RubyGems - itsi-scheduler - Versions diffs - 0.1.5 → 0.2.2 - Mend

itsi-scheduler 0.1.5 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

data/ext/itsi_acme/src/axum.rs ADDED Viewed

@@ -0,0 +1,86 @@
+use crate::{AcmeAccept, AcmeAcceptor};
+use rustls::ServerConfig;
+use std::future::Future;
+use std::io;
+use std::io::ErrorKind;
+use std::pin::Pin;
+use std::sync::Arc;
+use std::task::{Context, Poll};
+use tokio::io::{AsyncRead, AsyncWrite};
+use tokio_rustls::Accept;
+#[derive(Clone)]
+pub struct AxumAcceptor {
+    acme_acceptor: AcmeAcceptor,
+    config: Arc<ServerConfig>,
+}
+impl AxumAcceptor {
+    pub fn new(acme_acceptor: AcmeAcceptor, config: Arc<ServerConfig>) -> Self {
+        Self {
+            acme_acceptor,
+            config,
+        }
+    }
+}
+impl<I: AsyncRead + AsyncWrite + Unpin + Send + 'static, S: Send + 'static>
+    axum_server::accept::Accept<I, S> for AxumAcceptor
+{
+    type Stream = tokio_rustls::server::TlsStream<I>;
+    type Service = S;
+    type Future = AxumAccept<I, S>;
+    fn accept(&self, stream: I, service: S) -> Self::Future {
+        let acme_accept = self.acme_acceptor.accept(stream);
+        Self::Future {
+            config: self.config.clone(),
+            acme_accept,
+            tls_accept: None,
+            service: Some(service),
+        }
+    }
+}
+pub struct AxumAccept<I: AsyncRead + AsyncWrite + Unpin + Send + 'static, S: Send + 'static> {
+    config: Arc<ServerConfig>,
+    acme_accept: AcmeAccept<I>,
+    tls_accept: Option<Accept<I>>,
+    service: Option<S>,
+}
+impl<I: AsyncRead + AsyncWrite + Unpin + Send + 'static, S: Send + 'static> Unpin
+    for AxumAccept<I, S>
+{
+}
+impl<I: AsyncRead + AsyncWrite + Unpin + Send + 'static, S: Send + 'static> Future
+    for AxumAccept<I, S>
+{
+    type Output = io::Result<(tokio_rustls::server::TlsStream<I>, S)>;
+    fn poll(mut self: Pin<&mut Self>, cx: &mut Context<'_>) -> Poll<Self::Output> {
+        loop {
+            if let Some(tls_accept) = &mut self.tls_accept {
+                return match Pin::new(&mut *tls_accept).poll(cx) {
+                    Poll::Ready(Ok(tls)) => Poll::Ready(Ok((tls, self.service.take().unwrap()))),
+                    Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                    Poll::Pending => Poll::Pending,
+                };
+            }
+            return match Pin::new(&mut self.acme_accept).poll(cx) {
+                Poll::Ready(Ok(Some(start_handshake))) => {
+                    let config = self.config.clone();
+                    self.tls_accept = Some(start_handshake.into_stream(config));
+                    continue;
+                }
+                Poll::Ready(Ok(None)) => Poll::Ready(Err(io::Error::new(
+                    ErrorKind::Other,
+                    "TLS-ALPN-01 validation request",
+                ))),
+                Poll::Ready(Err(err)) => Poll::Ready(Err(err)),
+                Poll::Pending => Poll::Pending,
+            };
+        }
+    }
+}

data/ext/itsi_acme/src/cache.rs ADDED Viewed

@@ -0,0 +1,39 @@
+use std::fmt::Debug;
+use async_trait::async_trait;
+pub trait Cache: CertCache + AccountCache {}
+impl<T> Cache for T where T: CertCache + AccountCache {}
+#[async_trait]
+pub trait CertCache: Send + Sync {
+    type EC: Debug;
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC>;
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC>;
+}
+#[async_trait]
+pub trait AccountCache: Send + Sync {
+    type EA: Debug;
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA>;
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA>;
+}

