diff --git a/Cargo.lock b/Cargo.lock index 973a9f06..becf67fd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -311,6 +311,29 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" +[[package]] +name = "aws-lc-rs" +version = "1.12.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dabb68eb3a7aa08b46fddfd59a3d55c978243557a90ab804769f7e20e67d2b01" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.27.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6bbe221bbf523b625a4dd8585c7f38166e31167ec2ca98051dbcb4c3b6e825d2" +dependencies = [ + "bindgen", + "cc", + "cmake", + "dunce", + "fs_extra", +] + [[package]] name = "axum" version = "0.6.20" @@ -395,6 +418,29 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.6.0", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn 2.0.87", + "which", +] + [[package]] name = "bitflags" version = "1.3.2" @@ -571,7 +617,7 @@ dependencies = [ "async-trait", "enum-debug", "log", - "rustls 0.21.12", + "rustls 0.23.11", "rustls-pemfile 1.0.4", "serde", "serde_yml", @@ -624,7 +670,7 @@ dependencies = [ "prettytable-rs", "rand 0.8.5", "reqwest 0.11.27", - "rustls 0.21.12", + "rustls 0.23.11", "rustyline", "rustyline-derive", "semver", @@ -919,7 +965,7 @@ dependencies = [ "log", "never-say-never", "reqwest 0.11.27", - "rustls 0.21.12", + "rustls 0.23.11", "serde", "serde_json", "socksx", @@ -949,7 +995,7 @@ dependencies = [ "error-trace", "log", "reqwest 0.11.27", - "rustls 0.21.12", + "rustls 0.23.11", "serde", "serde_json", "serde_yml", @@ -1085,9 +1131,20 @@ version = "1.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be714c154be609ec7f5dad223a33bf1482fff90472de28f7362806e6d4832b8c" dependencies = [ + "jobserver", + "libc", "shlex", ] +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + [[package]] name = "cfg-if" version = "1.0.0" @@ -1109,6 +1166,17 @@ dependencies = [ "windows-link", ] +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + [[package]] name = "clap" version = "4.5.31" @@ -1169,6 +1237,15 @@ dependencies = [ "winapi", ] +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "colorchoice" version = "1.0.1" @@ -1571,6 +1648,12 @@ dependencies = [ "syn 2.0.87", ] +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "eflint-json" version = "0.1.0" @@ -1923,6 +2006,12 @@ version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "40ecd4077b5ae9fd2e9e169b102c6c330d0605168eb0e8bf79952b256dbefffd" +[[package]] +name = "glob" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" + [[package]] name = "graphql-introspection-query" version = "0.2.0" @@ -2113,6 +2202,15 @@ version = "0.6.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "12cb882ccb290b8646e554b157ab0b71e64e8d5bef775cd66b6531e52d302669" +[[package]] +name = "home" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589533453244b0995c858700322199b2becb13b627df2851f64a2775d024abcf" +dependencies = [ + "windows-sys 0.59.0", +] + [[package]] name = "http" version = "0.2.12" @@ -2630,6 +2728,15 @@ version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" +[[package]] +name = "jobserver" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" +dependencies = [ + "libc", +] + [[package]] name = "js-sys" version = "0.3.69" @@ -2705,12 +2812,28 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.170" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828" +[[package]] +name = "libloading" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc2f4eb4bc735547cfed7c0a4922cbd04a4655978c09b54f1f7b228750664c34" +dependencies = [ + "cfg-if", + "windows-targets 0.48.5", +] + [[package]] name = "libredox" version = "0.1.3" @@ -3292,6 +3415,16 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "prettyplease" +version = "0.2.25" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64d1ec885c64d0457d564db4ec299b2dae3f9c02808b8ad9c3a089c591b18033" +dependencies = [ + "proc-macro2", + "syn 2.0.87", +] + [[package]] name = "prettytable-rs" version = "0.10.0" @@ -3677,6 +3810,12 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + [[package]] name = "rusticata-macros" version = "4.1.0" @@ -3730,6 +3869,8 @@ version = "0.23.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4828ea528154ae444e5a642dbb7d5623354030dc9822b83fd9bb79683c7399d0" dependencies = [ + "aws-lc-rs", + "log", "once_cell", "rustls-pki-types", "rustls-webpki 0.102.6", @@ -3778,6 +3919,7 @@ version = "0.102.