Apply crate upgrade and signer 'de-mut' changes that were made in suc…

…cessor PR #688 which is now redundant because those changes are now present in the 'dev' branch which this PR targets.
NLnetLabs · Nov 3, 2021 · 3e6c0cb · 3e6c0cb
1 parent dd705df
commit 3e6c0cb
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 36 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -24,7 +24,7 @@ build = "build.rs"
 backoff               = { version = "0.3.0", optional = true }
 base64                = "^0.13"
 basic-cookies         = { version = "^0.1", optional = true }
-bcder                 = "0.6.1-dev"
+bcder                 = "0.6.1"
 bytes                 = "1"
 chrono                = { version = "^0.4", features = ["serde"] }
 clap                  = "^2.33"
@@ -47,7 +47,7 @@ rand                  = "^0.8"
 regex                 = { version = "^1.4", optional = true, default_features = false, features = ["std"] }
 reqwest               = { version = "0.11", features = ["json"] }
 rpassword             = { version = "^5.0", optional = true }
-rpki                  = { version = "0.12.3", features = [ "repository", "rrdp", "serde" ] }
+rpki                  = { version = "0.13.0", features = [ "repository", "rrdp", "serde" ] }
 scrypt                = { version = "^0.6", optional = true, default-features = false }
 serde                 = { version = "^1.0", features = ["derive"] }
 serde_json            = "^1.0"
@@ -185,7 +185,3 @@ shadow-utils = "*"
 
 # END RPM PACKAGING
 # ------------------------------------------------------------------------------
-
-[patch.crates-io]
-bcder = { git = 'https://github.com/NLnetLabs/bcder' }
-rpki = { git = 'https://github.com/ximon18/rpki-rs', branch = '0.12.3-unsigned-from-slice' }
diff --git a/src/commons/api/ca.rs b/src/commons/api/ca.rs
@@ -2587,7 +2587,7 @@ mod test {
     #[test]
     fn mft_uri() {
         test::test_under_tmp(|d| {
-            let mut signer = OpenSslSigner::build(&d).unwrap();
+            let signer = OpenSslSigner::build(&d).unwrap();
             let key_id = signer.create_key(PublicKeyFormat::Rsa).unwrap();
             let pub_key = signer.get_key_info(&key_id).unwrap();
 

diff --git a/src/commons/crypto/signers/kmip/signer.rs b/src/commons/crypto/signers/kmip/signer.rs
@@ -11,7 +11,7 @@ impl Signer for KmipSigner {
     type KeyId = KeyIdentifier;
     type Error = SignerError;
 
-    fn create_key(&mut self, algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
+    fn create_key(&self, algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
         let (key, kmip_key_pair_ids) = self.build_key(algorithm)?;
         let key_id = key.key_identifier();
         self.remember_kmip_key_ids(&key_id, kmip_key_pair_ids)?;
@@ -24,7 +24,7 @@ impl Signer for KmipSigner {
             .map_err(|err| KeyError::Signer(err))
     }
 
-    fn destroy_key(&mut self, key_id: &Self::KeyId) -> Result<(), KeyError<Self::Error>> {
+    fn destroy_key(&self, key_id: &Self::KeyId) -> Result<(), KeyError<Self::Error>> {
         let kmip_key_pair_ids = self.lookup_kmip_key_ids(key_id)?;
         match self.destroy_key_pair(&kmip_key_pair_ids, KeyStatus::Active)? {
             true => Ok(()),

diff --git a/src/commons/crypto/signers/softsigner.rs b/src/commons/crypto/signers/softsigner.rs
@@ -100,7 +100,7 @@ impl Signer for OpenSslSigner {
     type KeyId = KeyIdentifier;
     type Error = SignerError;
 
-    fn create_key(&mut self, _algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
+    fn create_key(&self, _algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
         let kp = OpenSslKeyPair::build()?;
 
         let pk = &kp.subject_public_key_info()?;
@@ -122,7 +122,7 @@ impl Signer for OpenSslSigner {
         Ok(key_pair.subject_public_key_info()?)
     }
 
