Merge branch 'rumenov/rmtokrfromcr' into 'master'

refactor: don't pull tokio-rustls into crypto and remove unused deps from orchestrator See merge request dfinity-lab/public/ic!19398
dfinity · May 22, 2024 · ec35ebd · ec35ebd
2 parents fab0485 + d0af7ab
commit ec35ebd
Show file tree

Hide file tree

Showing 10 changed files with 6 additions and 23 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/rs/crypto/BUILD.bazel b/rs/crypto/BUILD.bazel
@@ -49,7 +49,6 @@ DEPENDENCIES = [
     "@crate_index//:strum",
     "@crate_index//:tempfile",
     "@crate_index//:tokio",
-    "@crate_index//:tokio-rustls",
 ]
 
 MACRO_DEPENDENCIES = [

diff --git a/rs/crypto/Cargo.toml b/rs/crypto/Cargo.toml
@@ -42,16 +42,15 @@ ic-registry-keys = { path = "../registry/keys" }
 ic-registry-proto-data-provider = { path = "../registry/proto_data_provider" }
 ic-types = { path = "../types/types" }
 parking_lot = "0.12.1"
+# We use the `dangerous_configuration` flag for rustls to be able to set custom `ClientCertVerifier` and
+# `ServerCertVerifier` in order to verify node certificates.
 rustls = { workspace = true }
 serde = { workspace = true }
 slog = { workspace = true }
 strum = { workspace = true }
 strum_macros = { workspace = true }
 tempfile = "3.1.0"
 tokio = { workspace = true }
-# We use the `dangerous_configuration` flag for rustls to be able to set custom `ClientCertVerifier` and
-# `ServerCertVerifier` in order to verify node certificates.
-tokio-rustls = { workspace = true }
 
 [dev-dependencies]
 assert_matches = { workspace = true }

diff --git a/rs/crypto/src/tls/rustls.rs b/rs/crypto/src/tls/rustls.rs
@@ -1,8 +1,7 @@
 use crate::tls::rustls::csp_server_signing_key::CspServerEd25519SigningKey;
 use ic_crypto_tls_interfaces::TlsPublicKeyCert;
+use rustls::{sign::CertifiedKey, Certificate};
 use std::sync::Arc;
-use tokio_rustls::rustls::sign::CertifiedKey;
-use tokio_rustls::rustls::Certificate;
 
 mod cert_resolver;
 pub mod client_handshake;

diff --git a/rs/crypto/src/tls/rustls/server_handshake.rs b/rs/crypto/src/tls/rustls/server_handshake.rs
@@ -8,14 +8,14 @@ use ic_crypto_internal_csp::key_id::KeyId;
 use ic_crypto_tls_interfaces::{SomeOrAllNodes, TlsConfigError, TlsPublicKeyCert};
 use ic_interfaces_registry::RegistryClient;
 use ic_types::{NodeId, RegistryVersion};
-use std::sync::Arc;
-use tokio_rustls::rustls::{
+use rustls::{
     cipher_suite::{TLS13_AES_128_GCM_SHA256, TLS13_AES_256_GCM_SHA384},
     server::{ClientCertVerifier, NoClientAuth, ResolvesServerCert},
     sign::CertifiedKey,
     version::TLS13,
     ServerConfig, SignatureScheme,
 };
+use std::sync::Arc;
 
 pub fn server_config<P: CspTlsHandshakeSignerProvider>(
     signer_provider: &P,

diff --git a/rs/crypto/tls_interfaces/BUILD.bazel b/rs/crypto/tls_interfaces/BUILD.bazel
@@ -2,16 +2,11 @@ load("@rules_rust//rust:defs.bzl", "rust_library", "rust_test")
 
 package(default_visibility = [
     "//rs/crypto:__subpackages__",
-    "//rs/http_endpoints/fuzz:__subpackages__",
-    "//rs/http_endpoints/metrics:__subpackages__",
-    "//rs/http_endpoints/public:__subpackages__",
-    "//rs/orchestrator:__subpackages__",
+    "//rs/http_endpoints:__subpackages__",
     "//rs/p2p:__subpackages__",
     "//rs/replica:__subpackages__",
     "//rs/replica/setup_ic_network:__subpackages__",
     "//rs/test_utilities:__subpackages__",
-    "//rs/transport:__subpackages__",
-    "//rs/transport_test_client:__subpackages__",
     "//rs/xnet/endpoint:__subpackages__",
     "//rs/xnet/hyper:__subpackages__",
     "//rs/xnet/payload_builder:__subpackages__",

diff --git a/rs/crypto/tls_interfaces/mocks/BUILD.bazel b/rs/crypto/tls_interfaces/mocks/BUILD.bazel
@@ -7,9 +7,6 @@ rust_library(
     testonly = True,
     srcs = glob(["src/**"]),
     crate_name = "ic_crypto_tls_interfaces_mocks",
-    proc_macro_deps = [
-        "@crate_index//:async-trait",
-    ],
     version = "0.9.0",
     deps = [
         "//rs/crypto/tls_interfaces",

diff --git a/rs/crypto/tls_interfaces/mocks/Cargo.toml b/rs/crypto/tls_interfaces/mocks/Cargo.toml
@@ -7,7 +7,6 @@ description.workspace = true
 documentation.workspace = true
 
 [dependencies]
-async-trait = { workspace = true }
 ic-base-types = { path = "../../../types/base_types" }
 ic-crypto-tls-interfaces = { path = "../" }
 mockall = { workspace = true }

diff --git a/rs/orchestrator/BUILD.bazel b/rs/orchestrator/BUILD.bazel
@@ -23,7 +23,6 @@ rust_library(
         "//rs/consensus",
         "//rs/crypto",
         "//rs/crypto/node_key_generation",
-        "//rs/crypto/tls_interfaces",
         "//rs/http_endpoints/metrics",
         "//rs/http_utils",
         "//rs/interfaces",

diff --git a/rs/orchestrator/Cargo.toml b/rs/orchestrator/Cargo.toml
@@ -20,7 +20,6 @@ ic-config = { path = "../config" }
 ic-consensus = { path = "../consensus" }
 ic-crypto = { path = "../crypto" }
 ic-crypto-node-key-generation = { path = "../crypto/node_key_generation" }
-ic-crypto-tls-interfaces = { path = "../crypto/tls_interfaces" }
 ic-dashboard = { path = "./dashboard" }
 ic-http-utils = { path = "../http_utils" }
 ic-management-canister-types = { path = "../types/management_canister_types" }