From f45e8766838cf765e73e589d8086c8e4614a377e Mon Sep 17 00:00:00 2001 From: Emmanuel Coste Date: Sat, 26 Oct 2024 23:52:10 +0200 Subject: [PATCH] fix: rename IndexAction to AddAction and flatten Findex actions --- .rustfmt.toml | 2 +- Cargo.lock | 107 +++--------------- Cargo.toml | 12 +- crate/cli/src/actions/console.rs | 3 +- .../src/actions/findex/{index.rs => add.rs} | 53 ++++----- crate/cli/src/actions/findex/mod.rs | 66 ++++++----- crate/cli/src/actions/findex/search.rs | 46 +++----- crate/cli/src/actions/login.rs | 22 ++-- crate/cli/src/actions/logout.rs | 6 +- crate/cli/src/actions/markdown.rs | 6 +- crate/cli/src/actions/version.rs | 7 +- crate/cli/src/error/mod.rs | 3 +- crate/cli/src/error/result.rs | 3 +- crate/cli/src/main.rs | 17 ++- crate/cli/src/tests/auth_tests.rs | 6 +- .../cli/src/tests/findex/{index.rs => add.rs} | 25 ++-- crate/cli/src/tests/findex/mod.rs | 12 +- crate/cli/src/tests/findex/search.rs | 19 ++-- crate/cli/src/tests/mod.rs | 1 - crate/cli/src/tests/utils/cmd_logs.rs | 2 +- crate/cli/src/tests/utils/mod.rs | 1 + crate/client/Cargo.toml | 4 - crate/client/src/certificate_verifier.rs | 72 ------------ crate/client/src/config.rs | 30 ++--- crate/client/src/file_utils.rs | 61 ++-------- crate/client/src/findex_rest_client.rs | 89 ++------------- crate/client/src/lib.rs | 2 - crate/client/src/result.rs | 3 +- .../src/config/command_line/clap_config.rs | 6 +- crate/server/src/config/command_line/db.rs | 6 +- .../src/config/command_line/http_config.rs | 3 +- .../config/command_line/jwt_auth_config.rs | 3 +- crate/server/src/config/params/db_params.rs | 1 + crate/server/src/config/params/http_params.rs | 6 +- .../server/src/config/params/server_params.rs | 6 +- crate/server/src/core/implementation.rs | 5 +- crate/server/src/database/database_trait.rs | 3 +- crate/server/src/database/redis/mod.rs | 20 ++-- crate/server/src/error/server.rs | 3 +- crate/server/src/findex_server.rs | 26 +++-- crate/server/src/main.rs | 3 +- crate/server/src/middlewares/jwks.rs | 6 +- crate/server/src/middlewares/jwt.rs | 10 +- .../server/src/middlewares/jwt_token_auth.rs | 14 ++- crate/server/src/middlewares/main.rs | 18 +-- crate/server/src/middlewares/ssl_auth.rs | 11 +- crate/server/src/routes/error.rs | 3 +- crate/server/src/routes/findex.rs | 12 +- crate/server/src/routes/version.rs | 6 +- crate/server/src/secret.rs | 10 +- crate/server/src/tests/mod.rs | 3 +- crate/test_server/src/test_server.rs | 18 +-- 52 files changed, 323 insertions(+), 559 deletions(-) rename crate/cli/src/actions/findex/{index.rs => add.rs} (64%) rename crate/cli/src/tests/findex/{index.rs => add.rs} (58%) delete mode 100644 crate/client/src/certificate_verifier.rs diff --git a/.rustfmt.toml b/.rustfmt.toml index 9f10713..7f4d443 100644 --- a/.rustfmt.toml +++ b/.rustfmt.toml @@ -49,7 +49,7 @@ use_field_init_shorthand = true version = "Two" # # Controls the edition of the Rust Style Guide to use for formatting (RFC 3338) -# # Default value: "2015" +# Default value: "2015" # style_edition = "2021" # The following rust files listing have been made in october 2021. diff --git a/Cargo.lock b/Cargo.lock index ab417bf..9e12277 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -694,6 +694,7 @@ checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97" [[package]] name = "cloudproof_findex" version = "6.0.2" +source = "git+https://www.github.com/Cosmian/cloudproof_rust?branch=feat/add_basic_findex_rest_client#e61e161d2b45fda5fc8205dfc80b4b086c7d661c" dependencies = [ "async-trait", "base64 0.21.7", @@ -794,6 +795,7 @@ dependencies = [ [[package]] name = "cosmian_findex" version = "6.0.1" +source = "git+https://www.github.com/Cosmian/findex?branch=fix/missing_some_structs_serialization#b1d8d021aa19a6bbd3726513e1755432bc1742dd" dependencies = [ "async-trait", "base64 0.21.7", @@ -849,14 +851,10 @@ dependencies = [ "pem", "rand", "reqwest", - "rustls", "serde", "serde_json", "thiserror", - "tracing", "url", - "webpki-roots 0.22.6", - "x509-cert", ] [[package]] @@ -1036,8 +1034,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", - "der_derive", - "flagset", "pem-rfc7468", "zeroize", ] @@ -1056,17 +1052,6 @@ dependencies = [ "rusticata-macros", ] -[[package]] -name = "der_derive" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "deranged" version = "0.3.11" @@ -1209,12 +1194,6 @@ version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8c02a5121d4ea3eb16a80748c74f5549a5665e4c21333c6098f283870fbdea6" -[[package]] -name = "flagset" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" - [[package]] name = "float-cmp" version = "0.9.0" @@ -2402,7 +2381,7 @@ dependencies = [ "wasm-bindgen", "wasm-bindgen-futures", "web-sys", - "webpki-roots 0.25.4", + "webpki-roots", "winreg", ] @@ -2580,18 +2559,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.210" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" +checksum = "3ea7893ff5e2466df8d720bb615088341b295f849602c6956047f8f80f0e9bc1" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.210" +version = "1.0.213" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" +checksum = "7e85ad2009c50b58e87caa8cd6dac16bdf511bbfb7af6c33df902396aa480fa5" dependencies = [ "proc-macro2", "quote", @@ -2600,9 +2579,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.129" +version = "1.0.132" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6dbcf9b78a125ee667ae19388837dd12294b858d101fdd393cb9d5501ef09eb2" +checksum = "d726bfaff4b320266d395898905d0eba0345aae23b54aee3a737e260fd46db03" dependencies = [ "itoa", "memchr", @@ -2984,9 +2963,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.79" +version = "2.0.85" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590" +checksum = "5023162dfcd14ef8f32034d8bcd4cc5ddc61ef7a247c024a33e24e1f24d21b56" dependencies = [ "proc-macro2", "quote", @@ -3066,18 +3045,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.64" +version = "1.0.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d50af8abc119fb8bb6dbabcfa89656f46f84aa0ac7688088608076ad2b459a84" +checksum = "5d11abd9594d9b38965ef50805c5e469ca9cc6f197f883f717e0269a3057b3d5" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.64" +version = "1.0.65" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08904e7672f5eb876eaaf87e0ce17857500934f4981c4a0ab2b4aa98baac7fc3" +checksum = "ae71770322cbd277e69d762a16c444af02aa0575ac0d174f0b9562d3b37f8602" dependencies = [ "proc-macro2", "quote", @@ -3159,32 +3138,11 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" -[[package]] -name = "tls_codec" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a" -dependencies = [ - "tls_codec_derive", - "zeroize", -] - -[[package]] -name = "tls_codec_derive" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "tokio" -version = "1.40.0" +version = "1.41.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998" +checksum = "145f3413504347a2be84393cc8a7d2fb4d863b375909ea59f2158261aa258bbb" dependencies = [ "backtrace", "bytes", @@ -3585,25 +3543,6 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "webpki" -version = "0.22.