data/ext/itsi_acme/src/caches/boxed.rs ADDED Viewed

@@ -0,0 +1,80 @@
+use crate::{AccountCache, CertCache};
+use async_trait::async_trait;
+use std::fmt::Debug;
+pub struct BoxedErrCache<T: Send + Sync> {
+    inner: T,
+}
+impl<T: Send + Sync> BoxedErrCache<T> {
+    pub fn new(inner: T) -> Self {
+        Self { inner }
+    }
+    pub fn into_inner(self) -> T {
+        self.inner
+    }
+}
+fn box_err(e: impl Debug + 'static) -> Box<dyn Debug> {
+    Box::new(e)
+}
+#[async_trait]
+impl<T: CertCache> CertCache for BoxedErrCache<T>
+where
+    <T as CertCache>::EC: 'static,
+{
+    type EC = Box<dyn Debug>;
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        self.inner
+            .load_cert(domains, directory_url)
+            .await
+            .map_err(box_err)
+    }
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        self.inner
+            .store_cert(domains, directory_url, cert)
+            .await
+            .map_err(box_err)
+    }
+}
+#[async_trait]
+impl<T: AccountCache> AccountCache for BoxedErrCache<T>
+where
+    <T as AccountCache>::EA: 'static,
+{
+    type EA = Box<dyn Debug>;
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        self.inner
+            .load_account(contact, directory_url)
+            .await
+            .map_err(box_err)
+    }
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA> {
+        self.inner
+            .store_account(contact, directory_url, account)
+            .await
+            .map_err(box_err)
+    }
+}

data/ext/itsi_acme/src/caches/composite.rs ADDED Viewed

@@ -0,0 +1,69 @@
+use crate::{AccountCache, CertCache};
+use async_trait::async_trait;
+pub struct CompositeCache<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> {
+    pub cert_cache: C,
+    pub account_cache: A,
+}
+impl<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> CompositeCache<C, A> {
+    pub fn new(cert_cache: C, account_cache: A) -> Self {
+        Self {
+            cert_cache,
+            account_cache,
+        }
+    }
+    pub fn into_inner(self) -> (C, A) {
+        (self.cert_cache, self.account_cache)
+    }
+}
+#[async_trait]
+impl<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> CertCache for CompositeCache<C, A> {
+    type EC = C::EC;
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        self.cert_cache.load_cert(domains, directory_url).await
+    }
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        self.cert_cache
+            .store_cert(domains, directory_url, cert)
+            .await
+    }
+}
+#[async_trait]
+impl<C: CertCache + Send + Sync, A: AccountCache + Send + Sync> AccountCache
+    for CompositeCache<C, A>
+{
+    type EA = A::EA;
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        self.account_cache
+            .load_account(contact, directory_url)
+            .await
+    }
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA> {
+        self.account_cache
+            .store_account(contact, directory_url, account)
+            .await
+    }
+}

data/ext/itsi_acme/src/caches/dir.rs ADDED Viewed

@@ -0,0 +1,106 @@
+use crate::{AccountCache, CertCache};
+use async_trait::async_trait;
+use base64::engine::general_purpose::URL_SAFE_NO_PAD;
+use base64::Engine;
+use ring::digest::{Context, SHA256};
+use std::io::ErrorKind;
+use std::path::Path;
+use tokio::fs;
+pub struct DirCache<P: AsRef<Path> + Send + Sync> {
+    inner: P,
+}
+impl<P: AsRef<Path> + Send + Sync> DirCache<P> {
+    pub fn new(dir: P) -> Self {
+        Self { inner: dir }
+    }
+    async fn read_if_exist(
+        &self,
+        file: impl AsRef<Path>,
+    ) -> Result<Option<Vec<u8>>, std::io::Error> {
+        let path = self.inner.as_ref().join(file);
+        match fs::read(path).await {
+            Ok(content) => Ok(Some(content)),
+            Err(err) => match err.kind() {
+                ErrorKind::NotFound => Ok(None),
+                _ => Err(err),
+            },
+        }
+    }
+    async fn write(
+        &self,
+        file: impl AsRef<Path>,
+        contents: impl AsRef<[u8]>,
+    ) -> Result<(), std::io::Error> {
+        fs::create_dir_all(&self.inner).await?;
+        let path = self.inner.as_ref().join(file);
+        fs::write(path, contents).await
+    }
+    fn cached_account_file_name(contact: &[String], directory_url: impl AsRef<str>) -> String {
+        let mut ctx = Context::new(&SHA256);
+        for el in contact {
+            ctx.update(el.as_ref());
+            ctx.update(&[0])
+        }
+        ctx.update(directory_url.as_ref().as_bytes());
+        let hash = URL_SAFE_NO_PAD.encode(ctx.finish());
+        format!("cached_account_{}", hash)
+    }
+    fn cached_cert_file_name(domains: &[String], directory_url: impl AsRef<str>) -> String {
+        let mut ctx = Context::new(&SHA256);
+        for domain in domains {
+            ctx.update(domain.as_ref());
+            ctx.update(&[0])
+        }
+        ctx.update(directory_url.as_ref().as_bytes());
+        let hash = URL_SAFE_NO_PAD.encode(ctx.finish());
+        format!("cached_cert_{}", hash)
+    }
+}
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> CertCache for DirCache<P> {
+    type EC = std::io::Error;
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        let file_name = Self::cached_cert_file_name(domains, directory_url);
+        self.read_if_exist(file_name).await
+    }
+    async fn store_cert(
+        &self,
+        domains: &[String],
+        directory_url: &str,
+        cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        let file_name = Self::cached_cert_file_name(domains, directory_url);
+        self.write(file_name, cert).await
+    }
+}
+#[async_trait]
+impl<P: AsRef<Path> + Send + Sync> AccountCache for DirCache<P> {
+    type EA = std::io::Error;
+    async fn load_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        let file_name = Self::cached_account_file_name(contact, directory_url);
+        self.read_if_exist(file_name).await
+    }
+    async fn store_account(
+        &self,
+        contact: &[String],
+        directory_url: &str,
+        account: &[u8],
+    ) -> Result<(), Self::EA> {
+        let file_name = Self::cached_account_file_name(contact, directory_url);
+        self.write(file_name, account).await
+    }
+}

