From 213d057d0810f53c758979cb0631fea5279e479b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rodolphe=20Br=C3=A9ard?= Date: Sat, 28 Jan 2023 18:52:41 +0100 Subject: [PATCH] Fix the indentation --- acme_common/src/crypto/openssl_keys.rs | 20 +- acmed/src/acme_proto/account.rs | 8 +- acmed/src/acme_proto/structs/account.rs | 14 +- acmed/src/acme_proto/structs/authorization.rs | 100 ++++---- acmed/src/acme_proto/structs/directory.rs | 62 ++--- acmed/src/acme_proto/structs/error.rs | 52 ++-- tacd/src/main.rs | 222 +++++++++--------- 7 files changed, 238 insertions(+), 240 deletions(-) diff --git a/acme_common/src/crypto/openssl_keys.rs b/acme_common/src/crypto/openssl_keys.rs index 8231f28..3cafb3d 100644 --- a/acme_common/src/crypto/openssl_keys.rs +++ b/acme_common/src/crypto/openssl_keys.rs @@ -248,17 +248,15 @@ impl KeyPair { } }; - /* - * /!\ WARNING: HAZARDOUS AND UGLY CODE /!\ - * - * I couldn't find a way to get the value of `x` using the OpenSSL - * interface, therefore I had to hack my way arround. - * - * The idea behind this hack is to export the public key in PEM, then - * get the PEM base64 part, convert it to base64url without padding - * and finally truncate the first part so only the value of `x` - * remains. - */ + // /!\ WARNING: HAZARDOUS AND UGLY CODE /!\ + // + // I couldn't find a way to get the value of `x` using the OpenSSL + // interface, therefore I had to hack my way arround. + // + // The idea behind this hack is to export the public key in PEM, then + // get the PEM base64 part, convert it to base64url without padding + // and finally truncate the first part so only the value of `x` + // remains. // -----BEGIN UGLY----- let mut x = String::new(); diff --git a/acmed/src/acme_proto/account.rs b/acmed/src/acme_proto/account.rs index 3b68ab3..10c1c4a 100644 --- a/acmed/src/acme_proto/account.rs +++ b/acmed/src/acme_proto/account.rs @@ -56,10 +56,10 @@ pub fn register_account(endpoint: &mut Endpoint, account: &mut BaseAccount) -> R Some(url) => url, None => { let msg = format!( - "endpoint \"{}\": account \"{}\": the server has not provided an order URL upon account creation", - &endpoint.name, - &account.name - ); + "endpoint \"{}\": account \"{}\": the server has not provided an order URL upon account creation", + &endpoint.name, + &account.name + ); account.warn(&msg); String::new() } diff --git a/acmed/src/acme_proto/structs/account.rs b/acmed/src/acme_proto/structs/account.rs index a0b6698..03a0c83 100644 --- a/acmed/src/acme_proto/structs/account.rs +++ b/acmed/src/acme_proto/structs/account.rs @@ -139,13 +139,13 @@ mod tests { #[test] fn test_account_response() { let data = "{ - \"status\": \"valid\", - \"contact\": [ - \"mailto:cert-admin@example.org\", - \"mailto:admin@example.org\" - ], - \"termsOfServiceAgreed\": true, - \"orders\": \"https://example.com/acme/orders/rzGoeA\" + \"status\": \"valid\", + \"contact\": [ + \"mailto:cert-admin@example.org\", + \"mailto:admin@example.org\" + ], + \"termsOfServiceAgreed\": true, + \"orders\": \"https://example.com/acme/orders/rzGoeA\" }"; let account_resp = AccountResponse::from_str(data); assert!(account_resp.is_ok()); diff --git a/acmed/src/acme_proto/structs/authorization.rs b/acmed/src/acme_proto/structs/authorization.rs index b74bdc2..fcb4bfb 100644 --- a/acmed/src/acme_proto/structs/authorization.rs +++ b/acmed/src/acme_proto/structs/authorization.rs @@ -178,12 +178,12 @@ mod tests { #[test] fn test_authorization() { let data = "{ - \"status\": \"pending\", - \"identifier\": { - \"type\": \"dns\", - \"value\": \"example.com\" - }, - \"challenges\": [] + \"status\": \"pending\", + \"identifier\": { + \"type\": \"dns\", + \"value\": \"example.com\" + }, + \"challenges\": [] }"; let a = Authorization::from_str(data); assert!