Reformat with rustfmt 0.6.1-stable (49279d71 2018-05-08)
This falls under #74. I didn't see anything particularly
egregious in the output.
diff --git a/src/client.rs b/src/client.rs
index e014b92..fe83d2c 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -50,16 +50,17 @@
use std::io::{Read, Write};
-use Result;
use crypto::{self, KeyId};
use error::Error;
use interchange::DataInterchange;
-use metadata::{MetadataVersion, RootMetadata, Role, MetadataPath, VirtualTargetPath,
- TargetDescription, TargetsMetadata, SnapshotMetadata, TargetPath};
+use metadata::{
+ MetadataPath, MetadataVersion, Role, RootMetadata, SnapshotMetadata, TargetDescription,
+ TargetPath, TargetsMetadata, VirtualTargetPath,
+};
use repository::Repository;
use tuf::Tuf;
use util::SafeReader;
-
+use Result;
/// Translates real paths (where a file is stored) into virtual paths (how it is addressed in TUF)
/// and back.
@@ -267,8 +268,7 @@
config.min_bytes_per_second,
None,
)?;
- let latest_version = D::deserialize::<RootMetadata>(latest_root.signed())?
- .version();
+ let latest_version = D::deserialize::<RootMetadata>(latest_root.signed())?.version();
if latest_version < tuf.root().version() {
return Err(Error::VerificationFailure(format!(
@@ -329,8 +329,7 @@
let snapshot_description = match tuf.timestamp() {
Some(ts) => Ok(ts.snapshot()),
None => Err(Error::MissingMetadata(Role::Timestamp)),
- }?
- .clone();
+ }?.clone();
if snapshot_description.version() <= tuf.snapshot().map(|s| s.version()).unwrap_or(0) {
return Ok(false);
@@ -361,19 +360,16 @@
U: PathTranslator,
{
let targets_description = match tuf.snapshot() {
- Some(sn) => {
- match sn.meta().get(&MetadataPath::from_role(&Role::Targets)) {
- Some(d) => Ok(d),
- None => Err(Error::VerificationFailure(
- "Snapshot metadata did not contain a description of the \
- current targets metadata."
- .into(),
- )),
- }
- }
+ Some(sn) => match sn.meta().get(&MetadataPath::from_role(&Role::Targets)) {
+ Some(d) => Ok(d),
+ None => Err(Error::VerificationFailure(
+ "Snapshot metadata did not contain a description of the \
+ current targets metadata."
+ .into(),
+ )),
+ },
None => Err(Error::MissingMetadata(Role::Snapshot)),
- }?
- .clone();
+ }?.clone();
if targets_description.version() <= tuf.targets().map(|t| t.version()).unwrap_or(0) {
return Ok(false);
@@ -452,17 +448,15 @@
// tuf in the loop below
let targets = match targets {
Some(t) => t.clone(),
- None => {
- match tuf.targets() {
- Some(t) => t.clone(),
- None => {
- return (
- default_terminate,
- Err(Error::MissingMetadata(Role::Targets)),
- )
- }
+ None => match tuf.targets() {
+ Some(t) => t.clone(),
+ None => {
+ return (
+ default_terminate,
+ Err(Error::MissingMetadata(Role::Targets)),
+ )
}
- }
+ },
};
if let Some(t) = targets.targets().get(target) {
@@ -536,13 +530,11 @@
&signed_meta,
) {
Ok(_) => (),
- Err(e) => {
- warn!(
- "Error storing metadata {:?} locally: {:?}",
- delegation.role(),
- e
- )
- }
+ Err(e) => warn!(
+ "Error storing metadata {:?} locally: {:?}",
+ delegation.role(),
+ e
+ ),
}
let meta = tuf.delegations().get(delegation.role()).unwrap().clone();
@@ -566,7 +558,6 @@
}
Err(_) if !delegation.terminating() => continue,
Err(e) => return (true, Err(e)),
-
};
}
@@ -764,7 +755,7 @@
use chrono::prelude::*;
use crypto::{PrivateKey, SignatureScheme};
use interchange::Json;
- use metadata::{RootMetadata, SignedMetadata, RoleDefinition, MetadataPath, MetadataVersion};
+ use metadata::{MetadataPath, MetadataVersion, RoleDefinition, RootMetadata, SignedMetadata};
use repository::EphemeralRepository;
lazy_static! {
@@ -777,8 +768,9 @@
include_bytes!("../tests/ed25519/ed25519-5.pk8.der"),
include_bytes!("../tests/ed25519/ed25519-6.pk8.der"),
];
- keys.iter().map(|b| PrivateKey::from_pkcs8(b, SignatureScheme::Ed25519)
- .unwrap()).collect()
+ keys.iter()
+ .map(|b| PrivateKey::from_pkcs8(b, SignatureScheme::Ed25519).unwrap())
+ .collect()
};
}
@@ -795,8 +787,8 @@
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
repo.store_metadata(
&MetadataPath::from_role(&Role::Root),
@@ -814,8 +806,8 @@
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
).unwrap();
- let mut root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[1])
- .unwrap();
+ let mut root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[1]).unwrap();
root.add_signature(&KEYS[0]).unwrap();
@@ -835,8 +827,8 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
).unwrap();
- let mut root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[2])
- .unwrap();
+ let mut root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[2]).unwrap();
root.add_signature(&KEYS[1]).unwrap();
diff --git a/src/crypto.rs b/src/crypto.rs
index b893b96..3050122 100644
--- a/src/crypto.rs
+++ b/src/crypto.rs
@@ -5,11 +5,12 @@
use ring;
use ring::digest::{self, SHA256, SHA512};
use ring::rand::SystemRandom;
-use ring::signature::{RSAKeyPair, RSASigningState, Ed25519KeyPair, ED25519,
- RSA_PSS_2048_8192_SHA256, RSA_PSS_2048_8192_SHA512, RSA_PSS_SHA256,
- RSA_PSS_SHA512};
+use ring::signature::{
+ ED25519, Ed25519KeyPair, RSAKeyPair, RSASigningState, RSA_PSS_2048_8192_SHA256,
+ RSA_PSS_2048_8192_SHA512, RSA_PSS_SHA256, RSA_PSS_SHA512,
+};
use serde::de::{Deserialize, Deserializer, Error as DeserializeError};
-use serde::ser::{Serialize, Serializer, Error as SerializeError};
+use serde::ser::{Error as SerializeError, Serialize, Serializer};
use std::cmp::Ordering;
use std::collections::HashMap;
use std::fmt::{self, Debug, Display};
@@ -20,9 +21,9 @@
use std::sync::Arc;
use untrusted::Input;
-use Result;
use error::Error;
use shims;
+use Result;
const HASH_ALG_PREFS: &[HashAlgorithm] = &[HashAlgorithm::Sha512, HashAlgorithm::Sha256];
@@ -77,9 +78,12 @@
let context = match *alg {
HashAlgorithm::Sha256 => digest::Context::new(&SHA256),
HashAlgorithm::Sha512 => digest::Context::new(&SHA512),
- HashAlgorithm::Unknown(ref s) => return Err(Error::IllegalArgument(
- format!("Unknown hash algorithm: {}", s)
- )),
+ HashAlgorithm::Unknown(ref s) => {
+ return Err(Error::IllegalArgument(format!(
+ "Unknown hash algorithm: {}",
+ s
+ )))
+ }
};
let _ = hashes.insert(alg, context);
@@ -105,9 +109,7 @@
let hashes = hashes
.drain()
- .map(|(k, v)| {
- (k.clone(), HashValue::new(v.finish().as_ref().to_vec()))
- })
+ .map(|(k, v)| (k.clone(), HashValue::new(v.finish().as_ref().to_vec())))
.collect();
Ok((size, hashes))
}
@@ -320,9 +322,9 @@
impl<'de> Deserialize<'de> for KeyType {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let string: String = Deserialize::deserialize(de)?;
- string.parse().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ string
+ .parse()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -353,15 +355,11 @@
/// Note: For RSA keys, `openssl` needs to the on the `$PATH`.
