diff --git a/Cargo.lock b/Cargo.lock index 457def6..c18848f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -125,24 +125,6 @@ version = "2.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34efbcccd345379ca2868b2b2c9d3782e9cc58ba87bc7d79d5b53d9c9ae6f25d" -[[package]] -name = "block-buffer" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -dependencies = [ - "generic-array", -] - -[[package]] -name = "block-padding" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93" -dependencies = [ - "generic-array", -] - [[package]] name = "bumpalo" version = "3.19.0" @@ -155,15 +137,6 @@ version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d71b6127be86fdcfddb610f7182ac57211d4b18a3e9c82eb2d17662f2227ad6a" -[[package]] -name = "cbc" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" -dependencies = [ - "cipher", -] - [[package]] name = "cc" version = "1.2.34" @@ -200,16 +173,6 @@ dependencies = [ "windows-link", ] -[[package]] -name = "cipher" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" -dependencies = [ - "crypto-common", - "inout", -] - [[package]] name = "clap" version = "3.2.25" @@ -257,7 +220,6 @@ dependencies = [ "k8s-openapi", "lazy_static", "os_pipe", - "p12", "pem", "regex", "reqwest", @@ -272,7 +234,6 @@ dependencies = [ "tempdir", "tokio", "url", - "yasna", ] [[package]] @@ -314,15 +275,6 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" -[[package]] -name = "cpufeatures" -version = "0.2.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" -dependencies = [ - "libc", -] - [[package]] name = "crossterm" version = "0.26.1" @@ -348,16 +300,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "crypto-common" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" -dependencies = [ - "generic-array", - "typenum", -] - [[package]] name = "ctrlc" version = "3.4.7" @@ -430,26 +372,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "des" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffdd80ce8ce993de27e9f063a444a4d53ce8e8db4c1f00cc03af5ad5a9867a1e" -dependencies = [ - "cipher", -] - -[[package]] -name = "digest" -version = "0.10.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -dependencies = [ - "block-buffer", - "crypto-common", - "subtle", -] - [[package]] name = "dirs" version = "5.0.1" @@ -697,16 +619,6 @@ dependencies = [ "slab", ] -[[package]] -name = "generic-array" -version = "0.14.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", -] - [[package]] name = "getrandom" version = "0.2.16" @@ -845,15 +757,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "hmac" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" -dependencies = [ - "digest", -] - [[package]] name = "http" version = "0.2.12" @@ -1104,16 +1007,6 @@ dependencies = [ "serde", ] -[[package]] -name = "inout" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" -dependencies = [ - "block-padding", - "generic-array", -] - [[package]] name = "io-uring" version = "0.7.10" @@ -1456,23 +1349,6 @@ version = "6.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1" -[[package]] -name = "p12" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4873306de53fe82e7e484df31e1e947d61514b6ea2ed6cd7b45d63006fd9224" -dependencies = [ - "cbc", - "cipher", - "des", - "getrandom 0.2.16", - "hmac", - "lazy_static", - "rc2", - "sha1", - "yasna", -] - [[package]] name = "parking_lot" version = "0.12.4" @@ -1646,15 +1522,6 @@ dependencies = [ "getrandom 0.2.16", ] -[[package]] -name = "rc2" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62c64daa8e9438b84aaae55010a93f396f8e60e3911590fcba770d04643fc1dd" -dependencies = [ - "cipher", -] - [[package]] name = "rdrand" version = "0.4.0" @@ -2075,17 +1942,6 @@ dependencies = [ "unsafe-libyaml", ] -[[package]] -name = "sha1" -version = "0.10.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" -dependencies = [ - "cfg-if", - "cpufeatures", - "digest", -] - [[package]] name = "shared_child" version = "1.1.1" @@ -2225,12 +2081,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "subtle" -version = "2.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" - [[package]] name = "syn" version = "1.0.109" @@ -2512,12 +2362,6 @@ version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" -[[package]] -name = "typenum" -version = "1.