replace SocketAddr with String in certificate requests

sozu-proxy · Mar 16, 2023 · 2516e3b · 2516e3b
1 parent c1f5b6e
commit 2516e3b
Show file tree

Hide file tree

Showing 9 changed files with 58 additions and 40 deletions.
diff --git a/bin/src/acme.rs b/bin/src/acme.rs
@@ -58,9 +58,7 @@ pub fn main(
     let http = http_frontend_address
         .parse::<SocketAddr>()
         .with_context(|| "invalid HTTP frontend address format")?;
-    let https = https_frontend_address
-        .parse::<SocketAddr>()
-        .with_context(|| "invalid HTTPS frontend address format")?;
+    let https = https_frontend_address;
 
     let old_certificate_file = match old_certificate_path {
         Some(path) => {
@@ -344,7 +342,7 @@ fn remove_proxying(
 
 fn add_certificate(
     channel: &mut Channel<Request, Response>,
-    frontend: &SocketAddr,
+    frontend: &str,
     hostname: &str,
     certificate_path: &str,
     chain_path: &str,
@@ -363,7 +361,7 @@ fn add_certificate(
 
     let request = match old_fingerprint {
         None => Request::AddCertificate(AddCertificate {
-            address: *frontend,
+            address: frontend.to_owned(),
             certificate: CertificateAndKey {
                 certificate,
                 certificate_chain,
@@ -375,7 +373,7 @@ fn add_certificate(
         }),
 
         Some(f) => Request::ReplaceCertificate(ReplaceCertificate {
-            address: *frontend,
+            address: frontend.to_owned(),
             new_certificate: CertificateAndKey {
                 certificate,
                 certificate_chain,

diff --git a/bin/src/cli.rs b/bin/src/cli.rs
@@ -786,7 +786,7 @@ pub enum CertificateCmd {
             long = "address",
             help = "listener address, format: IP:port"
         )]
-        address: SocketAddr,
+        address: String,
         #[clap(long = "certificate", help = "path to the certificate")]
         certificate: String,
         #[clap(long = "certificate-chain", help = "path to the certificate chain")]
@@ -804,7 +804,7 @@ pub enum CertificateCmd {
             long = "address",
             help = "listener address, format: IP:port"
         )]
-        address: SocketAddr,
+        address: String,
         #[clap(aliases = &["cert"], long = "certificate", help = "path to the certificate")]
         certificate: Option<String>,
         #[clap(short = 'f', long = "fingerprint", help = "certificate fingerprint")]
@@ -817,7 +817,7 @@ pub enum CertificateCmd {
             long = "address",
             help = "listener address, format: IP:port"
         )]
-        address: SocketAddr,
+        address: String,
         #[clap(long = "new-certificate", help = "path to the new certificate")]
         certificate: String,
         #[clap(

diff --git a/bin/src/ctl/request_builder.rs b/bin/src/ctl/request_builder.rs
@@ -1,5 +1,3 @@
-use std::net::SocketAddr;
-
 use anyhow::{bail, Context};
 
 use sozu_command_lib::{
@@ -438,7 +436,7 @@ impl CommandManager {
 
     pub fn add_certificate(
         &mut self,
-        address: SocketAddr,
+        address: String,
         certificate_path: &str,
         certificate_chain_path: &str,
         key_path: &str,
@@ -458,7 +456,7 @@ impl CommandManager {
 
     pub fn replace_certificate(
         &mut self,
-        address: SocketAddr,
+        address: String,
         new_certificate_path: &str,
         new_certificate_chain_path: &str,
         new_key_path: &str,
@@ -500,7 +498,7 @@ impl CommandManager {
 
     pub fn remove_certificate(
         &mut self,
-        address: SocketAddr,
+        address: String,
         certificate_path: Option<&str>,
         fingerprint: Option<&str>,
     ) -> anyhow::Result<()> {

diff --git a/command/src/config.rs b/command/src/config.rs
@@ -588,8 +588,13 @@ impl HttpFrontendConfig {
         let mut v = Vec::new();
 
         if self.key.is_some() && self.certificate.is_some() {
+            // <<<<<<< HEAD
             v.push(Request::AddCertificate(AddCertificate {
-                address: self.address,
+                // address: self.address,
+                // =======
+                // v.push(ProxyRequestOrder::AddCertificate(AddCertificate {
+                address: self.address.to_string(),
+                // >>>>>>> b5ce4fb8 (replace SocketAddr with String in certificate requests)
                 certificate: CertificateAndKey {
                     key: self.key.clone().unwrap(),
                     certificate: self.certificate.clone().unwrap(),

diff --git a/command/src/request.rs b/command/src/request.rs
@@ -268,7 +268,7 @@ pub struct FrontendFilters {
 
