Initial commit

stackable-certs/Cargo.toml

@@ -26,6 +26,7 @@ kube = { version = "0.88.1", optional = true, default-features = false, features
   "rustls-tls",
 ] }
 tracing = "0.1.40"
+tokio = { version = "1.29.1", features = ["fs"] }
 tokio-rustls = { version = "0.25.0", optional = true }
 rand = "0.8.5"
 rand_core = "0.6.4"

stackable-certs/src/ca/mod.rs

@@ -88,34 +88,37 @@ where
 {
     type Error = CertificatePairError<S::Error>;
 
-    fn from_files(
+    async fn from_files(
         certificate_path: impl AsRef<Path>,
         private_key_path: impl AsRef<Path>,
     ) -> Result<Self, Self::Error> {
-        let certificate_pair = CertificatePair::from_files(certificate_path, private_key_path)?;
+        let certificate_pair =
+            CertificatePair::from_files(certificate_path, private_key_path).await?;
 
         Ok(Self {
             serial_numbers: HashSet::new(),
             certificate_pair,
         })
     }
 
-    fn to_certificate_file(
+    async fn to_certificate_file(
         &self,
         certificate_path: impl AsRef<Path>,
         line_ending: LineEnding,
     ) -> Result<(), Self::Error> {
         self.certificate_pair
             .to_certificate_file(certificate_path, line_ending)
+            .await
     }
 
-    fn to_private_key_file(
+    async fn to_private_key_file(
         &self,
         private_key_path: impl AsRef<Path>,
         line_ending: LineEnding,
     ) -> Result<(), Self::Error> {
         self.certificate_pair
             .to_private_key_file(private_key_path, line_ending)
+            .await
     }
 }
 
@@ -321,7 +324,7 @@ where
         self.generate_leaf_certificate(key, name, scope, validity)
     }
 
-    /// Generates an ECDSA-based leaf certificate which is signed by this CA.
+    /// Generates an ECDSAasync -based leaf certificate which is signed by this CA.
     ///
     /// See [`CertificateAuthority::generate_leaf_certificate`] for more
     /// information.
@@ -385,8 +388,8 @@ mod test {
 
     use super::*;
 
-    #[test]
-    fn test() {
+    #[tokio::test]
+    async fn test() {
         let mut ca = CertificateAuthority::new_rsa().unwrap();
         ca.generate_leaf_certificate(
             rsa::SigningKey::new(None).unwrap(),
@@ -396,6 +399,7 @@ mod test {
         )
         .unwrap()
         .to_certificate_file(PathBuf::certificate_path("tls"), LineEnding::default())
+        .await
         .unwrap();
     }
 }

stackable-certs/src/lib.rs

@@ -111,17 +111,23 @@ where
 {
     type Error = CertificatePairError<S::Error>;
 
-    fn from_files(
+    async fn from_files(
         certificate_path: impl AsRef<Path>,
         private_key_path: impl AsRef<Path>,
     ) -> Result<Self, Self::Error> {
-        let certificate_pem = std::fs::read(certificate_path).context(ReadFileSnafu)?;
+        let certificate_pem = tokio::fs::read(certificate_path)
+            .await
+            .context(ReadFileSnafu)?;
+
         let certificate =
             Certificate::from_pem(&certificate_pem).context(DeserializeCertificateSnafu {
                 key_encoding: KeyEncoding::Pem,
             })?;
 
-        let key_pair_pem = std::fs::read_to_string(private_key_path).context(ReadFileSnafu)?;
+        let key_pair_pem = tokio::fs::read_to_string(private_key_path)
+            .await
+            .context(ReadFileSnafu)?;
+
         let key_pair = S::from_pkcs8_pem(&key_pair_pem).context(DeserializePrivateKeySnafu {
             key_encoding: KeyEncoding::Pem,
         })?;
@@ -132,7 +138,7 @@ where
         })
     }
 
-    fn to_certificate_file(
+    async fn to_certificate_file(
         &self,
         certificate_path: impl AsRef<Path>,
         line_ending: LineEnding,
@@ -144,10 +150,12 @@ where
                 key_encoding: KeyEncoding::Pem,
             })?;
 