-    fn destroy_key(&mut self, key_id: &Self::KeyId) -> Result<(), KeyError<Self::Error>> {
+    fn destroy_key(&self, key_id: &Self::KeyId) -> Result<(), KeyError<Self::Error>> {
         let path = self.key_path(key_id);
         if path.exists() {
             fs::remove_file(&path).map_err(|e| {
@@ -228,7 +228,7 @@ pub mod tests {
     #[test]
     fn should_return_subject_public_key_info() {
         test::test_under_tmp(|d| {
-            let mut s = OpenSslSigner::build(&d).unwrap();
+            let s = OpenSslSigner::build(&d).unwrap();
             let ki = s.create_key(PublicKeyFormat::Rsa).unwrap();
             s.get_key_info(&ki).unwrap();
             s.destroy_key(&ki).unwrap();

diff --git a/src/commons/crypto/signing.rs b/src/commons/crypto/signing.rs
@@ -72,7 +72,7 @@ impl Signer for SignerProvider {
 
     type Error = SignerError;
 
-    fn create_key(&mut self, algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
+    fn create_key(&self, algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
         match self {
             SignerProvider::OpenSsl(signer) => signer.create_key(algorithm),
             #[cfg(feature = "hsm")]
@@ -88,7 +88,7 @@ impl Signer for SignerProvider {
         }
     }
 
-    fn destroy_key(&mut self, key: &Self::KeyId) -> Result<(), KeyError<Self::Error>> {
+    fn destroy_key(&self, key: &Self::KeyId) -> Result<(), KeyError<Self::Error>> {
         match self {
             SignerProvider::OpenSsl(signer) => signer.destroy_key(key),
             #[cfg(feature = "hsm")]
@@ -214,33 +214,19 @@ impl SignerRouter {
     }
 }
 
-// Variants of the `Signer` trait functions that take `&mut` arguments and so must be locked to use them, but for which
-// we don't want the caller to have to lock the entire `SignerRouter`, only the single `Signer` being used. Ideally the
-// `Signer` trait wouldn't use `&mut` at all and rather require the implementation to use the interior mutability
-// pattern with as much or as little locking internally at the finest level of granularity possible.
-impl SignerRouter {
-    fn create_key_minimally_locking(&self, algorithm: PublicKeyFormat) -> Result<KeyIdentifier, SignerError> {
-        self.general_signer.write().unwrap().create_key(algorithm)
-    }
-
-    fn destroy_key_minimally_locking(&self, key_id: &KeyIdentifier) -> Result<(), KeyError<SignerError>> {
-        self.general_signer.write().unwrap().destroy_key(key_id)
-    }
-}
-
 impl Signer for SignerRouter {
     type KeyId = KeyIdentifier;
     type Error = SignerError;
 
-    fn create_key(&mut self, algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
+    fn create_key(&self, algorithm: PublicKeyFormat) -> Result<Self::KeyId, Self::Error> {
         self.general_signer.write().unwrap().create_key(algorithm)
     }
 
     fn get_key_info(&self, key_id: &KeyIdentifier) -> Result<PublicKey, KeyError<Self::Error>> {
         self.general_signer.read().unwrap().get_key_info(key_id)
     }
 
-    fn destroy_key(&mut self, key_id: &KeyIdentifier) -> Result<(), KeyError<Self::Error>> {
+    fn destroy_key(&self, key_id: &KeyIdentifier) -> Result<(), KeyError<Self::Error>> {
         self.general_signer.write().unwrap().destroy_key(key_id)
     }
 
@@ -295,12 +281,12 @@ impl KrillSigner {
 
     pub fn create_key(&self) -> CryptoResult<KeyIdentifier> {
         self.router
-            .create_key_minimally_locking(PublicKeyFormat::Rsa)
+            .create_key(PublicKeyFormat::Rsa)
             .map_err(crypto::Error::signer)
     }
 
     pub fn destroy_key(&self, key_id: &KeyIdentifier) -> CryptoResult<()> {
-        self.router.destroy_key_minimally_locking(key_id).map_err(crypto::Error::key_error)
+        self.router.destroy_key(key_id).map_err(crypto::Error::key_error)
     }
 
     pub fn get_key_info(&self, key_id: &KeyIdentifier) -> CryptoResult<PublicKey> {