diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6109c236..48c03efa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -38,8 +38,8 @@ jobs: uses: dtolnay/rust-toolchain@stable with: components: clippy - - run: cargo clippy --all-features - - run: cargo clippy --no-default-features + - run: cargo clippy --all-features --all-targets + - run: cargo clippy --no-default-features --all-targets rustdoc: name: Documentation @@ -57,7 +57,7 @@ jobs: with: toolchain: ${{ matrix.toolchain }} - name: cargo doc (all features) - run: cargo doc --all --all-features --document-private-items + run: cargo doc --all-features --document-private-items env: RUSTDOCFLAGS: ${{ matrix.rust_channel == 'nightly' && '-Dwarnings --cfg=docsrs' || '-Dwarnings' }} @@ -89,14 +89,14 @@ jobs: uses: dtolnay/rust-toolchain@stable - run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - run: vcpkg install openssl:x64-windows-static-md - - name: Run cargo check --all - run: cargo check --all + - name: Run cargo check + run: cargo check --all-targets - name: Run the tests - run: cargo test --all + run: cargo test --all-targets - name: Run the tests with x509-parser enabled - run: cargo test --verbose --features x509-parser + run: cargo test --verbose --features x509-parser --all-targets - name: Run the tests with no default features enabled - run: cargo test --verbose --no-default-features + run: cargo test --verbose --no-default-features --all-targets build: strategy: @@ -128,14 +128,14 @@ jobs: uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.toolchain }} - - name: Run cargo check --all - run: cargo check --all + - name: Run cargo check + run: cargo check --all-targets - name: Run the tests - run: cargo test --all + run: cargo test --all-targets - name: Run the tests with x509-parser enabled - run: cargo test --verbose --features x509-parser + run: cargo test --verbose --features x509-parser --all-targets - name: Run the tests with no default features enabled - run: cargo test --verbose --no-default-features + run: cargo test --verbose --no-default-features --all-targets coverage: name: Measure coverage diff --git a/rcgen/examples/rsa-irc-openssl.rs b/rcgen/examples/rsa-irc-openssl.rs index 0ac72f60..4ed01e21 100644 --- a/rcgen/examples/rsa-irc-openssl.rs +++ b/rcgen/examples/rsa-irc-openssl.rs @@ -1,12 +1,11 @@ -#![allow(clippy::complexity, clippy::style, clippy::pedantic)] - fn main() -> Result<(), Box> { use rcgen::{date_time_ymd, Certificate, CertificateParams, DistinguishedName}; + use std::fmt::Write; use std::fs; let mut params: CertificateParams = Default::default(); - params.not_before = date_time_ymd(2021, 05, 19); - params.not_after = date_time_ymd(4096, 01, 01); + params.not_before = date_time_ymd(2021, 5, 19); + params.not_after = date_time_ymd(4096, 1, 1); params.distinguished_name = DistinguishedName::new(); params.alg = &rcgen::PKCS_RSA_SHA256; @@ -20,18 +19,18 @@ fn main() -> Result<(), Box> { let pem_serialized = cert.serialize_pem()?; let pem = pem::parse(&pem_serialized)?; let der_serialized = pem.contents(); - let hash = ring::digest::digest(&ring::digest::SHA512, &der_serialized); - let hash_hex: String = hash.as_ref().iter().map(|b| format!("{b:02x}")).collect(); + let hash = ring::digest::digest(&ring::digest::SHA512, der_serialized); + let hash_hex = hash.as_ref().iter().fold(String::new(), |mut output, b| { + let _ = write!(output, "{b:02x}"); + output + }); println!