 #[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub struct AddCertificate {
-    pub address: SocketAddr,
+    pub address: String,
     pub certificate: CertificateAndKey,
     #[serde(skip_serializing_if = "Vec::is_empty", default = "Vec::new")]
     pub names: Vec<String>,
@@ -280,13 +280,13 @@ pub struct AddCertificate {
 
 #[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub struct RemoveCertificate {
-    pub address: SocketAddr,
+    pub address: String,
     pub fingerprint: CertificateFingerprint,
 }
 
 #[derive(Debug, Clone, PartialEq, Eq, Hash, Serialize, Deserialize)]
 pub struct ReplaceCertificate {
-    pub address: SocketAddr,
+    pub address: String,
     pub new_certificate: CertificateAndKey,
     pub old_fingerprint: CertificateFingerprint,
     #[serde(skip_serializing_if = "Vec::is_empty", default = "Vec::new")]

diff --git a/command/src/state.rs b/command/src/state.rs
@@ -330,9 +330,14 @@ impl ConfigState {
                 .with_context(|| "cannot calculate the certificate's fingerprint")?,
         );
 
+        let address = add
+            .address
+            .parse()
+            .with_context(|| "Could not parse socket address")?;
+
         let entry = self
             .certificates
-            .entry(add.address)
+            .entry(address)
             .or_insert_with(HashMap::new);
 
         if entry.contains_key(&fingerprint) {
@@ -345,7 +350,11 @@ impl ConfigState {
     }
 
     fn remove_certificate(&mut self, remove: &RemoveCertificate) -> anyhow::Result<()> {
-        if let Some(index) = self.certificates.get_mut(&remove.address) {
+        let address = remove
+            .address
+            .parse()
+            .with_context(|| "Could not parse socket address")?;
+        if let Some(index) = self.certificates.get_mut(&address) {
             index.remove(&remove.fingerprint);
         }
 
@@ -357,8 +366,13 @@ impl ConfigState {
     /// - insert the new certificate with the new fingerprint as key
     /// - check that the new entry is present in the certificates hashmap
     fn replace_certificate(&mut self, replace: &ReplaceCertificate) -> anyhow::Result<()> {
+        let address = replace
+            .address
+            .parse()
+            .with_context(|| "Could not parse socket address")?;
+
         self.certificates
-            .get_mut(&replace.address)
+            .get_mut(&address)
             .with_context(|| format!("No certificate to replace for address {}", replace.address))?
             .remove(&replace.old_fingerprint);
 
@@ -367,7 +381,7 @@ impl ConfigState {
                 .with_context(|| "cannot obtain the certificate's fingerprint")?,
         );
 
-        self.certificates.get_mut(&replace.address).map(|certs| {
+        self.certificates.get_mut(&address).map(|certs| {
             certs.insert(
                 new_fingerprint.clone(),
                 (replace.new_certificate.clone(), replace.new_names.clone()),
@@ -376,7 +390,7 @@ impl ConfigState {
 
         if !self
             .certificates
-            .get(&replace.address)
+            .get(&address)
             .with_context(|| {
                 "Unlikely error. This entry in the certificate hashmap should be present"
             })?
@@ -502,7 +516,7 @@ impl ConfigState {
         for (front, certs) in self.certificates.iter() {
             for (certificate_and_key, names) in certs.values() {
                 v.push(Request::AddCertificate(AddCertificate {
-                    address: *front,
+                    address: front.to_string(),
                     certificate: certificate_and_key.clone(),
                     names: names.clone(),
                     expired_at: None,
@@ -915,7 +929,7 @@ impl ConfigState {
 
         for &(address, fingerprint) in removed_certificates {
             v.push(Request::RemoveCertificate(RemoveCertificate {
-                address,
+                address: address.to_string(),
                 fingerprint: fingerprint.clone(),
             }));
         }
@@ -927,7 +941,7 @@ impl ConfigState {
                 .and_then(|certs| certs.get(fingerprint))
             {
                 v.push(Request::AddCertificate(AddCertificate {
-                    address,
+                    address: address.to_string(),
                     certificate: certificate_and_key.clone(),
                     names: names.clone(),
                     expired_at: None,

diff --git a/e2e/src/tests/tests.rs b/e2e/src/tests/tests.rs
@@ -373,7 +373,7 @@ pub fn try_tls_endpoint() -> State {
         versions: vec![],
     };
     let add_certificate = AddCertificate {
-        address: front_address,
+        address: front_address.to_string(),
         certificate: certificate_and_key,
         names: vec![],
         expired_at: None,