data/ext/itsi_acme/src/caches/mod.rs ADDED Viewed

@@ -0,0 +1,11 @@
+mod boxed;
+mod composite;
+mod dir;
+mod no;
+mod test;
+pub use boxed::*;
+pub use composite::*;
+pub use dir::*;
+pub use no::*;
+pub use test::*;

data/ext/itsi_acme/src/caches/no.rs ADDED Viewed

@@ -0,0 +1,78 @@
+use crate::{AccountCache, CertCache};
+use async_trait::async_trait;
+use std::convert::Infallible;
+use std::fmt::Debug;
+use std::marker::PhantomData;
+use std::sync::atomic::AtomicPtr;
+/// No-op cache, which does nothing.
+/// ```rust
+/// # use tokio_rustls_acme::caches::NoCache;
+/// # type EC = std::io::Error;
+/// # type EA = EC;
+/// let no_cache = NoCache::<EC, EA>::new();
+/// ```
+#[derive(Copy, Clone)]
+pub struct NoCache<EC: Debug = Infallible, EA: Debug = Infallible> {
+    _cert_error: PhantomData<AtomicPtr<Box<EC>>>,
+    _account_error: PhantomData<AtomicPtr<Box<EA>>>,
+}
+impl<EC: Debug, EA: Debug> Default for NoCache<EC, EA> {
+    fn default() -> Self {
+        Self {
+            _cert_error: Default::default(),
+            _account_error: Default::default(),
+        }
+    }
+}
+impl<EC: Debug, EA: Debug> NoCache<EC, EA> {
+    pub fn new() -> Self {
+        Self::default()
+    }
+}
+#[async_trait]
+impl<EC: Debug, EA: Debug> CertCache for NoCache<EC, EA> {
+    type EC = EC;
+    async fn load_cert(
+        &self,
+        _domains: &[String],
+        _directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        log::info!("no cert cache configured, could not load certificate");
+        Ok(None)
+    }
+    async fn store_cert(
+        &self,
+        _domains: &[String],
+        _directory_url: &str,
+        _cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        log::info!("no cert cache configured, could not store certificate");
+        Ok(())
+    }
+}
+#[async_trait]
+impl<EC: Debug, EA: Debug> AccountCache for NoCache<EC, EA> {
+    type EA = EA;
+    async fn load_account(
+        &self,
+        _contact: &[String],
+        _directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        log::info!("no account cache configured, could not load account");
+        Ok(None)
+    }
+    async fn store_account(
+        &self,
+        _contact: &[String],
+        _directory_url: &str,
+        _account: &[u8],
+    ) -> Result<(), Self::EA> {
+        log::info!("no account cache configured, could not store account");
+        Ok(())
+    }
+}