("sha-512 fingerprint: {hash_hex}"); println!("{pem_serialized}"); println!("{}", cert.serialize_private_key_pem()); std::fs::create_dir_all("certs/")?; - fs::write("certs/cert.pem", &pem_serialized.as_bytes())?; - fs::write("certs/cert.der", &der_serialized)?; - fs::write( - "certs/key.pem", - &cert.serialize_private_key_pem().as_bytes(), - )?; - fs::write("certs/key.der", &cert.serialize_private_key_der())?; + fs::write("certs/cert.pem", pem_serialized.as_bytes())?; + fs::write("certs/cert.der", der_serialized)?; + fs::write("certs/key.pem", cert.serialize_private_key_pem().as_bytes())?; + fs::write("certs/key.der", cert.serialize_private_key_der())?; Ok(()) } diff --git a/rcgen/examples/rsa-irc.rs b/rcgen/examples/rsa-irc.rs index 440cdac4..2e2911dd 100644 --- a/rcgen/examples/rsa-irc.rs +++ b/rcgen/examples/rsa-irc.rs @@ -1,16 +1,15 @@ -#![allow(clippy::complexity, clippy::style, clippy::pedantic)] - fn main() -> Result<(), Box> { use rand::rngs::OsRng; use rsa::pkcs8::EncodePrivateKey; use rsa::RsaPrivateKey; use rcgen::{date_time_ymd, Certificate, CertificateParams, DistinguishedName}; + use std::fmt::Write; use std::fs; let mut params: CertificateParams = Default::default(); - params.not_before = date_time_ymd(2021, 05, 19); - params.not_after = date_time_ymd(4096, 01, 01); + params.not_before = date_time_ymd(2021, 5, 19); + params.not_after = date_time_ymd(4096, 1, 1); params.distinguished_name = DistinguishedName::new(); params.alg = &rcgen::PKCS_RSA_SHA256; @@ -26,18 +25,18 @@ fn main() -> Result<(), Box> { let pem_serialized = cert.serialize_pem()?; let pem = pem::parse(&pem_serialized)?; let der_serialized = pem.contents(); - let hash = ring::digest::digest(&ring::digest::SHA512, &der_serialized); - let hash_hex: String = hash.as_ref().iter().map(|b| format!("{:02x}", b)).collect(); + let hash = ring::digest::digest(&ring::digest::SHA512, der_serialized); + let hash_hex = hash.as_ref().iter().fold(String::new(), |mut output, b| { + let _ = write!(output, "{b:02x}"); + output + }); println!("sha-512 fingerprint: {hash_hex}"); println!("{pem_serialized}"); println!("{}", cert.serialize_private_key_pem()); std::fs::create_dir_all("certs/")?; - fs::write("certs/cert.pem", &pem_serialized.as_bytes())?; - fs::write("certs/cert.der", &der_serialized)?; - fs::write( - "certs/key.pem", - &cert.serialize_private_key_pem().as_bytes(), - )?; - fs::write("certs/key.der", &cert.serialize_private_key_der())?; + fs::write("certs/cert.pem", pem_serialized.as_bytes())?; + fs::write("certs/cert.der", der_serialized)?; + fs::write("certs/key.pem", cert.serialize_private_key_pem().as_bytes())?; + fs::write("certs/key.der", cert.serialize_private_key_der())?; Ok(()) } diff --git a/rcgen/src/lib.rs b/rcgen/src/lib.rs index 113e2318..568a9828 100644 --- a/rcgen/src/lib.rs +++ b/rcgen/src/lib.rs @@ -1869,7 +1869,7 @@ mod tests { fn test_not_windows_line_endings() { let cert = Certificate::from_params(CertificateParams::default()).unwrap(); let pem = cert.serialize_pem().expect("Failed to serialize pem"); - assert!(!pem.contains("\r")); + assert!(!pem.contains('\r')); } } diff --git a/rcgen/tests/botan.rs b/rcgen/tests/botan.rs index 99d2a8ed..e817420f 100644 --- a/rcgen/tests/botan.rs +++ b/rcgen/tests/botan.rs @@ -13,22 +13,22 @@ mod util; fn default_params() -> CertificateParams { let mut params = util::default_params(); // Botan has a sanity check that enforces a maximum expiration date - params.not_after = rcgen::date_time_ymd(3016, 01, 01); + params.not_after = rcgen::date_time_ymd(3016, 1, 1); params } -fn check_cert<'a, 'b>(cert_der: &[u8], cert: &'a Certificate) { +fn check_cert(cert_der: &[u8], cert: &Certificate) { println!