diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 7b6930b4..349c7b74 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -25,6 +25,7 @@ jobs: - uses: actions/checkout@v5 - uses: actions-rust-lang/setup-rust-toolchain@v1 with: + toolchain: 'stable' rustflags: '-D warnings -W unreachable-pub' - run: RUSTDOCFLAGS="-D warnings" cargo doc --all --no-deps @@ -61,6 +62,7 @@ jobs: - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' + toolchain: 'stable' - run: cargo build --locked test: @@ -70,6 +72,7 @@ jobs: - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' + toolchain: 'stable' - uses: taiki-e/install-action@nextest - name: "Test rusty-jwt-tools" run: sh run-tests.sh @@ -89,6 +92,7 @@ jobs: - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' + toolchain: 'stable' - uses: davidB/rust-cargo-make@v1 - name: "Run Haskell test" run: cd ffi && cargo make hs-test @@ -103,6 +107,7 @@ jobs: - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' + toolchain: 'stable' - name: Install wasm-pack run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh - name: WASM build @@ -118,6 +123,7 @@ jobs: - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' + toolchain: 'stable' - name: Install wasm-pack run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh - name: Run tests (wasm) @@ -130,6 +136,7 @@ jobs: - uses: actions-rust-lang/setup-rust-toolchain@v1 with: rustflags: '' + toolchain: 'stable' - uses: taiki-e/install-action@cargo-hack - name: cargo/hack (verify features compile in isolation) run: cargo hack check --each-feature --no-dev-deps diff --git a/.rustfmt.toml b/.rustfmt.toml index d7957c9d..7763ce72 100644 --- a/.rustfmt.toml +++ b/.rustfmt.toml @@ -1,9 +1,8 @@ -# version = "Two" use_try_shorthand = true use_field_init_shorthand = true max_width = 120 newline_style = "Unix" merge_derives = true -# condense_wildcard_suffixes = true -edition = "2021" -# imports_granularity = "Crate" +condense_wildcard_suffixes = true +imports_granularity = "Crate" +group_imports = "StdExternalCrate" diff --git a/acme/Cargo.toml b/acme/Cargo.toml index 10541f0b..02b49283 100644 --- a/acme/Cargo.toml +++ b/acme/Cargo.toml @@ -6,6 +6,7 @@ edition = "2024" repository = "https://github.com/wireapp/rusty-jwt-tools" license = "MPL-2.0" publish = false +rust-version = "1.90" [lib] crate-type = ["cdylib", "rlib"] diff --git a/acme/src/account.rs b/acme/src/account.rs index cb87be5d..3b4402e6 100644 --- a/acme/src/account.rs +++ b/acme/src/account.rs @@ -1,6 +1,7 @@ -use crate::prelude::*; use rusty_jwt_tools::prelude::*; +use crate::prelude::*; + impl RustyAcme { /// 5. Create a new acme account /// see [RFC 8555 Section 7.3](https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3) @@ -143,10 +144,11 @@ pub enum AcmeAccountStatus { #[cfg(test)] pub mod tests { - use super::*; use serde_json::json; use wasm_bindgen_test::*; + use super::*; + wasm_bindgen_test_configure!(run_in_browser); mod json { diff --git a/acme/src/authz.rs b/acme/src/authz.rs index 0b4d496f..24dfa9c8 100644 --- a/acme/src/authz.rs +++ b/acme/src/authz.rs @@ -1,9 +1,7 @@ use base64::Engine; - use rusty_jwt_tools::prelude::*; -use crate::chall::AcmeChallengeType; -use crate::prelude::*; +use crate::{chall::AcmeChallengeType, prelude::*}; impl RustyAcme { /// create authorizations diff --git a/acme/src/certificate.rs b/acme/src/certificate.rs index 76d2766d..c7aa498a 100644 --- a/acme/src/certificate.rs +++ b/acme/src/certificate.rs @@ -1,8 +1,8 @@ -use crate::{error::CertificateError, identifier::CanonicalIdentifier, prelude::*}; use rusty_jwt_tools::prelude::*; use rusty_x509_check::revocation::{PkiEnvironment, PkiEnvironmentParams}; -use x509_cert::Certificate; -use x509_cert::anchor::TrustAnchorChoice; +use x509_cert::{Certificate, anchor::TrustAnchorChoice}; + +use crate::{error::CertificateError, identifier::CanonicalIdentifier, prelude::*}; impl RustyAcme { /// For fetching the generated certificate diff --git a/acme/src/directory.rs b/acme/src/directory.rs index 91f1507d..badcfc7d 100644 --- a/acme/src/directory.rs +++ b/acme/src/directory.rs @@ -27,9 +27,10 @@ pub struct AcmeDirectory { #[cfg(test)] pub mod tests { - use super::*; use wasm_bindgen_test::*; + use super::*; + wasm_bindgen_test_configure!