pub fn new(key_type: KeyType) -> Result<Vec<u8>> {
match key_type {
- KeyType::Ed25519 => {
- Ed25519KeyPair::generate_pkcs8(&SystemRandom::new())
- .map(|bytes| bytes.to_vec())
- .map_err(|_| Error::Opaque("Failed to generate Ed25519 key".into()))
- },
+ KeyType::Ed25519 => Ed25519KeyPair::generate_pkcs8(&SystemRandom::new())
+ .map(|bytes| bytes.to_vec())
+ .map_err(|_| Error::Opaque("Failed to generate Ed25519 key".into())),
KeyType::Rsa => Self::rsa_gen(),
- KeyType::Unknown(s) => Err(Error::IllegalArgument(
- format!("Unknown key type: {}", s)
- )),
+ KeyType::Unknown(s) => Err(Error::IllegalArgument(format!("Unknown key type: {}", s))),
}
}
@@ -416,25 +414,19 @@
};
Ok(k)
}
- Err(e1) => {
- match Self::rsa_from_pkcs8(der_key, scheme) {
- Ok(k) => Ok(k),
- Err(e2) => Err(Error::Opaque(format!(
- "Key was neither Ed25519 nor RSA: {:?} {:?}",
- e1,
- e2
- ))),
- }
- }
+ Err(e1) => match Self::rsa_from_pkcs8(der_key, scheme) {
+ Ok(k) => Ok(k),
+ Err(e2) => Err(Error::Opaque(format!(
+ "Key was neither Ed25519 nor RSA: {:?} {:?}",
+ e1, e2
+ ))),
+ },
}
}
fn ed25519_from_pkcs8(der_key: &[u8]) -> Result<Self> {
- let key = Ed25519KeyPair::from_pkcs8(Input::from(der_key)).map_err(
- |_| {
- Error::Encoding("Could not parse key as PKCS#8v2".into())
- },
- )?;
+ let key = Ed25519KeyPair::from_pkcs8(Input::from(der_key))
+ .map_err(|_| Error::Encoding("Could not parse key as PKCS#8v2".into()))?;
let public = PublicKey {
typ: KeyType::Ed25519,
@@ -444,10 +436,7 @@
};
let private = PrivateKeyType::Ed25519(key);
- Ok(PrivateKey {
- private,
- public,
- })
+ Ok(PrivateKey { private, public })
}
fn rsa_from_pkcs8(der_key: &[u8], scheme: SignatureScheme) -> Result<Self> {
@@ -457,9 +446,8 @@
));
}
- let key = RSAKeyPair::from_pkcs8(Input::from(der_key)).map_err(|_| {
- Error::Encoding("Could not parse key as PKCS#8v2".into())
- })?;
+ let key = RSAKeyPair::from_pkcs8(Input::from(der_key))
+ .map_err(|_| Error::Encoding("Could not parse key as PKCS#8v2".into()))?;
if key.public_modulus_len() < 256 {
return Err(Error::IllegalArgument(format!(
@@ -478,19 +466,15 @@
};
let private = PrivateKeyType::Rsa(Arc::new(key));
- Ok(PrivateKey {
- private,
- public,
- })
+ Ok(PrivateKey { private, public })
}
/// Sign a message.
pub fn sign(&self, msg: &[u8]) -> Result<Signature> {
let value = match (&self.private, &self.public.scheme) {
(&PrivateKeyType::Rsa(ref rsa), &SignatureScheme::RsaSsaPssSha256) => {
- let mut signing_state = RSASigningState::new(rsa.clone()).map_err(|_| {
- Error::Opaque("Could not initialize RSA signing state.".into())
- })?;
+ let mut signing_state = RSASigningState::new(rsa.clone())
+ .map_err(|_| Error::Opaque("Could not initialize RSA signing state.".into()))?;
let rng = SystemRandom::new();
let mut buf = vec![0; signing_state.key_pair().public_modulus_len()];
signing_state
@@ -499,9 +483,8 @@
SignatureValue(buf)
}
(&PrivateKeyType::Rsa(ref rsa), &SignatureScheme::RsaSsaPssSha512) => {
- let mut signing_state = RSASigningState::new(rsa.clone()).map_err(|_| {
- Error::Opaque("Could not initialize RSA signing state.".into())
- })?;
+ let mut signing_state = RSASigningState::new(rsa.clone())
+ .map_err(|_| Error::Opaque("Could not initialize RSA signing state.".into()))?;
let rng = SystemRandom::new();
let mut buf = vec![0; signing_state.key_pair().public_modulus_len()];
signing_state
@@ -513,9 +496,10 @@
SignatureValue(ed.sign(msg).as_ref().into())
}
(k, s) => {
- return Err(Error::IllegalArgument(
- format!("Key {:?} can't be used with scheme {:?}", k, s),
- ))
+ return Err(Error::IllegalArgument(format!(
+ "Key {:?} can't be used with scheme {:?}",
+ k, s
+ )))
}
};
@@ -527,33 +511,23 @@
fn rsa_gen() -> Result<Vec<u8>> {
let gen = Command::new("openssl")
- .args(
- &[
- "genpkey",
- "-algorithm",
- "RSA",
- "-pkeyopt",
- "rsa_keygen_bits:4096",
- "-pkeyopt",
- "rsa_keygen_pubexp:65537",
- "-outform",
- "der",
- ],
- )
+ .args(&[
+ "genpkey",
+ "-algorithm",
+ "RSA",
+ "-pkeyopt",
+ "rsa_keygen_bits:4096",
+ "-pkeyopt",
+ "rsa_keygen_pubexp:65537",
+ "-outform",
+ "der",
+ ])
.output()?;
let mut pk8 = Command::new("openssl")
- .args(
- &[
- "pkcs8",
- "-inform",
- "der",
- "-topk8",
- "-nocrypt",
- "-outform",
- "der",
- ],
- )
+ .args(&[
+ "pkcs8", "-inform", "der", "-topk8", "-nocrypt", "-outform", "der",
+ ])
.stdin(Stdio::piped())
.stdout(Stdio::piped())
.spawn()?;
@@ -566,7 +540,6 @@
Ok(pk8.wait_with_output()?.stdout)
}
-
/// Return the public component of the key.
pub fn public(&self) -> &PublicKey {
&self.public
@@ -599,9 +572,8 @@
let typ = derp::nested(input, Tag::Sequence, |input| {
let typ = derp::expect_tag_and_get_value(input, Tag::Oid)?;
- let typ = KeyType::from_oid(typ.as_slice_less_safe()).map_err(|_| {
- derp::Error::WrongValue
- })?;
+ let typ = KeyType::from_oid(typ.as_slice_less_safe())
+ .map_err(|_| derp::Error::WrongValue)?;
// for RSA / ed25519 this is null, so don't both parsing it
derp::read_null(input)?;
@@ -649,9 +621,12 @@
SignatureScheme::Ed25519 => &ED25519,
SignatureScheme::RsaSsaPssSha256 => &RSA_PSS_2048_8192_SHA256,
SignatureScheme::RsaSsaPssSha512 => &RSA_PSS_2048_8192_SHA512,
- SignatureScheme::Unknown(ref s) => return Err(Error::IllegalArgument(
- format!("Unknown signature scheme: {}", s)
- )),
+ SignatureScheme::Unknown(ref s) => {
+ return Err(Error::IllegalArgument(format!(
+ "Unknown signature scheme: {}",
+ s
+ )))
+ }
};
ring::signature::verify(
@@ -696,9 +671,8 @@
where
S: Serializer,
{
- let bytes = self.as_spki().map_err(|e| {
- SerializeError::custom(format!("Couldn't write key as SPKI: {:?}", e))
- })?;
+ let bytes = self.as_spki()
+ .map_err(|e| SerializeError::custom(format!("Couldn't write key as SPKI: {:?}", e)))?;
shims::PublicKey::new(self.typ.clone(), self.scheme.clone(), &bytes).serialize(ser)
}
}
@@ -711,18 +685,15 @@
.map_err(|e| DeserializeError::custom(format!("{:?}", e)))?;
let key = PublicKey::from_spki(&bytes, intermediate.scheme().clone())
- .map_err(|e| {
- DeserializeError::custom(format!("Couldn't parse key as SPKI: {:?}", e))
- })?;
+ .map_err(|e| DeserializeError::custom(format!("Couldn't parse key as SPKI: {:?}", e)))?;
if intermediate.typ() != &key.typ {
- return Err(DeserializeError::custom(
- format!("Key type listed in the metadata did not match the type extrated \
- from the key. {:?} vs. {:?}",
- intermediate.typ(),
- key.typ,
- ),
- ));
+ return Err(DeserializeError::custom(format!(
+ "Key type listed in the metadata did not match the type extrated \
+ from the key. {:?} vs. {:?}",
+ intermediate.typ(),
+ key.typ,
+ )));
}
Ok(key)
@@ -798,9 +769,9 @@
impl<'de> Deserialize<'de> for HashValue {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let s: String = Deserialize::deserialize(de)?;
- let bytes = BASE64URL.decode(s.as_bytes()).map_err(|e| {
- DeserializeError::custom(format!("Base64: {:?}", e))
- })?;
+ let bytes = BASE64URL
+ .decode(s.as_bytes())
+ .map_err(|e| DeserializeError::custom(format!("Base64: {:?}", e)))?;
Ok(HashValue(bytes))
}
}
@@ -822,16 +793,14 @@
{
let mut der = Der::new(&mut output);
der.sequence(|der| {
- der.sequence(|der| {
- match key_type.as_oid().ok() {
- Some(tag) => {
- der.element(Tag::Oid, tag)?;
- der.null()
- },
- None => Err(derp::Error::WrongValue)
+ der.sequence(|der| match key_type.as_oid().ok() {
+ Some(tag) => {
+ der.element(Tag::Oid, tag)?;
+ der.null()
}
+ None => Err(derp::Error::WrongValue),
})?;
- der.bit_string(0,public)
+ der.bit_string(0, public)
})?;
}
@@ -957,8 +926,8 @@
let sig = key.sign(msg).unwrap();
- let public = PublicKey::from_spki(&key.public.as_spki().unwrap(), SignatureScheme::Ed25519)
- .unwrap();
+ let public =
+ PublicKey::from_spki(&key.public.as_spki().unwrap(), SignatureScheme::Ed25519).unwrap();
public.verify(msg, &sig).unwrap();
}
diff --git a/src/error.rs b/src/error.rs
index 4cfc435..45cc70b 100644
--- a/src/error.rs
+++ b/src/error.rs
@@ -37,9 +37,9 @@
/// chain to the target cannot be fully verified.