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" -dependencies = [ - "ring", - "untrusted", -] - -[[package]] -name = "webpki-roots" -version = "0.22.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87" -dependencies = [ - "webpki", -] - [[package]] name = "webpki-roots" version = "0.25.4" @@ -3827,18 +3766,6 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "x509-cert" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" -dependencies = [ - "const-oid", - "der", - "spki", - "tls_codec", -] - [[package]] name = "x509-parser" version = "0.16.0" diff --git a/Cargo.toml b/Cargo.toml index 88260f8..7f4d17b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -45,16 +45,16 @@ actix-server = { version = "2.5", default-features = false } actix-web = { version = "4.9.0", default-features = false } base64 = "0.21" clap = { version = "4.5", default-features = false } -cloudproof_findex = { path = "../cloudproof_rust/crates/findex" } -# cloudproof_findex = { git = "https://www.github.com/Cosmian/cloudproof_rust", branch = "feat/add_basic_findex_rest_client" } +# cloudproof_findex = { path = "../cloudproof_rust/crates/findex" } +cloudproof_findex = { git = "https://www.github.com/Cosmian/cloudproof_rust", branch = "feat/add_basic_findex_rest_client" } der = { version = "0.7", default-features = false } openssl = { version = "0.10", default-features = false } pem = "3.0" reqwest = { version = "0.11", default-features = false } -serde = "1.0" -serde_json = "1.0" -thiserror = "1.0" -tokio = { version = "1.40", default-features = false } +serde = "1.0.213" +serde_json = "1.0.132" +thiserror = "1.0.65" +tokio = { version = "1.41", default-features = false } tracing = "0.1" url = "2.5" x509-parser = "0.16" diff --git a/crate/cli/src/actions/console.rs b/crate/cli/src/actions/console.rs index d4cd1ec..ec5b25e 100644 --- a/crate/cli/src/actions/console.rs +++ b/crate/cli/src/actions/console.rs @@ -1,6 +1,7 @@ -use crate::error::result::CliResult; use serde::Serialize; +use crate::error::result::CliResult; + pub const KMS_CLI_FORMAT: &str = "KMS_CLI_FORMAT"; pub const CLI_DEFAULT_FORMAT: &str = "text"; pub const CLI_JSON_FORMAT: &str = "json"; diff --git a/crate/cli/src/actions/findex/index.rs b/crate/cli/src/actions/findex/add.rs similarity index 64% rename from crate/cli/src/actions/findex/index.rs rename to crate/cli/src/actions/findex/add.rs index 08c3528..885d96a 100644 --- a/crate/cli/src/actions/findex/index.rs +++ b/crate/cli/src/actions/findex/add.rs @@ -1,35 +1,36 @@ -use super::FindexParameters; -use crate::{actions::console, error::result::CliResult}; -use clap::Parser; -use cloudproof_findex::{ - reexport::{ - cosmian_crypto_core::FixedSizeCBytes, - cosmian_findex::{Data, IndexedValue, IndexedValueToKeywordsMap, Keyword, Label, UserKey}, - }, - Configuration, InstantiatedFindex, -}; -use cosmian_findex_client::FindexClient; use std::{ collections::{HashMap, HashSet}, fs::File, path::PathBuf, }; + +use clap::Parser; +use cloudproof_findex::reexport::cosmian_findex::{ + Data, IndexedValue, IndexedValueToKeywordsMap, Keyword, +}; +use cosmian_findex_client::FindexClient; use tracing::trace; -/// Index data with Findex +use super::FindexParameters; +use crate::{ + actions::{console, findex::instantiate_findex}, + error::result::CliResult, +}; + +/// Findex: Index data. #[derive(Parser, Debug)] #[clap(verbatim_doc_comment)] -pub struct IndexAction { +pub struct AddAction { #[clap(flatten)] - pub findex_parameters: FindexParameters, + pub(crate) findex_parameters: FindexParameters, /// The path to the CSV file containing the data to index #[clap(long)] - pub csv: PathBuf, + pub(crate) csv: PathBuf, } -impl IndexAction { - /// Process the server version action. +impl AddAction { + /// Add keywords to be indexed with `Findex`. /// /// # Arguments /// @@ -41,18 +42,7 @@ impl IndexAction { /// Returns an error if the version query fails or if there is an issue /// writing to the console. #[allow(clippy::future_not_send)] - pub async fn process(&self, findex_rest_client: &FindexClient) -> CliResult<()> { - let config = Configuration::Rest( - findex_rest_client.client.clone(), - findex_rest_client.server_url.clone(), - findex_rest_client.server_url.clone(), - ); - let findex = InstantiatedFindex::new(config).await?; - - let key = hex::decode(self.findex_parameters.key.clone())?; - let user_key = UserKey::try_from_slice(&key)?; - let label = Label::from(self.findex_parameters.label.as_str()); - + pub async fn process(&self, findex_rest_client: FindexClient) -> CliResult<()> { // read the database let mut csv_additions = Vec::new(); let file = File::open(self.csv.clone())?; @@ -72,10 +62,11 @@ impl IndexAction { csv_additions.iter().cloned().collect(); trace!("additions: {additions:?}"); + let findex = instantiate_findex(findex_rest_client).await?; let keywords = findex .add( - &user_key, - &label, + &self.findex_parameters.user_key()?, + &self.findex_parameters.label(), IndexedValueToKeywordsMap::from(additions), ) .await?; diff --git a/crate/cli/src/actions/findex/mod.rs b/crate/cli/src/actions/findex/mod.rs index eca039e..13c4068 100644 --- a/crate/cli/src/actions/findex/mod.rs +++ b/crate/cli/src/actions/findex/mod.rs @@ -1,18 +1,26 @@ -use crate::error::result::CliResult; -use clap::{Parser, Subcommand}; +use clap::Parser; +use cloudproof_findex::{ + reexport::{ + cosmian_crypto_core::FixedSizeCBytes, + cosmian_findex::{Label, UserKey}, + }, + Configuration, InstantiatedFindex, +}; use cosmian_findex_client::FindexClient; -use index::IndexAction; -use search::SearchAction; +use tracing::debug; + +use crate::error::result::CliResult; -pub mod index; +pub mod add; pub mod search; /// Index data with Findex #[derive(Parser, Debug)] #[clap(verbatim_doc_comment)] // todo(manu): review global struct exposition -pub struct FindexParameters { - /// The user findex key used to index and search +pub(crate) struct FindexParameters { + /// The user findex key used (to add, search, delete and compact). + /// The key is a 16 bytes hex string. #[clap(long, short = 'k')] pub key: String, /// The Findex label @@ -20,30 +28,26 @@ pub struct FindexParameters { pub label: String, } -/// Index or Search with Findex -#[derive(Subcommand)] -pub enum FindexCommands { - Index(IndexAction), - Search(SearchAction), -} +impl FindexParameters { + pub(crate) fn user_key(&self) -> CliResult { + Ok(UserKey::try_from_slice(&hex::decode(self.key.clone())?)