(run_in_browser); #[test] diff --git a/acme/src/finalize.rs b/acme/src/finalize.rs index 0a73dcab..568c7a89 100644 --- a/acme/src/finalize.rs +++ b/acme/src/finalize.rs @@ -1,11 +1,10 @@ use base64::Engine; use jwt_simple::prelude::*; -use x509_cert::der::Encode; - use rusty_jwt_tools::prelude::*; +use x509_cert::der::Encode; -use crate::identifier::CanonicalIdentifier; use crate::{ + identifier::CanonicalIdentifier, order::{AcmeOrderError, AcmeOrderStatus}, prelude::*, }; diff --git a/acme/src/identifier.rs b/acme/src/identifier.rs index 52607cbf..1a9227df 100644 --- a/acme/src/identifier.rs +++ b/acme/src/identifier.rs @@ -1,6 +1,7 @@ -use crate::prelude::*; use rusty_jwt_tools::prelude::*; +use crate::prelude::*; + /// Represent an identifier in an ACME Order #[derive(Debug, Clone, Eq, PartialEq, Hash, serde::Serialize, serde::Deserialize)] #[serde(tag = "type", content = "value", rename_all = "kebab-case")] diff --git a/acme/src/identity/mod.rs b/acme/src/identity/mod.rs index fd6e5020..ca4be07b 100644 --- a/acme/src/identity/mod.rs +++ b/acme/src/identity/mod.rs @@ -1,11 +1,8 @@ -use x509_cert::der::Decode as _; - use rusty_jwt_tools::prelude::*; -use rusty_x509_check::IdentityStatus; -use rusty_x509_check::revocation::PkiEnvironment; +use rusty_x509_check::{IdentityStatus, revocation::PkiEnvironment}; +use x509_cert::der::Decode as _; -use crate::error::CertificateError; -use crate::prelude::*; +use crate::{error::CertificateError, prelude::*}; pub(crate) mod thumbprint; diff --git a/acme/src/identity/thumbprint.rs b/acme/src/identity/thumbprint.rs index 41b215dc..14fdf3f6 100644 --- a/acme/src/identity/thumbprint.rs +++ b/acme/src/identity/thumbprint.rs @@ -1,16 +1,15 @@ -use crate::{ - error::CertificateError, - prelude::{RustyAcmeError, RustyAcmeResult}, -}; - use jwt_simple::prelude::*; use rusty_jwt_tools::{ jwk::TryIntoJwk, prelude::{HashAlgorithm, JwkThumbprint, JwsAlgorithm}, }; - use x509_cert::spki::SubjectPublicKeyInfoOwned; +use crate::{ + error::CertificateError, + prelude::{RustyAcmeError, RustyAcmeResult}, +}; + /// Used to compute the MLS thumbprint of a Basic Credential pub fn compute_raw_key_thumbprint( sign_alg: JwsAlgorithm, diff --git a/acme/src/jws.rs b/acme/src/jws.rs index afa46d8e..433d0d09 100644 --- a/acme/src/jws.rs +++ b/acme/src/jws.rs @@ -1,7 +1,8 @@ -use crate::prelude::*; use jwt_simple::prelude::*; use rusty_jwt_tools::prelude::*; +use crate::prelude::*; + #[derive(Debug, serde::Serialize, serde::Deserialize)] #[cfg_attr(test, derive(Clone))] #[serde(rename_all = "camelCase")] diff --git a/acme/src/lib.rs b/acme/src/lib.rs index bf6eb40f..3a1cfad3 100644 --- a/acme/src/lib.rs +++ b/acme/src/lib.rs @@ -12,22 +12,20 @@ mod order; /// Prelude pub mod prelude { - pub use super::RustyAcme; - use super::*; pub use account::AcmeAccount; pub use authz::AcmeAuthz; pub use chall::{AcmeChallError, AcmeChallenge, AcmeChallengeType}; + pub use directory::AcmeDirectory; pub use error::{RustyAcmeError, RustyAcmeResult}; pub use finalize::AcmeFinalize; pub use identifier::{AcmeIdentifier, WireIdentifier}; - pub use identity::{WireIdentity, WireIdentityReader}; + pub use identity::{WireIdentity, WireIdentityReader, thumbprint::compute_raw_key_thumbprint}; pub use jws::AcmeJws; pub use order::AcmeOrder; pub use rusty_x509_check as x509; - pub use identity::thumbprint::compute_raw_key_thumbprint; - - pub use directory::AcmeDirectory; + pub use super::RustyAcme; + use super::*; } pub struct RustyAcme; diff --git a/acme/src/order.rs b/acme/src/order.rs index 29e6e41f..92c563af 100644 --- a/acme/src/order.rs +++ b/acme/src/order.rs @@ -1,8 +1,8 @@ -use crate::identifier::CanonicalIdentifier; -use rusty_jwt_tools::prelude::*; use std::collections::HashSet; -use crate::prelude::*; +use rusty_jwt_tools::prelude::*; + +use crate::{identifier::CanonicalIdentifier, prelude::*}; // Order creation impl RustyAcme { diff --git a/e2e-identity/Cargo.toml b/e2e-identity/Cargo.toml index ca8da24b..4a54b214 100644 --- a/e2e-identity/Cargo.toml +++ b/e2e-identity/Cargo.toml @@ -6,6 +6,7 @@ edition = "2024" repository = "https://github.com/wireapp/rusty-jwt-tools" license = "MPL-2.0" publish = false +rust-version = "1.90" [lib] crate-type = ["cdylib", "rlib"] diff --git a/e2e-identity/src/lib.rs b/e2e-identity/src/lib.rs index ca9a85a7..8adc3d97 100644 --- a/e2e-identity/src/lib.rs +++ b/e2e-identity/src/lib.rs @@ -1,8 +1,5 @@ -use