Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ce6b972

Browse files
brocaarbrocaar
committed
Update rcgen dependency.
1 parent 4e53972 commit ce6b972

File tree

3 files changed

+39
-103
lines changed

3 files changed

+39
-103
lines changed

Cargo.lock

Lines changed: 18 additions & 69 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

chirpstack/Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,7 @@
125125
x509-parser = "0.17"
126126
rsa = "0.9"
127127
sec1 = { version = "0.7", features = ["alloc", "pem", "pkcs8"] }
128-
rcgen = { version = "0.13", features = ["x509-parser"] }
128+
rcgen = { version = "0.14", features = ["x509-parser"] }
129129
oauth2 = "5.0.0"
130130
openidconnect = { version = "4.0", features = ["accept-rfc3339-timestamps"] }
131131

chirpstack/src/certificate.rs

Lines changed: 20 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ use std::time::SystemTime;
22

33
use anyhow::{Context, Result};
44
use rcgen::{
5-
Certificate, CertificateParams, DnType, ExtendedKeyUsagePurpose, KeyPair, KeyUsagePurpose,
6-
SignatureAlgorithm,
5+
Certificate, CertificateParams, DnType, ExtendedKeyUsagePurpose, Issuer, KeyPair,
6+
KeyUsagePurpose, SignatureAlgorithm,
77
};
88
use tokio::fs;
99
use uuid::Uuid;
@@ -16,8 +16,7 @@ fn gen_client_cert(
1616
id: &str,
1717
not_before: SystemTime,
1818
not_after: SystemTime,
19-
issuer: &Certificate,
20-
issuer_key: &KeyPair,
19+
issuer: &Issuer<'static, KeyPair>,
2120
) -> Result<(Certificate, KeyPair)> {
2221
let mut params = CertificateParams::new(vec![id.to_string()])?;
2322
params
@@ -32,10 +31,13 @@ fn gen_client_cert(
3231
.push(ExtendedKeyUsagePurpose::ClientAuth);
3332

3433
let kp = KeyPair::generate()?;
35-
Ok((params.signed_by(&kp, issuer, issuer_key)?, kp))
34+
Ok((params.signed_by(&kp, issuer)?, kp))
3635
}
3736

38-
async fn get_ca_cert(ca_cert_file: &str, ca_key_file: &str) -> Result<(Certificate, KeyPair)> {
37+
async fn get_ca_cert(
38+
ca_cert_file: &str,
39+
ca_key_file: &str,
40+
) -> Result<(String, Issuer<'static, KeyPair>)> {
3941
let ca_cert_s = fs::read_to_string(ca_cert_file)
4042
.await
4143
.context("Read gateway ca_cert")?;
@@ -47,44 +49,35 @@ async fn get_ca_cert(ca_cert_file: &str, ca_key_file: &str) -> Result<(Certifica
4749

4850
let ca_key =
4951
KeyPair::from_pem_and_sign_algo(&ca_key_s, ca_key_algo).context("Parse gateway CA key")?;
50-
let params =
51-
CertificateParams::from_ca_cert_pem(&ca_cert_s).context("Parse gateway CA certificate")?;
5252

53-
Ok((params.self_signed(&ca_key)?, ca_key))
53+
Ok((
54+
ca_cert_s.clone(),
55+
Issuer::from_ca_cert_pem(&ca_cert_s, ca_key)?,
56+
))
5457
}
5558

5659
// This returns the CA, certificate and private-key as PEM encoded strings.
5760
pub async fn client_cert_for_gateway_id(
5861
gateway_id: &EUI64,
5962
) -> Result<(SystemTime, String, String, String)> {
6063
let conf = config::get();
61-
let (ca_cert, ca_key) = get_ca_cert(&conf.gateway.ca_cert, &conf.gateway.ca_key)
64+
let (ca_cert, ca_issuer) = get_ca_cert(&conf.gateway.ca_cert, &conf.gateway.ca_key)
6265
.await
6366
.context("Get CA cert")?;
6467
let not_before = SystemTime::now();
6568
let not_after = SystemTime::now() + conf.gateway.client_cert_lifetime;
66-
let (gw_cert, gw_key) = gen_client_cert(
67-
&gateway_id.to_string(),
68-
not_before,
69-
not_after,
70-
&ca_cert,
71-
&ca_key,
72-
)
73-
.context("Generate client certificate")?;
69+
let (gw_cert, gw_key) =
70+
gen_client_cert(&gateway_id.to_string(), not_before, not_after, &ca_issuer)
71+
.context("Generate client certificate")?;
7472

75-
Ok((
76-
not_after,
77-
ca_cert.pem(),
78-
gw_cert.pem(),
79-
gw_key.serialize_pem(),
80-
))
73+
Ok((not_after, ca_cert, gw_cert.pem(), gw_key.serialize_pem()))
8174
}
8275

8376
pub async fn client_cert_for_application_id(
8477
application_id: &Uuid,
8578
) -> Result<(SystemTime, String, String, String)> {
8679
let conf = config::get();
87-
let (ca_cert, ca_key) = get_ca_cert(
80+
let (ca_cert, ca_issuer) = get_ca_cert(
8881
&conf.integration.mqtt.client.ca_cert,
8982
&conf.integration.mqtt.client.ca_key,
9083
)
@@ -95,16 +88,10 @@ pub async fn client_cert_for_application_id(
9588
&application_id.to_string(),
9689
not_before,
9790
not_after,
98-
&ca_cert,
99-
&ca_key,
91+
&ca_issuer,
10092
)?;
10193

102-
Ok((
103-
not_after,
104-
ca_cert.pem(),
105-
app_cert.pem(),
106-
app_key.serialize_pem(),
107-
))
94+
Ok((not_after, ca_cert, app_cert.pem(), app_key.serialize_pem()))
10895
}
10996

11097
// we are using String here, because else we run into lifetime issues.

0 commit comments

Comments
 (0)