diff --git a/lib/src/https.rs b/lib/src/https.rs
@@ -1122,10 +1122,11 @@ impl HttpsProxy {
         &mut self,
         add_certificate: AddCertificate,
     ) -> anyhow::Result<Option<ProxyResponseContent>> {
+        let address = add_certificate.address.parse()?;
         match self
             .listeners
             .values()
-            .find(|l| l.borrow().address == add_certificate.address)
+            .find(|l| l.borrow().address == address)
         {
             Some(listener) => listener
                 .borrow_mut()
@@ -1145,10 +1146,11 @@ impl HttpsProxy {
         &mut self,
         remove_certificate: RemoveCertificate,
     ) -> anyhow::Result<Option<ProxyResponseContent>> {
+        let address = remove_certificate.address.parse()?;
         match self
             .listeners
             .values()
-            .find(|l| l.borrow().address == remove_certificate.address)
+            .find(|l| l.borrow().address == address)
         {
             Some(listener) => listener
                 .borrow_mut()
@@ -1168,10 +1170,11 @@ impl HttpsProxy {
         &mut self,
         replace_certificate: ReplaceCertificate,
     ) -> anyhow::Result<Option<ProxyResponseContent>> {
+        let address = replace_certificate.address.parse()?;
         match self
             .listeners
             .values()
-            .find(|l| l.borrow().address == replace_certificate.address)
+            .find(|l| l.borrow().address == address)
         {
             Some(listener) => listener
                 .borrow_mut()

diff --git a/lib/src/tls.rs b/lib/src/tls.rs
@@ -661,7 +661,7 @@ mod tests {
 
     #[test]
     fn lifecycle() -> Result<(), Box<dyn Error + Send + Sync>> {
-        let address = "127.0.0.1:8080".parse()?;
+        let address = "127.0.0.1:8080".to_string();
         let mut resolver = GenericCertificateResolver::new();
         let certificate_and_key = CertificateAndKey {
             certificate: String::from(include_str!("../assets/certificate.pem")),
@@ -674,7 +674,7 @@ mod tests {
             .map_err(|err| GenericCertificateResolverError::PemParseError(err.to_string()))?;
 
         let fingerprint = resolver.add_certificate(&AddCertificate {
-            address,
+            address: address.clone(),
             certificate: certificate_and_key,
             names: vec![],
             expired_at: None,
@@ -711,7 +711,7 @@ mod tests {
 
     #[test]
     fn name_override() -> Result<(), Box<dyn Error + Send + Sync>> {
-        let address = "127.0.0.1:8080".parse()?;
+        let address = "127.0.0.1:8080".to_string();
         let mut resolver = GenericCertificateResolver::new();
         let certificate_and_key = CertificateAndKey {
             certificate: String::from(include_str!("../assets/certificate.pem")),
@@ -724,7 +724,7 @@ mod tests {
             .map_err(|err| GenericCertificateResolverError::PemParseError(err.to_string()))?;
 
         let fingerprint = resolver.add_certificate(&AddCertificate {
-            address,
+            address: address.clone(),
             certificate: certificate_and_key,
             names: vec!["localhost".into(), "lolcatho.st".into()],
             expired_at: None,
@@ -772,7 +772,7 @@ mod tests {
 
     #[test]
     fn replacement() -> Result<(), Box<dyn Error + Send + Sync>> {
-        let address = "127.0.0.1:8080".parse()?;
+        let address = "127.0.0.1:8080".to_string();
         let mut resolver = GenericCertificateResolver::new();
 
         // ---------------------------------------------------------------------
@@ -789,7 +789,7 @@ mod tests {
 
         let names_1y = resolver.certificate_names(&pem)?;
         let fingerprint_1y = resolver.add_certificate(&AddCertificate {
-            address,
+            address: address.clone(),
             certificate: certificate_and_key_1y,
             names: vec![],
             expired_at: None,
@@ -843,7 +843,7 @@ mod tests {
 
     #[test]
     fn expiration_override() -> Result<(), Box<dyn Error + Send + Sync>> {
-        let address = "127.0.0.1:8080".parse()?;
+        let address = "127.0.0.1:8080".to_string();
         let mut resolver = GenericCertificateResolver::new();
 
         // ---------------------------------------------------------------------
@@ -860,7 +860,7 @@ mod tests {
 
         let names_1y = resolver.certificate_names(&pem)?;
         let fingerprint_1y = resolver.add_certificate(&AddCertificate {
-            address,
+            address: address.clone(),
             certificate: certificate_and_key_1y,
             names: vec![],
             expired_at: Some(
@@ -972,12 +972,12 @@ mod tests {
 
         // ---------------------------------------------------------------------
         // load certificates in resolver
-        let address = "127.0.0.1:8080".parse()?;
+        let address = "127.0.0.1:8080".to_string();
         let mut resolver = GenericCertificateResolver::default();
 
         for certificate in &certificates {
             resolver.add_certificate(&AddCertificate {
-                address,
+                address: address.clone(),
                 certificate: certificate.to_owned(),
                 names: vec![],
                 expired_at: None,