(a.is_ok()); @@ -198,19 +198,19 @@ mod tests { #[test] fn test_authorization_challenge() { let data = "{ - \"status\": \"pending\", - \"identifier\": { - \"type\": \"dns\", - \"value\": \"example.com\" - }, - \"challenges\": [ - { - \"type\": \"dns-01\", - \"status\": \"pending\", - \"url\": \"https://example.com/chall/jYWxob3N0OjE\", - \"token\": \"1y9UVMUvkqQVljCsnwlRLsbJcwN9nx-qDd6JHzXQQsw\" - } - ] + \"status\": \"pending\", + \"identifier\": { + \"type\": \"dns\", + \"value\": \"example.com\" + }, + \"challenges\": [ + { + \"type\": \"dns-01\", + \"status\": \"pending\", + \"url\": \"https://example.com/chall/jYWxob3N0OjE\", + \"token\": \"1y9UVMUvkqQVljCsnwlRLsbJcwN9nx-qDd6JHzXQQsw\" + } + ] }"; let a = Authorization::from_str(data); assert!(a.is_ok()); @@ -225,19 +225,19 @@ mod tests { #[test] fn test_authorization_unknown_challenge() { let data = "{ - \"status\": \"pending\", - \"identifier\": { - \"type\": \"dns\", - \"value\": \"example.com\" - }, - \"challenges\": [ - { - \"type\": \"invalid-challenge-01\", - \"status\": \"pending\", - \"url\": \"https://example.com/chall/jYWxob3N0OjE\", - \"token\": \"1y9UVMUvkqQVljCsnwlRLsbJcwN9nx-qDd6JHzXQQsw\" - } - ] + \"status\": \"pending\", + \"identifier\": { + \"type\": \"dns\", + \"value\": \"example.com\" + }, + \"challenges\": [ + { + \"type\": \"invalid-challenge-01\", + \"status\": \"pending\", + \"url\": \"https://example.com/chall/jYWxob3N0OjE\", + \"token\": \"1y9UVMUvkqQVljCsnwlRLsbJcwN9nx-qDd6JHzXQQsw\" + } + ] }"; let a = Authorization::from_str(data); assert!(a.is_ok()); @@ -252,12 +252,12 @@ mod tests { #[test] fn test_invalid_authorization() { let data = "{ - \"status\": \"pending\", - \"identifier\": { - \"type\": \"foo\", - \"value\": \"bar\" - }, - \"challenges\": [] + \"status\": \"pending\", + \"identifier\": { + \"type\": \"foo\", + \"value\": \"bar\" + }, + \"challenges\": [] }"; let a = Authorization::from_str(data); assert!(a.is_err()); @@ -266,10 +266,10 @@ mod tests { #[test] fn test_http01_challenge() { let data = "{ - \"type\": \"http-01\", - \"url\": \"https://example.com/acme/chall/prV_B7yEyA4\", - \"status\": \"pending\", - \"token\": \"LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0\" + \"type\": \"http-01\", + \"url\": \"https://example.com/acme/chall/prV_B7yEyA4\", + \"status\": \"pending\", + \"token\": \"LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0\" }"; let challenge = Challenge::from_str(data); assert!(challenge.is_ok()); @@ -297,10 +297,10 @@ mod tests { #[test] fn test_dns01_challenge() { let data = "{ - \"type\": \"http-01\", - \"url\": \"https://example.com/acme/chall/prV_B7yEyA4\", - \"status\": \"valid\", - \"token\": \"LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0\" + \"type\": \"http-01\", + \"url\": \"https://example.com/acme/chall/prV_B7yEyA4\", + \"status\": \"valid\", + \"token\": \"LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0\" }"; let challenge = Challenge::from_str(data); assert!(challenge.is_ok()); @@ -328,10 +328,10 @@ mod tests { #[test] fn test_unknown_challenge_type() { let data = "{ - \"type\": \"invalid-01\", - \"url\": \"https://example.com/acme/chall/prV_B7yEyA4\", - \"status\": \"pending\", - \"token\": \"LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0\" + \"type\": \"invalid-01\", + \"url\": \"https://example.com/acme/chall/prV_B7yEyA4\", + \"status\": \"pending\", + \"token\": \"LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0\" }"; let challenge = Challenge::from_str(data); assert!