TargetUnavailable,
/// There is no known or available hash algorithm.
- UnkonwnHashAlgorithm(String),
+ UnkonwnHashAlgorithm(String),
/// There is no known or available key type.
- UnknownKeyType(String),
+ UnknownKeyType(String),
/// The metadata or target failed to verify.
VerificationFailure(String),
}
diff --git a/src/interchange/cjson.rs b/src/interchange/cjson.rs
index 5f2d947..b6e0095 100644
--- a/src/interchange/cjson.rs
+++ b/src/interchange/cjson.rs
@@ -33,16 +33,12 @@
buf.extend(b"false");
Ok(())
}
- Value::Number(Number::I64(n)) => {
- itoa::write(buf, n).map(|_| ()).map_err(|err| {
- format!("Write error: {}", err)
- })
- }
- Value::Number(Number::U64(n)) => {
- itoa::write(buf, n).map(|_| ()).map_err(|err| {
- format!("Write error: {}", err)
- })
- }
+ Value::Number(Number::I64(n)) => itoa::write(buf, n)
+ .map(|_| ())
+ .map_err(|err| format!("Write error: {}", err)),
+ Value::Number(Number::U64(n)) => itoa::write(buf, n)
+ .map(|_| ())
+ .map_err(|err| format!("Write error: {}", err)),
Value::String(ref s) => {
// this mess is abusing serde_json to get json escaping
let s = json::Value::String(s.clone());
@@ -96,13 +92,11 @@
match *jsn {
json::Value::Null => Ok(Value::Null),
json::Value::Bool(b) => Ok(Value::Bool(b)),
- json::Value::Number(ref n) => {
- n.as_i64()
- .map(Number::I64)
- .or_else(|| n.as_u64().map(Number::U64))
- .map(Value::Number)
- .ok_or_else(|| String::from("only i64 and u64 are supported"))
- }
+ json::Value::Number(ref n) => n.as_i64()
+ .map(Number::I64)
+ .or_else(|| n.as_u64().map(Number::U64))
+ .map(Value::Number)
+ .ok_or_else(|| String::from("only i64 and u64 are supported")),
json::Value::Array(ref arr) => {
let mut out = Vec::new();
for res in arr.iter().map(|v| convert(v)) {
diff --git a/src/interchange/mod.rs b/src/interchange/mod.rs
index 9a98257..7f6dbd6 100644
--- a/src/interchange/mod.rs
+++ b/src/interchange/mod.rs
@@ -8,8 +8,8 @@
use std::fmt::Debug;
use std::io::{Read, Write};
-use Result;
use error::Error;
+use Result;
/// The format used for data interchange, serialization, and deserialization.
pub trait DataInterchange: Debug + PartialEq + Clone {
diff --git a/src/lib.rs b/src/lib.rs
index aa65a60..761519d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -102,16 +102,9 @@
//! metadata on every update.
#![deny(missing_docs)]
-
#![cfg_attr(
feature = "cargo-clippy",
- allow(
- collapsible_if,
- implicit_hasher,
- new_ret_no_self,
- op_ref,
- too_many_arguments,
- )
+ allow(collapsible_if, implicit_hasher, new_ret_no_self, op_ref, too_many_arguments)
)]
extern crate chrono;
diff --git a/src/metadata.rs b/src/metadata.rs
index 7d401bc..21bd9a4 100644
--- a/src/metadata.rs
+++ b/src/metadata.rs
@@ -1,25 +1,25 @@
//! TUF metadata.
-use chrono::DateTime;
use chrono::offset::Utc;
+use chrono::DateTime;
use serde::de::{Deserialize, DeserializeOwned, Deserializer, Error as DeserializeError};
-use serde::ser::{Serialize, Serializer, Error as SerializeError};
+use serde::ser::{Error as SerializeError, Serialize, Serializer};
use std::collections::{HashMap, HashSet};
use std::fmt::{self, Debug, Display};
use std::io::Read;
use std::iter::FromIterator;
use std::marker::PhantomData;
-use Result;
-use crypto::{self, KeyId, PublicKey, Signature, HashAlgorithm, HashValue, PrivateKey};
+use crypto::{self, HashAlgorithm, HashValue, KeyId, PrivateKey, PublicKey, Signature};
use error::Error;
use interchange::DataInterchange;
use shims;
+use Result;
static PATH_ILLEGAL_COMPONENTS: &'static [&str] = &[
".", // current dir
"..", // parent dir
- // TODO ? "0", // may translate to nul in windows
+ // TODO ? "0", // may translate to nul in windows
];
static PATH_ILLEGAL_COMPONENTS_CASE_INSENSITIVE: &'static [&str] = &[
@@ -108,27 +108,30 @@
for bad_str in PATH_ILLEGAL_STRINGS {
if path.contains(bad_str) {
- return Err(Error::IllegalArgument(
- format!("Path cannot contain {:?}", bad_str),
- ));
+ return Err(Error::IllegalArgument(format!(
+ "Path cannot contain {:?}",
+ bad_str
+ )));
}
}
for component in path.split('/') {
for bad_str in PATH_ILLEGAL_COMPONENTS {
if component == *bad_str {
- return Err(Error::IllegalArgument(
- format!("Path cannot have component {:?}", component),
- ));
+ return Err(Error::IllegalArgument(format!(
+ "Path cannot have component {:?}",
+ component
+ )));
}
}
let component_lower = component.to_lowercase();
for bad_str in PATH_ILLEGAL_COMPONENTS_CASE_INSENSITIVE {
if component_lower.as_str() == *bad_str {
- return Err(Error::IllegalArgument(
- format!("Path cannot have component {:?}", component),
- ));
+ return Err(Error::IllegalArgument(format!(
+ "Path cannot have component {:?}",
+ component
+ )));
}
}
}
@@ -322,9 +325,8 @@
let raw = D::serialize(&self.signed)?;
let bytes = D::canonicalize(&raw)?;
let sig = private_key.sign(&bytes)?;
- self.signatures.retain(
- |s| s.key_id() != private_key.key_id(),
- );
+ self.signatures
+ .retain(|s| s.key_id() != private_key.key_id());
self.signatures.push(sig);
Ok(())
}
@@ -428,8 +430,7 @@
{
if self.signatures.is_empty() {
return Err(Error::VerificationFailure(
- "The metadata was not signed with any authorized keys."
- .into(),
+ "The metadata was not signed with any authorized keys.".into(),
));
}
@@ -449,17 +450,15 @@
let mut signatures_needed = threshold;
for sig in &self.signatures {
match authorized_keys.get(sig.key_id()) {
- Some(ref pub_key) => {
- match pub_key.verify(&canonical_bytes, &sig) {
- Ok(()) => {
- debug!("Good signature from key ID {:?}", pub_key.key_id());
- signatures_needed -= 1;
- }
- Err(e) => {
- warn!("Bad signature from key ID {:?}: {:?}", pub_key.key_id(), e);
- }
+ Some(ref pub_key) => match pub_key.verify(&canonical_bytes, &sig) {
+ Ok(()) => {
+ debug!("Good signature from key ID {:?}", pub_key.key_id());
+ signatures_needed -= 1;
}
- }
+ Err(e) => {
+ warn!("Bad signature from key ID {:?}: {:?}", pub_key.key_id(), e);
+ }
+ },
None => {
warn!(
"Key ID {:?} was not found in the set of authorized keys.",
@@ -586,9 +585,8 @@
where
S: Serializer,
{
- let m = shims::RootMetadata::from(self).map_err(|e| {
- SerializeError::custom(format!("{:?}", e))
- })?;
+ let m = shims::RootMetadata::from(self)
+ .map_err(|e| SerializeError::custom(format!("{:?}", e)))?;
m.serialize(ser)
}
}
@@ -596,9 +594,9 @@
impl<'de> Deserialize<'de> for RootMetadata {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::RootMetadata = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -630,10 +628,7 @@
)));
}
- Ok(RoleDefinition {
- threshold,
- key_ids,
- })
+ Ok(RoleDefinition { threshold, key_ids })
}
/// The threshold number of signatures required for the role to be trusted.
