Skip to content

Commit

Permalink
Ensure CI covers examples and unit tests, fix clippy findings (rustls…
Browse files Browse the repository at this point in the history
…#191)

While reviewing rustls#188 I wanted to
confirm that example code was being built in CI. It turns out that it
wasn't. Similarly we haven't been running `clippy` against test code,
and so there was a number of findings to address.

This branch updates CI to:

* Remove `--all`. This is a deprecated alias for `--workspace`, and
`--workspace` is the default for a directory containing a workspace so
it can be omitted.
* Use `--all-targets` whenever we run `cargo check`, `cargo test` or
`cargo clippy`. This ensures coverage for both examples and unit tests.

In order for the `cargo clippy ... --all-targets` to succeed this branch
addresses each of the findings that were present. I've done this with a
separate commit per class of finding to make it easier to review. In one
case (7bfe0ef) I allowed the finding
instead of fixing it since it seemed like the choice of digit groupings
was done intentionally.
  • Loading branch information
cpu authored Nov 20, 2023
1 parent 0318d2f commit 4b469ea
Show file tree
Hide file tree
Showing 8 changed files with 72 additions and 73 deletions.
26 changes: 13 additions & 13 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ jobs:
uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- run: cargo clippy --all-features
- run: cargo clippy --no-default-features
- run: cargo clippy --all-features --all-targets
- run: cargo clippy --no-default-features --all-targets

rustdoc:
name: Documentation
Expand All @@ -57,7 +57,7 @@ jobs:
with:
toolchain: ${{ matrix.toolchain }}
- name: cargo doc (all features)
run: cargo doc --all --all-features --document-private-items
run: cargo doc --all-features --document-private-items
env:
RUSTDOCFLAGS: ${{ matrix.rust_channel == 'nightly' && '-Dwarnings --cfg=docsrs' || '-Dwarnings' }}

Expand Down Expand Up @@ -89,14 +89,14 @@ jobs:
uses: dtolnay/rust-toolchain@stable
- run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
- run: vcpkg install openssl:x64-windows-static-md
- name: Run cargo check --all
run: cargo check --all
- name: Run cargo check
run: cargo check --all-targets
- name: Run the tests
run: cargo test --all
run: cargo test --all-targets
- name: Run the tests with x509-parser enabled
run: cargo test --verbose --features x509-parser
run: cargo test --verbose --features x509-parser --all-targets
- name: Run the tests with no default features enabled
run: cargo test --verbose --no-default-features
run: cargo test --verbose --no-default-features --all-targets

build:
strategy:
Expand Down Expand Up @@ -128,14 +128,14 @@ jobs:
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.toolchain }}
- name: Run cargo check --all
run: cargo check --all
- name: Run cargo check
run: cargo check --all-targets
- name: Run the tests
run: cargo test --all
run: cargo test --all-targets
- name: Run the tests with x509-parser enabled
run: cargo test --verbose --features x509-parser
run: cargo test --verbose --features x509-parser --all-targets
- name: Run the tests with no default features enabled
run: cargo test --verbose --no-default-features
run: cargo test --verbose --no-default-features --all-targets

coverage:
name: Measure coverage
Expand Down
25 changes: 12 additions & 13 deletions rcgen/examples/rsa-irc-openssl.rs
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
#![allow(clippy::complexity, clippy::style, clippy::pedantic)]

fn main() -> Result<(), Box<dyn std::error::Error>> {
use rcgen::{date_time_ymd, Certificate, CertificateParams, DistinguishedName};
use std::fmt::Write;
use std::fs;

let mut params: CertificateParams = Default::default();
params.not_before = date_time_ymd(2021, 05, 19);
params.not_after = date_time_ymd(4096, 01, 01);
params.not_before = date_time_ymd(2021, 5, 19);
params.not_after = date_time_ymd(4096, 1, 1);
params.distinguished_name = DistinguishedName::new();