(challenge.is_ok()); diff --git a/acmed/src/acme_proto/structs/directory.rs b/acmed/src/acme_proto/structs/directory.rs index 242b8b7..0ced0ce 100644 --- a/acmed/src/acme_proto/structs/directory.rs +++ b/acmed/src/acme_proto/structs/directory.rs @@ -33,12 +33,12 @@ mod tests { #[test] fn test_directory() { let data = "{ - \"newAccount\": \"https://example.org/acme/new-acct\", - \"newNonce\": \"https://example.org/acme/new-nonce\", - \"newOrder\": \"https://example.org/acme/new-order\", - \"revokeCert\": \"https://example.org/acme/revoke-cert\", - \"newAuthz\": \"https://example.org/acme/new-authz\", - \"keyChange\": \"https://example.org/acme/key-change\" + \"newAccount\": \"https://example.org/acme/new-acct\", + \"newNonce\": \"https://example.org/acme/new-nonce\", + \"newOrder\": \"https://example.org/acme/new-order\", + \"revokeCert\": \"https://example.org/acme/revoke-cert\", + \"newAuthz\": \"https://example.org/acme/new-authz\", + \"keyChange\": \"https://example.org/acme/key-change\" }"; let parsed_dir = Directory::from_str(data); assert!(parsed_dir.is_ok()); @@ -61,11 +61,11 @@ mod tests { #[test] fn test_directory_no_authz() { let data = "{ - \"newAccount\": \"https://example.org/acme/new-acct\", - \"newNonce\": \"https://example.org/acme/new-nonce\", - \"newOrder\": \"https://example.org/acme/new-order\", - \"revokeCert\": \"https://example.org/acme/revoke-cert\", - \"keyChange\": \"https://example.org/acme/key-change\" + \"newAccount\": \"https://example.org/acme/new-acct\", + \"newNonce\": \"https://example.org/acme/new-nonce\", + \"newOrder\": \"https://example.org/acme/new-order\", + \"revokeCert\": \"https://example.org/acme/revoke-cert\", + \"keyChange\": \"https://example.org/acme/key-change\" }"; let parsed_dir = Directory::from_str(data); assert!(parsed_dir.is_ok()); @@ -85,18 +85,18 @@ mod tests { #[test] fn test_directory_meta() { let data = "{ - \"keyChange\": \"https://example.org/acme/key-change\", - \"meta\": { - \"caaIdentities\": [ - \"example.org\" - ], - \"termsOfService\": \"https://example.org/documents/tos.pdf\", - \"website\": \"https://example.org/\" - }, - \"newAccount\": \"https://example.org/acme/new-acct\", - \"newNonce\": \"https://example.org/acme/new-nonce\", - \"newOrder\": \"https://example.org/acme/new-order\", - \"revokeCert\": \"https://example.org/acme/revoke-cert\" + \"keyChange\": \"https://example.org/acme/key-change\", + \"meta\": { + \"caaIdentities\": [ + \"example.org\" + ], + \"termsOfService\": \"https://example.org/documents/tos.pdf\", + \"website\": \"https://example.org/\" + }, + \"newAccount\": \"https://example.org/acme/new-acct\", + \"newNonce\": \"https://example.org/acme/new-nonce\", + \"newOrder\": \"https://example.org/acme/new-order\", + \"revokeCert\": \"https://example.org/acme/revoke-cert\" }"; let parsed_dir = Directory::from_str(&data); assert!(parsed_dir.is_ok()); @@ -118,14 +118,14 @@ mod tests { #[test] fn test_directory_extra_fields() { let data = "{ - \"foo\": \"bar\", - \"keyChange\": \"https://example.org/acme/key-change\", - \"newAccount\": \"https://example.org/acme/new-acct\", - \"baz\": \"quz\", - \"newNonce\": \"https://example.org/acme/new-nonce\", - \"newAuthz\": \"https://example.org/acme/new-authz\", - \"newOrder\": \"https://example.org/acme/new-order\", - \"revokeCert\": \"https://example.org/acme/revoke-cert\" + \"foo\": \"bar\", + \"keyChange\": \"https://example.org/acme/key-change\", + \"newAccount\": \"https://example.org/acme/new-acct\", + \"baz\": \"quz\", + \"newNonce\": \"https://example.org/acme/new-nonce\", + \"newAuthz\": \"https://example.org/acme/new-authz\", + \"newOrder\": \"https://example.org/acme/new-order\", + \"revokeCert\": \"https://example.org/acme/revoke-cert\" }"; let parsed_dir = Directory::from_str(&data); assert!