@@ -661,9 +656,9 @@
impl<'de> Deserialize<'de> for RoleDefinition {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::RoleDefinition = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -824,9 +819,9 @@
impl<'de> Deserialize<'de> for TimestampMetadata {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::TimestampMetadata = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -911,9 +906,9 @@
impl<'de> Deserialize<'de> for MetadataDescription {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::MetadataDescription = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -980,13 +975,12 @@
impl<'de> Deserialize<'de> for SnapshotMetadata {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::SnapshotMetadata = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
-
/// Wrapper for the virtual path to a target.
#[derive(Debug, Clone, PartialEq, Hash, Eq, PartialOrd, Ord, Serialize)]
pub struct VirtualTargetPath(String);
@@ -1067,9 +1061,9 @@
group
.iter()
.filter(|parent| {
- parents[0].iter().any(
- |p| parent.is_child(p) || parent == &p,
- )
+ parents[0]
+ .iter()
+ .any(|p| parent.is_child(p) || parent == &p)
})
.cloned()
.collect::<HashSet<_>>()
@@ -1145,10 +1139,7 @@
));
}
- Ok(TargetDescription {
- size,
- hashes,
- })
+ Ok(TargetDescription { size, hashes })
}
/// Read the from the given reader and calculate the size and hash values.
@@ -1186,10 +1177,7 @@
R: Read,
{
let (size, hashes) = crypto::calculate_hashes(read, hash_algs)?;
- Ok(TargetDescription {
- size,
- hashes,
- })
+ Ok(TargetDescription { size, hashes })
}
/// The maximum size of the target.
@@ -1206,9 +1194,9 @@
impl<'de> Deserialize<'de> for TargetDescription {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::TargetDescription = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -1283,9 +1271,9 @@
impl<'de> Deserialize<'de> for TargetsMetadata {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::TargetsMetadata = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -1309,8 +1297,8 @@
return Err(Error::IllegalArgument("Roles cannot be empty.".into()));
}
- if roles.len() !=
- roles
+ if roles.len()
+ != roles
.iter()
.map(|r| &r.role)
.collect::<HashSet<&MetadataPath>>()
@@ -1350,13 +1338,12 @@
}
}
-
impl<'de> Deserialize<'de> for Delegations {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::Delegations = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -1444,9 +1431,9 @@
impl<'de> Deserialize<'de> for Delegation {
fn deserialize<D: Deserializer<'de>>(de: D) -> ::std::result::Result<Self, D::Error> {
let intermediate: shims::Delegation = Deserialize::deserialize(de)?;
- intermediate.try_into().map_err(|e| {
- DeserializeError::custom(format!("{:?}", e))
- })
+ intermediate
+ .try_into()
+ .map_err(|e| DeserializeError::custom(format!("{:?}", e)))
}
}
@@ -1454,9 +1441,9 @@
mod test {
use super::*;
use chrono::prelude::*;
- use json;
use crypto::SignatureScheme;
use interchange::Json;
+ use json;
const ED25519_1_PK8: &'static [u8] = include_bytes!("../tests/ed25519/ed25519-1.pk8.der");
const ED25519_2_PK8: &'static [u8] = include_bytes!("../tests/ed25519/ed25519-2.pk8.der");
@@ -1483,33 +1470,32 @@
#[test]
fn path_matches_chain() {
- let test_cases: &[(bool, &str, &[&[&str]])] =
- &[
- // simplest case
- (true, "foo", &[&["foo"]]),
- // direct delegation case
- (true, "foo", &[&["foo"], &["foo"]]),
- // is a dir
- (false, "foo", &[&["foo/"]]),
- // target not in last position
- (false, "foo", &[&["foo"], &["bar"]]),
- // target nested
- (true, "foo/bar", &[&["foo/"], &["foo/bar"]]),
- // target illegally nested
- (false, "foo/bar", &[&["baz/"], &["foo/bar"]]),
- // target illegally deeply nested
- (
- false,
- "foo/bar/baz",
- &[&["foo/"], &["foo/quux/"], &["foo/bar/baz"]],
- ),
- // empty
- (false, "foo", &[&[]]),
- // empty 2
- (false, "foo", &[&[], &["foo"]]),
- // empty 3
- (false, "foo", &[&["foo"], &[]]),
- ];
+ let test_cases: &[(bool, &str, &[&[&str]])] = &[
+ // simplest case
+ (true, "foo", &[&["foo"]]),
+ // direct delegation case
+ (true, "foo", &[&["foo"], &["foo"]]),
+ // is a dir
+ (false, "foo", &[&["foo/"]]),
+ // target not in last position
+ (false, "foo", &[&["foo"], &["bar"]]),
+ // target nested
+ (true, "foo/bar", &[&["foo/"], &["foo/bar"]]),
+ // target illegally nested
+ (false, "foo/bar", &[&["baz/"], &["foo/bar"]]),
+ // target illegally deeply nested
+ (
+ false,
+ "foo/bar/baz",
+ &[&["foo/"], &["foo/quux/"], &["foo/bar/baz"]],
+ ),
+ // empty
+ (false, "foo", &[&[]]),
+ // empty 2
+ (false, "foo", &[&[], &["foo"]]),
+ // empty 3
+ (false, "foo", &[&["foo"], &[]]),
+ ];
for case in test_cases {
let expected = case.0;
@@ -1525,9 +1511,7 @@
.collect::<Vec<_>>();
println!(
"CASE: expect: {} path: {:?} parents: {:?}",
- expected,
- target,
- parents
+ expected, target, parents
);
assert_eq!(target.matches_chain(&parents), expected);
}
@@ -1609,8 +1593,8 @@
let root_key = PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519).unwrap();
let snapshot_key = PrivateKey::from_pkcs8(ED25519_2_PK8, SignatureScheme::Ed25519).unwrap();
let targets_key = PrivateKey::from_pkcs8(ED25519_3_PK8, SignatureScheme::Ed25519).unwrap();
- let timestamp_key = PrivateKey::from_pkcs8(ED25519_4_PK8, SignatureScheme::Ed25519)
- .unwrap();
+ let timestamp_key =
+ PrivateKey::from_pkcs8(ED25519_4_PK8, SignatureScheme::Ed25519).unwrap();
let keys = vec![
root_key.public().clone(),
@@ -1622,8 +1606,8 @@
let root_def = RoleDefinition::new(1, hashset!(root_key.key_id().clone())).unwrap();
let snapshot_def = RoleDefinition::new(1, hashset!(snapshot_key.key_id().clone())).unwrap();
let targets_def = RoleDefinition::new(1, hashset!(targets_key.key_id().clone())).unwrap();
- let timestamp_def = RoleDefinition::new(1, hashset!(timestamp_key.key_id().clone()))
- .unwrap();
+ let timestamp_def =
+ RoleDefinition::new(1, hashset!(timestamp_key.key_id().clone())).unwrap();
let root = RootMetadata::new(
1,
@@ -1798,13 +1782,15 @@
let key = PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519).unwrap();
let delegations = Delegations::new(
&hashset![key.public().clone()],
- vec![Delegation::new(
- MetadataPath::new("foo/bar".into()).unwrap(),
- false,
- 1,
- hashset!(key.key_id().clone()),
- hashset!(VirtualTargetPath::new("baz/quux".into()).unwrap()),
- ).unwrap()],
+ vec![
+ Delegation::new(
+ MetadataPath::new("foo/bar".into()).unwrap(),
+ false,
+ 1,
+ hashset!(key.key_id().clone()),
+ hashset!(VirtualTargetPath::new("baz/quux".into()).unwrap()),
+ ).unwrap(),
+ ],
).unwrap();
let targets = TargetsMetadata::new(
@@ -1921,42 +1907,66 @@
fn make_root() -> json::Value {
let root_def = RoleDefinition::new(
1,
- hashset!(PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone()),
+ hashset!(
+ PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519)
+ .unwrap()
+ .key_id()
+ .clone()
+ ),
).unwrap();
let snapshot_def = RoleDefinition::new(
1,
- hashset!(PrivateKey::from_pkcs8(ED25519_2_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone()),
+ hashset!(
+ PrivateKey::from_pkcs8(ED25519_2_PK8, SignatureScheme::Ed25519)
+ .unwrap()
+ .key_id()
+ .clone()
+ ),
).unwrap();
let targets_def = RoleDefinition::new(
1,
- hashset!(PrivateKey::from_pkcs8(ED25519_3_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone()),
+ hashset!(
+ PrivateKey::from_pkcs8(ED25519_3_PK8, SignatureScheme::Ed25519)
