chore: be consistent with core crypto

.github/workflows/rust.yml

@@ -25,6 +25,7 @@ jobs:
       - uses: actions/checkout@v5
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
+          toolchain: 'stable'
           rustflags: '-D warnings -W unreachable-pub'
       - run: RUSTDOCFLAGS="-D warnings" cargo doc --all --no-deps
 
@@ -61,6 +62,7 @@ jobs:
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           rustflags: ''
+          toolchain: 'stable'
       - run: cargo build --locked
 
   test:
@@ -70,6 +72,7 @@ jobs:
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           rustflags: ''
+          toolchain: 'stable'
       - uses: taiki-e/install-action@nextest
       - name: "Test rusty-jwt-tools"
         run: sh run-tests.sh
@@ -89,6 +92,7 @@ jobs:
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           rustflags: ''
+          toolchain: 'stable'
       - uses: davidB/rust-cargo-make@v1
       - name: "Run Haskell test"
         run: cd ffi && cargo make hs-test
@@ -103,6 +107,7 @@ jobs:
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           rustflags: ''
+          toolchain: 'stable'
       - name: Install wasm-pack
         run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
       - name: WASM build
@@ -118,6 +123,7 @@ jobs:
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           rustflags: ''
+          toolchain: 'stable'
       - name: Install wasm-pack
         run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
       - name: Run tests (wasm)
@@ -130,6 +136,7 @@ jobs:
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           rustflags: ''
+          toolchain: 'stable'
       - uses: taiki-e/install-action@cargo-hack
       - name: cargo/hack (verify features compile in isolation)
         run: cargo hack check --each-feature --no-dev-deps

.rustfmt.toml

@@ -1,9 +1,8 @@
-# version = "Two"
 use_try_shorthand = true
 use_field_init_shorthand = true
 max_width = 120
 newline_style = "Unix"
 merge_derives = true
-# condense_wildcard_suffixes = true
-edition = "2021"
-# imports_granularity = "Crate"
+condense_wildcard_suffixes = true
+imports_granularity = "Crate"
+group_imports = "StdExternalCrate"

acme/Cargo.toml

@@ -6,6 +6,7 @@ edition = "2024"
 repository = "https://github.com/wireapp/rusty-jwt-tools"
 license = "MPL-2.0"
 publish = false
+rust-version = "1.90"
 
 [lib]
 crate-type = ["cdylib", "rlib"]

acme/src/account.rs

@@ -1,6 +1,7 @@
-use crate::prelude::*;
 use rusty_jwt_tools::prelude::*;
 
+use crate::prelude::*;
+
 impl RustyAcme {
     /// 5. Create a new acme account
     ///    see [RFC 8555 Section 7.3](https://www.rfc-editor.org/rfc/rfc8555.html#section-7.3)
@@ -143,10 +144,11 @@ pub enum AcmeAccountStatus {
 
 #[cfg(test)]
 pub mod tests {
-    use super::*;
     use serde_json::json;
     use wasm_bindgen_test::*;
 
+    use super::*;
+
     wasm_bindgen_test_configure!(run_in_browser);
 
     mod json {

acme/src/authz.rs

@@ -1,9 +1,7 @@
 use base64::Engine;
-
 use rusty_jwt_tools::prelude::*;
 
-use crate::chall::AcmeChallengeType;
-use crate::prelude::*;
+use crate::{chall::AcmeChallengeType, prelude::*};
 
 impl RustyAcme {
     /// create authorizations

acme/src/certificate.rs

@@ -1,8 +1,8 @@
-use crate::{error::CertificateError, identifier::CanonicalIdentifier, prelude::*};
 use rusty_jwt_tools::prelude::*;
 use rusty_x509_check::revocation::{PkiEnvironment, PkiEnvironmentParams};
-use x509_cert::Certificate;
-use x509_cert::anchor::TrustAnchorChoice;
+use x509_cert::{Certificate, anchor::TrustAnchorChoice};
+
+use crate::{error::CertificateError, identifier::CanonicalIdentifier, prelude::*};
 
 impl RustyAcme {
     /// For fetching the generated certificate

acme/src/directory.rs

@@ -27,9 +27,10 @@ pub struct AcmeDirectory {
 
 #[cfg(test)]
 pub mod tests {
-    use super::*;
     use wasm_bindgen_test::*;
 
+    use super::*;
+
     wasm_bindgen_test_configure!(run_in_browser);
 
     #[test]

acme/src/finalize.rs

@@ -1,11 +1,10 @@
 use base64::Engine;
 use jwt_simple::prelude::*;
-use x509_cert::der::Encode;
-
 use rusty_jwt_tools::prelude::*;
+use x509_cert::der::Encode;
 
-use crate::identifier::CanonicalIdentifier;
 use crate::{
+    identifier::CanonicalIdentifier,
     order::{AcmeOrderError, AcmeOrderStatus},
     prelude::*,
 };

acme/src/identifier.rs

@@ -1,6 +1,7 @@
-use crate::prelude::*;
 use rusty_jwt_tools::prelude::*;
 