(parsed_dir.is_ok()); diff --git a/acmed/src/acme_proto/structs/error.rs b/acmed/src/acme_proto/structs/error.rs index 972b9aa..c5a8f6e 100644 --- a/acmed/src/acme_proto/structs/error.rs +++ b/acmed/src/acme_proto/structs/error.rs @@ -73,32 +73,32 @@ impl From for AcmeError { impl fmt::Display for AcmeError { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { let msg = match self { - AcmeError::AccountDoesNotExist => "the request specified an account that does not exist", - AcmeError::AlreadyRevoked => "the request specified a certificate to be revoked that has already been revoked", - AcmeError::BadCSR => "the CSR is unacceptable (e.g., due to a short key)", - AcmeError::BadNonce => "the client sent an unacceptable anti-replay nonce", - AcmeError::BadPublicKey => "the JWS was signed by a public key the server does not support", - AcmeError::BadRevocationReason => "the revocation reason provided is not allowed by the server", - AcmeError::BadSignatureAlgorithm => "the JWS was signed with an algorithm the server does not support", - AcmeError::Caa => "Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate", - AcmeError::Compound => "specific error conditions are indicated in the \"subproblems\" array", - AcmeError::Connection => "the server could not connect to validation target", - AcmeError::Dns => "there was a problem with a DNS query during identifier validation", - AcmeError::ExternalAccountRequired => "the request must include a value for the \"externalAccountBinding\" field", - AcmeError::IncorrectResponse => "response received didn't match the challenge's requirements", - AcmeError::InvalidContact => "a contact URL for an account was invalid", - AcmeError::Malformed => "the request message was malformed", - AcmeError::OrderNotReady => "the request attempted to finalize an order that is not ready to be finalized", - AcmeError::RateLimited => "the request exceeds a rate limit", - AcmeError::RejectedIdentifier => "the server will not issue certificates for the identifier", - AcmeError::ServerInternal => "the server experienced an internal error", - AcmeError::Tls => "the server received a TLS error during validation", - AcmeError::Unauthorized => "the client lacks sufficient authorization", - AcmeError::UnsupportedContact => "a contact URL for an account used an unsupported protocol scheme", - AcmeError::UnsupportedIdentifier => "an identifier is of an unsupported type", - AcmeError::UserActionRequired => "visit the \"instance\" URL and take actions specified there", - AcmeError::Unknown => "unknown error", - }; + AcmeError::AccountDoesNotExist => "the request specified an account that does not exist", + AcmeError::AlreadyRevoked => "the request specified a certificate to be revoked that has already been revoked", + AcmeError::BadCSR => "the CSR is unacceptable (e.g., due to a short key)", + AcmeError::BadNonce => "the client sent an unacceptable anti-replay nonce", + AcmeError::BadPublicKey => "the JWS was signed by a public key the server does not support", + AcmeError::BadRevocationReason => "the revocation reason provided is not allowed by the server", + AcmeError::BadSignatureAlgorithm => "the JWS was signed with an algorithm the server does not support", + AcmeError::Caa => "Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate", + AcmeError::Compound => "specific error conditions are indicated in the \"subproblems\" array", + AcmeError::Connection => "the server could not