?) + } -impl FindexCommands { - /// Process the Findex commands action. - /// - /// # Arguments - /// - /// * `findex_rest_client` - The Findex client instance used to communicate - /// with the Findex server. - /// - /// # Errors - /// - /// Returns an error if the version query fails or if there is an issue - /// writing to the console. - #[allow(clippy::future_not_send)] // todo(manu): remove this - pub async fn process(&self, findex_rest_client: &FindexClient) -> CliResult<()> { - match self { - Self::Index(action) => action.process(findex_rest_client).await, - Self::Search(action) => action.process(findex_rest_client).await, - } + pub(crate) fn label(&self) -> Label { + Label::from(self.label.as_str()) } } + +#[allow(clippy::future_not_send)] +pub(crate) async fn instantiate_findex( + findex_rest_client: FindexClient, +) -> CliResult { + let config = Configuration::Rest( + findex_rest_client.client, + findex_rest_client.server_url.clone(), + findex_rest_client.server_url, + ); + let findex = InstantiatedFindex::new(config).await?; + debug!("Findex instantiated"); + Ok(findex) +} diff --git a/crate/cli/src/actions/findex/search.rs b/crate/cli/src/actions/findex/search.rs index ad4d13e..ca37e7b 100644 --- a/crate/cli/src/actions/findex/search.rs +++ b/crate/cli/src/actions/findex/search.rs @@ -1,30 +1,28 @@ -use super::FindexParameters; -use crate::{actions::console, error::result::CliResult}; use clap::Parser; -use cloudproof_findex::{ - reexport::{ - cosmian_crypto_core::FixedSizeCBytes, - cosmian_findex::{Keyword, Keywords, Label, UserKey}, - }, - Configuration, InstantiatedFindex, -}; +use cloudproof_findex::reexport::cosmian_findex::{Keyword, Keywords}; use cosmian_findex_client::FindexClient; use tracing::trace; -/// Index data with Findex +use super::FindexParameters; +use crate::{ + actions::{console, findex::instantiate_findex}, + error::result::CliResult, +}; + +/// Findex: Search keywords. #[derive(Parser, Debug)] #[clap(verbatim_doc_comment)] pub struct SearchAction { #[clap(flatten)] - pub findex_parameters: FindexParameters, + pub(crate) findex_parameters: FindexParameters, /// The word to search. Can be repeated. #[clap(long)] - pub word: Vec, + pub(crate) keyword: Vec, } impl SearchAction { - /// Process the server version action. + /// Search indexed keywords. /// /// # Arguments /// @@ -35,24 +33,14 @@ impl SearchAction { /// /// Returns an error if the version query fails or if there is an issue /// writing to the console. - #[allow(clippy::future_not_send)] // todo(manu): remove this - pub async fn process(&self, findex_rest_client: &FindexClient) -> CliResult<()> { - let config = Configuration::Rest( - findex_rest_client.client.clone(), - findex_rest_client.server_url.clone(), - findex_rest_client.server_url.clone(), - ); - let findex = InstantiatedFindex::new(config).await?; - - let key = hex::decode(self.findex_parameters.key.clone())?; - let user_key = UserKey::try_from_slice(&key)?; - let label = Label::from(self.findex_parameters.label.as_str()); - + #[allow(clippy::future_not_send)] // todo(manu): to remove this, changes must be done on `findex` repository + pub async fn process(&self, findex_rest_client: FindexClient) -> CliResult<()> { + let findex = instantiate_findex(findex_rest_client).await?; let results = findex .search( - &user_key, - &label, - self.word + &self.findex_parameters.user_key()?, + &self.findex_parameters.label(), + self.keyword .clone() .into_iter() .map(|word| Keyword::from(word.as_bytes())) diff --git a/crate/cli/src/actions/login.rs b/crate/cli/src/actions/login.rs index 11d7a19..2899e33 100644 --- a/crate/cli/src/actions/login.rs +++ b/crate/cli/src/actions/login.rs @@ -1,7 +1,11 @@ -use crate::{ - cli_bail, - error::{result::CliResult, CliError}, +use std::{ + collections::HashMap, + convert::TryFrom, + path::PathBuf, + sync::mpsc::{self, Sender}, + thread, }; + use actix_web::{ get, web::{self, Data}, @@ -20,15 +24,13 @@ use oauth2::{ RedirectUrl, Scope, TokenUrl, }; use serde::Deserialize; -use std::{ - collections::HashMap, - convert::TryFrom, - path::PathBuf, - sync::mpsc::{self, Sender}, - thread, -}; use url::Url; +use crate::{ + cli_bail, + error::{result::CliResult, CliError}, +}; + /// Login to the Identity Provider of the Findex server using the `OAuth2` /// authorization code flow. /// diff --git a/crate/cli/src/actions/logout.rs b/crate/cli/src/actions/logout.rs index 81c32f4..f92c35a 100644 --- a/crate/cli/src/actions/logout.rs +++ b/crate/cli/src/actions/logout.rs @@ -1,7 +1,9 @@ -use crate::error::result::CliResult; +use std::path::PathBuf; + use clap::Parser; use cosmian_findex_client::ClientConf; -use std::path::PathBuf; + +use crate::error::result::CliResult; /// Logout from the Identity Provider. /// diff --git a/crate/cli/src/actions/markdown.rs b/crate/cli/src/actions/markdown.rs index ab960bd..1c04524 100644 --- a/crate/cli/src/actions/markdown.rs +++ b/crate/cli/src/actions/markdown.rs @@ -1,7 +1,9 @@ -use crate::error::result::CliResult; -use clap::{builder::StyledStr, Command, Parser}; use std::{fmt::Write, fs::File, io::Write as io_Write, path::PathBuf}; +use clap::{builder::StyledStr, Command, Parser}; + +use crate::error::result::CliResult; + /// Generate the CLI documentation as markdown #[derive(Parser, Debug)] pub struct MarkdownAction { diff --git a/crate/cli/src/actions/version.rs b/crate/cli/src/actions/version.rs index b6def8c..fb7d836 100644 --- a/crate/cli/src/actions/version.rs +++ b/crate/cli/src/actions/version.rs @@ -1,8 +1,9 @@ -use super::console; -use crate::error::result::{CliResult, CliResultHelper}; use clap::Parser; use cosmian_findex_client::FindexClient; +use super::console; +use crate::error::result::{CliResult, CliResultHelper}; + /// Print the version of the server #[derive(Parser, Debug)] #[clap(verbatim_doc_comment)] @@ -20,7 +21,7 @@ impl ServerVersionAction { /// /// Returns an error if the version query fails or if there is an issue /// writing to the console. - pub async fn process(&self, findex_rest_client: &FindexClient) -> CliResult<()> { + pub async fn process(&self, findex_rest_client: FindexClient) -> CliResult<()> { let version = findex_rest_client .version() .await diff --git a/crate/cli/src/error/mod.rs b/crate/cli/src/error/mod.rs index 79df4c1..daecd8d 100644 --- a/crate/cli/src/error/mod.rs +++ b/crate/cli/src/error/mod.rs @@ -1,3 +1,5 @@ +use std::{array::TryFromSliceError, num::TryFromIntError, str::Utf8Error}; + #[cfg(test)] use assert_cmd::cargo::CargoError; use cloudproof_findex::{ @@ -7,7 +9,6 @@ use cloudproof_findex::{ use cosmian_findex_client::ClientError; use hex::FromHexError; use pem::PemError; -use std::{array::TryFromSliceError, num::TryFromIntError, str::Utf8Error}; use thiserror::Error; pub mod result; diff --git a/crate/cli/src/error/result.rs b/crate/cli/src/error/result.rs index bf24641..82779f9 100644 --- a/crate/cli/src/error/result.rs +++ b/crate/cli/src/error/result.rs @@ -1,6 +1,7 @@ -use super::CliError; use std::fmt::Display; +use super::CliError; + pub type CliResult = Result; /// Trait for providing helper methods for `CliResult`. diff --git a/crate/cli/src/main.rs b/crate/cli/src/main.rs index d3d47dd..b93f36b 100644 --- a/crate/cli/src/main.rs +++ b/crate/cli/src/main.rs @@ -1,14 +1,18 @@ +use std::{path::PathBuf, process}; + use