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -5208,6 +5350,18 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix 0.38.44", +] + [[package]] name = "winapi" version = "0.3.9" diff --git a/brane-cfg/Cargo.toml b/brane-cfg/Cargo.toml index 9e90e922..7411babe 100644 --- a/brane-cfg/Cargo.toml +++ b/brane-cfg/Cargo.toml @@ -11,7 +11,7 @@ license.workspace = true async-trait = "0.1.67" enum-debug.workspace = true log = "0.4.22" -rustls = "0.21.6" +rustls = "0.23.0" rustls-pemfile = "1.0.1" serde = { version = "1.0.204", features = ["derive"] } serde_yaml = { version = "0.0.10", package = "serde_yml" } diff --git a/brane-cfg/src/certs.rs b/brane-cfg/src/certs.rs index 56666d96..c11fd3af 100644 --- a/brane-cfg/src/certs.rs +++ b/brane-cfg/src/certs.rs @@ -17,7 +17,9 @@ use std::path::Path; use std::{fs, io}; use log::debug; -use rustls::{Certificate, PrivateKey, RootCertStore}; +use rustls::RootCertStore; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer as Certificate, PrivateKeyDer as PrivateKey}; use rustls_pemfile::{Item, certs, rsa_private_keys}; use x509_parser::certificate::X509Certificate; use x509_parser::prelude::FromDer; @@ -38,7 +40,7 @@ pub use crate::errors::CertsError as Error; /// This function errors if we could not extract the name for some reason. You should consider the client unauthenticated, in that case. pub fn extract_client_name(cert: Certificate) -> Result { // Attempt to parse the certificate as a real x509 one - match X509Certificate::from_der(&cert.0) { + match X509Certificate::from_der(&cert) { Ok((_, cert)) => { // Get the part after 'CN = ' and before end-of-string or comma (since that's canonically the domain name) let subject: String = cert.subject.to_string(); @@ -72,7 +74,7 @@ pub fn extract_client_name(cert: Certificate) -> Result { /// /// # Errors /// This function errors if we failed to access/read the file. -pub fn load_all(file: impl AsRef) -> Result<(Vec, Vec), Error> { +pub fn load_all(file: impl AsRef) -> Result<(Vec>, Vec>), Error> { let file: &Path = file.as_ref(); // Open a (buffered) file handle @@ -98,9 +100,11 @@ pub fn load_all(file: impl AsRef) -> Result<(Vec, Vec certs.push(Certificate(cert)), + Item::X509Certificate(cert) => certs.push(Certificate::from_slice(&cert)), - Item::ECKey(key) | Item::PKCS8Key(key) | Item::RSAKey(key) => keys.push(PrivateKey(key)), + Item::ECKey(key) | Item::PKCS8Key(key) | Item::RSAKey(key) => { + keys.push(PrivateKey::from_pem_slice(&key).expect("Data should be valid PEM data")) + }, _ => { return Err(Error::UnknownItemError { what: "PEM", path: file.into() }); @@ -123,7 +127,7 @@ pub fn load_all(file: impl AsRef) -> Result<(Vec, Vec) -> Result, Error> { +pub fn load_cert(certfile: impl AsRef) -> Result>, Error> { let certfile: &Path = certfile.as_ref(); // Open a (buffered) file handle @@ -145,7 +149,7 @@ pub fn load_cert(certfile: impl AsRef) -> Result, Error> debug!("Found {} certificate(s) in '{}'", certs.len(), certfile.display()); // Done, return - Ok(certs.into_iter().map(Certificate).collect()) + Ok(certs.into_iter().map(|x| Certificate::from_slice(&x)).collect()) } /// Loads a given key file. @@ -158,7 +162,7 @@ pub fn load_cert(certfile: impl AsRef) -> Result, Error> /// /// # Errors /// This function errors if we failed to read the file. -pub fn load_key(keyfile: impl AsRef) -> Result, Error> { +pub fn load_key(keyfile: impl AsRef) -> Result>, Error> { let keyfile: &Path = keyfile.as_ref(); // Open a (buffered) file handle @@ -180,7 +184,7 @@ pub fn load_key(keyfile: impl AsRef) -> Result, Error> { debug!("Found {} key(s) in '{}'", keys.len(), keyfile.display()); // Done, return - Ok(keys.into_iter().map(PrivateKey).collect()) + Ok(keys.into_iter().map(|x| PrivateKey::from_pem_slice(&x).expect("Key contents should be valid PEM data")).collect()) } @@ -195,7 +199,7 @@ pub fn load_key(keyfile: impl AsRef) -> Result, Error> { /// /// # Errors /// This function errors if we failed to read the files. -pub fn load_identity(file: impl AsRef) -> Result<(Vec, PrivateKey), Error> { +pub fn load_identity(file: impl AsRef) -> Result<(Vec>, PrivateKey<'static>), Error> { let file: &Path = file.as_ref(); // Open the file @@ -221,9 +225,11 @@ pub fn load_identity(file: impl AsRef) -> Result<(Vec, Privat // Match the item match item { - Item::X509Certificate(cert) => certs.push(Certificate(cert)), + Item::X509Certificate(cert) => certs.push(Certificate::from_slice(&cert)), - Item::ECKey(key) | Item::PKCS8Key(key) | Item::RSAKey(key) => keys.push(PrivateKey(key)), + Item::ECKey(key) | Item::PKCS8Key(key) | Item::RSAKey(key) => { + keys.push(PrivateKey::from_pem_slice(&key).expect("Private key should be valid PEM data")) + }, _ => { return Err(Error::UnknownItemError { what: "identity", path: file.into() }); @@ -254,7 +260,7 @@ pub fn load_identity(file: impl AsRef) -> Result<(Vec, Privat /// /// # Errors /// This function errors if we failed to read either of the files. -pub fn load_keypair(certfile: impl AsRef, keyfile: impl AsRef) -> Result<(Certificate, PrivateKey), Error> { +pub fn load_keypair(certfile: impl AsRef, keyfile: impl AsRef) -> Result<(Certificate<'static>, PrivateKey<'static>), Error> { let certfile: &Path = certfile.as_ref(); let keyfile: &Path = keyfile.as_ref(); @@ -301,17 +307,16 @@ pub fn load_certstore(storefile: impl AsRef) -> Result = io::BufReader::new(handle); // Read the certificates in this file - let certs: Vec> = match certs(&mut reader) { - Ok(certs) => certs, - Err(err) => { - return Err(Error::CertFileParseError { path: storefile.into(), err }); - }, - }; + let certs = rustls_pemfile::certs(&mut reader) + .map_err(|e| Error::CertFileParseError { path: storefile.into(), err: e })? + .into_iter() + .map(|x| Certificate::from_slice(&x)); + debug!("Found {} certificate(s) in '{}'", certs.len(), storefile.display()); // Read the certificates in the file to the store. let mut store: RootCertStore = RootCertStore::empty(); - let (added, ignored): (usize, usize) = store.add_parsable_certificates(&certs); + let (added, ignored): (usize, usize) = store.add_parsable_certificates(certs); debug!("Created client trust store from '{}' with {} certificates (ignored {})", storefile.display(), added, ignored); // Done, for now diff --git a/brane-cli/Cargo.toml b/brane-cli/Cargo.toml index 25beae79..2ece01ec 100644 --- a/brane-cli/Cargo.toml +++ b/brane-cli/Cargo.toml @@ -51,7 +51,7 @@ path-clean = "1.0.0" prettytable-rs = "0.10.0" rand = "0.8.5" reqwest = {version = "0.11.27", features = ["rustls-tls-manual-roots","json", "stream", "multipart"] } -rustls = "0.21.6" +rustls = "0.23.0" rustyline = "11.0.0" rustyline-derive = "0.8.0" semver = "1.0.0" diff --git a/brane-job/src/worker.rs b/brane-job/src/worker.rs index 871945d7..eb4811de 100644 --- a/brane-job/src/worker.rs +++ b/brane-job/src/worker.rs @@ -51,10 +51,10 @@ use enum_debug::EnumDebug as _; use error_trace::{ErrorTrace as _, trace}; use futures_util::StreamExt; use hyper::body::Bytes; -use hyper::header; +use reqwest::header; // use kube::config::Kubeconfig; use log::{debug, error, info, warn}; -use reqwest::Method; +use reqwest::{Method, header}; use serde::{Deserialize, Serialize}; use serde_json_any_key::json_to_map; use specifications::address::Address; diff --git a/brane-plr/src/planner.rs b/brane-plr/src/planner.rs index 65efc28c..aeecac5f 100644 --- a/brane-plr/src/planner.rs +++ b/brane-plr/src/planner.rs @@ -41,6 +41,7 @@ use specifications::package::Capability; use specifications::planning::{PlanningDeniedReply, PlanningReply, PlanningRequest}; use specifications::profiling::ProfileReport; use specifications::working::{CheckReply, CheckWorkflowRequest, JobServiceClient}; +use warp::http::StatusCode; use warp::reject::Rejection; use warp::reply::Response; diff --git a/brane-prx/Cargo.toml b/brane-prx/Cargo.toml index 10167559..88f92c5f 100644 --- a/brane-prx/Cargo.toml +++ b/brane-prx/Cargo.toml @@ -16,7 +16,7 @@ error-trace.workspace = true log = "0.4.22" never-say-never = "6.6.666" reqwest = { version = "0.11.27", features = ["json"] } -rustls = "0.21.6" +rustls = "0.23.0" serde = { version = "1.0.204", features = ["derive"] } serde_json = "1.0.120" socksx = { git = "https://github.com/epi-project/socksx", tag = "v2.0.0" } diff --git a/brane-reg/Cargo.toml b/brane-reg/Cargo.toml index d3e205bd..4beec65f 100644 --- a/brane-reg/Cargo.toml +++ b/brane-reg/Cargo.toml @@ -17,7 +17,7 @@ env_logger = "0.10.0" error-trace.workspace = true log = "0.4.22" reqwest = "0.11.27" -rustls = "0.21.6" +rustls = "0.23.0" serde = { version = "1.0.204", features = ["rc"] } serde_json = "1.0.120" serde_yaml = { version = "0.0.10", package = "serde_yml" }