+use crate::prelude::*;
+
 /// Represent an identifier in an ACME Order
 #[derive(Debug, Clone, Eq, PartialEq, Hash, serde::Serialize, serde::Deserialize)]
 #[serde(tag = "type", content = "value", rename_all = "kebab-case")]

acme/src/identity/mod.rs

@@ -1,11 +1,8 @@
-use x509_cert::der::Decode as _;
-
 use rusty_jwt_tools::prelude::*;
-use rusty_x509_check::IdentityStatus;
-use rusty_x509_check::revocation::PkiEnvironment;
+use rusty_x509_check::{IdentityStatus, revocation::PkiEnvironment};
+use x509_cert::der::Decode as _;
 
-use crate::error::CertificateError;
-use crate::prelude::*;
+use crate::{error::CertificateError, prelude::*};
 
 pub(crate) mod thumbprint;
 

acme/src/identity/thumbprint.rs

@@ -1,16 +1,15 @@
-use crate::{
-    error::CertificateError,
-    prelude::{RustyAcmeError, RustyAcmeResult},
-};
-
 use jwt_simple::prelude::*;
 use rusty_jwt_tools::{
     jwk::TryIntoJwk,
     prelude::{HashAlgorithm, JwkThumbprint, JwsAlgorithm},
 };
-
 use x509_cert::spki::SubjectPublicKeyInfoOwned;
 
+use crate::{
+    error::CertificateError,
+    prelude::{RustyAcmeError, RustyAcmeResult},
+};
+
 /// Used to compute the MLS thumbprint of a Basic Credential
 pub fn compute_raw_key_thumbprint(
     sign_alg: JwsAlgorithm,

acme/src/jws.rs

@@ -1,7 +1,8 @@
-use crate::prelude::*;
 use jwt_simple::prelude::*;
 use rusty_jwt_tools::prelude::*;
 
+use crate::prelude::*;
+
 #[derive(Debug, serde::Serialize, serde::Deserialize)]
 #[cfg_attr(test, derive(Clone))]
 #[serde(rename_all = "camelCase")]

acme/src/lib.rs

@@ -12,22 +12,20 @@ mod order;
 
 /// Prelude
 pub mod prelude {
-    pub use super::RustyAcme;
-    use super::*;
     pub use account::AcmeAccount;
     pub use authz::AcmeAuthz;
     pub use chall::{AcmeChallError, AcmeChallenge, AcmeChallengeType};
+    pub use directory::AcmeDirectory;
     pub use error::{RustyAcmeError, RustyAcmeResult};
     pub use finalize::AcmeFinalize;
     pub use identifier::{AcmeIdentifier, WireIdentifier};
-    pub use identity::{WireIdentity, WireIdentityReader};
+    pub use identity::{WireIdentity, WireIdentityReader, thumbprint::compute_raw_key_thumbprint};
     pub use jws::AcmeJws;
     pub use order::AcmeOrder;
     pub use rusty_x509_check as x509;
 
-    pub use identity::thumbprint::compute_raw_key_thumbprint;
-
-    pub use directory::AcmeDirectory;
+    pub use super::RustyAcme;
+    use super::*;
 }
 
 pub struct RustyAcme;

acme/src/order.rs

@@ -1,8 +1,8 @@
-use crate::identifier::CanonicalIdentifier;
-use rusty_jwt_tools::prelude::*;
 use std::collections::HashSet;
 
-use crate::prelude::*;
+use rusty_jwt_tools::prelude::*;
+
+use crate::{identifier::CanonicalIdentifier, prelude::*};
 
 // Order creation
 impl RustyAcme {

e2e-identity/Cargo.toml

@@ -6,6 +6,7 @@ edition = "2024"
 repository = "https://github.com/wireapp/rusty-jwt-tools"
 license = "MPL-2.0"
 publish = false
+rust-version = "1.90"
 
 [lib]
 crate-type = ["cdylib", "rlib"]

e2e-identity/src/lib.rs

@@ -1,36 +1,37 @@
-use jwt_simple::prelude::{ES256KeyPair, ES384KeyPair, ES512KeyPair, Ed25519KeyPair, Jwk};
-use zeroize::Zeroize;
-
-use crate::prelude::x509::revocation::PkiEnvironment;
 use error::*;
+use jwt_simple::prelude::{ES256KeyPair, ES384KeyPair, ES512KeyPair, Ed25519KeyPair, Jwk};
 use prelude::*;
 use rusty_acme::prelude::{AcmeChallenge, AcmeIdentifier};
 use rusty_jwt_tools::{
     jwk::TryIntoJwk,
     jwk_thumbprint::JwkThumbprint,
     prelude::{ClientId, Dpop, Handle, Htm, Pem, RustyJwtTools},
 };
+use zeroize::Zeroize;
+
+use crate::prelude::x509::revocation::PkiEnvironment;
 
 mod error;
 mod types;
 
 pub mod prelude {
-    pub use rusty_acme::prelude::x509;
     pub use rusty_acme::prelude::{
-        AcmeDirectory, RustyAcme, RustyAcmeError, WireIdentity, WireIdentityReader, compute_raw_key_thumbprint,
+        AcmeDirectory, RustyAcme, RustyAcmeError, WireIdentity, WireIdentityReader, compute_raw_key_thumbprint, x509,
         x509::IdentityStatus,
     };
+    #[cfg(feature = "builder")]
+    pub use rusty_jwt_tools::prelude::generate_jwk;
     pub use rusty_jwt_tools::prelude::{
         ClientId as E2eiClientId, Handle, HashAlgorithm, JwsAlgorithm, RustyJwtError, parse_json_jwk,
     };
 