("{}", cert.serialize_pem().unwrap()); check_cert_ca(cert_der, cert, cert_der); } -fn check_cert_ca<'a, 'b>(cert_der: &[u8], _cert: &'a Certificate, ca_der: &[u8]) { +fn check_cert_ca(cert_der: &[u8], _cert: &Certificate, ca_der: &[u8]) { println!( "botan version: {}", botan::Version::current().unwrap().string ); - let trust_anchor = botan::Certificate::load(&ca_der).unwrap(); - let end_entity_cert = botan::Certificate::load(&cert_der).unwrap(); + let trust_anchor = botan::Certificate::load(ca_der).unwrap(); + let end_entity_cert = botan::Certificate::load(cert_der).unwrap(); // Set time to Jan 10, 2004 const REFERENCE_TIME: Option = Some(0x40_00_00_00); @@ -161,7 +161,7 @@ fn test_botan_separate_ca() { .distinguished_name .push(DnType::CommonName, "Dev domain"); // Botan has a sanity check that enforces a maximum expiration date - params.not_after = rcgen::date_time_ymd(3016, 01, 01); + params.not_after = rcgen::date_time_ymd(3016, 1, 1); let cert = Certificate::from_params(params).unwrap(); let cert_der = cert.serialize_der_with_signer(&ca_cert).unwrap(); @@ -195,7 +195,7 @@ fn test_botan_imported_ca() { .distinguished_name .push(DnType::CommonName, "Dev domain"); // Botan has a sanity check that enforces a maximum expiration date - params.not_after = rcgen::date_time_ymd(3016, 01, 01); + params.not_after = rcgen::date_time_ymd(3016, 1, 1); let cert = Certificate::from_params(params).unwrap(); let cert_der = cert.serialize_der_with_signer(&imported_ca_cert).unwrap(); @@ -232,7 +232,7 @@ fn test_botan_imported_ca_with_printable_string() { .distinguished_name .push(DnType::CommonName, "Dev domain"); // Botan has a sanity check that enforces a maximum expiration date - params.not_after = rcgen::date_time_ymd(3016, 01, 01); + params.not_after = rcgen::date_time_ymd(3016, 1, 1); let cert = Certificate::from_params(params).unwrap(); let cert_der = cert.serialize_der_with_signer(&imported_ca_cert).unwrap(); @@ -259,7 +259,7 @@ fn test_botan_crl_parse() { ee.is_ca = IsCa::NoCa; ee.serial_number = Some(SerialNumber::from(99999)); // Botan has a sanity check that enforces a maximum expiration date - ee.not_after = rcgen::date_time_ymd(3016, 01, 01); + ee.not_after = rcgen::date_time_ymd(3016, 1, 1); let ee = Certificate::from_params(ee).unwrap(); let ee_der = ee.serialize_der_with_signer(&issuer).unwrap(); let botan_ee = botan::Certificate::load(ee_der.as_ref()).unwrap(); diff --git a/rcgen/tests/generic.rs b/rcgen/tests/generic.rs index 9125c23c..582c6210 100644 --- a/rcgen/tests/generic.rs +++ b/rcgen/tests/generic.rs @@ -127,7 +127,7 @@ mod test_x509_custom_ext { .get_extension_unique(&test_oid) .expect("invalid extensions") .expect("missing custom extension"); - assert_eq!(favorite_drink_ext.critical, true); + assert!(favorite_drink_ext.critical); assert_eq!(favorite_drink_ext.value, test_ext); // Generate a CSR with the custom extension, parse it with x509-parser. @@ -154,7 +154,7 @@ mod test_x509_custom_ext { .iter() .find(|ext| ext.oid == test_oid) .expect("missing requested custom extension"); - assert_eq!(custom_ext.critical, true); + assert!(custom_ext.critical); assert_eq!