From 870292e95af98b8ebbab33057b5e2ad85d167c7f Mon Sep 17 00:00:00 2001 From: Shane Utt Date: Mon, 6 Jan 2025 08:56:35 -0500 Subject: [PATCH] chore: update the rcgen dev dependency for the API server This needed to be done manually due to breaking changes that occurred in v0.13.0: https://github.com/rustls/rcgen/releases/tag/v0.13.0 Signed-off-by: Shane Utt --- Cargo.lock | 159 ++----------------- dataplane/api-server/Cargo.toml | 2 +- dataplane/api-server/tests/test_setup_tls.rs | 38 ++--- 3 files changed, 33 insertions(+), 166 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f2f92768..14f51d96 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -268,12 +268,6 @@ dependencies = [ "rustc-demangle", ] -[[package]] -name = "base64" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" - [[package]] name = "base64" version = "0.21.7" @@ -298,12 +292,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" -[[package]] -name = "bumpalo" -version = "3.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" - [[package]] name = "byteorder" version = "1.5.0" @@ -688,15 +676,6 @@ version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" -[[package]] -name = "js-sys" -version = "0.3.72" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "libc" version = "0.2.169" @@ -918,11 +897,12 @@ checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pem" -version = "1.1.1" +version = "3.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "8e459365e590736a54c3fa561947c84837534b8e9af6fc5bf781307e82658fae" dependencies = [ - "base64 0.13.1", + "base64 0.22.0", + "serde", ] [[package]] @@ -1098,12 +1078,13 @@ dependencies = [ [[package]] name = "rcgen" -version = "0.9.3" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6413f3de1edee53342e6138e75b56d32e7bc6e332b3bd62d497b1929d4cfbcdd" +checksum = "75e669e5202259b5314d1ea5397316ad400819437857b90861765f24c4cf80a2" dependencies = [ "pem", - "ring 0.16.20", + "ring", + "rustls-pki-types", "time", "yasna", ] @@ -1146,21 +1127,6 @@ version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c" -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin 0.5.2", - "untrusted 0.7.1", - "web-sys", - "winapi", -] - [[package]] name = "ring" version = "0.17.8" @@ -1171,8 +1137,8 @@ dependencies = [ "cfg-if", "getrandom", "libc", - "spin 0.9.8", - "untrusted 0.9.0", + "spin", + "untrusted", "windows-sys", ] @@ -1202,7 +1168,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bf4ef73721ac7bcd79b2b315da7779d8fc09718c6b3d2d1b2d94850eb8c18432" dependencies = [ "log", - "ring 0.17.8", + "ring", "rustls-pki-types", "rustls-webpki", "subtle", @@ -1231,9 +1197,9 @@ version = "0.102.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faaa0a62740bedb9b2ef5afa303da42764c012f743917351dc9a237ea1663610" dependencies = [ - "ring 0.17.8", + "ring", "rustls-pki-types", - "untrusted 0.9.0", + "untrusted", ] [[package]] @@ -1302,12 +1268,6 @@ dependencies = [ "windows-sys", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -1608,12 +1568,6 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "untrusted" version = "0.9.0" @@ -1647,93 +1601,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasm-bindgen" -version = "0.2.95" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e" -dependencies = [ - "cfg-if", - "once_cell", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.95" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358" -dependencies = [ - "bumpalo", - "log", - "once_cell", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.95" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.95" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.95" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d" - -[[package]] -name = "web-sys" -version = "0.3.72" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6488b90108c040df0fe62fa815cbdee25124641df01814dd7282749234c6112" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - [[package]] name = "windows-sys" version = "0.52.0" diff --git a/dataplane/api-server/Cargo.toml b/dataplane/api-server/Cargo.toml index af042297..b8b801ee 100644 --- a/dataplane/api-server/Cargo.toml +++ b/dataplane/api-server/Cargo.toml @@ -31,4 +31,4 @@ tonic-build = { workspace = true } [dev-dependencies] tempfile = "3.14.0" -rcgen = "0.9.3" +rcgen = "0.13.2" diff --git a/dataplane/api-server/tests/test_setup_tls.rs b/dataplane/api-server/tests/test_setup_tls.rs index 32088a46..b6646de3 100644 --- a/dataplane/api-server/tests/test_setup_tls.rs +++ b/dataplane/api-server/tests/test_setup_tls.rs @@ -1,7 +1,7 @@ use anyhow::Result; use api_server::config::{MutualTLSConfig, ServerOnlyTLSConfig, TLSConfig}; use api_server::setup_tls; -use rcgen::{generate_simple_self_signed, Certificate, CertificateParams}; +use rcgen::{generate_simple_self_signed, CertificateParams, CertifiedKey}; use std::fs; use tempfile::tempdir; use tonic::transport::Server; @@ -12,9 +12,9 @@ async fn test_tls_self_signed_cert() -> Result<()> { let temp_dir = tempdir().unwrap(); // Generate self-signed certificate - let cert = generate_simple_self_signed(vec!["localhost".into()])?; - let cert_pem = cert.serialize_pem()?; - let key_pem = cert.serialize_private_key_pem(); + let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?; + let cert_pem = cert.pem(); + let key_pem = key_pair.serialize_pem(); // Paths for the server cert and private key let cert_path = temp_dir.path().join("server.crt"); @@ -46,8 +46,8 @@ async fn test_tls_missing_cert() -> Result<()> { let temp_dir = tempdir().unwrap(); // Generate private key but skip certificate generation - let cert = generate_simple_self_signed(vec!["localhost".into()])?; - let key_pem = cert.serialize_private_key_pem(); + let CertifiedKey { cert: _, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?; + let key_pem = key_pair.serialize_pem(); // Only write the key file, omit the certificate let missing_cert_path = temp_dir.path().join("missing_server.crt"); @@ -76,8 +76,8 @@ async fn test_tls_missing_key() -> Result<()> { let temp_dir = tempdir().unwrap(); // Generate certificate but skip private key generation - let cert = generate_simple_self_signed(vec!["localhost".into()])?; - let cert_pem = cert.serialize_pem()?; + let CertifiedKey { cert, key_pair: _ } = generate_simple_self_signed(vec!["localhost".into()])?; + let cert_pem = cert.pem(); // Only write the certificate file, omit the private key let cert_path = temp_dir.path().join("server.crt"); @@ -107,14 +107,14 @@ async fn test_mtls_self_signed_cert() -> Result<()> { let temp_dir = tempdir().unwrap(); // Generate self-signed certificate - let cert = generate_simple_self_signed(vec!["localhost".into()])?; - let cert_pem = cert.serialize_pem()?; - let key_pem = cert.serialize_private_key_pem(); + let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?; + let cert_pem = cert.pem(); + let key_pem = key_pair.serialize_pem(); // Generate CA let ca_params = CertificateParams::default(); - let ca_cert = Certificate::from_params(ca_params)?; - let ca_cert_pem = ca_cert.serialize_pem()?; + let ca_cert = ca_params.self_signed(&key_pair)?; + let ca_cert_pem = ca_cert.pem(); // Cert file paths let cert_path = temp_dir.path().join("server.crt"); @@ -150,9 +150,9 @@ async fn test_mtls_invalid_ca_cert() -> Result<()> { let temp_dir = tempdir().unwrap(); // Generate server cert and key - let cert = generate_simple_self_signed(vec!["localhost".into()])?; - let cert_pem = cert.serialize_pem()?; - let key_pem = cert.serialize_private_key_pem(); + let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?; + let cert_pem = cert.pem(); + let key_pem = key_pair.serialize_pem(); // Write valid server cert and key let cert_path = temp_dir.path().join("server.crt"); @@ -186,9 +186,9 @@ async fn test_mtls_missing_ca_cert() -> Result<()> { let temp_dir = tempdir().unwrap(); // Generate server cert and key - let cert = generate_simple_self_signed(vec!["localhost".into()])?; - let cert_pem = cert.serialize_pem()?; - let key_pem = cert.serialize_private_key_pem(); + let CertifiedKey { cert, key_pair } = generate_simple_self_signed(vec!["localhost".into()])?; + let cert_pem = cert.pem(); + let key_pem = key_pair.serialize_pem(); // Write valid server cert and key let cert_path = temp_dir.path().join("server.crt");