-    #[cfg(feature = "builder")]
-    pub use rusty_jwt_tools::prelude::generate_jwk;
-
-    pub use super::RustyE2eIdentity;
-    pub use super::error::{E2eIdentityError, E2eIdentityResult};
-    pub use super::types::{
-        E2eiAcmeAccount, E2eiAcmeAuthorization, E2eiAcmeChallenge, E2eiAcmeFinalize, E2eiAcmeOrder, E2eiNewAcmeOrder,
+    pub use super::{
+        RustyE2eIdentity,
+        error::{E2eIdentityError, E2eIdentityResult},
+        types::{
+            E2eiAcmeAccount, E2eiAcmeAuthorization, E2eiAcmeChallenge, E2eiAcmeFinalize, E2eiAcmeOrder,
+            E2eiNewAcmeOrder,
+        },
     };
 }
 

e2e-identity/src/types.rs

@@ -1,8 +1,7 @@
 use rusty_acme::prelude::AcmeChallenge;
 
-use crate::prelude::{E2eIdentityError, E2eIdentityResult};
-
 use super::Json;
+use crate::prelude::{E2eIdentityError, E2eIdentityResult};
 
 #[derive(
     Debug, Clone, derive_more::From, derive_more::Into, derive_more::Deref, serde::Serialize, serde::Deserialize,

e2e-identity/tests/api.rs

@@ -1,9 +1,8 @@
 use jwt_simple::prelude::*;
-use serde_json::json;
-use wasm_bindgen_test::*;
-
 use rusty_jwt_tools::prelude::*;
+use serde_json::json;
 use utils::keys::enrollments;
+use wasm_bindgen_test::*;
 use wire_e2e_identity::prelude::E2eiAcmeAuthorization;
 
 wasm_bindgen_test_configure!(run_in_browser);

e2e-identity/tests/e2e.rs

@@ -6,7 +6,6 @@
 
 use jwt_simple::prelude::*;
 use rstest::rstest;
-
 use rusty_acme::prelude::*;
 use rusty_jwt_tools::prelude::*;
 use utils::{
@@ -174,13 +173,15 @@ mod alg {
 
 /// Since the acme server is a fork, verify its invariants are respected
 mod acme_server {
-    use super::*;
-    use rusty_acme::prelude::x509::RustyX509CheckError;
-    use rusty_acme::prelude::x509::reexports::certval;
-    use rusty_acme::prelude::x509::reexports::certval::PathValidationStatus;
-    use rusty_acme::prelude::x509::revocation::{PkiEnvironment, PkiEnvironmentParams};
+    use rusty_acme::prelude::x509::{
+        RustyX509CheckError,
+        reexports::{certval, certval::PathValidationStatus},
+        revocation::{PkiEnvironment, PkiEnvironmentParams},
+    };
     use x509_cert::der::Decode;
 
+    use super::*;
+
     #[rstest]
     #[tokio::test]
     /// Acme server has been man-in-middle:ed and returns untrusted certificates

e2e-identity/tests/utils/cfg.rs

@@ -3,10 +3,9 @@ use std::{collections::HashMap, net::SocketAddr};
 use jwt_simple::prelude::*;
 use oauth2::RefreshToken;
 use rand::random;
-use scraper::Html;
-
 use rusty_acme::prelude::{AcmeAccount, AcmeAuthz, AcmeChallenge, AcmeDirectory, AcmeFinalize, AcmeOrder};
 use rusty_jwt_tools::{jwk::TryIntoJwk, prelude::*};
+use scraper::Html;
 
 use crate::utils::{
     TestResult,

e2e-identity/tests/utils/ctx.rs

@@ -1,9 +1,9 @@
 //! Test helper for sharing data between the resource server (wire-server) and the client which
 //! is responsible for displaying them.
 
-use std::net::SocketAddr;
 use std::{
     collections::{HashMap, hash_map::RandomState},
+    net::SocketAddr,
     str::FromStr,
 };
 

e2e-identity/tests/utils/display.rs

@@ -3,7 +3,6 @@ use std::{path::PathBuf, process::Command};
 use base64::Engine;
 use itertools::Itertools;
 use jwt_simple::prelude::*;
-
 use rusty_jwt_tools::prelude::*;
 
 use crate::utils::rand_base64_str;