(custom_ext.value, test_ext); } } @@ -223,7 +223,7 @@ mod test_x509_parser_crl { // TODO: x509-parser does not yet parse the CRL issuing DP extension for further examination. // We should be able to verify the CRL signature with the issuer. - assert!(x509_crl.verify_signature(&x509_issuer.public_key()).is_ok()); + assert!(x509_crl.verify_signature(x509_issuer.public_key()).is_ok()); } } diff --git a/rcgen/tests/openssl.rs b/rcgen/tests/openssl.rs index b7d82756..906f6c95 100644 --- a/rcgen/tests/openssl.rs +++ b/rcgen/tests/openssl.rs @@ -20,7 +20,7 @@ fn verify_cert_basic(cert: &Certificate) { let cert_pem = cert.serialize_pem().unwrap(); println!("{cert_pem}"); - let x509 = X509::from_pem(&cert_pem.as_bytes()).unwrap(); + let x509 = X509::from_pem(cert_pem.as_bytes()).unwrap(); let mut builder = X509StoreBuilder::new().unwrap(); builder.add_cert(x509.clone()).unwrap(); @@ -28,7 +28,7 @@ fn verify_cert_basic(cert: &Certificate) { let mut ctx = X509StoreContext::new().unwrap(); let mut stack = Stack::new().unwrap(); stack.push(x509.clone()).unwrap(); - ctx.init(&store, &x509, &stack.as_ref(), |ctx| { + ctx.init(&store, &x509, stack.as_ref(), |ctx| { ctx.verify_cert().unwrap(); Ok(()) }) @@ -79,7 +79,7 @@ impl Read for PipeEnd { fn read(&mut self, mut buf: &mut [u8]) -> ioResult { let inner = self.inner.borrow_mut(); let r_sl = &inner.0[1 - self.end_idx][self.read_pos..]; - if r_sl.len() == 0 { + if r_sl.is_empty() { return Err(Error::new(ErrorKind::WouldBlock, "oh no!")); } let r = buf.len().min(r_sl.len()); @@ -101,9 +101,9 @@ fn verify_cert_ca(cert_pem: &str, key: &[u8], ca_cert_pem: &str) { println!("{cert_pem}"); println!("{ca_cert_pem}"); - let x509 = X509::from_pem(&cert_pem.as_bytes()).unwrap(); + let x509 = X509::from_pem(cert_pem.as_bytes()).unwrap(); - let ca_x509 = X509::from_pem(&ca_cert_pem.as_bytes()).unwrap(); + let ca_x509 = X509::from_pem(ca_cert_pem.as_bytes()).unwrap(); let mut builder = X509StoreBuilder::new().unwrap(); builder.add_cert(ca_x509).unwrap(); @@ -113,7 +113,7 @@ fn verify_cert_ca(cert_pem: &str, key: &[u8], ca_cert_pem: &str) { let srv = SslMethod::tls_server(); let mut ssl_srv_ctx = SslAcceptor::mozilla_modern(srv).unwrap(); //let key = cert.serialize_private_key_der(); - let pkey = PKey::private_key_from_der(&key).unwrap(); + let pkey = PKey::private_key_from_der(key).unwrap(); ssl_srv_ctx.set_private_key(&pkey).unwrap(); ssl_srv_ctx.set_certificate(&x509).unwrap(); @@ -168,7 +168,7 @@ fn verify_csr(cert: &Certificate) { let key = cert.serialize_private_key_der(); let pkey = PKey::private_key_from_der(&key).unwrap(); - let req = X509Req::from_pem(&csr.as_bytes()).unwrap(); + let req = X509Req::from_pem(csr.as_bytes()).unwrap(); req.verify(&pkey).unwrap(); } @@ -241,6 +241,7 @@ fn test_openssl_25519_v1_given() { // Now verify the certificate as well as CSR, // but only on OpenSSL >= 1.1.1 // On prior versions, only do basic verification + #[allow(clippy::unusual_byte_groupings)] if openssl::version::number() >= 0x1_01_01_00_f { verify_cert(&cert); verify_csr(&cert); diff --git a/rcgen/tests/webpki.rs b/rcgen/tests/webpki.rs index e7f7156b..2fcf99b7 100644 --- a/rcgen/tests/webpki.rs +++ b/rcgen/tests/webpki.rs @@ -26,16 +26,16 @@ mod util; fn sign_msg_ecdsa(cert: &Certificate, msg: &[u8], alg: &'static EcdsaSigningAlgorithm) -> Vec { let pk_der = cert.serialize_private_key_der(); let key_pair = - EcdsaKeyPair::from_pkcs8(&alg, &pk_der, &ring::rand::SystemRandom::new()).unwrap(); + EcdsaKeyPair::from_pkcs8(alg, &pk_der, &ring::rand::SystemRandom::new()).unwrap(); let