clap::{CommandFactory, Parser, Subcommand}; use cosmian_findex_cli::{ actions::{ - findex::FindexCommands, login::LoginAction, logout::LogoutAction, markdown::MarkdownAction, + findex::{add::AddAction, search::SearchAction}, + login::LoginAction, + logout::LogoutAction, + markdown::MarkdownAction, version::ServerVersionAction, }, error::result::CliResult, }; use cosmian_findex_client::ClientConf; use cosmian_logger::log_utils::log_init; -use std::{path::PathBuf, process}; #[derive(Parser)] #[command(author, version, about, long_about = None)] @@ -37,8 +41,8 @@ struct Cli { #[derive(Subcommand)] enum CliCommands { - #[command(subcommand)] - Findex(FindexCommands), + Add(AddAction), + Search(SearchAction), ServerVersion(ServerVersionAction), Login(LoginAction), Logout(LogoutAction), @@ -81,8 +85,9 @@ async fn main_() -> CliResult<()> { conf.initialize_findex_client(opts.url.as_deref(), opts.accept_invalid_certs)?; match command { - CliCommands::Findex(action) => action.process(&findex_rest_client).await?, - CliCommands::ServerVersion(action) => action.process(&findex_rest_client).await?, + CliCommands::Add(action) => action.process(findex_rest_client).await?, + CliCommands::Search(action) => action.process(findex_rest_client).await?, + CliCommands::ServerVersion(action) => action.process(findex_rest_client).await?, _ => { tracing::error!("unexpected command"); } diff --git a/crate/cli/src/tests/auth_tests.rs b/crate/cli/src/tests/auth_tests.rs index 25af145..c095364 100644 --- a/crate/cli/src/tests/auth_tests.rs +++ b/crate/cli/src/tests/auth_tests.rs @@ -1,16 +1,18 @@ #![allow(unused)] -use crate::{error::result::CliResult, tests::PROG_NAME}; +use std::{path::PathBuf, process::Command}; + use assert_cmd::prelude::*; use base64::Engine; use cosmian_findex_client::FINDEX_CLI_CONF_ENV; use cosmian_logger::log_utils::log_init; -use std::{path::PathBuf, process::Command}; use tempfile::TempDir; use test_findex_server::{ start_test_server_with_options, AuthenticationOptions, DBConfig, DatabaseType, TestsContext, }; use tracing::{info, trace}; +use crate::{error::result::CliResult, tests::PROG_NAME}; + // let us not make other test cases fail const PORT: u16 = 9999; diff --git a/crate/cli/src/tests/findex/index.rs b/crate/cli/src/tests/findex/add.rs similarity index 58% rename from crate/cli/src/tests/findex/index.rs rename to crate/cli/src/tests/findex/add.rs index a400318..8bb84fe 100644 --- a/crate/cli/src/tests/findex/index.rs +++ b/crate/cli/src/tests/findex/add.rs @@ -1,5 +1,5 @@ use crate::{ - actions::findex::index::IndexAction, + actions::findex::add::AddAction, error::{result::CliResult, CliError}, tests::{utils::recover_cmd_logs, PROG_NAME}, }; @@ -9,22 +9,19 @@ use std::process::Command; use tracing::debug; #[allow(clippy::unwrap_used)] -pub(crate) fn index_cmd(cli_conf_path: &str, action: IndexAction) -> CliResult { - let mut args = vec!["index".to_owned()]; - - args.push("--key".to_owned()); - args.push(action.findex_parameters.key.clone()); - - args.push("--label".to_owned()); - args.push(action.findex_parameters.label); - - args.push("--csv".to_owned()); - args.push(action.csv.to_str().unwrap().to_owned()); - +pub(crate) fn add_cmd(cli_conf_path: &str, action: AddAction) -> CliResult { let mut cmd = Command::cargo_bin(PROG_NAME)?; + let args = vec![ + "--key".to_owned(), + action.findex_parameters.key.clone(), + "--label".to_owned(), + action.findex_parameters.label, + "--csv".to_owned(), + action.csv.to_str().unwrap().to_owned(), + ]; cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path); - cmd.arg("findex").args(args); + cmd.arg("add").args(args); debug!("cmd: {:?}", cmd); let output = recover_cmd_logs(&mut cmd); if output.status.success() { diff --git a/crate/cli/src/tests/findex/mod.rs b/crate/cli/src/tests/findex/mod.rs index bea40df..ad4986a 100644 --- a/crate/cli/src/tests/findex/mod.rs +++ b/crate/cli/src/tests/findex/mod.rs @@ -1,13 +1,13 @@ use crate::{ - actions::findex::{index::IndexAction, search::SearchAction, FindexParameters}, + actions::findex::{add::AddAction, search::SearchAction, FindexParameters}, error::result::CliResult, }; +use add::add_cmd; use cosmian_logger::log_utils::log_init; -use index::index_cmd; use search::search_cmd; use test_findex_server::start_default_test_findex_server; -pub(crate) mod index; +pub(crate) mod add; pub(crate) mod search; #[tokio::test] @@ -16,9 +16,9 @@ pub(crate) async fn test_findex() -> CliResult<()> { log_init(None); let ctx = start_default_test_findex_server().await; - index_cmd( + add_cmd( &ctx.owner_client_conf_path, - IndexAction { + AddAction { findex_parameters: FindexParameters { key: "11223344556677889900AABBCCDDEEFF".to_owned(), label: "My Findex label".to_owned(), @@ -34,7 +34,7 @@ pub(crate) async fn test_findex() -> CliResult<()> { key: "11223344556677889900AABBCCDDEEFF".to_owned(), label: "My Findex label".to_owned(), }, - word: vec!["Southborough".to_owned(), "Northbridge".to_owned()], + keyword: vec!["Southborough".to_owned(), "Northbridge".to_owned()], }, )?; assert!(search_results.contains("States9686")); // for Southborough diff --git a/crate/cli/src/tests/findex/search.rs b/crate/cli/src/tests/findex/search.rs index ec8560d..e0c6b77 100644 --- a/crate/cli/src/tests/findex/search.rs +++ b/crate/cli/src/tests/findex/search.rs @@ -9,22 +9,21 @@ use std::process::Command; use tracing::debug; pub(crate) fn search_cmd(cli_conf_path: &str, action: SearchAction) -> CliResult { - let mut args = vec!["search".to_owned()]; + let mut args = vec![ + "--key".to_owned(), + action.findex_parameters.key.clone(), + "--label".to_owned(), + action.findex_parameters.label, + ]; - args.push("--key".to_owned()); - args.push(action.findex_parameters.key.clone()); - - args.push("--label".to_owned()); - args.push(action.findex_parameters.label); - - for word in action.word { - args.push("--word".to_owned()); + for word in action.keyword { + args.push("--keyword".to_owned()); args.push(word); } let mut cmd = Command::cargo_bin(PROG_NAME)?; cmd.env(FINDEX_CLI_CONF_ENV, cli_conf_path); - cmd.arg("findex").args(args); + cmd.arg("search").args(args); debug!("cmd: {:?