-        std::fs::write(certificate_path, pem).context(WriteFileSnafu)
+        tokio::fs::write(certificate_path, pem)
+            .await
+            .context(WriteFileSnafu)
     }
 
-    fn to_private_key_file(
+    async fn to_private_key_file(
         &self,
         private_key_path: impl AsRef<Path>,
         line_ending: LineEnding,
@@ -160,7 +168,9 @@ where
                 key_encoding: KeyEncoding::Pem,
             })?;
 
-        std::fs::write(private_key_path, pem).context(WriteFileSnafu)
+        tokio::fs::write(private_key_path, pem)
+            .await
+            .context(WriteFileSnafu)
     }
 }
 
@@ -222,13 +232,14 @@ where
 /// Provides utilities to work with certificate pairs which contain a public
 /// certificate (with a public key embedded in it) and the private key used to
 /// sign it. This trait is useful for CAs and self-signed certificates.
+#[allow(async_fn_in_trait)]
 pub trait CertificatePairExt: Sized {
     type Error: std::error::Error;
 
     /// Reads in a PEM-encoded certificate from `certificate_path` and private
     /// key file from `private_key_path` and finally constructs a CA from the
     /// contents.
-    fn from_files(
+    async fn from_files(
         certificate_path: impl AsRef<Path>,
         private_key_path: impl AsRef<Path>,
     ) -> Result<Self, Self::Error>;
@@ -239,7 +250,7 @@ pub trait CertificatePairExt: Sized {
     ///
     /// Use [`LineEnding::default()`] to always use the appropriate line ending
     /// depending on the operating system.
-    fn to_certificate_file(
+    async fn to_certificate_file(
         &self,
         certificate_path: impl AsRef<Path>,
         line_ending: LineEnding,
@@ -251,7 +262,7 @@ pub trait CertificatePairExt: Sized {
     ///
     /// Use [`LineEnding::default()`] to always use the appropriate line ending
     /// depending on the operating system.
-    fn to_private_key_file(
+    async fn to_private_key_file(
         &self,
         private_key_path: impl AsRef<Path>,
         line_ending: LineEnding,
@@ -265,14 +276,17 @@ pub trait CertificatePairExt: Sized {
     /// contants [`CERTIFICATE_FILE_EXT`] and [`PRIVATE_KEY_FILE_EXT`].
     /// Alternatively, the [`PathBufExt`] trait allows easy creation of correct
     /// paths.
-    fn to_files(
+    async fn to_files(
         &self,
         certificate_path: impl AsRef<Path>,
         private_key_path: impl AsRef<Path>,
         line_ending: LineEnding,
     ) -> Result<(), Self::Error> {
-        self.to_certificate_file(certificate_path, line_ending)?;
+        self.to_certificate_file(certificate_path, line_ending)
+            .await?;
+
         self.to_private_key_file(private_key_path, line_ending)
+            .await
     }
 }
 

stackable-webhook/src/lib.rs

@@ -149,6 +149,7 @@ impl WebhookServer {
         // Create server for TLS termination
         debug!("create TLS server");
         let tls_server = TlsServer::new(self.options.socket_addr, router, self.options.tls)
+            .await
             .context(CreateTlsServerSnafu)?;
 
         debug!("running TLS server");

stackable-webhook/src/tls.rs

@@ -44,7 +44,7 @@ pub struct TlsServer {
 
 impl TlsServer {
     #[instrument(name = "create_tls_server", skip(router))]
-    pub fn new(socket_addr: SocketAddr, router: Router, tls: TlsOption) -> Result<Self> {
+    pub async fn new(socket_addr: SocketAddr, router: Router, tls: TlsOption) -> Result<Self> {
         let config = match tls {
             TlsOption::AutoGenerate => {
                 // let mut config = ServerConfig::builder()
@@ -66,6 +66,7 @@ impl TlsServer {
                             certificate_path,
                             private_key_path,
                         )
+                        .await
                         .unwrap();
 
                         (
@@ -78,6 +79,7 @@ impl TlsServer {
                             certificate_path,
                             private_key_path,
                         )
+                        .await
                         .unwrap();
 
                         (