is_str_subset}, + utils::{generate_uuid, sha1, is_str_subset}, new_path, new_path_internal, new_logical_backend, new_logical_backend_internal, logical::{ diff --git a/src/modules/pki/mod.rs b/src/modules/pki/mod.rs index bb4cc118..fc37f94f 100644 --- a/src/modules/pki/mod.rs +++ b/src/modules/pki/mod.rs @@ -98,122 +98,122 @@ impl PkiBackend { { pattern: r"roles/(?P<name>\w[\w-]+\w)", fields: { - "name": { + "name": { field_type: FieldType::Str, required: true, - description: r#"Name of the role."# - }, - "ttl": { + description: r#"Name of the role."# + }, + "ttl": { field_type: FieldType::Str, - description: r#" + description: r#" The lease duration (validity period of the certificate) if no specific lease duration is requested. The lease duration controls the expiration of certificates issued by this backend. defaults to the system default value or the value of max_ttl, whichever is shorter."# - }, - "max_ttl": { + }, + "max_ttl": { field_type: FieldType::Str, required: true, - description: r#" + description: r#" The maximum allowed lease duration. If not set, defaults to the system maximum lease TTL."# - }, - "allow_localhost": { + }, + "allow_localhost": { field_type: FieldType::Bool, - default: true, - description: r#" + default: true, + description: r#" Whether to allow "localhost" and "localdomain" as a valid common name in a request, independent of allowed_domains value."# - }, - "allowed_domains": { - field_type: FieldType::Str, - description: r#" + }, + "allowed_domains": { + field_type: FieldType::Str, + description: r#" Specifies the domains this role is allowed to issue certificates for. This is used with the allow_bare_domains, allow_subdomains, and allow_glob_domains to determine matches for the common name, DNS-typed SAN entries, and Email-typed SAN entries of certificates. See the documentation for more information. This parameter accepts a comma-separated string or list of domains."# - }, - "allow_bare_domains": { - field_type: FieldType::Bool, + }, + "allow_bare_domains": { + field_type: FieldType::Bool, default: false, - description: r#" + description: r#" If set, clients can request certificates for the base domains themselves, e.g. "example.com" of domains listed in allowed_domains. This is a separate option as in some cases this can be considered a security threat. See the documentation for more information."# - }, - "allow_subdomains": { - field_type: FieldType::Bool, + }, + "allow_subdomains": { + field_type: FieldType::Bool, default: false, - description: r#" + description: r#" If set, clients can request certificates for subdomains of domains listed in allowed_domains, including wildcard subdomains. See the documentation for more information."# - }, - "allow_any_name": { - field_type: FieldType::Bool, + }, + "allow_any_name": { + field_type: FieldType::Bool, default: false, - description: r#" + description: r#" If set, clients can request certificates for any domain, regardless of allowed_domains restrictions. See the documentation for more information."# - }, - "allow_ip_sans": { - field_type: FieldType::Bool, - default: true, - description: r#" + }, + "allow_ip_sans": { + field_type: FieldType::Bool, + default: true, + description: r#" If set, IP Subject Alternative Names are allowed. Any valid IP is accepted and No authorization checking is performed."# - }, - "server_flag": { - field_type: FieldType::Bool, - default: true, - description: r#" + }, + "server_flag": { + field_type: FieldType::Bool, + default: true, + description: r#" If set, certificates are flagged for server auth use. defaults to true. See also RFC 5280 Section 4.2.1.12."# - }, - "client_flag": { - field_type: FieldType::Bool, - default: true, - description: r#" + }, + "client_flag": { + field_type: FieldType::Bool, + default: true, + description: r#" If set, certificates are flagged for client auth use. defaults to true. See also RFC 5280 Section 4.2.1.12."# - }, - "code_signing_flag": { - field_type: FieldType::Bool, - description: r#" + }, + "code_signing_flag": { + field_type: FieldType::Bool, + description: r#" If set, certificates are flagged for code signing use. defaults to false. See also RFC 5280 Section 4.2.1.12."# - }, - "key_type": { - field_type: FieldType::Str, - default: "rsa", - description: r#" + }, + "key_type": { + field_type: FieldType::Str, + default: "rsa", + description: r#" The type of key to use; defaults to RSA. "rsa" "ec", "ed25519" and "any" are the only valid values."# - }, - "key_bits": { - field_type: FieldType::Int, - default: 0, - description: r#" + }, + "key_bits": { + field_type: FieldType::Int, + default: 0, + description: r#" The number of bits to use. Allowed values are 0 (universal default); with rsa key_type: 2048 (default), 3072, or 4096; with ec key_type: 224, 256 (default), 384, or 521; ignored with ed25519."# - }, - "signature_bits": { - field_type: FieldType::Int, - default: 0, - description: r#" + }, + "signature_bits": { + field_type: FieldType::Int, + default: 0, + description: r#" The number of bits to use in the signature algorithm; accepts 256 for SHA-2-256, 384 for SHA-2-384, and 512 for SHA-2-512. defaults to 0 to automatically detect based on key length (SHA-2-256 for RSA keys, and matching the curve size for NIST P-Curves)."