data/ext/itsi_acme/src/caches/test.rs ADDED Viewed

@@ -0,0 +1,136 @@
+use crate::{AccountCache, CertCache};
+use async_trait::async_trait;
+use rcgen::{
+    date_time_ymd, BasicConstraints, CertificateParams, DistinguishedName, DnType, IsCa,
+    KeyUsagePurpose, PKCS_ECDSA_P256_SHA256,
+};
+use std::fmt::Debug;
+use std::marker::PhantomData;
+use std::sync::atomic::AtomicPtr;
+use std::sync::Arc;
+/// Test cache, which generates certificates for ACME incompatible test environments.
+/// ```rust
+/// # use tokio_rustls_acme::{AcmeConfig};
+/// # use tokio_rustls_acme::caches::{DirCache, TestCache};
+/// # let test_environment = true;
+/// let mut config = AcmeConfig::new(["example.com"])
+///     .cache(DirCache::new("./cache"));
+/// if test_environment {
+///     config = config.cache(TestCache::new());
+/// }
+/// ```
+#[derive(Clone)]
+pub struct TestCache<EC: Debug = std::io::Error, EA: Debug = std::io::Error> {
+    ca_cert: Arc<rcgen::Certificate>,
+    ca_pem: Arc<String>,
+    ca_key_pair: Arc<rcgen::KeyPair>,
+    _cert_error: PhantomData<AtomicPtr<Box<EC>>>,
+    _account_error: PhantomData<AtomicPtr<Box<EA>>>,
+}
+impl<EC: Debug, EA: Debug> Default for TestCache<EC, EA> {
+    fn default() -> Self {
+        let mut params = CertificateParams::default();
+        let mut distinguished_name = DistinguishedName::new();
+        distinguished_name.push(DnType::CountryName, "US");
+        distinguished_name.push(DnType::OrganizationName, "Test CA");
+        distinguished_name.push(DnType::CommonName, "Test CA");
+        params.distinguished_name = distinguished_name;
+        params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained);
+        params.key_usages = vec![KeyUsagePurpose::KeyCertSign, KeyUsagePurpose::CrlSign];
+        params.not_before = date_time_ymd(2000, 1, 1);
+        params.not_after = date_time_ymd(3000, 1, 1);
+        let key_pair = rcgen::KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+        let ca_cert = params.self_signed(&key_pair).unwrap();
+        let ca_pem = ca_cert.pem();
+        Self {
+            ca_cert: ca_cert.into(),
+            ca_key_pair: key_pair.into(),
+            ca_pem: ca_pem.into(),
+            _cert_error: Default::default(),
+            _account_error: Default::default(),
+        }
+    }
+}
+impl<EC: Debug, EA: Debug> TestCache<EC, EA> {
+    pub fn new() -> Self {
+        Self::default()
+    }
+    pub fn ca_pem(&self) -> &str {
+        &self.ca_pem
+    }
+}
+#[async_trait]
+impl<EC: Debug, EA: Debug> CertCache for TestCache<EC, EA> {
+    type EC = EC;
+    async fn load_cert(
+        &self,
+        domains: &[String],
+        _directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EC> {
+        let key_pair = rcgen::KeyPair::generate_for(&PKCS_ECDSA_P256_SHA256).unwrap();
+        let mut params = CertificateParams::new(domains).unwrap();
+        let mut distinguished_name = DistinguishedName::new();
+        distinguished_name.push(DnType::CommonName, "Test Cert");
+        params.distinguished_name = distinguished_name;
+        params.not_before = date_time_ymd(2000, 1, 1);
+        params.not_after = date_time_ymd(3000, 1, 1);
+        let cert = match params.signed_by(&key_pair, &self.ca_cert, &self.ca_key_pair) {
+            Ok(cert) => cert,
+            Err(err) => {
+                log::error!("test cache: generation error: {:?}", err);
+                return Ok(None);
+            }
+        };
+        let cert_pem = cert.pem();
+        let pem = [
+            &key_pair.serialize_pem(),
+            "\n",
+            &cert_pem,
+            "\n",
+            &self.ca_pem,
+        ]
+        .concat();
+        Ok(Some(pem.into_bytes()))
+    }
+    async fn store_cert(
+        &self,
+        _domains: &[String],
+        _directory_url: &str,
+        _cert: &[u8],
+    ) -> Result<(), Self::EC> {
+        log::info!("test cache configured, could not store certificate");
+        Ok(())
+    }
+}
+#[async_trait]
+impl<EC: Debug, EA: Debug> AccountCache for TestCache<EC, EA> {
+    type EA = EA;
+    async fn load_account(
+        &self,
+        _contact: &[String],
+        _directory_url: &str,
+    ) -> Result<Option<Vec<u8>>, Self::EA> {
+        log::info!("test cache configured, could not load account");
+        Ok(None)
+    }
+    async fn store_account(
+        &self,
+        _contact: &[String],
+        _directory_url: &str,
+        _account: &[u8],
+    ) -> Result<(), Self::EA> {
+        log::info!("test cache configured, could not store account");
+        Ok(())
+    }
+}