params.alg = &rcgen::PKCS_RSA_SHA256;
Expand All @@ -20,18 +19,18 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let pem_serialized = cert.serialize_pem()?;
let pem = pem::parse(&pem_serialized)?;
let der_serialized = pem.contents();
let hash = ring::digest::digest(&ring::digest::SHA512, &der_serialized);
let hash_hex: String = hash.as_ref().iter().map(|b| format!("{b:02x}")).collect();
let hash = ring::digest::digest(&ring::digest::SHA512, der_serialized);
let hash_hex = hash.as_ref().iter().fold(String::new(), |mut output, b| {
let _ = write!(output, "{b:02x}");
output
});
println!("sha-512 fingerprint: {hash_hex}");
println!("{pem_serialized}");
println!("{}", cert.serialize_private_key_pem());
std::fs::create_dir_all("certs/")?;
fs::write("certs/cert.pem", &pem_serialized.as_bytes())?;
fs::write("certs/cert.der", &der_serialized)?;
fs::write(
"certs/key.pem",
&cert.serialize_private_key_pem().as_bytes(),
)?;
fs::write("certs/key.der", &cert.serialize_private_key_der())?;
fs::write("certs/cert.pem", pem_serialized.as_bytes())?;
fs::write("certs/cert.der", der_serialized)?;
fs::write("certs/key.pem", cert.serialize_private_key_pem().as_bytes())?;
fs::write("certs/key.der", cert.serialize_private_key_der())?;
Ok(())
}
25 changes: 12 additions & 13 deletions rcgen/examples/rsa-irc.rs
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
#![allow(clippy::complexity, clippy::style, clippy::pedantic)]

fn main() -> Result<(), Box<dyn std::error::Error>> {
use rand::rngs::OsRng;
use rsa::pkcs8::EncodePrivateKey;
use rsa::RsaPrivateKey;

use rcgen::{date_time_ymd, Certificate, CertificateParams, DistinguishedName};
use std::fmt::Write;
use std::fs;

let mut params: CertificateParams = Default::default();
params.not_before = date_time_ymd(2021, 05, 19);
params.not_after = date_time_ymd(4096, 01, 01);
params.not_before = date_time_ymd(2021, 5, 19);
params.not_after = date_time_ymd(4096, 1, 1);
params.distinguished_name = DistinguishedName::new();

params.alg = &rcgen::PKCS_RSA_SHA256;
Expand All @@ -26,18 +25,18 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let pem_serialized = cert.serialize_pem()?;
let pem = pem::parse(&pem_serialized)?;
let der_serialized = pem.contents();
let hash = ring::digest::digest(&ring::digest::SHA512, &der_serialized);
let hash_hex: String = hash.as_ref().iter().map(|b| format!("{:02x}", b)).collect();
let hash = ring::digest::digest(&ring::digest::SHA512, der_serialized);
let hash_hex = hash.as_ref().iter().fold(String::new(), |mut output, b| {
let _ = write!(output, "{b:02x}");
output
});
println!("sha-512 fingerprint: {hash_hex}");
println!("{pem_serialized}");
println!("{}", cert.serialize_private_key_pem());
std::fs::create_dir_all("certs/")?;
fs::write("certs/cert.pem", &pem_serialized.as_bytes())?;
fs::write("certs/cert.der", &der_serialized)?;
fs::write(
"certs/key.pem",
&cert.serialize_private_key_pem().as_bytes(),
)?;
fs::write("certs/key.der", &cert.serialize_private_key_der())?;
fs::write("certs/cert.pem", pem_serialized.as_bytes())?;
fs::write("certs/cert.der", der_serialized)?;
fs::write("certs/key.pem", cert.serialize_private_key_pem().as_bytes())?;
fs::write("certs/key.der", cert.serialize_private_key_der())?;
Ok(())
}
2 changes: 1 addition & 1 deletion rcgen/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1869,7 +1869,7 @@ mod tests {
fn test_not_windows_line_endings() {
let cert = Certificate::from_params(CertificateParams::default()).unwrap();
let pem = cert.serialize_pem().expect("Failed to serialize pem");
assert!(!pem.contains("\r"));
assert!(!pem.contains('\r'));
}
}