jwt_simple::prelude::{ES256KeyPair, ES384KeyPair, ES512KeyPair, Ed25519KeyPair, Jwk}; -use zeroize::Zeroize; - -use crate::prelude::x509::revocation::PkiEnvironment; use error::*; +use jwt_simple::prelude::{ES256KeyPair, ES384KeyPair, ES512KeyPair, Ed25519KeyPair, Jwk}; use prelude::*; use rusty_acme::prelude::{AcmeChallenge, AcmeIdentifier}; use rusty_jwt_tools::{ @@ -10,27 +7,31 @@ use rusty_jwt_tools::{ jwk_thumbprint::JwkThumbprint, prelude::{ClientId, Dpop, Handle, Htm, Pem, RustyJwtTools}, }; +use zeroize::Zeroize; + +use crate::prelude::x509::revocation::PkiEnvironment; mod error; mod types; pub mod prelude { - pub use rusty_acme::prelude::x509; pub use rusty_acme::prelude::{ - AcmeDirectory, RustyAcme, RustyAcmeError, WireIdentity, WireIdentityReader, compute_raw_key_thumbprint, + AcmeDirectory, RustyAcme, RustyAcmeError, WireIdentity, WireIdentityReader, compute_raw_key_thumbprint, x509, x509::IdentityStatus, }; + #[cfg(feature = "builder")] + pub use rusty_jwt_tools::prelude::generate_jwk; pub use rusty_jwt_tools::prelude::{ ClientId as E2eiClientId, Handle, HashAlgorithm, JwsAlgorithm, RustyJwtError, parse_json_jwk, }; - #[cfg(feature = "builder")] - pub use rusty_jwt_tools::prelude::generate_jwk; - - pub use super::RustyE2eIdentity; - pub use super::error::{E2eIdentityError, E2eIdentityResult}; - pub use super::types::{ - E2eiAcmeAccount, E2eiAcmeAuthorization, E2eiAcmeChallenge, E2eiAcmeFinalize, E2eiAcmeOrder, E2eiNewAcmeOrder, + pub use super::{ + RustyE2eIdentity, + error::{E2eIdentityError, E2eIdentityResult}, + types::{ + E2eiAcmeAccount, E2eiAcmeAuthorization, E2eiAcmeChallenge, E2eiAcmeFinalize, E2eiAcmeOrder, + E2eiNewAcmeOrder, + }, }; } diff --git a/e2e-identity/src/types.rs b/e2e-identity/src/types.rs index 57a13957..70d1d809 100644 --- a/e2e-identity/src/types.rs +++ b/e2e-identity/src/types.rs @@ -1,8 +1,7 @@ use rusty_acme::prelude::AcmeChallenge; -use crate::prelude::{E2eIdentityError, E2eIdentityResult}; - use super::Json; +use crate::prelude::{E2eIdentityError, E2eIdentityResult}; #[derive( Debug, Clone, derive_more::From, derive_more::Into, derive_more::Deref, serde::Serialize, serde::Deserialize, diff --git a/e2e-identity/tests/api.rs b/e2e-identity/tests/api.rs index a189ce59..1688428a 100644 --- a/e2e-identity/tests/api.rs +++ b/e2e-identity/tests/api.rs @@ -1,9 +1,8 @@ use jwt_simple::prelude::*; -use serde_json::json; -use wasm_bindgen_test::*; - use rusty_jwt_tools::prelude::*; +use serde_json::json; use utils::keys::enrollments; +use wasm_bindgen_test::*; use wire_e2e_identity::prelude::E2eiAcmeAuthorization; wasm_bindgen_test_configure!(run_in_browser); diff --git a/e2e-identity/tests/e2e.rs b/e2e-identity/tests/e2e.rs index 850e55a3..2428b69e 100644 --- a/e2e-identity/tests/e2e.rs +++ b/e2e-identity/tests/e2e.rs @@ -6,7 +6,6 @@ use jwt_simple::prelude::*; use rstest::rstest; - use rusty_acme::prelude::*; use rusty_jwt_tools::prelude::*; use utils::{ @@ -174,13 +173,15 @@ mod alg { /// Since the acme server is a fork, verify its invariants are respected mod acme_server { - use super::*; - use rusty_acme::prelude::x509::RustyX509CheckError; - use rusty_acme::prelude::x509::reexports::certval; - use rusty_acme::prelude::x509::reexports::certval::PathValidationStatus; - use rusty_acme::prelude::x509::revocation::{PkiEnvironment, PkiEnvironmentParams}; + use rusty_acme::prelude::x509::{ + RustyX509CheckError, + reexports::{certval, certval::PathValidationStatus}, + revocation::{PkiEnvironment, PkiEnvironmentParams}, + }; use x509_cert::der::Decode; + use super::*; + #[rstest] #[tokio::test] /// Acme server has been man-in-middle:ed and returns untrusted certificates diff --git a/e2e-identity/tests/utils/cfg.rs b/e2e-identity/tests/utils/cfg.rs index d4ec65c9..406d6d6c 100644 --- a/e2e-identity/tests/utils/cfg.rs +++ b/e2e-identity/tests/utils/cfg.rs @@ -3,10 +3,9 @@ use std::{collections::HashMap, net::SocketAddr}; use jwt_simple::prelude::*; use oauth2::RefreshToken; use rand::random; -use scraper::Html; - use rusty_acme::prelude::{AcmeAccount, AcmeAuthz, AcmeChallenge, AcmeDirectory, AcmeFinalize, AcmeOrder}; use rusty_jwt_tools::{jwk::TryIntoJwk, prelude::*}; +use scraper::Html; use crate::utils::{ TestResult, diff --git a/e2e-identity/tests/utils/ctx.rs b/e2e-identity/tests/utils/ctx.rs index 410eb5c3..b41c0826 100644 --- a/e2e-identity/tests/utils/ctx.rs +++ b/e2e-identity/tests/utils/ctx.rs @@ -1,9 +1,9 @@ //! Test helper for sharing data between the resource server (wire-server) and the client which //! is responsible for displaying them. -use std::net::SocketAddr; use std::{ collections::{HashMap, hash_map::RandomState}, + net::SocketAddr, str::FromStr, }; diff --git a/e2e-identity/tests/utils/display.rs b/e2e-identity/tests/utils/display.rs index 47b9553c..3984fee2 100644 --- a/e2e-identity/tests/utils/display.rs +++ b/e2e-identity/tests/utils/display.rs @@ -3,7 +3,6 @@ use std::{path::PathBuf, process::Command}; use base64::Engine; use itertools::Itertools; use jwt_simple::prelude::*; - use rusty_jwt_tools::prelude::*; use crate::utils::rand_base64_str; diff --git a/e2e-identity/tests/utils/docker/keycloak.rs b/e2e-identity/tests/utils/docker/keycloak.rs index 09b53c5e..3f0af17d 100644 --- a/e2e-identity/tests/utils/docker/keycloak.rs +++ b/e2e-identity/tests/utils/docker/keycloak.rs @@ -1,17 +1,14 @@ -use std::borrow::Cow; -use std::process::Command; -use std::sync::OnceLock; -use std::{collections::HashMap, env, net::SocketAddr}; +use std::{borrow::Cow, collections::HashMap, env, net::SocketAddr, process::Command, sync::OnceLock}; use keycloak::{ KeycloakAdmin, KeycloakAdminToken, - types::ProtocolMapperRepresentation, - types::{ClientRepresentation, CredentialRepresentation, UserRepresentation}, + types::{ClientRepresentation, CredentialRepresentation, ProtocolMapperRepresentation, UserRepresentation}, +}; +use testcontainers::{ + ContainerAsync, Image, ImageExt, ReuseDirective, + core::{ContainerPort, IntoContainerPort, Mount, WaitFor}, + runners::AsyncRunner, }; - -use testcontainers::core::{ContainerPort, IntoContainerPort, Mount}; -use testcontainers::runners::AsyncRunner; -use testcontainers::{ContainerAsync, Image, ImageExt, ReuseDirective, core::WaitFor}; use crate::utils::docker::SHM; diff --git a/e2e-identity/tests/utils/docker/stepca.rs b/e2e-identity/tests/utils/docker/stepca.rs index 1325de6c..be43aa48 100644 --- a/e2e-identity/tests/utils/docker/stepca.rs +++ b/e2e-identity/tests/utils/docker/stepca.rs @@ -1,10 +1,12 @@ -use base64::prelude::*; -use std::net::SocketAddr; -use std::path::Path; +use std::{net::SocketAddr, path::Path}; +use base64::prelude::*; use serde_json::json; -use testcontainers::core::{CmdWaitFor, ContainerPort, ExecCommand, Mount}; -use testcontainers::{ContainerAsync, GenericImage, ImageExt, runners::AsyncRunner}; +use testcontainers::{ + ContainerAsync, GenericImage, ImageExt, + core::{CmdWaitFor, ContainerPort, ExecCommand, Mount}, + runners::AsyncRunner, +}; use crate::utils::docker::{NETWORK, SHM, rand_str}; diff --git a/e2e-identity/tests/utils/fmk.rs b/e2e-identity/tests/utils/fmk.rs index 821bfd9b..0b082d18 100644 --- a/e2e-identity/tests/utils/fmk.rs +++ b/e2e-identity/tests/utils/fmk.rs @@ -1,9 +1,14 @@ +use std::collections::{HashMap, hash_map::RandomState}; + use base64::Engine; -use const_oid::db::{ - rfc5912::{ID_EC_PUBLIC_KEY, SECP_256_R_1, SECP_384_R_1, SECP_521_R_1}, - rfc8410::ID_ED_25519, +use const_oid::{ + AssociatedOid as _, ObjectIdentifier, + db::{ + rfc5912::{ID_EC_PUBLIC_KEY, SECP_256_R_1, SECP_384_R_1, SECP_521_R_1}, + rfc8410::ID_ED_25519, + }, }; -use const_oid::{AssociatedOid as _, ObjectIdentifier}; +use http::header; use itertools::Itertools; use jwt_simple::prelude::*; use oauth2::{CsrfToken, PkceCodeChallenge, RedirectUrl, RefreshToken, Scope}; @@ -12,23 +17,18 @@ use openidconnect::{ core::{CoreAuthenticationFlow, CoreClient, CoreProviderMetadata}, }; use reqwest::StatusCode; -use serde_json::{Value, json}; -use std::collections::{HashMap, hash_map::RandomState}; -use url::Url; -use x509_cert::Certificate; -use x509_cert::der::asn1::Ia5String; -use x509_cert::der::{Decode as _, DecodePem, Encode as _}; -use x509_cert::ext::pkix::constraints::name::GeneralSubtree; -use x509_cert::ext::pkix::name::GeneralName; -use x509_cert::ext::pkix::{KeyUsage, KeyUsages, NameConstraints}; - -use http::header; -use rusty_acme::prelude::x509::revocation::PkiEnvironment; -use rusty_acme::prelude::*; +use rusty_acme::prelude::{x509::revocation::PkiEnvironment, *}; use rusty_jwt_tools::{ jwk::{TryFromJwk, TryIntoJwk}, prelude::*, }; +use serde_json::{Value, json}; +use url::Url; +use x509_cert::{ + Certificate, + der::{Decode as _, DecodePem, Encode as _, asn1::Ia5String}, + ext::pkix::{KeyUsage, KeyUsages, NameConstraints, constraints::name::GeneralSubtree, name::GeneralName}, +}; use crate::utils::{ TestError, TestResult, diff --git a/e2e-identity/tests/utils/helpers.rs b/e2e-identity/tests/utils/helpers.rs index 398be99a..55d963b9 100644 --- a/e2e-identity/tests/utils/helpers.rs +++ b/e2e-identity/tests/utils/helpers.rs @@ -1,8 +1,8 @@ -use crate::utils::TestResult; -use http::header::AsHeaderName; -use http::{HeaderName, HeaderValue, header}; +use http::{HeaderName, HeaderValue, header, header::AsHeaderName}; use itertools::Itertools; +use crate::utils::TestResult; + pub trait ClientHelper { fn acme_req(&self, url: &url::Url, body: &T) -> TestResult; } diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index c03788f8..f89f8a62 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -6,6 +6,7 @@ edition = "2024" repository = "https://github.com/wireapp/rusty-jwt-tools" license = "MPL-2.0" publish = false +rust-version = "1.90" [lib] name = "rusty_jwt_tools_ffi" diff --git a/ffi/src/lib.rs b/ffi/src/lib.rs index d2c52885..996a8983 100644 --- a/ffi/src/lib.rs +++ b/ffi/src/lib.rs @@ -285,7 +285,7 @@ pub enum HsError { impl From for HsError { fn from(e: RustyJwtError) -> Self { match e { - RustyJwtError::InvalidHtu(_, _) => Self::InvalidHtu, + RustyJwtError::InvalidHtu(..) => Self::InvalidHtu, RustyJwtError::InvalidHtm(_) => Self::InvalidHtm, RustyJwtError::InvalidDpopJwk => Self::InvalidDpopSyntax, RustyJwtError::InvalidDpopTyp => Self::InvalidDpopTyp, diff --git a/jwt/Cargo.toml b/jwt/Cargo.toml index 6337294d..b339705b 100644 --- a/jwt/Cargo.toml +++ b/jwt/Cargo.toml @@ -6,6 +6,7 @@ edition = "2024" repository = "https://github.com/wireapp/rusty-jwt-tools" license = "MPL-2.0" publish = false +rust-version = "1.90" [lib] name = "rusty_jwt_tools" diff --git a/jwt/src/access/generate.rs b/jwt/src/access/generate.rs index 37fb3d64..2381d55e 100644 --- a/jwt/src/access/generate.rs +++ b/jwt/src/access/generate.rs @@ -172,9 +172,8 @@ pub mod tests { use jwt_simple::prelude::*; use serde_json::{Value, json}; - use crate::{dpop::Dpop, jwk::TryFromJwk, test_utils::*}; - use super::*; + use crate::{dpop::Dpop, jwk::TryFromJwk, test_utils::*}; mod generated_access_token { use super::*; diff --git a/jwt/src/access/mod.rs b/jwt/src/access/mod.rs index 598ac652..0fd5580e 100644 --- a/jwt/src/access/mod.rs +++ b/jwt/src/access/mod.rs @@ -1,8 +1,6 @@ use jwt_simple::prelude::*; -use crate::jwk_thumbprint::JwkThumbprint; -use crate::jwt::new_jti; -use crate::prelude::*; +use crate::{jwk_thumbprint::JwkThumbprint, jwt::new_jti, prelude::*}; mod generate; mod verify; diff --git a/jwt/src/access/verify.rs b/jwt/src/access/verify.rs index f37c32df..55a8d873 100644 --- a/jwt/src/access/verify.rs +++ b/jwt/src/access/verify.rs @@ -177,9 +177,8 @@ impl RustyJwtTools { pub mod tests { use jwt_simple::prelude::*; - use crate::test_utils::*; - use super::*; + use crate::test_utils::*; mod access { use super::*; diff --git a/jwt/src/dpop/generate.rs b/jwt/src/dpop/generate.rs index a74ae3b6..9b587430 100644 --- a/jwt/src/dpop/generate.rs +++ b/jwt/src/dpop/generate.rs @@ -40,12 +40,16 @@ impl RustyJwtTools { #[cfg(test)] pub mod tests { + use base64::Engine; + use serde_json::{Value, json}; use wasm_bindgen_test::*; use web_time::{SystemTime, UNIX_EPOCH}; - use crate::{dpop::*, jwk::RustyJwk, jwk::TryFromJwk, test_utils::*}; - use base64::Engine; - use serde_json::{Value, json}; + use crate::{ + dpop::*, + jwk::{RustyJwk, TryFromJwk}, + test_utils::*, + }; wasm_bindgen_test_configure!(run_in_browser); diff --git a/jwt/src/dpop/htu.rs b/jwt/src/dpop/htu.rs index 23aa285b..fe10e7c8 100644 --- a/jwt/src/dpop/htu.rs +++ b/jwt/src/dpop/htu.rs @@ -1,6 +1,7 @@ -use serde::{Deserialize, Serialize}; use std::fmt; +use serde::{Deserialize, Serialize}; + use crate::prelude::*; /// The HTTP request URI without query and fragment parts diff --git a/jwt/src/dpop/mod.rs b/jwt/src/dpop/mod.rs index a9785663..c5610aec 100644 --- a/jwt/src/dpop/mod.rs +++ b/jwt/src/dpop/mod.rs @@ -1,13 +1,10 @@ -use jwt_simple::prelude::*; -use serde::{Deserialize, Serialize}; - pub use htm::Htm; pub use htu::Htu; -pub(crate) use verify::VerifyDpop; -pub(crate) use verify::VerifyDpopTokenHeader; +use jwt_simple::prelude::*; +use serde::{Deserialize, Serialize}; +pub(crate) use