+ .unwrap()
+ .key_id()
+ .clone()
+ ),
).unwrap();
let timestamp_def = RoleDefinition::new(
1,
- hashset!(PrivateKey::from_pkcs8(ED25519_4_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone()),
+ hashset!(
+ PrivateKey::from_pkcs8(ED25519_4_PK8, SignatureScheme::Ed25519)
+ .unwrap()
+ .key_id()
+ .clone()
+ ),
).unwrap();
let root = RootMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
false,
- vec!(
+ vec![
PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519)
- .unwrap().public().clone(),
+ .unwrap()
+ .public()
+ .clone(),
PrivateKey::from_pkcs8(ED25519_2_PK8, SignatureScheme::Ed25519)
- .unwrap().public().clone(),
+ .unwrap()
+ .public()
+ .clone(),
PrivateKey::from_pkcs8(ED25519_3_PK8, SignatureScheme::Ed25519)
- .unwrap().public().clone(),
+ .unwrap()
+ .public()
+ .clone(),
PrivateKey::from_pkcs8(ED25519_4_PK8, SignatureScheme::Ed25519)
- .unwrap().public().clone(),
- ),
+ .unwrap()
+ .public()
+ .clone(),
+ ],
root_def,
snapshot_def,
targets_def,
@@ -1967,8 +1977,8 @@
}
fn make_snapshot() -> json::Value {
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!())
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!()).unwrap();
json::to_value(&snapshot).unwrap()
}
@@ -1977,8 +1987,7 @@
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
json::to_value(×tamp).unwrap()
@@ -1999,13 +2008,15 @@
.clone();
let delegations = Delegations::new(
&hashset![key.clone()],
- vec![Delegation::new(
- MetadataPath::new("foo".into()).unwrap(),
- false,
- 1,
- hashset!(key.key_id().clone()),
- hashset!(VirtualTargetPath::new("bar".into()).unwrap()),
- ).unwrap()],
+ vec![
+ Delegation::new(
+ MetadataPath::new("foo".into()).unwrap(),
+ false,
+ 1,
+ hashset!(key.key_id().clone()),
+ hashset!(VirtualTargetPath::new("bar".into()).unwrap()),
+ ).unwrap(),
+ ],
).unwrap();
json::to_value(&delegations).unwrap()
@@ -2058,8 +2069,7 @@
.get("keys")
.unwrap()
.as_array()
- .unwrap()
- [0]
+ .unwrap()[0]
.clone();
root_json
.as_object_mut()
@@ -2086,8 +2096,12 @@
fn deserialize_json_role_definition_illegal_threshold() {
let role_def = RoleDefinition::new(
1,
- hashset!(PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone()),
+ hashset!(
+ PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519)
+ .unwrap()
+ .key_id()
+ .clone()
+ ),
).unwrap();
let mut jsn = json::to_value(&role_def).unwrap();
@@ -2102,9 +2116,13 @@
2,
hashset!(
PrivateKey::from_pkcs8(ED25519_1_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone(),
+ .unwrap()
+ .key_id()
+ .clone(),
PrivateKey::from_pkcs8(ED25519_2_PK8, SignatureScheme::Ed25519)
- .unwrap().key_id().clone(),
+ .unwrap()
+ .key_id()
+ .clone(),
),
).unwrap();
@@ -2117,10 +2135,9 @@
#[test]
fn deserialize_json_root_bad_type() {
let mut root = make_root();
- let _ = root.as_object_mut().unwrap().insert(
- "type".into(),
- json!("snapshot"),
- );
+ let _ = root.as_object_mut()
+ .unwrap()
+ .insert("type".into(), json!("snapshot"));
assert!(json::from_value::<RootMetadata>(root).is_err());
}
@@ -2135,12 +2152,10 @@
let mut jsn = json::to_value(&role_def).unwrap();
match jsn.as_object_mut() {
- Some(obj) => {
- match obj.get_mut("key_ids").unwrap().as_array_mut() {
- Some(arr) => arr.push(json!(key_id)),
- None => panic!(),
- }
- }
+ Some(obj) => match obj.get_mut("key_ids").unwrap().as_array_mut() {
+ Some(arr) => arr.push(json!(key_id)),
+ None => panic!(),
+ },
None => panic!(),
}
@@ -2163,10 +2178,10 @@
#[test]
fn deserialize_json_snapshot_bad_type() {
let mut snapshot = make_snapshot();
- let _ = snapshot.as_object_mut().unwrap().insert(
- "type".into(),
- json!("root"),
- );
+ let _ = snapshot
+ .as_object_mut()
+ .unwrap()
+ .insert("type".into(), json!("root"));
assert!(json::from_value::<SnapshotMetadata>(snapshot).is_err());
}
@@ -2186,10 +2201,10 @@
#[test]
fn deserialize_json_timestamp_bad_type() {
let mut timestamp = make_timestamp();
- let _ = timestamp.as_object_mut().unwrap().insert(
- "type".into(),
- json!("root"),
- );
+ let _ = timestamp
+ .as_object_mut()
+ .unwrap()
+ .insert("type".into(), json!("root"));
assert!(json::from_value::<TimestampMetadata>(timestamp).is_err());
}
@@ -2209,10 +2224,10 @@
#[test]
fn deserialize_json_targets_bad_type() {
let mut targets = make_targets();
- let _ = targets.as_object_mut().unwrap().insert(
- "type".into(),
- json!("root"),
- );
+ let _ = targets
+ .as_object_mut()
+ .unwrap()
+ .insert("type".into(), json!("root"));
assert!(json::from_value::<TargetsMetadata>(targets).is_err());
}
@@ -2256,8 +2271,7 @@
.get("roles".into())
.unwrap()
.as_array()
- .unwrap()
- [0]
+ .unwrap()[0]
.clone();
delegations
.as_object_mut()
@@ -2292,8 +2306,7 @@
.get("key_ids".into())
.unwrap()
.as_array()
- .unwrap()
- [0]
+ .unwrap()[0]
.clone();
delegation
.as_object_mut()
@@ -2316,8 +2329,7 @@
.get("paths".into())
.unwrap()
.as_array()
- .unwrap()
- [0]
+ .unwrap()[0]
.clone();
delegation
.as_object_mut()
@@ -2339,13 +2351,15 @@
.clone();
let delegations = Delegations::new(
&hashset!(key.clone()),
- vec![Delegation::new(
- MetadataPath::new("foo".into()).unwrap(),
- false,
- 1,
- hashset!(key.key_id().clone()),
- hashset!(VirtualTargetPath::new("bar".into()).unwrap()),
- ).unwrap()],
+ vec![
+ Delegation::new(
+ MetadataPath::new("foo".into()).unwrap(),
+ false,
+ 1,
+ hashset!(key.key_id().clone()),
+ hashset!(VirtualTargetPath::new("bar".into()).unwrap()),
+ ).unwrap(),
+ ],
).unwrap();
let mut delegations = json::to_value(delegations).unwrap();
@@ -2355,8 +2369,7 @@
.get("keys".into())
.unwrap()
.as_array()
- .unwrap()
- [0]
+ .unwrap()[0]
.clone();
delegations
.as_object_mut()
diff --git a/src/repository.rs b/src/repository.rs
index c6649c6..38e5191 100644
--- a/src/repository.rs
+++ b/src/repository.rs
@@ -1,23 +1,24 @@
//! Interfaces for interacting with different types of TUF repositories.
-use hyper::{Url, Client};
use hyper::client::response::Response;
use hyper::header::{Headers, UserAgent};
use hyper::status::StatusCode;
+use hyper::{Client, Url};
use std::collections::HashMap;
-use std::fs::{self, File, DirBuilder};
-use std::io::{Read, Write, Cursor};
+use std::fs::{self, DirBuilder, File};
+use std::io::{Cursor, Read, Write};
use std::marker::PhantomData;
use std::path::PathBuf;
use tempfile::NamedTempFile;
-use Result;
use crypto::{self, HashAlgorithm, HashValue};
use error::Error;
use interchange::DataInterchange;
-use metadata::{SignedMetadata, MetadataVersion, Metadata, TargetPath, TargetDescription,
- MetadataPath};
+use metadata::{
+ Metadata, MetadataPath, MetadataVersion, SignedMetadata, TargetDescription, TargetPath,
+};
use util::SafeReader;
+use Result;
/// Top-level trait that represents a TUF repository and contains all the ways it can be interacted
/// with.
@@ -72,9 +73,11 @@
M: Metadata,
{
if !M::ROLE.fuzzy_matches_path(meta_path) {
- return Err(Error::IllegalArgument(
- format!("Role {} does not match path {:?}", M::ROLE, meta_path),
- ));
+ return Err(Error::IllegalArgument(format!(
+ "Role {} does not match path {:?}",
+ M::ROLE,
+ meta_path
+ )));
}
Ok(())
@@ -97,9 +100,9 @@
/// Create a new repository on the local file system.
pub fn new(local_path: PathBuf) -> Result<Self> {
for p in &["metadata", "targets", "temp"] {
- DirBuilder::new().recursive(true).create(
- local_path.join(p),
- )?
+ DirBuilder::new()
+ .recursive(true)
+ .create(local_path.join(p))?