Expand Down
18 changes: 9 additions & 9 deletions rcgen/tests/botan.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,22 +13,22 @@ mod util;
fn default_params() -> CertificateParams {
let mut params = util::default_params();
// Botan has a sanity check that enforces a maximum expiration date
params.not_after = rcgen::date_time_ymd(3016, 01, 01);
params.not_after = rcgen::date_time_ymd(3016, 1, 1);
params
}

fn check_cert<'a, 'b>(cert_der: &[u8], cert: &'a Certificate) {
fn check_cert(cert_der: &[u8], cert: &Certificate) {
println!("{}", cert.serialize_pem().unwrap());
check_cert_ca(cert_der, cert, cert_der);
}

fn check_cert_ca<'a, 'b>(cert_der: &[u8], _cert: &'a Certificate, ca_der: &[u8]) {
fn check_cert_ca(cert_der: &[u8], _cert: &Certificate, ca_der: &[u8]) {
println!(
"botan version: {}",
botan::Version::current().unwrap().string
);
let trust_anchor = botan::Certificate::load(&ca_der).unwrap();
let end_entity_cert = botan::Certificate::load(&cert_der).unwrap();
let trust_anchor = botan::Certificate::load(ca_der).unwrap();
let end_entity_cert = botan::Certificate::load(cert_der).unwrap();

// Set time to Jan 10, 2004
const REFERENCE_TIME: Option<u64> = Some(0x40_00_00_00);
Expand Down Expand Up @@ -161,7 +161,7 @@ fn test_botan_separate_ca() {
.distinguished_name
.push(DnType::CommonName, "Dev domain");
// Botan has a sanity check that enforces a maximum expiration date
params.not_after = rcgen::date_time_ymd(3016, 01, 01);
params.not_after = rcgen::date_time_ymd(3016, 1, 1);

let cert = Certificate::from_params(params).unwrap();
let cert_der = cert.serialize_der_with_signer(&ca_cert).unwrap();
Expand Down Expand Up @@ -195,7 +195,7 @@ fn test_botan_imported_ca() {
.distinguished_name
.push(DnType::CommonName, "Dev domain");
// Botan has a sanity check that enforces a maximum expiration date
params.not_after = rcgen::date_time_ymd(3016, 01, 01);
params.not_after = rcgen::date_time_ymd(3016, 1, 1);
let cert = Certificate::from_params(params).unwrap();
let cert_der = cert.serialize_der_with_signer(&imported_ca_cert).unwrap();

Expand Down Expand Up @@ -232,7 +232,7 @@ fn test_botan_imported_ca_with_printable_string() {
.distinguished_name
.push(DnType::CommonName, "Dev domain");
// Botan has a sanity check that enforces a maximum expiration date
params.not_after = rcgen::date_time_ymd(3016, 01, 01);
params.not_after = rcgen::date_time_ymd(3016, 1, 1);
let cert = Certificate::from_params(params).unwrap();
let cert_der = cert.serialize_der_with_signer(&imported_ca_cert).unwrap();

Expand All @@ -259,7 +259,7 @@ fn test_botan_crl_parse() {
ee.is_ca = IsCa::NoCa;
ee.serial_number = Some(SerialNumber::from(99999));
// Botan has a sanity check that enforces a maximum expiration date
ee.not_after = rcgen::date_time_ymd(3016, 01, 01);
ee.not_after = rcgen::date_time_ymd(3016, 1, 1);
let ee = Certificate::from_params(ee).unwrap();
let ee_der = ee.serialize_der_with_signer(&issuer).unwrap();
let botan_ee = botan::Certificate::load(ee_der.as_ref()).unwrap();
Expand Down
6 changes: 3 additions & 3 deletions rcgen/tests/generic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ mod test_x509_custom_ext {
.get_extension_unique(&test_oid)
.expect("invalid extensions")
.expect("missing custom extension");
assert_eq!(favorite_drink_ext.critical, true);
assert!(favorite_drink_ext.critical);
assert_eq!(favorite_drink_ext.value, test_ext);

// Generate a CSR with the custom extension, parse it with x509-parser.
Expand All @@ -154,7 +154,7 @@ mod test_x509_custom_ext {
.iter()
.find(|ext| ext.oid == test_oid)
.expect("missing requested custom extension");
assert_eq!(custom_ext.critical, true);
assert!(custom_ext.critical);
assert_eq!(custom_ext.value, test_ext);
}
}
Expand Down Expand Up @@ -223,7 +223,7 @@ mod test_x509_parser_crl {
// TODO: x509-parser does not yet parse the CRL issuing DP extension for further examination.