}", cmd); let output = recover_cmd_logs(&mut cmd); if output.status.success() { diff --git a/crate/cli/src/tests/mod.rs b/crate/cli/src/tests/mod.rs index 7ec1d60..ea19dde 100644 --- a/crate/cli/src/tests/mod.rs +++ b/crate/cli/src/tests/mod.rs @@ -1,5 +1,4 @@ mod auth_tests; -mod findex; mod utils; const PROG_NAME: &str = "cosmian_findex_cli"; diff --git a/crate/cli/src/tests/utils/cmd_logs.rs b/crate/cli/src/tests/utils/cmd_logs.rs index 87e46f8..cf4ea70 100644 --- a/crate/cli/src/tests/utils/cmd_logs.rs +++ b/crate/cli/src/tests/utils/cmd_logs.rs @@ -4,7 +4,7 @@ use std::{ }; /// Recover output logs from a command call `cmd` and re-inject it into stdio -#[allow(clippy::unwrap_used)] +#[allow(clippy::unwrap_used, dead_code)] pub(crate) fn recover_cmd_logs(cmd: &mut Command) -> Output { let output = cmd .stdout(Stdio::piped()) diff --git a/crate/cli/src/tests/utils/mod.rs b/crate/cli/src/tests/utils/mod.rs index 26349d4..7bd5ac4 100644 --- a/crate/cli/src/tests/utils/mod.rs +++ b/crate/cli/src/tests/utils/mod.rs @@ -1,3 +1,4 @@ +#![allow(unused_imports)] pub(crate) use cmd_logs::recover_cmd_logs; mod cmd_logs; diff --git a/crate/client/Cargo.toml b/crate/client/Cargo.toml index a29078f..95c3505 100644 --- a/crate/client/Cargo.toml +++ b/crate/client/Cargo.toml @@ -20,14 +20,10 @@ der = { workspace = true } log = "0.4" pem = { workspace = true } reqwest = { workspace = true, features = ["default", "json", "native-tls"] } -rustls = { version = "0.21", features = ["dangerous_configuration"] } serde = { workspace = true } serde_json = { workspace = true } thiserror = { workspace = true } -tracing = { workspace = true } url = { workspace = true } -webpki-roots = "0.22" -x509-cert = { version = "0.2.5", features = ["pem"] } [dev-dependencies] faker_rand = "0.1" diff --git a/crate/client/src/certificate_verifier.rs b/crate/client/src/certificate_verifier.rs deleted file mode 100644 index 50d9f54..0000000 --- a/crate/client/src/certificate_verifier.rs +++ /dev/null @@ -1,72 +0,0 @@ -use rustls::{ - client::{ServerCertVerified, ServerCertVerifier}, - Certificate, Error as RustTLSError, ServerName, -}; -use std::{sync::Arc, time::SystemTime}; - -/// A TLS verifier adding the ability to match the leaf certificate with a -/// trusted one. -pub(crate) struct LeafCertificateVerifier { - // The certificate we expect to see in the TLS connection - expected_cert: Certificate, - // A default verifier to run anyway - default_verifier: Arc, -} - -impl LeafCertificateVerifier { - pub(crate) fn new( - expected_cert: Certificate, - default_verifier: Arc, - ) -> Self { - Self { - expected_cert, - default_verifier, - } - } -} - -impl ServerCertVerifier for LeafCertificateVerifier { - fn verify_server_cert( - &self, - end_entity: &Certificate, // end_entity - intermediates: &[Certificate], // intermediates - server_name: &ServerName, // server_name - scts: &mut dyn Iterator, // scts - ocsp_response: &[u8], // ocsp_response - now: SystemTime, // now - ) -> Result { - // Verify the leaf certificate - if !end_entity.eq(&self.expected_cert) { - return Err(RustTLSError::General( - "Leaf certificate doesn't match the expected one".to_owned(), - )); - } - - // Now proceed with typical verifications - self.default_verifier.verify_server_cert( - end_entity, - intermediates, - server_name, - scts, - ocsp_response, - now, - ) - } -} - -/// Remove all verifications -pub(crate) struct NoVerifier; - -impl ServerCertVerifier for NoVerifier { - fn verify_server_cert( - &self, - _: &Certificate, // end_entity - _: &[Certificate], // intermediates - _: &ServerName, // server_name - _: &mut dyn Iterator, // scts - _: &[u8], // ocsp_response - _: SystemTime, // now - ) -> Result { - Ok(ServerCertVerified::assertion()) - } -} diff --git a/crate/client/src/config.rs b/crate/client/src/config.rs index f70bf20..b3166d7 100644 --- a/crate/client/src/config.rs +++ b/crate/client/src/config.rs @@ -1,3 +1,14 @@ +use std::{ + env, + fs::{self, File}, + io::BufReader, + path::PathBuf, +}; + +#[cfg(target_os = "linux")] +use log::info; +use serde::{Deserialize, Serialize}; + #[cfg(target_os = "linux")] use crate::client_bail; use crate::{ @@ -7,18 +18,6 @@ use crate::{ }, FindexClient, }; -use der::{DecodePem, Encode}; -#[cfg(target_os = "linux")] -use log::info; -use rustls::Certificate; -use serde::{Deserialize, Serialize}; -use std::{ - env, - fs::{self, File}, - io::BufReader, - path::PathBuf, -}; -use x509_cert::Certificate as X509Certificate; /// Returns the path to the current user's home folder. /// @@ -301,13 +300,6 @@ impl ClientConf { self.ssl_client_pkcs12_path.as_deref(), self.ssl_client_pkcs12_password.as_deref(), accept_invalid_certs, - if let Some(certificate) = &self.verified_cert { - Some(Certificate( - X509Certificate::from_pem(certificate.as_bytes())?.to_der()?, - )) - } else { - None - }, ) .with_context(|| { format!("Unable to instantiate a Findex REST client to server at {findex_server_url}") diff --git a/crate/client/src/file_utils.rs b/crate/client/src/file_utils.rs index 3583848..1545af9 100644 --- a/crate/client/src/file_utils.rs +++ b/crate/client/src/file_utils.rs @@ -1,12 +1,14 @@ -use crate::{ - error::{result::ClientResult, ClientError}, - ClientResultHelper, -}; -use serde::{de::DeserializeOwned, Serialize}; use std::{ fs::{self, File}, io::Read, - path::{Path, PathBuf}, + path::Path, +}; + +use serde::{de::DeserializeOwned, Serialize}; + +use crate::{ + error::{result::ClientResult, ClientError}, + ClientResultHelper, }; /// Read all bytes from a file @@ -61,50 +63,3 @@ where .with_context(|| "failed parsing the object from the json file")?; write_bytes_to_file(&bytes, file) } - -/// Write the decrypted data to a file -/// -/// If no `output_file` is provided, then -/// it reuses the `input_file` name with the extension `plain`. -/// # Errors -/// It returns an error if the file cannot be written -pub fn write_single_decrypted_data( - plaintext: &[u8], - input_file: &Path, - output_file: Option<&PathBuf>, -) -> Result<(), ClientError> { - let output_file = output_file.map_or_else( - || input_file.with_extension("plain"), - std::clone::Clone::clone, - ); - - write_bytes_to_file(plaintext, &output_file) - .with_context(|| "failed to write the decrypted file")?; - - tracing::info!("The decrypted file is available at {output_file:?}"); - Ok(()) -} - -/// Write the encrypted data to a file -/// -/// If no `output_file` is provided, then -/// it reuses the `input_file` name with the extension `enc`. -/// # Errors -/// It returns an error if the file cannot be written -pub fn write_single_encrypted_data( - encrypted_data: &[u8], - input_file: &Path, - output_file: Option<&PathBuf>, -) -> Result<(), ClientError> { - // Write the encrypted file - let output_file = output_file.map_or_else( - || input_file.with_extension("enc"), - std::clone::Clone::clone, - ); - - write_bytes_to_file(encrypted_data, &output_file) - .with_context(|| "failed to write the encrypted file")?; - - tracing::info!("The encrypted file is available at {output_file:?