verify::{VerifyDpop, VerifyDpopTokenHeader}; -use crate::jwt::new_jti; -use crate::prelude::*; +use crate::{jwt::new_jti, prelude::*}; mod generate; mod htm; diff --git a/jwt/src/dpop/verify.rs b/jwt/src/dpop/verify.rs index 3c222f4b..9efe57e1 100644 --- a/jwt/src/dpop/verify.rs +++ b/jwt/src/dpop/verify.rs @@ -1,7 +1,9 @@ use jwt_simple::prelude::*; -use crate::jwt::{Verify, VerifyJwt, VerifyJwtHeader}; -use crate::prelude::*; +use crate::{ + jwt::{Verify, VerifyJwt, VerifyJwtHeader}, + prelude::*, +}; /// Verifies DPoP token specific header pub(crate) trait VerifyDpopTokenHeader { diff --git a/jwt/src/jwe/mod.rs b/jwt/src/jwe/mod.rs index 9678bbde..0c362424 100644 --- a/jwt/src/jwe/mod.rs +++ b/jwt/src/jwe/mod.rs @@ -1,3 +1,4 @@ +use alg::JweAlgorithm; use biscuit::{ Empty, jwa::{Algorithm, EncryptionOptions}, @@ -5,8 +6,6 @@ use biscuit::{ jwk::{AlgorithmParameters, CommonParameters, JWK, OctetKeyParameters, OctetKeyType}, }; -use alg::JweAlgorithm; - use crate::prelude::*; pub mod alg; @@ -106,16 +105,14 @@ impl RustyJwtTools { pub mod tests { use base64::Engine; use biscuit::jwe::Header; + use helpers::*; use rand::SeedableRng as _; use rand_chacha::ChaCha20Rng; use serde_json::Value; use wasm_bindgen_test::*; - use helpers::*; - - use crate::test_utils::*; - use super::*; + use crate::test_utils::*; wasm_bindgen_test_configure!(run_in_browser); @@ -279,9 +276,10 @@ pub mod tests { #[cfg(not(target_family = "wasm"))] mod interop { - use super::*; use serde_json::json; + use super::*; + // because josekit generates 32 bytes nonce for Key Wrapping whereas biscuit expects 12 bytes #[ignore] #[apply(all_cipher)] diff --git a/jwt/src/jwk/ecdsa.rs b/jwt/src/jwk/ecdsa.rs index 22f47f12..2b3cda80 100644 --- a/jwt/src/jwk/ecdsa.rs +++ b/jwt/src/jwk/ecdsa.rs @@ -123,9 +123,8 @@ pub mod tests { use jwt_simple::prelude::*; use wasm_bindgen_test::*; - use crate::test_utils::*; - use super::*; + use crate::test_utils::*; wasm_bindgen_test_configure!(run_in_browser); diff --git a/jwt/src/jwk/eddsa.rs b/jwt/src/jwk/eddsa.rs index f749b923..c6cbae1e 100644 --- a/jwt/src/jwk/eddsa.rs +++ b/jwt/src/jwk/eddsa.rs @@ -34,9 +34,8 @@ pub mod tests { use jwt_simple::prelude::*; use wasm_bindgen_test::*; - use crate::test_utils::*; - use super::*; + use crate::test_utils::*; wasm_bindgen_test_configure!(run_in_browser); diff --git a/jwt/src/jwk/json.rs b/jwt/src/jwk/json.rs index 77574520..e91825ab 100644 --- a/jwt/src/jwk/json.rs +++ b/jwt/src/jwk/json.rs @@ -1,12 +1,13 @@ -use crate::{ - jwk::TryFromJwk, - prelude::{RustyJwtError, RustyJwtResult}, -}; use jwt_simple::prelude::{ AlgorithmParameters, ES256PublicKey, ES384PublicKey, ES512PublicKey, Ed25519PublicKey, EdwardCurve, EllipticCurve, EllipticCurveKeyParameters, EllipticCurveKeyType, Jwk, OctetKeyPairParameters, OctetKeyPairType, }; +use crate::{ + jwk::TryFromJwk, + prelude::{RustyJwtError, RustyJwtResult}, +}; + /// Parses a raw JWK Json serialized pub fn parse_json_jwk(jwk: &[u8]) -> RustyJwtResult> { let jwk = serde_json::from_slice::(jwk)?; diff --git a/jwt/src/jwk_thumbprint.rs b/jwt/src/jwk_thumbprint.rs index ff1c6655..b951378a 100644 --- a/jwt/src/jwk_thumbprint.rs +++ b/jwt/src/jwk_thumbprint.rs @@ -77,9 +77,8 @@ impl JwkThumbprint { pub mod tests { use wasm_bindgen_test::*; - use crate::{jwk::RustyJwk, test_utils::*}; - use super::*; + use crate::{jwk::RustyJwk, test_utils::*}; wasm_bindgen_test_configure!(run_in_browser); diff --git a/jwt/src/jwt/generate.rs b/jwt/src/jwt/generate.rs index 46c0167f..5178aeae 100644 --- a/jwt/src/jwt/generate.rs +++ b/jwt/src/jwt/generate.rs @@ -1,6 +1,7 @@ -use crate::prelude::*; use jwt_simple::prelude::*; +use crate::prelude::*; + impl RustyJwtTools { /// Build a new generic JWT pub fn generate_jwt( diff --git a/jwt/src/lib.rs b/jwt/src/lib.rs index 0be3f5be..bbcc1e29 100644 --- a/jwt/src/lib.rs +++ b/jwt/src/lib.rs @@ -27,8 +27,11 @@ mod model; pub mod prelude { pub use dpop::{Dpop, Htm, Htu}; pub use error::{RustyJwtError, RustyJwtResult}; + #[cfg(feature = "jwe")] + pub use jwe::alg::JweAlgorithm; + #[cfg(feature = "test-utils")] + pub use jwk::generate_jwk; pub use jwk::json::parse_json_jwk; - pub use jwk_thumbprint::JwkThumbprint; pub use model::{ alg::{HashAlgorithm, JwsAlgorithm, JwsEcAlgorithm, JwsEdAlgorithm}, @@ -40,12 +43,6 @@ pub mod prelude { team::Team, }; - #[cfg(feature = "jwe")] - pub use jwe::alg::JweAlgorithm; - - #[cfg(feature = "test-utils")] - pub use jwk::generate_jwk; - pub use super::RustyJwtTools; use super::*; } diff --git a/jwt/src/model/alg.rs b/jwt/src/model/alg.rs index 0d0f1bba..1f0d090e 100644 --- a/jwt/src/model/alg.rs +++ b/jwt/src/model/alg.rs @@ -1,5 +1,4 @@ -use std::fmt::Formatter; -use std::str::FromStr; +use std::{fmt::Formatter, str::FromStr}; use jwt_simple::prelude::*; diff --git a/jwt/src/model/client_id.rs b/jwt/src/model/client_id.rs index 769db060..94de6bc9 100644 --- a/jwt/src/model/client_id.rs +++ b/jwt/src/model/client_id.rs @@ -1,10 +1,9 @@ -use crate::model::DEFAULT_URL; use base64::Engine; use percent_encoding::percent_decode_str; use url::Url; use uuid::Uuid; -use crate::prelude::*; +use crate::{model::DEFAULT_URL, prelude::*}; /// Unique user handle #[derive(Debug, Clone, Eq, PartialEq)] @@ -177,9 +176,10 @@ impl ClientId { pub mod tests { use std::str::FromStr as _; - use super::*; use wasm_bindgen_test::*; + use super::*; + wasm_bindgen_test_configure!(run_in_browser); #[test] diff --git a/jwt/src/model/handle.rs b/jwt/src/model/handle.rs index 635d5310..c4798f3b 100644 --- a/jwt/src/model/handle.rs +++ b/jwt/src/model/handle.rs @@ -1,8 +1,12 @@ -use crate::model::DEFAULT_URL; -use crate::prelude::{ClientId, RustyJwtError, RustyJwtResult}; -use percent_encoding::percent_decode_str; use std::str::FromStr; +use percent_encoding::percent_decode_str; + +use crate::{ + model::DEFAULT_URL, + prelude::{ClientId, RustyJwtError, RustyJwtResult}, +}; + /// A unique human-friendly identifier for a user e.g. `beltram_wire` #[derive(Debug, Clone, Eq, PartialEq, derive_more::From, derive_more::Into, derive_more::Deref)] pub struct Handle(String); @@ -99,9 +103,10 @@ impl Default for QualifiedHandle { #[cfg(test)] pub mod tests { - use super::*; use wasm_bindgen_test::*; + use super::*; + wasm_bindgen_test_configure!(run_in_browser); #[test] diff --git a/jwt/src/model/pk.rs b/jwt/src/model/pk.rs index b9839fa9..d27b65f7 100644 --- a/jwt/src/model/pk.rs +++ b/jwt/src/model/pk.rs @@ -1,8 +1,7 @@ use jwt_simple::prelude::*; use serde::de::DeserializeOwned; -use crate::jwk::TryFromJwk; -use crate::prelude::*; +use crate::{jwk::TryFromJwk, prelude::*}; /// Abstraction over a public cryptographic key to upcast it in order to ease and factorize its usage with `jwt_simple` #[derive(Debug, Clone)] diff --git a/jwt/src/test_utils/mod.rs b/jwt/src/test_utils/mod.rs index fa9037f3..768337a4 100644 --- a/jwt/src/test_utils/mod.rs +++ b/jwt/src/test_utils/mod.rs @@ -1,18 +1,15 @@ +pub use access::*; +pub use dpop::*; +#[allow(unused_imports)] +pub use jwk::*; use jwt_simple::prelude::*; pub use rstest::*; pub use rstest_reuse::{self, *}; use sec1::pkcs8::{DecodePrivateKey, EncodePrivateKey, EncodePublicKey}; use serde::de::DeserializeOwned; - -pub use access::*; -pub use dpop::*; -#[allow(unused_imports)] -pub use jwk::*; pub use utils::*; -use crate::jwk::TryIntoJwk; -use crate::jwk_thumbprint::JwkThumbprint; -use crate::{dpop::Dpop, prelude::*}; +use crate::{dpop::Dpop, jwk::TryIntoJwk, jwk_thumbprint::JwkThumbprint, prelude::*}; pub mod access; pub mod dpop; diff --git a/jwt/tests/e2e.rs b/jwt/tests/e2e.rs index d6832aa0..e9abdac6 100644 --- a/jwt/tests/e2e.rs +++ b/jwt/tests/e2e.rs @@ -1,6 +1,5 @@ use base64::Engine; use jwt_simple::prelude::*; - use rusty_jwt_tools::prelude::*; #[test] diff --git a/rust-toolchain.toml b/rust-toolchain.toml index 6feec6a1..20ed5e6a 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,3 +1,3 @@ [toolchain] -channel = "1.89" +channel = "nightly-2025-08-24" components = ["rust-analyzer"] diff --git a/test-wire-server/Cargo.toml b/test-wire-server/Cargo.toml index e6165266..1ec1e5d8 100644 --- a/test-wire-server/Cargo.toml +++ b/test-wire-server/Cargo.toml @@ -2,6 +2,7 @@ name = "test-wire-server" version = "0.13.0" edition = "2024" +rust-version = "1.90" [dependencies] base64 = { workspace = true } diff --git a/test-wire-server/src/main.rs b/test-wire-server/src/main.rs index 66459e1f..5a11be99 100644 --- a/test-wire-server/src/main.rs +++ b/test-wire-server/src/main.rs @@ -1,17 +1,20 @@ -use std::collections::HashMap; -use std::net::{Ipv4Addr, SocketAddrV4}; -use std::str::FromStr as _; -use std::sync::{Arc, Mutex}; +use std::{ + collections::HashMap, + net::{Ipv4Addr, SocketAddrV4}, + str::FromStr