// We should be able to verify the CRL signature with the issuer.
assert!(x509_crl.verify_signature(&x509_issuer.public_key()).is_ok());
assert!(x509_crl.verify_signature(x509_issuer.public_key()).is_ok());
}
}

Expand Down
15 changes: 8 additions & 7 deletions rcgen/tests/openssl.rs
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,15 @@ fn verify_cert_basic(cert: &Certificate) {
let cert_pem = cert.serialize_pem().unwrap();
println!("{cert_pem}");

let x509 = X509::from_pem(&cert_pem.as_bytes()).unwrap();
let x509 = X509::from_pem(cert_pem.as_bytes()).unwrap();
let mut builder = X509StoreBuilder::new().unwrap();
builder.add_cert(x509.clone()).unwrap();

let store: X509Store = builder.build();
let mut ctx = X509StoreContext::new().unwrap();
let mut stack = Stack::new().unwrap();
stack.push(x509.clone()).unwrap();
ctx.init(&store, &x509, &stack.as_ref(), |ctx| {
ctx.init(&store, &x509, stack.as_ref(), |ctx| {
ctx.verify_cert().unwrap();
Ok(())
})
Expand Down Expand Up @@ -79,7 +79,7 @@ impl Read for PipeEnd {
fn read(&mut self, mut buf: &mut [u8]) -> ioResult<usize> {
let inner = self.inner.borrow_mut();
let r_sl = &inner.0[1 - self.end_idx][self.read_pos..];
if r_sl.len() == 0 {
if r_sl.is_empty() {
return Err(Error::new(ErrorKind::WouldBlock, "oh no!"));
}
let r = buf.len().min(r_sl.len());
Expand All @@ -101,9 +101,9 @@ fn verify_cert_ca(cert_pem: &str, key: &[u8], ca_cert_pem: &str) {
println!("{cert_pem}");
println!("{ca_cert_pem}");

let x509 = X509::from_pem(&cert_pem.as_bytes()).unwrap();
let x509 = X509::from_pem(cert_pem.as_bytes()).unwrap();

let ca_x509 = X509::from_pem(&ca_cert_pem.as_bytes()).unwrap();
let ca_x509 = X509::from_pem(ca_cert_pem.as_bytes()).unwrap();

let mut builder = X509StoreBuilder::new().unwrap();
builder.add_cert(ca_x509).unwrap();
Expand All @@ -113,7 +113,7 @@ fn verify_cert_ca(cert_pem: &str, key: &[u8], ca_cert_pem: &str) {
let srv = SslMethod::tls_server();
let mut ssl_srv_ctx = SslAcceptor::mozilla_modern(srv).unwrap();
//let key = cert.serialize_private_key_der();
let pkey = PKey::private_key_from_der(&key).unwrap();
let pkey = PKey::private_key_from_der(key).unwrap();
ssl_srv_ctx.set_private_key(&pkey).unwrap();

ssl_srv_ctx.set_certificate(&x509).unwrap();
Expand Down Expand Up @@ -168,7 +168,7 @@ fn verify_csr(cert: &Certificate) {
let key = cert.serialize_private_key_der();
let pkey = PKey::private_key_from_der(&key).unwrap();

let req = X509Req::from_pem(&csr.as_bytes()).unwrap();
let req = X509Req::from_pem(csr.as_bytes()).unwrap();
req.verify(&pkey).unwrap();
}

Expand Down Expand Up @@ -241,6 +241,7 @@ fn test_openssl_25519_v1_given() {
// Now verify the certificate as well as CSR,
// but only on OpenSSL >= 1.1.1
// On prior versions, only do basic verification
#[allow(clippy::unusual_byte_groupings)]
if openssl::version::number() >= 0x1_01_01_00_f {
verify_cert(&cert);
verify_csr(&cert);
Expand Down
Loading

0 comments on commit 4b469ea

Please sign in to comment.