}"); - Ok(()) -} diff --git a/crate/client/src/findex_rest_client.rs b/crate/client/src/findex_rest_client.rs index ad7fdf5..5e8bba6 100644 --- a/crate/client/src/findex_rest_client.rs +++ b/crate/client/src/findex_rest_client.rs @@ -1,19 +1,18 @@ -use crate::{ - certificate_verifier::{LeafCertificateVerifier, NoVerifier}, - error::{result::ClientResult, ClientError}, - ClientResultHelper, +use std::{ + fs::File, + io::{BufReader, Read}, + time::Duration, }; + use log::trace; use reqwest::{ header::{HeaderMap, HeaderValue}, Client, ClientBuilder, Identity, Response, StatusCode, }; -use rustls::{client::WebPkiVerifier, Certificate}; -use std::{ - fs::File, - io::{BufReader, Read}, - sync::Arc, - time::Duration, + +use crate::{ + error::{result::ClientResult, ClientError}, + ClientResultHelper, }; #[derive(Clone)] @@ -26,15 +25,12 @@ impl FindexClient { /// Instantiate a new Findex REST Client /// # Errors /// It returns an error if the client cannot be instantiated - #[allow(clippy::too_many_arguments)] - #[allow(dead_code)] pub fn instantiate( server_url: &str, bearer_token: Option<&str>, ssl_client_pkcs12_path: Option<&str>, ssl_client_pkcs12_password: Option<&str>, accept_invalid_certs: bool, - allowed_tee_tls_cert: Option, ) -> Result { let server_url = server_url .strip_suffix('/') @@ -51,16 +47,8 @@ impl FindexClient { // We deal with 4 scenarios: // 1. HTTP: no TLS // 2. HTTPS: a) self-signed: we want to remove the verifications b) signed in a - // tee context: we want to verify the /quote and then only accept the allowed - // certificate -> For efficiency purpose, this verification is made outside - // this call (async with the queries) Only the verified certificate is used - // here c) signed in a non-tee context: we want classic TLS verification - // based on the root ca - let builder = allowed_tee_tls_cert.map_or_else( - || ClientBuilder::new().danger_accept_invalid_certs(accept_invalid_certs), - |certificate| build_tls_client_tee(certificate, accept_invalid_certs), - ); - + // non-tee context: we want classic TLS verification based on the root ca + let builder = ClientBuilder::new().danger_accept_invalid_certs(accept_invalid_certs); // If a PKCS12 file is provided, use it to build the client let builder = match ssl_client_pkcs12_path { Some(ssl_client_pkcs12) => { @@ -87,24 +75,6 @@ impl FindexClient { }) } - /// This operation requests the server to create a new database. - /// The returned secrets could be shared between several users. - /// # Errors - /// It returns an error if the request fails - pub async fn new_database(&self) -> ClientResult { - let endpoint = "/new_database"; - let server_url = format!("{}{endpoint}", self.server_url); - let response = self.client.get(server_url).send().await?; - let status_code = response.status(); - if status_code.is_success() { - return Ok(response.json::().await?); - } - - // process error - let p = handle_error(endpoint, response).await?; - Err(ClientError::RequestFailed(p)) - } - /// This operation requests the server to create a new table. /// The returned secrets could be shared between several users. /// # Errors @@ -145,40 +115,3 @@ async fn handle_error(endpoint: &str, response: Response) -> Result ClientBuilder { - let mut root_cert_store = rustls::RootCertStore::empty(); - - let trust_anchors = webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|trust_anchor| { - rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( - trust_anchor.subject, - trust_anchor.spki, - trust_anchor.name_constraints, - ) - }); - root_cert_store.add_trust_anchors(trust_anchors); - - let verifier = if accept_invalid_certs { - LeafCertificateVerifier::new(leaf_cert, Arc::new(NoVerifier)) - } else { - LeafCertificateVerifier::new( - leaf_cert, - Arc::new(WebPkiVerifier::new(root_cert_store, None)), - ) - }; - - let config = rustls::ClientConfig::builder() - .with_safe_defaults() - .with_custom_certificate_verifier(Arc::new(verifier)) - .with_no_client_auth(); - - // Create a client builder - Client::builder().use_preconfigured_tls(config) -} diff --git a/crate/client/src/lib.rs b/crate/client/src/lib.rs index c7c6064..9611658 100644 --- a/crate/client/src/lib.rs +++ b/crate/client/src/lib.rs @@ -53,12 +53,10 @@ pub use config::{ClientConf, GmailApiConf, FINDEX_CLI_CONF_ENV}; pub use error::ClientError; pub use file_utils::{ read_bytes_from_file, read_from_json_file, write_bytes_to_file, write_json_object_to_file, - write_single_decrypted_data, write_single_encrypted_data, }; pub use findex_rest_client::FindexClient; pub use result::{ClientResultHelper, RestClientResult}; -mod certificate_verifier; mod config; mod error; mod file_utils; diff --git a/crate/client/src/result.rs b/crate/client/src/result.rs index af85535..82be409 100644 --- a/crate/client/src/result.rs +++ b/crate/client/src/result.rs @@ -1,6 +1,7 @@ -use crate::error::ClientError; use std::fmt::Display; +use crate::error::ClientError; + pub type RestClientResult = Result; pub trait ClientResultHelper { diff --git a/crate/server/src/config/command_line/clap_config.rs b/crate/server/src/config/command_line/clap_config.rs index 9967af6..1ed274e 100644 --- a/crate/server/src/config/command_line/clap_config.rs +++ b/crate/server/src/config/command_line/clap_config.rs @@ -1,7 +1,9 @@ -use super::{DBConfig, HttpConfig, JwtAuthConfig}; +use std::fmt::{self}; + use clap::Parser; use serde::{Deserialize, Serialize}; -use std::fmt::{self}; + +use super::{DBConfig, HttpConfig, JwtAuthConfig}; const DEFAULT_USERNAME: &str = "admin"; diff --git a/crate/server/src/config/command_line/db.rs b/crate/server/src/config/command_line/db.rs index 6ad97c2..8455331 100644 --- a/crate/server/src/config/command_line/db.rs +++ b/crate/server/src/config/command_line/db.rs @@ -1,9 +1,11 @@ -use crate::{config::params::DbParams, error::result::FResult, findex_server_error}; +use std::{fmt::Display, path::PathBuf}; + use clap::{Args, ValueEnum}; use serde::{Deserialize, Serialize}; -use std::{fmt::Display, path::PathBuf}; use url::Url; +use crate::{config::params::DbParams, error::result::FResult, findex_server_error}; + #[derive(ValueEnum, Clone, Deserialize, Serialize)] pub enum DatabaseType { // Sqlite, diff --git a/crate/server/src/config/command_line/http_config.rs b/crate/server/src/config/command_line/http_config.rs index 8ffd76b..f9f6935 100644 --- a/crate/server/src/config/command_line/http_config.rs +++ b/crate/server/src/config/command_line/http_config.rs @@ -1,6 +1,7 @@ +use std::{fmt::Display, path::PathBuf}; + use clap::Args; use serde::{Deserialize, Serialize}; -use std::{fmt::Display, path::PathBuf}; const DEFAULT_PORT: u16 = 6666; const DEFAULT_HOSTNAME: &str = "0.0.0.0"; diff --git a/crate/server/src/config/command_line/jwt_auth_config.rs b/crate/server/src/config/command_line/jwt_auth_config.rs index 030310a..f3c29d3 100644 --- a/crate/server/src/config/command_line/jwt_auth_config.rs +++ b/crate/server/src/config/command_line/jwt_auth_config.rs @@ -1,7 +1,8 @@ -use crate::{config::IdpConfig, error::server::FindexServerError, findex_server_ensure}; use clap::Args; use serde::{Deserialize, Serialize}; +use crate::{config::IdpConfig, error::server::FindexServerError, findex_server_ensure}; + // Support for JWT token inspired by the doc at : https://cloud.google.com/api-gateway/docs/authenticating-users-jwt // and following pages diff --git a/crate/server/src/config/params/db_params.rs b/crate/server/src/config/params/db_params.rs index 406f418..c4fad68 100644 --- a/crate/server/src/config/params/db_params.rs +++ b/crate/server/src/config/params/db_params.rs @@ -1,4 +1,5 @@ use std::fmt::{self, Display}; + use url::Url; pub