system_random = SystemRandom::new(); - let signature = key_pair.sign(&system_random, &msg).unwrap(); + let signature = key_pair.sign(&system_random, msg).unwrap(); signature.as_ref().to_vec() } fn sign_msg_ed25519(cert: &Certificate, msg: &[u8]) -> Vec { let pk_der = cert.serialize_private_key_der(); let key_pair = Ed25519KeyPair::from_pkcs8_maybe_unchecked(&pk_der).unwrap(); - let signature = key_pair.sign(&msg); + let signature = key_pair.sign(msg); signature.as_ref().to_vec() } @@ -46,7 +46,7 @@ fn sign_msg_rsa(cert: &Certificate, msg: &[u8], encoding: &'static dyn RsaEncodi let system_random = SystemRandom::new(); let mut signature = vec![0; key_pair.public().modulus_len()]; key_pair - .sign(encoding, &system_random, &msg, &mut signature) + .sign(encoding, &system_random, msg, &mut signature) .unwrap(); signature } @@ -72,7 +72,7 @@ fn check_cert_ca<'a, 'b>( ca_alg: &SignatureAlgorithm, sign_fn: impl FnOnce(&'a Certificate, &'b [u8]) -> Vec, ) { - let trust_anchor = TrustAnchor::try_from_cert_der(&ca_der).unwrap(); + let trust_anchor = TrustAnchor::try_from_cert_der(ca_der).unwrap(); let trust_anchor_list = &[trust_anchor]; let end_entity_cert = EndEntityCert::try_from(cert_der).unwrap(); @@ -82,7 +82,7 @@ fn check_cert_ca<'a, 'b>( // (1/3) Check whether the cert is valid end_entity_cert .verify_for_usage( - &[&cert_alg, &ca_alg], + &[cert_alg, ca_alg], &trust_anchor_list[..], &[], time, @@ -99,9 +99,9 @@ fn check_cert_ca<'a, 'b>( // (3/3) Check that a message signed by the cert is valid. let msg = b"Hello, World! This message is signed."; - let signature = sign_fn(&cert, msg); + let signature = sign_fn(cert, msg); end_entity_cert - .verify_signature(&cert_alg, msg, &signature) + .verify_signature(cert_alg, msg, &signature) .expect("signature is valid"); } @@ -155,7 +155,7 @@ fn test_webpki_25519() { // Now verify the certificate. let cert_der = cert.serialize_der().unwrap(); - check_cert(&cert_der, &cert, &webpki::ED25519, &sign_msg_ed25519); + check_cert(&cert_der, &cert, &webpki::ED25519, sign_msg_ed25519); } #[cfg(feature = "pem")] @@ -172,7 +172,7 @@ fn test_webpki_25519_v1_given() { // Now verify the certificate. let cert_der = cert.serialize_der().unwrap(); - check_cert(&cert_der, &cert, &webpki::ED25519, &sign_msg_ed25519); + check_cert(&cert_der, &cert, &webpki::ED25519, sign_msg_ed25519); } #[cfg(feature = "pem")] @@ -189,7 +189,7 @@ fn test_webpki_25519_v2_given() { // Now verify the certificate. let cert_der = cert.serialize_der().unwrap(); - check_cert(&cert_der, &cert, &webpki::ED25519, &sign_msg_ed25519); + check_cert(&cert_der, &cert, &webpki::ED25519, sign_msg_ed25519); } #[cfg(feature = "pem")] @@ -550,16 +550,16 @@ fn test_webpki_crl_parse() { // We should be able to verify the CRL signature with the issuer's raw SPKI. webpki_crl - .verify_signature(&[&webpki::ECDSA_P256_SHA256], &raw_spki.value()) + .verify_signature(&[&webpki::ECDSA_P256_SHA256], raw_spki.value()) .expect("failed to validate CRL signature"); // We should be able to find the revoked cert with the expected properties. let webpki_revoked_cert = webpki_crl - .find_serial(&revoked_cert.serial_number.as_ref()) + .find_serial(revoked_cert.serial_number.as_ref()) .expect("failed to parse revoked certs in CRL") .expect("failed to find expected revoked cert in CRL"); assert_eq!( - webpki_revoked_cert.serial_number.as_ref(), + webpki_revoked_cert.serial_number, revoked_cert.serial_number.as_ref() ); assert_eq!(