as _, + sync::{Arc, Mutex}, +}; use base64::Engine as _; use http_body_util::{BodyExt as _, Full}; -use hyper::body::{Bytes, Incoming}; -use hyper::server::conn::http1; -use hyper::{Method, Request, Response, StatusCode}; +use hyper::{ + Method, Request, Response, StatusCode, + body::{Bytes, Incoming}, + server::conn::http1, +}; use hyper_util::rt::TokioIo; -use tokio::net::TcpListener; - use rusty_jwt_tools::prelude::*; +use tokio::net::TcpListener; fn generate_nonce() -> String { let nonce = uuid::Uuid::new_v4(); diff --git a/x509-check/Cargo.toml b/x509-check/Cargo.toml index e12a2deb..41d5babb 100644 --- a/x509-check/Cargo.toml +++ b/x509-check/Cargo.toml @@ -6,6 +6,7 @@ edition = "2024" repository = "https://github.com/wireapp/rusty-jwt-tools" license = "MPL-2.0" publish = false +rust-version = "1.90" [lints] workspace = true diff --git a/x509-check/src/lib.rs b/x509-check/src/lib.rs index 64541a37..8a24611e 100644 --- a/x509-check/src/lib.rs +++ b/x509-check/src/lib.rs @@ -1,6 +1,7 @@ -use crate::revocation::PkiEnvironment; use certval::PathValidationStatus; +use crate::revocation::PkiEnvironment; + pub mod reexports { pub use certval; } diff --git a/x509-check/src/revocation.rs b/x509-check/src/revocation.rs index 801bb697..be1b2bdf 100644 --- a/x509-check/src/revocation.rs +++ b/x509-check/src/revocation.rs @@ -8,13 +8,14 @@ use certval::{ validator::{PDVCertificate, path_validator::check_validity}, verify_signatures, }; - use const_oid::AssociatedOid; -use x509_cert::der::{Decode, DecodePem, Encode}; -use x509_cert::ext::pkix::AuthorityKeyIdentifier; +use crl_store::CrlStore; +use x509_cert::{ + der::{Decode, DecodePem, Encode}, + ext::pkix::AuthorityKeyIdentifier, +}; use crate::{RustyX509CheckError, RustyX509CheckResult, revocation::cache::RevocationCache}; -use crl_store::CrlStore; mod cache; mod crl_info; diff --git a/x509-check/src/revocation/cache.rs b/x509-check/src/revocation/cache.rs index f4b36f7d..7cb4e16d 100644 --- a/x509-check/src/revocation/cache.rs +++ b/x509-check/src/revocation/cache.rs @@ -1,11 +1,9 @@ -use certval::PDVCertificate; -use certval::PathValidationStatus; -use certval::RevocationStatusCache; -use certval::buffer_to_hex; -use certval::name_to_string; -use std::collections::BTreeMap; -use std::sync::Arc; -use std::sync::Mutex; +use std::{ + collections::BTreeMap, + sync::{Arc, Mutex}, +}; + +use certval::{PDVCertificate, PathValidationStatus, RevocationStatusCache, buffer_to_hex, name_to_string}; #[derive(Clone, Copy, Debug)] struct StatusAndTime { diff --git a/x509-check/src/revocation/crl_info.rs b/x509-check/src/revocation/crl_info.rs index 45937cea..05fafaca 100644 --- a/x509-check/src/revocation/crl_info.rs +++ b/x509-check/src/revocation/crl_info.rs @@ -1,5 +1,7 @@ use certval::{CrlAuthority, CrlCoverage, CrlReasons, CrlScope, CrlType, name_to_string}; - +use const_oid::db::rfc5912::{ + ID_CE_AUTHORITY_KEY_IDENTIFIER, ID_CE_DELTA_CRL_INDICATOR, ID_CE_ISSUING_DISTRIBUTION_POINT, +}; use x509_cert::{ crl::CertificateList, der::{Decode, Encode}, @@ -9,10 +11,6 @@ use x509_cert::{ }, }; -use const_oid::db::rfc5912::{ - ID_CE_AUTHORITY_KEY_IDENTIFIER, ID_CE_DELTA_CRL_INDICATOR, ID_CE_ISSUING_DISTRIBUTION_POINT, -}; - use crate::RustyX509CheckError; flagset::flags! { diff --git a/x509-check/src/revocation/crl_store.rs b/x509-check/src/revocation/crl_store.rs index abcbf9ef..f355c16a 100644 --- a/x509-check/src/revocation/crl_store.rs +++ b/x509-check/src/revocation/crl_store.rs @@ -1,3 +1,12 @@ +use std::{ + collections::BTreeMap, + sync::{Arc, Mutex, MutexGuard}, +}; + +use certval::{CrlScope, CrlSource, ExtensionProcessing, PDVCertificate, PDVExtension, name_to_string}; +use const_oid::db::rfc5912::ID_CE_AUTHORITY_KEY_IDENTIFIER; +use x509_cert::{crl::CertificateList, der::Encode}; + use crate::{ RustyX509CheckError, RustyX509CheckResult, revocation::{ @@ -5,14 +14,6 @@ use crate::{ misc::{check_crl_valid_at_toi, get_dp_from_crl, get_dps_from_cert}, }, }; -use certval::{CrlScope, CrlSource, ExtensionProcessing, PDVCertificate, PDVExtension, name_to_string}; -use const_oid::db::rfc5912::ID_CE_AUTHORITY_KEY_IDENTIFIER; -use std::{ - collections::BTreeMap, - sync::{Arc, Mutex, MutexGuard}, -}; - -use x509_cert::{crl::CertificateList, der::Encode}; type IssuerMap = BTreeMap>; type SkidMap = BTreeMap, Vec>;