enum DbParams { diff --git a/crate/server/src/config/params/http_params.rs b/crate/server/src/config/params/http_params.rs index f3ba215..c31abbd 100644 --- a/crate/server/src/config/params/http_params.rs +++ b/crate/server/src/config/params/http_params.rs @@ -1,9 +1,11 @@ +use std::fmt; + +use openssl::pkcs12::{ParsedPkcs12_2, Pkcs12}; + use crate::{ config::HttpConfig, error::result::{FResult, FResultHelper}, }; -use openssl::pkcs12::{ParsedPkcs12_2, Pkcs12}; -use std::fmt; /// The HTTP parameters of the API server pub enum HttpParams { diff --git a/crate/server/src/config/params/server_params.rs b/crate/server/src/config/params/server_params.rs index af68f57..fcb4f2e 100644 --- a/crate/server/src/config/params/server_params.rs +++ b/crate/server/src/config/params/server_params.rs @@ -1,11 +1,13 @@ +use std::{fmt, path::PathBuf}; + +use openssl::x509::X509; + use super::{DbParams, HttpParams}; use crate::{ config::{ClapConfig, IdpConfig}, error::result::FResult, findex_server_bail, }; -use openssl::x509::X509; -use std::{fmt, path::PathBuf}; /// This structure is the context used by the server /// while it is running. There is a singleton instance diff --git a/crate/server/src/core/implementation.rs b/crate/server/src/core/implementation.rs index 4cd58b5..1215496 100644 --- a/crate/server/src/core/implementation.rs +++ b/crate/server/src/core/implementation.rs @@ -1,3 +1,6 @@ +use actix_web::{HttpMessage, HttpRequest}; +use tracing::debug; + use crate::{ config::{DbParams, ServerParams}, database::{Database, Redis}, @@ -5,8 +8,6 @@ use crate::{ findex_server_bail, middlewares::{JwtAuthClaim, PeerCommonName}, }; -use actix_web::{HttpMessage, HttpRequest}; -use tracing::debug; #[allow(dead_code)] pub(crate) struct FindexServer { diff --git a/crate/server/src/database/database_trait.rs b/crate/server/src/database/database_trait.rs index 90a937c..b7d3a2f 100644 --- a/crate/server/src/database/database_trait.rs +++ b/crate/server/src/database/database_trait.rs @@ -1,4 +1,3 @@ -use crate::error::result::FResult; use async_trait::async_trait; use cloudproof_findex::{ db_interfaces::{redis::FindexTable, rest::UpsertData}, @@ -7,6 +6,8 @@ use cloudproof_findex::{ }, }; +use crate::error::result::FResult; + #[async_trait] pub(crate) trait Database: Sync + Send { async fn fetch_entries( diff --git a/crate/server/src/database/redis/mod.rs b/crate/server/src/database/redis/mod.rs index 585fa68..6b9bc18 100644 --- a/crate/server/src/database/redis/mod.rs +++ b/crate/server/src/database/redis/mod.rs @@ -1,5 +1,8 @@ -use super::Database; -use crate::error::{result::FResult, server::FindexServerError}; +use std::{ + collections::{HashMap, HashSet}, + convert::TryFrom, +}; + use async_trait::async_trait; use cloudproof_findex::{ db_interfaces::{ @@ -12,12 +15,11 @@ use cloudproof_findex::{ }, }; use redis::{aio::ConnectionManager, pipe, AsyncCommands, Script}; -use std::{ - collections::{HashMap, HashSet}, - convert::TryFrom, -}; use tracing::{instrument, trace}; +use super::Database; +use crate::error::{result::FResult, server::FindexServerError}; + // TODO(manu): move secret to client crate /// The conditional upsert script used to only update a table if the @@ -25,7 +27,7 @@ use tracing::{instrument, trace}; /// indexed value is returned. const CONDITIONAL_UPSERT_SCRIPT: &str = r" local value=redis.call('GET',ARGV[1]) - if((value==false) or (not(value == false) and (ARGV[2] == value))) then + if ((value==false) or (ARGV[2] == value)) then redis.call('SET', ARGV[1], ARGV[3]) return else @@ -143,8 +145,8 @@ impl Database for Redis { upsert_data.len() ); - let mut old_values = HashMap::new(); - let mut new_values = HashMap::new(); + let mut old_values = HashMap::with_capacity(upsert_data.len()); + let mut new_values = HashMap::with_capacity(upsert_data.len()); for (token, (old_value, new_value)) in upsert_data { if let Some(old_value) = old_value { old_values.insert(token, old_value); diff --git a/crate/server/src/error/server.rs b/crate/server/src/error/server.rs index 8b88257..023fb98 100644 --- a/crate/server/src/error/server.rs +++ b/crate/server/src/error/server.rs @@ -1,10 +1,11 @@ +use std::{array::TryFromSliceError, sync::mpsc::SendError}; + use actix_web::{dev::ServerHandle, error::QueryPayloadError}; use cloudproof_findex::{ db_interfaces::DbInterfaceError, reexport::cosmian_findex::CoreError, ser_de::SerializationError, }; use redis::ErrorKind; -use std::{array::TryFromSliceError, sync::mpsc::SendError}; use thiserror::Error; use x509_parser::prelude::{PEMError, X509Error}; diff --git a/crate/server/src/findex_server.rs b/crate/server/src/findex_server.rs index 6d77113..9242394 100644 --- a/crate/server/src/findex_server.rs +++ b/crate/server/src/findex_server.rs @@ -1,14 +1,5 @@ -use crate::{ - config::{self, JwtAuthConfig, ServerParams}, - core::FindexServer, - error::result::FResult, - findex_server_bail, - middlewares::{extract_peer_certificate, AuthTransformer, JwksManager, JwtConfig, SslAuth}, - routes::{ - delete_chains, delete_entries, dump_tokens, fetch_chains, fetch_entries, get_version, - insert_chains, upsert_entries, - }, -}; +use std::sync::{mpsc, Arc}; + use actix_cors::Cors; use actix_identity::IdentityMiddleware; use actix_web::{ @@ -21,9 +12,20 @@ use openssl::{ ssl::{SslAcceptor, SslAcceptorBuilder, SslMethod, SslVerifyMode}, x509::store::X509StoreBuilder, }; -use std::sync::{mpsc, Arc}; use tracing::info; +use crate::{ + config::{self, JwtAuthConfig, ServerParams}, + core::FindexServer, + error::result::FResult, + findex_server_bail, + middlewares::{extract_peer_certificate, AuthTransformer, JwksManager, JwtConfig, SslAuth}, + routes::{ + delete_chains, delete_entries, dump_tokens, fetch_chains, fetch_entries, get_version, + insert_chains, upsert_entries, + }, +}; + /// Starts the Findex server based on the provided configuration. /// /// The server is started using one of three methods: diff --git a/crate/server/src/main.rs b/crate/server/src/main.rs index bedea56..e2960b6 100644 --- a/crate/server/src/main.rs +++ b/crate/server/src/main.rs @@ -1,3 +1,5 @@ +use std::path::PathBuf; + use clap::Parser; use cosmian_findex_server::{ config::{ClapConfig, ServerParams}, @@ -7,7 +9,6 @@ use cosmian_findex_server::{ }; use cosmian_logger::log_utils::log_init; use dotenvy::dotenv; -use std::path::PathBuf; use tracing::{debug, info}; const FINDEX_SERVER_CONF: &str = "/etc/cosmian_findex_server/server.toml"; diff --git a/crate/server/src/middlewares/jwks.rs b/crate/server/src/middlewares/jwks.rs index 65ec5d9..1b2a9e5 100644 --- a/crate/server/src/middlewares/jwks.rs +++ b/crate/server/src/middlewares/jwks.rs @@ -1,7 +1,9 @@ -use crate::error::{result::FResult, server::FindexServerError}; +use std::{collections::HashMap, sync::RwLock}; + use alcoholic_jwt::{JWK, JWKS}; use chrono::{DateTime, Duration, Utc}; -use std::{collections::HashMap, sync::RwLock}; + +use crate::error::{result::FResult, server::FindexServerError}; static