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" - [[package]] name = "unicode-ident" version = "1.0.18" @@ -2577,12 +2421,6 @@ version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" -[[package]] -name = "version_check" -version = "0.9.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" - [[package]] name = "want" version = "0.3.1" @@ -3037,12 +2875,6 @@ version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea2f10b9bb0928dfb1b42b65e1f9e36f7f54dbdf08457afefb38afcdec4fa2bb" -[[package]] -name = "yasna" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd" - [[package]] name = "yoke" version = "0.8.0" diff --git a/Cargo.toml b/Cargo.toml index 8ce1ecc..151af46 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,7 +35,6 @@ humantime = "^2.1" k8s-openapi = { version = "0.14.0", features = ["v1_23"] } lazy_static = "^1.4" os_pipe = "^1.0" -p12 = "^0.6" pem = "^2.0" regex = "^1.3" rustls = { version = "0.21", features = ["dangerous_configuration"] } @@ -51,4 +50,3 @@ hickory-resolver = "0.24" tempdir = "^0.3" tokio = { version = "1", features = ["full"] } url = "^2.2" -yasna = "^0.5" diff --git a/src/config/kube.rs b/src/config/kube.rs index 0edc5e0..413f672 100644 --- a/src/config/kube.rs +++ b/src/config/kube.rs @@ -333,17 +333,12 @@ impl Config { k8suser = K8SUserAuth::with_exec_provider(provider.clone()); } UserAuth::KeyCertData(cert_data, key_data) => { - k8suser = K8SUserAuth::from_key_cert_data( - key_data.clone(), - cert_data.clone(), - &endpoint, - ); + k8suser = K8SUserAuth::from_key_cert_data(key_data.clone(), cert_data.clone()); } UserAuth::KeyCertPath(cert_path, key_path) => { let cert_full_path = get_full_path(cert_path.clone())?; let key_full_path = get_full_path(key_path.clone())?; - k8suser = - K8SUserAuth::from_key_cert(&key_full_path, &cert_full_path, &endpoint); + k8suser = K8SUserAuth::from_key_cert(&key_full_path, &cert_full_path); } }; } diff --git a/src/describe/legacy.rs b/src/describe/legacy.rs index b762b26..822a40f 100644 --- a/src/describe/legacy.rs +++ b/src/describe/legacy.rs @@ -49,7 +49,7 @@ pub enum DescItem<'a> { ObjectCreated, CustomFunc { path: Option<&'a str>, - func: &'a (dyn Fn(&Value) -> Cow), + func: &'a dyn Fn(&Value) -> Cow, default: &'a str, }, } diff --git a/src/k8s.rs b/src/k8s.rs index e87a973..5270f4f 100644 --- a/src/k8s.rs +++ b/src/k8s.rs @@ -20,8 +20,6 @@ use reqwest::blocking::Client; use reqwest::{Certificate, Identity, Url}; use serde::Deserialize; use std::net::{IpAddr, SocketAddr}; -use url::Host; -use yasna::models::ObjectIdentifier; use std::cell::RefCell; use std::fmt::Debug; @@ -80,105 +78,37 @@ impl UserAuth { Ok(UserAuth::UserPass(user, pass)) } - /// construct an identity from a key and cert. need the endpoint to deceide which kind of - /// identity to use since rustls wants something different from nativetls, and we use rustls for - /// dns name hosts and native for ip hosts - pub fn from_key_cert

(key: P, cert: P, endpoint: &Url) -> Result + /// construct an identity from a key and cert using PEM format + pub fn from_key_cert

(key: P, cert: P) -> Result where PathBuf: From

, { let key_buf = PathBuf::from(key); let cert_buf = PathBuf::from(cert); - let pkcs12 = Context::use_pkcs12(endpoint); - let id = get_id_from_paths(key_buf, cert_buf, pkcs12)?; + let id = get_id_from_paths(key_buf, cert_buf)?; Ok(UserAuth::Ident(id)) } /// same as above, but use already read data. The data should be base64 encoded pems - pub fn from_key_cert_data( - key: String, - cert: String, - endpoint: &Url, - ) -> Result { + pub fn from_key_cert_data(key: String, cert: String) -> Result { let key_decoded = STANDARD.decode(key)?; let cert_decoded = STANDARD.decode(cert)?; - let pkcs12 = Context::use_pkcs12(endpoint); - let id = get_id_from_data(key_decoded, cert_decoded, pkcs12)?; + let id = get_id_from_data(key_decoded, cert_decoded)?; Ok(UserAuth::Ident(id)) } } -// convert a pkcs1 der to pkcs8 format -fn pkcs1to8(pkcs1: &[u8]) -> Vec { - let oid = ObjectIdentifier::from_slice(&[1, 2, 840, 113_549, 1, 1, 1]); - yasna::construct_der(|writer| { - writer.write_sequence(|writer| { - writer.next().write_u32(0); - writer.next().write_sequence(|writer| { - writer.next().write_oid(&oid); - writer.next().write_null(); - }); - writer.next().write_bytes(pkcs1); - }) - }) -} - -// get the right kind of id -fn get_id_from_pkcs12(key: Vec, cert: Vec) -> Result { - let key_pem = pem::parse(key)?; - - let key_der = match key_pem.tag() { - "RSA PRIVATE KEY" => { - // pkcs#1 pem, need to convert to pkcs#8 - pkcs1to8(key_pem.contents()) - } - "PRIVATE KEY" => { - // pkcs#8 pem, use as is - key_pem.contents().to_vec() - } - _ => { - return Err(ClickError::ConfigFileError(format!