connect to validation target", + AcmeError::Dns => "there was a problem with a DNS query during identifier validation", + AcmeError::ExternalAccountRequired => "the request must include a value for the \"externalAccountBinding\" field", + AcmeError::IncorrectResponse => "response received didn't match the challenge's requirements", + AcmeError::InvalidContact => "a contact URL for an account was invalid", + AcmeError::Malformed => "the request message was malformed", + AcmeError::OrderNotReady => "the request attempted to finalize an order that is not ready to be finalized", + AcmeError::RateLimited => "the request exceeds a rate limit", + AcmeError::RejectedIdentifier => "the server will not issue certificates for the identifier", + AcmeError::ServerInternal => "the server experienced an internal error", + AcmeError::Tls => "the server received a TLS error during validation", + AcmeError::Unauthorized => "the client lacks sufficient authorization", + AcmeError::UnsupportedContact => "a contact URL for an account used an unsupported protocol scheme", + AcmeError::UnsupportedIdentifier => "an identifier is of an unsupported type", + AcmeError::UserActionRequired => "visit the \"instance\" URL and take actions specified there", + AcmeError::Unknown => "unknown error", + }; write!(f, "{msg}") } } diff --git a/tacd/src/main.rs b/tacd/src/main.rs index 3dc714a..3dd5798 100644 --- a/tacd/src/main.rs +++ b/tacd/src/main.rs @@ -83,117 +83,117 @@ fn main() { let default_crt_digest = DEFAULT_CRT_DIGEST.to_string(); let default_log_level = DEFAULT_LOG_LEVEL.to_string().to_lowercase(); let matches = Command::new(APP_NAME) - .version(APP_VERSION) - .long_version(full_version) - .arg( - Arg::new("listen") - .long("listen") - .short('l') - .help("Host and port to listen on") - .num_args(1) - .value_name("host:port|unix:path") - .default_value(DEFAULT_LISTEN_ADDR), - ) - .arg( - Arg::new("domain") - .long("domain") - .short('d') - .help("The domain that is being validated") - .num_args(1) - .value_name("STRING") - .conflicts_with("domain-file"), - ) - .arg( - Arg::new("domain-file") - .long("domain-file") - .help("File from which is read the domain that is being validated") - .num_args(1) - .value_name("FILE") - .conflicts_with("domain"), - ) - .arg( - Arg::new("acme-ext") - .long("acme-ext") - .short('e') - .help("The acmeIdentifier extension to set in the self-signed certificate") - .num_args(1) - .value_name("STRING") - .conflicts_with("acme-ext-file"), - ) - .arg( - Arg::new("acme-ext-file") - .long("acme-ext-file") - .help("File from which is read the acmeIdentifier extension to set in the self-signed certificate") - .num_args(1) - .value_name("FILE") - .conflicts_with("acme-ext"), - ) - .arg( - Arg::new("crt-signature-alg") - .long("crt-signature-alg") - .help("The certificate's signature algorithm") - .num_args(1) - .value_name("STRING") - .value_parser(PossibleValuesParser::new(KeyType::list_possible_values())) - .default_value(default_crt_key_type), - ) - .arg( - Arg::new("crt-digest") - .long("crt-digest") - .help("The certificate's digest algorithm") - .num_args(1) - .value_name("STRING") - .value_parser(PossibleValuesParser::new(HashFunction::list_possible_values())) - .default_value(default_crt_digest), - ) - .arg( - Arg::new("log-level") - .long("log-level") - .help("Specify the log level") - .num_args(1) - .value_name("LEVEL") - .value_parser(["error", "warn", "info", "debug", "trace"]) - .default_value(default_log_level), - ) - .arg( - Arg::new("to-syslog") - .long("log-syslog") - .help("Sends log messages via