}
Ok(FileSystemRepository {
@@ -144,7 +147,6 @@
let mut file = File::create(&path)?;
D::to_writer(&mut file, metadata)?;
Ok(())
-
}
/// Fetch signed metadata.
@@ -227,7 +229,6 @@
}
}
-
/// A repository accessible over HTTP.
pub struct HttpRepository<D>
where
@@ -296,9 +297,10 @@
if resp.status == StatusCode::NotFound {
Err(Error::NotFound)
} else {
- Err(Error::Opaque(
- format!("Error getting {:?}: {:?}", url, resp),
- ))
+ Err(Error::Opaque(format!(
+ "Error getting {:?}: {:?}",
+ url, resp
+ )))
}
} else {
Ok(resp)
@@ -340,10 +342,7 @@
{
Self::check::<M>(meta_path)?;
- let resp = self.get(
- &self.metadata_prefix,
- &meta_path.components::<D>(&version),
- )?;
+ let resp = self.get(&self.metadata_prefix, &meta_path.components::<D>(&version))?;
let read = SafeReader::new(
resp,
@@ -359,9 +358,7 @@
where
R: Read,
{
- Err(Error::Opaque(
- "Http repo store not implemented".to_string(),
- ))
+ Err(Error::Opaque("Http repo store not implemented".to_string()))
}
fn fetch_target(
@@ -381,7 +378,6 @@
}
}
-
/// An ephemeral repository contained solely in memory.
pub struct EphemeralRepository<D>
where
@@ -433,10 +429,8 @@
Self::check::<M>(meta_path)?;
let mut buf = Vec::new();
D::to_writer(&mut buf, metadata)?;
- let _ = self.metadata.insert(
- (meta_path.clone(), version.clone()),
- buf,
- );
+ let _ = self.metadata
+ .insert((meta_path.clone(), version.clone()), buf);
Ok(())
}
@@ -503,16 +497,16 @@
#[cfg(test)]
mod test {
use super::*;
- use tempdir::TempDir;
use interchange::Json;
+ use tempdir::TempDir;
#[test]
fn ephemeral_repo_targets() {
let mut repo = EphemeralRepository::<Json>::new();
let data: &[u8] = b"like tears in the rain";
- let target_description = TargetDescription::from_reader(data, &[HashAlgorithm::Sha256])
- .unwrap();
+ let target_description =
+ TargetDescription::from_reader(data, &[HashAlgorithm::Sha256]).unwrap();
let path = TargetPath::new("batty".into()).unwrap();
repo.store_target(data, &path).unwrap();
@@ -538,11 +532,19 @@
assert!(temp_dir.path().join("temp").exists());
let data: &[u8] = b"like tears in the rain";
- let target_description = TargetDescription::from_reader(data, &[HashAlgorithm::Sha256])
- .unwrap();
+ let target_description =
+ TargetDescription::from_reader(data, &[HashAlgorithm::Sha256]).unwrap();
let path = TargetPath::new("foo/bar/baz".into()).unwrap();
repo.store_target(data, &path).unwrap();
- assert!(temp_dir.path().join("targets").join("foo").join("bar").join("baz").exists());
+ assert!(
+ temp_dir
+ .path()
+ .join("targets")
+ .join("foo")
+ .join("bar")
+ .join("baz")
+ .exists()
+ );
let mut buf = Vec::new();
diff --git a/src/shims.rs b/src/shims.rs
index cb7197a..855c7b2 100644
--- a/src/shims.rs
+++ b/src/shims.rs
@@ -1,17 +1,16 @@
-use chrono::prelude::*;
use chrono::offset::Utc;
+use chrono::prelude::*;
use data_encoding::BASE64URL;
use std::collections::{HashMap, HashSet};
-use Result;
use crypto;
use error::Error;
use metadata;
+use Result;
fn parse_datetime(ts: &str) -> Result<DateTime<Utc>> {
- Utc.datetime_from_str(ts, "%FT%TZ").map_err(|e| {
- Error::Encoding(format!("Can't parse DateTime: {:?}", e))
- })
+ Utc.datetime_from_str(ts, "%FT%TZ")
+ .map_err(|e| Error::Encoding(format!("Can't parse DateTime: {:?}", e)))
}
fn format_datetime(ts: &DateTime<Utc>) -> String {
@@ -114,9 +113,10 @@
let dupes = vec_len - key_ids.len();
if dupes != 0 {
- return Err(Error::Encoding(
- format!("Found {} duplicate key IDs.", dupes),
- ));
+ return Err(Error::Encoding(format!(
+ "Found {} duplicate key IDs.",
+ dupes
+ )));
}
Ok(metadata::RoleDefinition::new(self.threshold, key_ids)?)
@@ -189,7 +189,6 @@
}
}
-
#[derive(Serialize, Deserialize)]
pub struct TargetsMetadata {
#[serde(rename = "type")]
@@ -321,7 +320,6 @@
roles: Vec<metadata::Delegation>,
}
-
impl Delegations {
pub fn from(delegations: &metadata::Delegations) -> Delegations {
let mut keys = delegations
diff --git a/src/tuf.rs b/src/tuf.rs
index 1227402..9e06704 100644
--- a/src/tuf.rs
+++ b/src/tuf.rs
@@ -1,15 +1,17 @@
//! Components needed to verify TUF metadata and targets.
use chrono::offset::Utc;
-use std::collections::{HashSet, HashMap};
+use std::collections::{HashMap, HashSet};
use std::marker::PhantomData;
-use Result;
use crypto::KeyId;
use error::Error;
use interchange::DataInterchange;
-use metadata::{SignedMetadata, RootMetadata, TimestampMetadata, Role, SnapshotMetadata,
- MetadataPath, TargetsMetadata, VirtualTargetPath, TargetDescription, Delegations};
+use metadata::{
+ Delegations, MetadataPath, Role, RootMetadata, SignedMetadata, SnapshotMetadata,
+ TargetDescription, TargetsMetadata, TimestampMetadata, VirtualTargetPath,
+};
+use Result;
/// Contains trusted TUF metadata and can be used to verify other metadata and targets.
#[derive(Debug)]
@@ -34,9 +36,9 @@
{
let root_key_ids = root_key_ids.into_iter().collect::<HashSet<&KeyId>>();
- signed_root.signatures_mut().retain(|s| {
- root_key_ids.contains(s.key_id())
- });
+ signed_root
+ .signatures_mut()
+ .retain(|s| root_key_ids.contains(s.key_id()));
Self::from_root(&signed_root)
}
@@ -48,16 +50,13 @@
let root = D::deserialize::<RootMetadata>(signed_root.signed())?;
signed_root.verify(
root.root().threshold(),
- root.keys().iter().filter_map(
- |(k, v)| if root.root()
- .key_ids()
- .contains(k)
- {
+ root.keys().iter().filter_map(|(k, v)| {
+ if root.root().key_ids().contains(k) {
Some(v)
} else {
None
- },
- ),
+ }
+ }),
)?;
Ok(Tuf {
root,
@@ -113,7 +112,7 @@
x if x == self.root.version() => {
info!(
"Attempted to update root to new metadata with the same version. \
- Refusing to update."
+ Refusing to update."