# - }, - "not_before_duration": { - field_type: FieldType::Int, - default: 30, - description: r#" + }, + "not_before_duration": { + field_type: FieldType::Int, + default: 30, + description: r#" The duration before now which the certificate needs to be backdated by."# - }, - "not_after": { - field_type: FieldType::Str, + }, + "not_after": { + field_type: FieldType::Str, default: "", - description: r#" + description: r#" Set the not after field of the certificate with specified date value. The value format should be given in UTC format YYYY-MM-ddTHH:MM:SSZ."# - }, + }, "ou": { required: false, field_type: FieldType::Str, @@ -282,7 +282,7 @@ or revoked, so this option is recommended only for certificates that are non-sensitive, or extremely short-lived. This option implies a value of "false" for "generate_lease"."# } - }, + }, operations: [ {op: Operation::Read, handler: pki_backend_ref1.read_path_role}, {op: Operation::Write, handler: pki_backend_ref2.create_path_role}, diff --git a/src/modules/pki/path_config_ca.rs b/src/modules/pki/path_config_ca.rs index 38ae06bf..bec61bc8 100644 --- a/src/modules/pki/path_config_ca.rs +++ b/src/modules/pki/path_config_ca.rs @@ -21,7 +21,7 @@ impl PkiBackendInner { let pem_bundle_value = req.get_data("pem_bundle")?; let pem_bundle = pem_bundle_value.as_str().unwrap(); - let items = pem::parse_many(pem_bundle)?; + let items = pem::parse_many(pem_bundle)?; let mut key_found = false; let mut i = 0; diff --git a/src/modules/pki/path_roles.rs b/src/modules/pki/path_roles.rs index 2be6b5aa..7ef491ed 100644 --- a/src/modules/pki/path_roles.rs +++ b/src/modules/pki/path_roles.rs @@ -4,7 +4,7 @@ use std::{ use humantime::parse_duration; use serde::{Serialize, Deserialize}; use crate::{ - utils::{serialize_duration, deserialize_duration}, + utils::{serialize_duration, deserialize_duration}, logical::{ Backend, Request, Response, }, diff --git a/src/storage/mod.rs b/src/storage/mod.rs index fa49abb2..09a7c451 100644 --- a/src/storage/mod.rs +++ b/src/storage/mod.rs @@ -30,18 +30,12 @@ impl Default for StorageEntry { } impl StorageEntry { - pub fn new(k: &str, v: &impl Serialize) -> Result<StorageEntry, RvError> { - /* - let mut buf = Vec::new(); - let mut enc = serde_json::Serializer::new(&mut buf); - - v.serialize(&mut enc)?; - */ + pub fn new(k: &str, v: &impl Serialize) -> Result<StorageEntry, RvError> { let data = serde_json::to_string(v)?; - Ok(StorageEntry { - key: k.to_string(), - value: data.into_bytes(), - }) - } + Ok(StorageEntry { + key: k.to_string(), + value: data.into_bytes(), + }) + } } diff --git a/src/utils/cert.rs b/src/utils/cert.rs index 5bac6fbe..ac7b6c26 100644 --- a/src/utils/cert.rs +++ b/src/utils/cert.rs @@ -13,8 +13,8 @@ use openssl::{ ec::{EcGroup, EcKey}, bn::{BigNum, MsbOption}, hash::MessageDigest, - nid::Nid, - asn1::{Asn1OctetString, Asn1Time}, + nid::Nid, + asn1::{Asn1OctetString, Asn1Time}, }; use libc::c_int; use lazy_static::lazy_static; @@ -104,16 +104,16 @@ where } pub fn is_ca_cert(cert: &X509) -> bool { - unsafe { - X509_check_ca(cert.as_ptr()) != 0 - } + unsafe { + X509_check_ca(cert.as_ptr()) != 0 + } } impl Default for CertBundle { fn default() -> Self { CertBundle { certificate: X509_DEFAULT.clone(), - ca_chain: Vec::new(), + ca_chain: Vec::new(), private_key: PKEY_DEFAULT.clone(), private_key_type: String::new(), serial_number: String::new(), @@ -259,12 +259,12 @@ impl Certificate { builder.append_extension(san_ext.build(&builder.x509v3_context(Some(ca_cert), None))?)?; - for ext in &self.extensions { + for ext in &self.extensions { builder.append_extension2(ext)?; } if self.is_ca { - builder.append_extension(BasicConstraints::new().critical().ca().build()?)?; + builder.append_extension(BasicConstraints::new().critical().ca().build()?)?; } builder.append_extension(KeyUsage::new() @@ -335,7 +335,7 @@ impl Certificate { let cert_bundle = CertBundle { certificate: cert, - ca_chain: vec![ca_cert.clone()], + ca_chain: vec![ca_cert.clone()], private_key: priv_key.clone(), private_key_type: self.key_type.clone(), serial_number: serial_number_hex.to_lowercase(), diff --git a/src/utils/key.rs b/src/utils/key.rs index 058b7a5c..473feda9 100644 --- a/src/utils/key.rs +++ b/src/utils/key.rs @@ -2,7 +2,7 @@ use openssl::{ pkey::{PKey}, rsa::{Rsa, Padding}, ec::{EcGroup, EcKey}, - nid::Nid, + nid::Nid, rand::rand_bytes, hash::MessageDigest, sign::{Signer, Verifier}, @@ -31,8 +31,8 @@ impl Default for KeyBundle { id: generate_uuid(), name: String::new(), key_type: String::new(), - key: Vec::new(), - iv: Vec::new(), + key: Vec::new(), + iv: Vec::new(), bits: 0, } } @@ -110,9 +110,9 @@ impl KeyBundle { return Ok(signer.sign_to_vec()?); }, "ec" => { - let ec_key = EcKey::private_key_from_pem(&self.key)?; + let ec_key = EcKey::private_key_from_pem(&self.key)?; let pkey = PKey::from_ec_key(ec_key)?; - let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?; + let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?; signer.update(data)?; return Ok(signer.sign_to_vec()?); }, @@ -133,7 +133,7 @@ impl KeyBundle { return Ok(verifier.verify(signature).unwrap_or(false)); }, "ec" => { - let ec_key = EcKey::private_key_from_pem(&self.key)?; + let ec_key = EcKey::private_key_from_pem(&self.key)?; let pkey = PKey::from_ec_key(ec_key)?; let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey)?; verifier.update(data)?;