syslog") - .conflicts_with("to-stderr") - .action(ArgAction::SetTrue), - ) - .arg( - Arg::new("to-stderr") - .long("log-stderr") - .help("Prints log messages to the standard error output") - .conflicts_with("to-syslog") - .action(ArgAction::SetTrue), - ) - .arg( - Arg::new("foreground") - .long("foreground") - .short('f') - .help("Runs in the foreground") - .action(ArgAction::SetTrue), - ) - .arg( - Arg::new("pid-file") - .long("pid-file") - .help("Path to the PID file") - .num_args(1) - .value_name("FILE") - .default_value(DEFAULT_PID_FILE) - .default_value_if("no-pid-file", clap::builder::ArgPredicate::IsPresent, None) - .conflicts_with("no-pid-file"), - ) - .arg( - Arg::new("no-pid-file") - .long("no-pid-file") - .help("Do not create any PID file") - .conflicts_with("pid-file") - .action(ArgAction::SetTrue), - ) - .get_matches(); + .version(APP_VERSION) + .long_version(full_version) + .arg( + Arg::new("listen") + .long("listen") + .short('l') + .help("Host and port to listen on") + .num_args(1) + .value_name("host:port|unix:path") + .default_value(DEFAULT_LISTEN_ADDR), + ) + .arg( + Arg::new("domain") + .long("domain") + .short('d') + .help("The domain that is being validated") + .num_args(1) + .value_name("STRING") + .conflicts_with("domain-file"), + ) + .arg( + Arg::new("domain-file") + .long("domain-file") + .help("File from which is read the domain that is being validated") + .num_args(1) + .value_name("FILE") + .conflicts_with("domain"), + ) + .arg( + Arg::new("acme-ext") + .long("acme-ext") + .short('e') + .help("The acmeIdentifier extension to set in the self-signed certificate") + .num_args(1) + .value_name("STRING") + .conflicts_with("acme-ext-file"), + ) + .arg( + Arg::new("acme-ext-file") + .long("acme-ext-file") + .help("File from which is read the acmeIdentifier extension to set in the self-signed certificate") + .num_args(1) + .value_name("FILE") + .conflicts_with("acme-ext"), + ) + .arg( + Arg::new("crt-signature-alg") + .long("crt-signature-alg") + .help("The certificate's signature algorithm") + .num_args(1) + .value_name("STRING") + .value_parser(PossibleValuesParser::new(KeyType::list_possible_values())) + .default_value(default_crt_key_type), + ) + .arg( + Arg::new("crt-digest") + .long("crt-digest") + .help("The certificate's digest algorithm") + .num_args(1) + .value_name("STRING") + .value_parser(PossibleValuesParser::new(HashFunction::list_possible_values())) + .default_value(default_crt_digest), + ) + .arg( + Arg::new("log-level") + .long("log-level") + .help("Specify the log level") + .num_args(1) + .value_name("LEVEL") + .value_parser(["error", "warn", "info", "debug", "trace"]) + .default_value(default_log_level), + ) + .arg( + Arg::new("to-syslog") + .long("log-syslog") + .help("Sends log messages via syslog") + .conflicts_with("to-stderr") + .action(ArgAction::SetTrue), + ) + .arg( + Arg::new("to-stderr") + .long("log-stderr") + .help("Prints log messages to the standard error output") + .conflicts_with("to-syslog") + .action(ArgAction::SetTrue), + ) + .arg( + Arg::new("foreground") + .long("foreground") + .short('f') + .help("Runs in the foreground") + .action(ArgAction::SetTrue), + ) + .arg( + Arg::new("pid-file") + .long("pid-file") + .help("Path to the PID file") + .num_args(1) + .value_name("FILE") + .default_value(DEFAULT_PID_FILE) + .default_value_if("no-pid-file", clap::builder::ArgPredicate::IsPresent, None) + .conflicts_with("no-pid-file"), + ) + .arg( + Arg::new("no-pid-file") + .long("no-pid-file") + .help("Do not create any PID file") + .conflicts_with("pid-file") + .action(ArgAction::SetTrue), + ) + .get_matches(); match set_log_system( matches.get_one::("log-level").map(|e| e.as_str()),