);
return Ok(false);
}
@@ -129,16 +128,13 @@
signed_root.verify(
root.root().threshold(),
- root.keys().iter().filter_map(
- |(k, v)| if root.root()
- .key_ids()
- .contains(k)
- {
+ root.keys().iter().filter_map(|(k, v)| {
+ if root.root().key_ids().contains(k) {
Some(v)
} else {
None
- },
- ),
+ }
+ }),
)?;
self.purge_metadata();
@@ -154,15 +150,13 @@
) -> Result<bool> {
signed_timestamp.verify(
self.root.timestamp().threshold(),
- self.root.keys().iter().filter_map(
- |(k, v)| {
- if self.root.timestamp().key_ids().contains(k) {
- Some(v)
- } else {
- None
- }
- },
- ),
+ self.root.keys().iter().filter_map(|(k, v)| {
+ if self.root.timestamp().key_ids().contains(k) {
+ Some(v)
+ } else {
+ None
+ }
+ }),
)?;
let current_version = self.timestamp.as_ref().map(|t| t.version()).unwrap_or(0);
@@ -181,8 +175,8 @@
} else if timestamp.version() == current_version {
Ok(false)
} else {
- if self.snapshot.as_ref().map(|s| s.version()).unwrap_or(0) !=
- timestamp.snapshot().version()
+ if self.snapshot.as_ref().map(|s| s.version()).unwrap_or(0)
+ != timestamp.snapshot().version()
{
self.snapshot = None;
}
@@ -215,15 +209,13 @@
signed_snapshot.verify(
root.snapshot().threshold(),
- self.root.keys().iter().filter_map(
- |(k, v)| {
- if root.snapshot().key_ids().contains(k) {
- Some(v)
- } else {
- None
- }
- },
- ),
+ self.root.keys().iter().filter_map(|(k, v)| {
+ if root.snapshot().key_ids().contains(k) {
+ Some(v)
+ } else {
+ None
+ }
+ }),
)?;
let snapshot: SnapshotMetadata = D::deserialize(&signed_snapshot.signed())?;
@@ -231,7 +223,7 @@
if snapshot.version() != timestamp.snapshot().version() {
return Err(Error::VerificationFailure(format!(
"The timestamp metadata reported that the snapshot metadata should be at \
- version {} but version {} was found instead.",
+ version {} but version {} was found instead.",
timestamp.snapshot().version(),
snapshot.version()
)));
@@ -243,8 +235,8 @@
snapshot
};
- if self.targets.as_ref().map(|s| s.version()).unwrap_or(0) !=
- snapshot
+ if self.targets.as_ref().map(|s| s.version()).unwrap_or(0)
+ != snapshot
.meta()
.get(&MetadataPath::from_role(&Role::Targets))
.map(|m| m.version())
@@ -256,7 +248,6 @@
self.snapshot = Some(snapshot);
self.purge_delegations();
Ok(true)
-
}
fn purge_delegations(&mut self) {
@@ -331,7 +322,7 @@
if targets.version() != targets_description.version() {
return Err(Error::VerificationFailure(format!(
"The timestamp metadata reported that the targets metadata should be at \
- version {} but version {} was found instead.",
+ version {} but version {} was found instead.",
targets_description.version(),
targets.version()
)));
@@ -380,7 +371,7 @@
if delegation_description.version() < current_version {
return Err(Error::VerificationFailure(format!(
"Snapshot metadata did listed delegation {:?} version as {} but current\
- version is {}",
+ version is {}",
role,
delegation_description.version(),
current_version
@@ -402,16 +393,13 @@
signed.verify(
delegation.threshold(),
- parent.keys().iter().filter_map(
- |(k, v)| if delegation
- .key_ids()
- .contains(k)
- {
+ parent.keys().iter().filter_map(|(k, v)| {
+ if delegation.key_ids().contains(k) {
Some(v)
} else {
None
- },
- ),
+ }
+ }),
)?;
}
@@ -419,11 +407,11 @@
if delegation.version() != delegation_description.version() {
return Err(Error::VerificationFailure(format!(
"The snapshot metadata reported that the delegation {:?} should be at \
- version {} but version {} was found instead.",
+ version {} but version {} was found instead.",
role,
delegation_description.version(),
delegation.version(),
- )));
+ )));
}
if delegation.expires() <= &Utc::now() {
@@ -573,9 +561,9 @@
mod test {
use super::*;
use chrono::prelude::*;
- use crypto::{PrivateKey, SignatureScheme, HashAlgorithm};
+ use crypto::{HashAlgorithm, PrivateKey, SignatureScheme};
use interchange::Json;
- use metadata::{RoleDefinition, MetadataDescription};
+ use metadata::{MetadataDescription, RoleDefinition};
lazy_static! {
static ref KEYS: Vec<PrivateKey> = {
@@ -587,7 +575,8 @@
include_bytes!("../tests/ed25519/ed25519-5.pk8.der"),
include_bytes!("../tests/ed25519/ed25519-6.pk8.der"),
];
- keys.iter().map(|b| PrivateKey::from_pkcs8(b, SignatureScheme::Ed25519).unwrap())
+ keys.iter()
+ .map(|b| PrivateKey::from_pkcs8(b, SignatureScheme::Ed25519).unwrap())
.collect()
};
}
@@ -605,8 +594,8 @@
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &root_key)
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &root_key).unwrap();
assert!(Tuf::from_root_pinned(root, &[root_key.key_id().clone()]).is_ok());
}
@@ -623,8 +612,8 @@
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
assert!(Tuf::from_root_pinned(root, &[KEYS[1].key_id().clone()]).is_err());
}
@@ -641,8 +630,8 @@
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
@@ -656,8 +645,8 @@
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
).unwrap();
- let mut root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[1])
- .unwrap();
+ let mut root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[1]).unwrap();
// add the original key's signature to make it cross signed
root.add_signature(&KEYS[0]).unwrap();
@@ -680,8 +669,8 @@
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[0].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
@@ -696,8 +685,8 @@
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[1])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[1]).unwrap();
assert!(tuf.update_root(&root).is_err());
}
@@ -714,16 +703,15 @@
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[1]).unwrap();
@@ -746,16 +734,15 @@
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[1].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
// sign it with the root key
@@ -781,24 +768,23 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[2]).unwrap();
tuf.update_timestamp(×tamp).unwrap();
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!())
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!()).unwrap();
let snapshot: SignedMetadata<Json, SnapshotMetadata> =
SignedMetadata::new(&snapshot, &KEYS[1]).unwrap();
@@ -824,24 +810,23 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[2]).unwrap();
tuf.update_timestamp(×tamp).unwrap();
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!())
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!()).unwrap();
let snapshot: SignedMetadata<Json, SnapshotMetadata> =
SignedMetadata::new(&snapshot, &KEYS[2]).unwrap();
@@ -864,24 +849,23 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 2, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 2, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[2]).unwrap();
tuf.update_timestamp(×tamp).unwrap();
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!())
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), hashmap!()).unwrap();
let snapshot: SignedMetadata<Json, SnapshotMetadata> =
SignedMetadata::new(&snapshot, &KEYS[1]).unwrap();
@@ -905,29 +889,27 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[3].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[3]).unwrap();
tuf.update_timestamp(×tamp).unwrap();
- let meta_map =
- hashmap!(
+ let meta_map = hashmap!(
MetadataPath::from_role(&Role::Targets) =>
MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
);
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map)
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map).unwrap();
let snapshot: SignedMetadata<Json, SnapshotMetadata> =
SignedMetadata::new(&snapshot, &KEYS[1]).unwrap();
@@ -962,29 +944,27 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[3].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[3]).unwrap();
tuf.update_timestamp(×tamp).unwrap();
- let meta_map =
- hashmap!(
+ let meta_map = hashmap!(
MetadataPath::from_role(&Role::Targets) =>
MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
);
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map)
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map).unwrap();
let snapshot: SignedMetadata<Json, SnapshotMetadata> =
SignedMetadata::new(&snapshot, &KEYS[1]).unwrap();
@@ -1016,29 +996,27 @@
RoleDefinition::new(1, hashset!(KEYS[2].key_id().clone())).unwrap(),
RoleDefinition::new(1, hashset!(KEYS[3].key_id().clone())).unwrap(),
).unwrap();
- let root: SignedMetadata<Json, RootMetadata> = SignedMetadata::new(&root, &KEYS[0])
- .unwrap();
+ let root: SignedMetadata<Json, RootMetadata> =
+ SignedMetadata::new(&root, &KEYS[0]).unwrap();
let mut tuf = Tuf::from_root(&root).unwrap();
let timestamp = TimestampMetadata::new(
1,
Utc.ymd(2038, 1, 1).and_hms(0, 0, 0),
- MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256])
- .unwrap(),
+ MetadataDescription::from_reader(&*vec![], 1, &[HashAlgorithm::Sha256]).unwrap(),
).unwrap();
let timestamp: SignedMetadata<Json, TimestampMetadata> =
SignedMetadata::new(×tamp, &KEYS[3]).unwrap();
tuf.update_timestamp(×tamp).unwrap();
- let meta_map =
- hashmap!(
+ let meta_map = hashmap!(
MetadataPath::from_role(&Role::Targets) =>
MetadataDescription::from_reader(&*vec![], 2, &[HashAlgorithm::Sha256]).unwrap(),
);
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map)
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map).unwrap();
let snapshot: SignedMetadata<Json, SnapshotMetadata> =
SignedMetadata::new(&snapshot, &KEYS[1]).unwrap();
diff --git a/src/util.rs b/src/util.rs
index ea0f5b2..c6ba957 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -1,11 +1,11 @@
use chrono::offset::Utc;
use chrono::DateTime;
use ring::digest::{self, SHA256, SHA512};
-use std::io::{self, Read, ErrorKind};
+use std::io::{self, ErrorKind, Read};
-use Result;
use crypto::{HashAlgorithm, HashValue};
use error::Error;
+use Result;
/// Wrapper to verify a byte stream as it is read.