REFRESH_INTERVAL: i64 = 60; // in secs diff --git a/crate/server/src/middlewares/jwt.rs b/crate/server/src/middlewares/jwt.rs index fd6e516..589fa40 100644 --- a/crate/server/src/middlewares/jwt.rs +++ b/crate/server/src/middlewares/jwt.rs @@ -1,12 +1,14 @@ +use std::sync::Arc; + +use alcoholic_jwt::token_kid; +use serde::{Deserialize, Serialize}; +use tracing::{debug, trace}; + use super::JwksManager; use crate::{ error::{result::FResult, server::FindexServerError}, findex_server_ensure, }; -use alcoholic_jwt::token_kid; -use serde::{Deserialize, Serialize}; -use std::sync::Arc; -use tracing::{debug, trace}; #[derive(Debug, Deserialize, Serialize)] pub(crate) struct UserClaim { diff --git a/crate/server/src/middlewares/jwt_token_auth.rs b/crate/server/src/middlewares/jwt_token_auth.rs index c126882..c287189 100644 --- a/crate/server/src/middlewares/jwt_token_auth.rs +++ b/crate/server/src/middlewares/jwt_token_auth.rs @@ -1,8 +1,5 @@ -use super::UserClaim; -use crate::{ - error::{result::FResult, server::FindexServerError}, - middlewares::jwt::JwtConfig, -}; +use std::{rc::Rc, sync::Arc}; + use actix_identity::Identity; use actix_service::Service; use actix_web::{ @@ -11,9 +8,14 @@ use actix_web::{ http::header, Error, FromRequest, HttpMessage, HttpResponse, }; -use std::{rc::Rc, sync::Arc}; use tracing::{debug, error, trace}; +use super::UserClaim; +use crate::{ + error::{result::FResult, server::FindexServerError}, + middlewares::jwt::JwtConfig, +}; + pub(crate) async fn manage_jwt_request( service: Rc, configs: Arc>, diff --git a/crate/server/src/middlewares/main.rs b/crate/server/src/middlewares/main.rs index 75d156e..2964879 100644 --- a/crate/server/src/middlewares/main.rs +++ b/crate/server/src/middlewares/main.rs @@ -1,5 +1,10 @@ -use super::{manage_jwt_request, PeerCommonName}; -use crate::middlewares::jwt::JwtConfig; +use std::{ + pin::Pin, + rc::Rc, + sync::Arc, + task::{Context, Poll}, +}; + use actix_service::{Service, Transform}; use actix_web::{ body::{BoxBody, EitherBody}, @@ -10,14 +15,11 @@ use futures::{ future::{ok, Ready}, Future, }; -use std::{ - pin::Pin, - rc::Rc, - sync::Arc, - task::{Context, Poll}, -}; use tracing::debug; +use super::{manage_jwt_request, PeerCommonName}; +use crate::middlewares::jwt::JwtConfig; + #[derive(Clone)] pub(crate) struct AuthTransformer { jwt_configurations: Option>>, diff --git a/crate/server/src/middlewares/ssl_auth.rs b/crate/server/src/middlewares/ssl_auth.rs index 89bb917..6a3fc45 100644 --- a/crate/server/src/middlewares/ssl_auth.rs +++ b/crate/server/src/middlewares/ssl_auth.rs @@ -1,3 +1,9 @@ +use std::{ + any::Any, + pin::Pin, + task::{Context, Poll}, +}; + use actix_service::{Service, Transform}; use actix_tls::accept::openssl::TlsStream; use actix_web::{ @@ -11,11 +17,6 @@ use futures::{ Future, }; use openssl::{nid::Nid, x509::X509}; -use std::{ - any::Any, - pin::Pin, - task::{Context, Poll}, -}; use tracing::{debug, error, trace}; use crate::{error::result::FResult, findex_server_bail}; diff --git a/crate/server/src/routes/error.rs b/crate/server/src/routes/error.rs index 7d32770..2f90a9c 100644 --- a/crate/server/src/routes/error.rs +++ b/crate/server/src/routes/error.rs @@ -1,4 +1,3 @@ -use crate::error::server::FindexServerError; use actix_web::{ http::{header, StatusCode}, web::Json, @@ -6,6 +5,8 @@ use actix_web::{ }; use tracing::{error, warn}; +use crate::error::server::FindexServerError; + pub(crate) type Response = Result, FindexServerError>; pub(crate) type ResponseBytes = Result; diff --git a/crate/server/src/routes/findex.rs b/crate/server/src/routes/findex.rs index 90a5a78..2dc6952 100644 --- a/crate/server/src/routes/findex.rs +++ b/crate/server/src/routes/findex.rs @@ -1,7 +1,5 @@ -use crate::{ - core::FindexServer, - routes::error::{Response, ResponseBytes}, -}; +use std::sync::Arc; + use actix_web::{ post, web::{Bytes, Data, Json}, @@ -14,9 +12,13 @@ use cloudproof_findex::{ }, ser_de::ffi_ser_de::deserialize_token_set, }; -use std::sync::Arc; use tracing::{info, trace}; +use crate::{ + core::FindexServer, + routes::error::{Response, ResponseBytes}, +}; + #[post("/indexes/fetch_entries")] pub(crate) async fn fetch_entries( req: HttpRequest, diff --git a/crate/server/src/routes/version.rs b/crate/server/src/routes/version.rs index 5ba127e..afcd20a 100644 --- a/crate/server/src/routes/version.rs +++ b/crate/server/src/routes/version.rs @@ -1,4 +1,5 @@ -use crate::{core::FindexServer, error::result::FResult}; +use std::sync::Arc; + use actix_web::{ get, web::{Data, Json}, @@ -6,9 +7,10 @@ use actix_web::{ }; use clap::crate_version; use openssl::version; -use std::sync::Arc; use tracing::info; +use crate::{core::FindexServer, error::result::FResult}; + /// Get the Findex server version #[get("/version")] pub(crate) async fn get_version( diff --git a/crate/server/src/secret.rs b/crate/server/src/secret.rs index 73305c1..f6901d6 100644 --- a/crate/server/src/secret.rs +++ b/crate/server/src/secret.rs @@ -1,13 +1,15 @@ -use crate::error::result::FResult; -use num_bigint_dig::BigUint; -use openssl::rand::rand_bytes; -use serde::Deserialize; use std::{ ops::{Deref, DerefMut}, pin::Pin, }; + +use num_bigint_dig::BigUint; +use openssl::rand::rand_bytes; +use serde::Deserialize; use zeroize::{Zeroize, ZeroizeOnDrop}; +use crate::error::result::FResult; + /// Guarantees to be zeroized on drop with /// feature `zeroize` enabled from `num_bigint_dig` crate. #[derive(Debug, Eq, PartialEq, Clone, Deserialize)] diff --git a/crate/server/src/tests/mod.rs b/crate/server/src/tests/mod.rs index fbaba7c..0f5eade 100644 --- a/crate/server/src/tests/mod.rs +++ b/crate/server/src/tests/mod.rs @@ -1,6 +1,7 @@ -use crate::config::{ClapConfig, DBConfig, DatabaseType, HttpConfig, JwtAuthConfig}; use std::path::PathBuf; +use crate::config::{ClapConfig, DBConfig, DatabaseType, HttpConfig, JwtAuthConfig}; + #[test] fn test_toml() { let config = ClapConfig { diff --git a/crate/test_server/src/test_server.rs b/crate/test_server/src/test_server.rs index 1f44393..5bbffe0 100644 --- a/crate/test_server/src/test_server.rs +++ b/crate/test_server/src/test_server.rs @@ -1,4 +1,11 @@ -use crate::test_jwt::{get_auth0_jwt_config, AUTH0_TOKEN}; +use std::{ + env, + path::PathBuf, + sync::mpsc, + thread::{self, JoinHandle}, + time::Duration, +}; + use actix_server::ServerHandle; use cosmian_findex_client::{ client_bail, client_error, write_json_object_to_file, ClientConf, ClientError, FindexClient, @@ -9,16 +16,11 @@ use cosmian_findex_server::{ }, findex_server::start_findex_server, }; -use std::{ - env, - path::PathBuf, - sync::mpsc, - thread::{self, JoinHandle}, - time::Duration, -}; use tokio::sync::OnceCell; use tracing::{info, trace}; +use crate::test_jwt::{get_auth0_jwt_config, AUTH0_TOKEN}; + /// In order to run most tests in parallel, /// we use that to avoid to try to start N Findex servers (one per test) /// with a default configuration.