( - "Unknown key type: {}", - key_pem.tag() - ))); - } - }; - - let cert_pem = pem::parse(cert)?; - - let pfx = p12::PFX::new(cert_pem.contents(), &key_der, None, "", "") - .ok_or_else(|| ClickError::ConfigFileError("Could not parse pkcs12 data".to_string()))?; - - let pkcs12der = pfx.to_der(); - - Identity::from_pkcs12_der(&pkcs12der, "").map_err(|e| e.into()) -} - -fn get_id_from_paths(key: PathBuf, cert: PathBuf, pkcs12: bool) -> Result { +fn get_id_from_paths(key: PathBuf, cert: PathBuf) -> Result { let mut key_buf = Vec::new(); File::open(key)?.read_to_end(&mut key_buf)?; - if pkcs12 { - let mut cert_buf = Vec::new(); - File::open(cert)?.read_to_end(&mut cert_buf)?; - get_id_from_pkcs12(key_buf, cert_buf) - } else { - // for from_pem key and cert are in same buffer - File::open(cert)?.read_to_end(&mut key_buf)?; - Identity::from_pem(&key_buf).map_err(|e| e.into()) - } + // for from_pem key and cert are in same buffer + File::open(cert)?.read_to_end(&mut key_buf)?; + Identity::from_pem(&key_buf).map_err(|e| e.into()) } -fn get_id_from_data( - mut key: Vec, - mut cert: Vec, - pkcs12: bool, -) -> Result { - if pkcs12 { - get_id_from_pkcs12(key, cert) - } else { - key.append(&mut cert); - Identity::from_pem(&key).map_err(|e| e.into()) - } +fn get_id_from_data(mut key: Vec, mut cert: Vec) -> Result { + key.append(&mut cert); + Identity::from_pem(&key).map_err(|e| e.into()) } pub struct Context { @@ -209,7 +139,6 @@ impl Context { tls_server_name: Option, ) -> Context { let (client, client_auth) = Context::get_client( - &endpoint, root_cas.clone(), auth.clone(), None, @@ -222,7 +151,6 @@ impl Context { // https://github.com/seanmonstar/reqwest/issues/1380 // is resolved let (log_client, _) = Context::get_client( - &endpoint, root_cas.clone(), auth, None, @@ -251,7 +179,6 @@ impl Context { #[allow(clippy::too_many_arguments)] fn get_client( - endpoint: &Url, root_cas: Option>, auth: Option, id: Option, @@ -260,11 +187,7 @@ impl Context { server_url: &str, tls_server_name: &Option, ) -> (Client, Option) { - let host = endpoint.host().unwrap(); - let mut client = match host { - Host::Domain(_) => Client::builder().use_rustls_tls(), - _ => Client::builder().use_native_tls(), - }; + let mut client = Client::builder().use_rustls_tls(); // Create custom DNS mapping if we have a TLS server name if let Some(tls_name) = tls_server_name { @@ -304,11 +227,6 @@ impl Context { ) } - fn use_pkcs12(endpoint: &Url) -> bool { - let host = endpoint.host().unwrap(); - !matches!(host, Host::Domain(_)) - } - fn handle_exec_provider(&self, exec_provider: &ExecProvider) -> Option { let (auth, was_expired) = exec_provider.get_auth(); match auth { @@ -319,12 +237,9 @@ impl Context { .. } => { if was_expired { - let pkcs12 = Context::use_pkcs12(&self.endpoint); let id = - get_id_from_data(key_data.into_bytes(), cert_data.into_bytes(), pkcs12) - .unwrap(); // TODO: Handle error + get_id_from_data(key_data.into_bytes(), cert_data.into_bytes()).unwrap(); // TODO: Handle error let (new_client, new_auth) = Context::get_client( - &self.endpoint, self.root_cas.clone(), self.auth.clone().take(), Some(id.clone()), @@ -334,7 +249,6 @@ impl Context { &self.tls_server_name, ); let (new_log_client, _) = Context::get_client( - &self.endpoint, self.root_cas.clone(), self.auth.clone().take(), Some(id), diff --git a/src/main.rs b/src/main.rs index 2df2d85..7124961 100644 --- a/src/main.rs +++ b/src/main.rs @@ -51,7 +51,6 @@ extern crate bytes; extern crate k8s_openapi; extern crate reqwest; extern crate url; -extern crate yasna; #[macro_use] mod command;