///
@@ -44,12 +44,15 @@
let ctx = match *alg {
HashAlgorithm::Sha256 => digest::Context::new(&SHA256),
HashAlgorithm::Sha512 => digest::Context::new(&SHA512),
- HashAlgorithm::Unknown(ref s) => return Err(Error::IllegalArgument(
- format!("Unknown hash algorithm: {}", s)
- )),
+ HashAlgorithm::Unknown(ref s) => {
+ return Err(Error::IllegalArgument(format!(
+ "Unknown hash algorithm: {}",
+ s
+ )))
+ }
};
Some((ctx, value))
- },
+ }
None => None,
};
@@ -99,8 +102,8 @@
let duration = Utc::now().signed_duration_since(self.start_time.unwrap());
// 30 second grace period before we start checking the bitrate
if duration.num_seconds() >= 30 {
- if self.bytes_read as f32 / (duration.num_seconds() as f32) <
- self.min_bytes_per_second as f32
+ if self.bytes_read as f32 / (duration.num_seconds() as f32)
+ < self.min_bytes_per_second as f32
{
return Err(io::Error::new(
ErrorKind::TimedOut,
diff --git a/tests/integration.rs b/tests/integration.rs
index 4a7fd3c..92af93e 100644
--- a/tests/integration.rs
+++ b/tests/integration.rs
@@ -3,15 +3,17 @@
extern crate maplit;
extern crate tuf;
-use chrono::prelude::*;
use chrono::offset::Utc;
+use chrono::prelude::*;
use std::collections::HashMap;
-use tuf::Tuf;
-use tuf::crypto::{PrivateKey, SignatureScheme, HashAlgorithm};
+use tuf::crypto::{HashAlgorithm, PrivateKey, SignatureScheme};
use tuf::interchange::Json;
-use tuf::metadata::{RoleDefinition, RootMetadata, MetadataPath, SignedMetadata, TargetDescription,
- VirtualTargetPath, TargetsMetadata, MetadataDescription, SnapshotMetadata,
- TimestampMetadata, Delegation, Delegations};
+use tuf::metadata::{
+ Delegation, Delegations, MetadataDescription, MetadataPath, RoleDefinition, RootMetadata,
+ SignedMetadata, SnapshotMetadata, TargetDescription, TargetsMetadata, TimestampMetadata,
+ VirtualTargetPath,
+};
+use tuf::Tuf;
const ED25519_1_PK8: &'static [u8] = include_bytes!("./ed25519/ed25519-1.pk8.der");
const ED25519_2_PK8: &'static [u8] = include_bytes!("./ed25519/ed25519-2.pk8.der");
@@ -60,21 +62,20 @@
let snap = MetadataDescription::from_reader(&*vec![0u8], 1, &[HashAlgorithm::Sha256]).unwrap();
let timestamp = TimestampMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), snap).unwrap();
- let signed = SignedMetadata::<Json, TimestampMetadata>::new(×tamp, ×tamp_key)
- .unwrap();
+ let signed =
+ SignedMetadata::<Json, TimestampMetadata>::new(×tamp, ×tamp_key).unwrap();
tuf.update_timestamp(&signed).unwrap();
//// build the snapshot ////
- let meta_map =
- hashmap! {
+ let meta_map = hashmap! {
MetadataPath::new("targets".into()).unwrap() =>
MetadataDescription::from_reader(&*vec![0u8], 1, &[HashAlgorithm::Sha256]).unwrap(),
MetadataPath::new("delegation".into()).unwrap() =>
MetadataDescription::from_reader(&*vec![0u8], 1, &[HashAlgorithm::Sha256]).unwrap(),
};
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map)
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map).unwrap();
let signed = SignedMetadata::<Json, SnapshotMetadata>::new(&snapshot, &snapshot_key).unwrap();
@@ -95,7 +96,7 @@
vec![VirtualTargetPath::new("foo".into()).unwrap()]
.iter()
.cloned()
- .collect()
+ .collect(),
).unwrap(),
],
).unwrap();
@@ -112,16 +113,15 @@
//// build the delegation ////
let target_file: &[u8] = b"bar";
- let target_map =
- hashmap! {
+ let target_map = hashmap! {
VirtualTargetPath::new("foo".into()).unwrap() =>
TargetDescription::from_reader(target_file, &[HashAlgorithm::Sha256]).unwrap(),
};
let delegation =
TargetsMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), target_map, None).unwrap();
- let signed = SignedMetadata::<Json, TargetsMetadata>::new(&delegation, &delegation_key)
- .unwrap();
+ let signed =
+ SignedMetadata::<Json, TargetsMetadata>::new(&delegation, &delegation_key).unwrap();
tuf.update_delegation(&MetadataPath::new("delegation".into()).unwrap(), &signed)
.unwrap();
@@ -173,14 +173,13 @@
let snap = MetadataDescription::from_reader(&*vec![0u8], 1, &[HashAlgorithm::Sha256]).unwrap();
let timestamp = TimestampMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), snap).unwrap();
- let signed = SignedMetadata::<Json, TimestampMetadata>::new(×tamp, ×tamp_key)
- .unwrap();
+ let signed =
+ SignedMetadata::<Json, TimestampMetadata>::new(×tamp, ×tamp_key).unwrap();
tuf.update_timestamp(&signed).unwrap();
//// build the snapshot ////
- let meta_map =
- hashmap! {
+ let meta_map = hashmap! {
MetadataPath::new("targets".into()).unwrap() =>
MetadataDescription::from_reader(&*vec![0u8], 1, &[HashAlgorithm::Sha256]).unwrap(),
MetadataPath::new("delegation-a".into()).unwrap() =>
@@ -188,8 +187,8 @@
MetadataPath::new("delegation-b".into()).unwrap() =>
MetadataDescription::from_reader(&*vec![0u8], 1, &[HashAlgorithm::Sha256]).unwrap(),
};
- let snapshot = SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map)
- .unwrap();
+ let snapshot =
+ SnapshotMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), meta_map).unwrap();
let signed = SignedMetadata::<Json, SnapshotMetadata>::new(&snapshot, &snapshot_key).unwrap();
@@ -210,7 +209,7 @@
vec![VirtualTargetPath::new("foo".into()).unwrap()]
.iter()
.cloned()
- .collect()
+ .collect(),
).unwrap(),
],
).unwrap();
@@ -240,7 +239,7 @@
vec![VirtualTargetPath::new("foo".into()).unwrap()]
.iter()
.cloned()
- .collect()
+ .collect(),
).unwrap(),
],
).unwrap();
@@ -251,16 +250,15 @@
Some(delegations),
).unwrap();
- let signed = SignedMetadata::<Json, TargetsMetadata>::new(&delegation, &delegation_a_key)
- .unwrap();
+ let signed =
+ SignedMetadata::<Json, TargetsMetadata>::new(&delegation, &delegation_a_key).unwrap();
tuf.update_delegation(&MetadataPath::new("delegation-a".into()).unwrap(), &signed)
.unwrap();
//// build delegation B ////
let target_file: &[u8] = b"bar";
- let target_map =
- hashmap! {
+ let target_map = hashmap! {
VirtualTargetPath::new("foo".into()).unwrap() =>
TargetDescription::from_reader(target_file, &[HashAlgorithm::Sha256]).unwrap(),
};
@@ -268,8 +266,8 @@
let delegation =
TargetsMetadata::new(1, Utc.ymd(2038, 1, 1).and_hms(0, 0, 0), target_map, None).unwrap();
- let signed = SignedMetadata::<Json, TargetsMetadata>::new(&delegation, &delegation_b_key)
- .unwrap();
+ let signed =
+ SignedMetadata::<Json, TargetsMetadata>::new(&delegation, &delegation_b_key).unwrap();
tuf.update_delegation(&MetadataPath::new("delegation-b".into()).unwrap(), &signed)
.unwrap();
diff --git a/tests/simple_example.rs b/tests/simple_example.rs
index fc06d14..5782fa0 100644
--- a/tests/simple_example.rs
+++ b/tests/simple_example.rs
@@ -3,16 +3,18 @@
extern crate maplit;
extern crate tuf;
-use chrono::prelude::*;
use chrono::offset::Utc;
-use tuf::Result;
+use chrono::prelude::*;
use tuf::client::{Client, Config, PathTranslator};
-use tuf::crypto::{PrivateKey, SignatureScheme, KeyId, HashAlgorithm};
+use tuf::crypto::{HashAlgorithm, KeyId, PrivateKey, SignatureScheme};
use tuf::interchange::{DataInterchange, Json};
-use tuf::metadata::{RoleDefinition, RootMetadata, MetadataVersion, MetadataPath,
- SignedMetadata, TargetDescription, VirtualTargetPath, TargetsMetadata,
- MetadataDescription, SnapshotMetadata, TimestampMetadata, TargetPath};
+use tuf::metadata::{
+ MetadataDescription, MetadataPath, MetadataVersion, RoleDefinition, RootMetadata,
+ SignedMetadata, SnapshotMetadata, TargetDescription, TargetPath, TargetsMetadata,
+ TimestampMetadata, VirtualTargetPath,
+};
use tuf::repository::{EphemeralRepository, Repository};
+use tuf::Result;
// Ironically, this is far from simple, but it's as simple as it can be made.
@@ -145,8 +147,7 @@
let targets_bytes = Json::canonicalize(&Json::serialize(&signed)?)?;
//// build the snapshot ////
- let meta_map =
- hashmap! {
+ let meta_map = hashmap! {
MetadataPath::new("targets".into())? =>
MetadataDescription::from_reader(&*targets_bytes, 1, &[HashAlgorithm::Sha256])?,
};