Merge pull request #9099 from habitat-sh/dependabot/cargo/rustls-webp…

…ki-0.102.0 Bump rustls-webpki from 0.101.7 to 0.102.0
habitat-sh · Dec 11, 2023 · 8fb6d59 · 8fb6d59
2 parents accf3b5 + d9054c5
commit 8fb6d59
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 25 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/components/core/src/tls/ctl_gateway.rs b/components/core/src/tls/ctl_gateway.rs
@@ -20,7 +20,7 @@ use std::{fs::{self,
           path::{Path,
                  PathBuf}};
 use thiserror::Error;
-use webpki::DnsNameRef;
+use webpki::types::DnsName;
 
 const NAME_PREFIX: &str = "ctl-gateway";
 const CRT_EXTENSION: &str = "crt.pem";
@@ -38,11 +38,11 @@ pub enum Error {
     CertificateWrite(#[from] IoError),
 }
 
-pub fn generate_self_signed_certificate_and_key(subject_alternate_name: DnsNameRef,
+pub fn generate_self_signed_certificate_and_key(subject_alternate_name: &DnsName,
                                                 path: impl AsRef<Path>)
                                                 -> Result<(), Error> {
     let mut params =
-        CertificateParams::new(vec![Into::<&str>::into(subject_alternate_name).to_string(),
+        CertificateParams::new(vec![Into::<&str>::into(subject_alternate_name.as_ref()).to_string(),
                                     "localhost".to_string(),]);
     let mut distinguished_name = DistinguishedName::new();
     distinguished_name.push(DnType::OrganizationName,
@@ -99,16 +99,18 @@ pub fn latest_root_certificate_store(path: impl AsRef<Path>) -> Result<RootCertS
 #[cfg(test)]
 mod tests {
     use super::*;
-    use std::{fs,
+    use std::{convert::TryFrom,
+              fs,
               time::Duration};
     use tempfile::TempDir;
-    use webpki::DnsNameRef;
+    use webpki::types::DnsName;
 
     #[test]
     fn ctl_gateway_generate_and_read_tls_files() {
         let tmpdir = TempDir::new().unwrap();
 
-        generate_self_signed_certificate_and_key(DnsNameRef::try_from_ascii_str("a_test_domain").unwrap(), &tmpdir).unwrap();
+        generate_self_signed_certificate_and_key(&DnsName::try_from("a_test_domain").unwrap(),
+                                                 &tmpdir).unwrap();
         assert_eq!(fs::read_dir(&tmpdir).unwrap().count(), 2);
         let first_path =
             get_last_path(&tmpdir, &format!("{}-*.{}", NAME_PREFIX, CRT_EXTENSION)).unwrap();
@@ -122,7 +124,8 @@ mod tests {
         // name.
         std::thread::sleep(Duration::from_secs(2));
 
-        generate_self_signed_certificate_and_key(DnsNameRef::try_from_ascii_str("another_domain").unwrap(), &tmpdir).unwrap();
+        generate_self_signed_certificate_and_key(&DnsName::try_from("another_domain").unwrap(),
+                                                 &tmpdir).unwrap();
         assert_eq!(fs::read_dir(&tmpdir).unwrap().count(), 4);
         let second_path =
             get_last_path(&tmpdir, &format!("{}-*.{}", NAME_PREFIX, CRT_EXTENSION)).unwrap();

diff --git a/components/hab/src/cli/hab/util.rs b/components/hab/src/cli/hab/util.rs
@@ -33,8 +33,7 @@ use structopt::{clap::AppSettings,
                 StructOpt};
 use url::{ParseError,
           Url};
-use webpki::{DnsName,
-             DnsNameRef};
+use webpki::types::DnsName;
 
 #[derive(ConfigOpt, StructOpt)]
 #[configopt(derive(Serialize))]
@@ -322,18 +321,12 @@ pub struct ExternalCommandArgsWithHelpAndVersion {
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
 #[serde(try_from = "String", into = "String")]
-pub struct SubjectAlternativeName(DnsName);
+pub struct SubjectAlternativeName(String);
 
 impl FromStr for SubjectAlternativeName {
     type Err = Error;
 
-    fn from_str(s: &str) -> Result<Self, Self::Err> {
-        Ok(SubjectAlternativeName(
-            DnsNameRef::try_from_ascii_str(s)
-                .map_err(|_| Error::InvalidDnsName(s.to_string()))?
-                .to_owned(),
-        ))
-    }
+    fn from_str(s: &str) -> Result<Self, Self::Err> { Ok(SubjectAlternativeName(s.to_string())) }
 }
 
 impl std::fmt::Display for SubjectAlternativeName {
@@ -343,7 +336,9 @@ impl std::fmt::Display for SubjectAlternativeName {
 }
 
 impl SubjectAlternativeName {
-    pub fn inner(&self) -> DnsNameRef { self.0.as_ref() }
+    pub fn dns_name(&self) -> Result<DnsName, Error> {
+        DnsName::try_from(self.0.to_owned()).map_err(|_| Error::InvalidDnsName(self.0.to_owned()))
+    }
 }
 
 habitat_core::impl_try_from_string_and_into_string!(SubjectAlternativeName);
diff --git a/components/hab/src/main.rs b/components/hab/src/main.rs
@@ -104,7 +104,7 @@ use hab::cli::hab::sup::{HabSup,
 #[cfg(not(target_os = "macos"))]
 use habitat_core::tls::ctl_gateway as ctl_gateway_tls;
 #[cfg(not(target_os = "macos"))]
-use webpki::DnsNameRef;
+use webpki::types::DnsName;
 
 /// Makes the --org CLI param optional when this env var is set
 const HABITAT_ORG_ENVVAR: &str = "HAB_ORG";
@@ -245,7 +245,7 @@ async fn start(ui: &mut UI, feature_flags: FeatureFlag) -> Result<()> {
                                 Secret::Generate => return sub_sup_secret_generate(),
                                 Secret::GenerateTls { subject_alternative_name,
                                                       path, } => {
-                                    return sub_sup_secret_generate_key(subject_alternative_name.inner(),
+                                    return sub_sup_secret_generate_key(&subject_alternative_name.dns_name()?,
                                                                        path)
                                 }
                             }
@@ -1662,7 +1662,7 @@ fn sub_sup_secret_generate() -> Result<()> {
 }
 
 #[cfg(not(target_os = "macos"))]
-fn sub_sup_secret_generate_key(subject_alternative_name: DnsNameRef, path: PathBuf) -> Result<()> {
+fn sub_sup_secret_generate_key(subject_alternative_name: &DnsName, path: PathBuf) -> Result<()> {
     Ok(ctl_gateway_tls::generate_self_signed_certificate_and_key(subject_alternative_name, path)
         .map_err(habitat_core::Error::from)?)
 }