From 2ca6bf15ad7bdad1f895c0c47a3ecc7c4bd4b90e Mon Sep 17 00:00:00 2001 From: gabrik Date: Tue, 31 Oct 2023 18:30:39 +0100 Subject: [PATCH] feat(575): WIP hiding secrets in logging not working Signed-off-by: gabrik --- Cargo.lock | 15 +++++++++++++- commons/zenoh-config/src/lib.rs | 18 +++++++++------- io/zenoh-links/zenoh-link-quic/Cargo.toml | 2 +- io/zenoh-links/zenoh-link-quic/src/lib.rs | 15 +++++++++++--- io/zenoh-links/zenoh-link-tls/Cargo.toml | 2 +- io/zenoh-links/zenoh-link-tls/src/lib.rs | 25 ++++++++++++++++++----- 6 files changed, 59 insertions(+), 18 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 218226bdc0..24a474ff18 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3143,6 +3143,16 @@ dependencies = [ "untrusted", ] +[[package]] +name = "secrecy" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +dependencies = [ + "serde", + "zeroize", +] + [[package]] name = "security-framework" version = "2.9.2" @@ -3943,7 +3953,7 @@ version = "1.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675" dependencies = [ - "cfg-if 0.1.10", + "cfg-if 1.0.0", "static_assertions", ] @@ -4547,6 +4557,7 @@ dependencies = [ "flume", "json5", "num_cpus", + "secrecy", "serde", "serde_json", "serde_yaml", @@ -4682,6 +4693,7 @@ dependencies = [ "rustls-native-certs", "rustls-pemfile", "rustls-webpki", + "secrecy", "zenoh-config", "zenoh-core", "zenoh-link-commons", @@ -4740,6 +4752,7 @@ dependencies = [ "rustls", "rustls-pemfile", "rustls-webpki", + "secrecy", "webpki-roots", "zenoh-config", "zenoh-core", diff --git a/commons/zenoh-config/src/lib.rs b/commons/zenoh-config/src/lib.rs index d9948e1b90..9345118464 100644 --- a/commons/zenoh-config/src/lib.rs +++ b/commons/zenoh-config/src/lib.rs @@ -288,18 +288,22 @@ validated_struct::validator! { pub tls: #[derive(Default)] TLSConf { root_ca_certificate: Option, - root_ca_certificate_base64: Option, server_private_key: Option, - server_private_key_base64: Option, server_certificate: Option, - server_certificate_base64: Option, client_auth: Option, client_private_key: Option, - client_private_key_base64 : Option, client_certificate: Option, - client_certificate_base64 : Option, - server_name_verification: Option - }, + server_name_verification: Option, + pub private : #[derive(Default)] + Base64Data { + root_ca_certificate_base64: Option, + server_private_key_base64: Option, + server_certificate_base64: Option, + client_private_key_base64 : Option, + client_certificate_base64 : Option, + } + } + , pub unixpipe: #[derive(Default)] UnixPipeConf { file_access_mask: Option diff --git a/io/zenoh-links/zenoh-link-quic/Cargo.toml b/io/zenoh-links/zenoh-link-quic/Cargo.toml index 1ace2170ee..20baa21f0e 100644 --- a/io/zenoh-links/zenoh-link-quic/Cargo.toml +++ b/io/zenoh-links/zenoh-link-quic/Cargo.toml @@ -42,4 +42,4 @@ zenoh-protocol = { workspace = true } zenoh-result = { workspace = true } zenoh-sync = { workspace = true } zenoh-util = { workspace = true } -base64 = { workspace = true } +base64 = { workspace = true } \ No newline at end of file diff --git a/io/zenoh-links/zenoh-link-quic/src/lib.rs b/io/zenoh-links/zenoh-link-quic/src/lib.rs index 8725d54e08..5dc5e9ba5b 100644 --- a/io/zenoh-links/zenoh-link-quic/src/lib.rs +++ b/io/zenoh-links/zenoh-link-quic/src/lib.rs @@ -74,7 +74,10 @@ impl ConfigurationInspector for QuicConfigurator { let c = config.transport().link().tls(); - match (c.root_ca_certificate(), c.root_ca_certificate_base64()) { + match ( + c.root_ca_certificate(), + c.private().root_ca_certificate_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'root_ca_certificate' and 'root_ca_certificate_base64' can be present!") } @@ -87,7 +90,10 @@ impl ConfigurationInspector for QuicConfigurator { _ => {} } - match (c.server_private_key(), c.server_private_key_base64()) { + match ( + c.server_private_key(), + c.private().server_private_key_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'server_private_key' and 'server_private_key_base64' can be present!") } @@ -100,7 +106,10 @@ impl ConfigurationInspector for QuicConfigurator { _ => {} } - match (c.server_certificate(), c.server_certificate_base64()) { + match ( + c.server_certificate(), + c.private().server_certificate_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'server_certificate' and 'server_certificate_base64' can be present!") } diff --git a/io/zenoh-links/zenoh-link-tls/Cargo.toml b/io/zenoh-links/zenoh-link-tls/Cargo.toml index 129cba5db9..c397ad29d1 100644 --- a/io/zenoh-links/zenoh-link-tls/Cargo.toml +++ b/io/zenoh-links/zenoh-link-tls/Cargo.toml @@ -41,4 +41,4 @@ zenoh-protocol = { workspace = true } zenoh-result = { workspace = true } zenoh-sync = { workspace = true } zenoh-util = { workspace = true } -base64 = { workspace = true } +base64 = { workspace = true } \ No newline at end of file diff --git a/io/zenoh-links/zenoh-link-tls/src/lib.rs b/io/zenoh-links/zenoh-link-tls/src/lib.rs index 5875acecce..79a17de401 100644 --- a/io/zenoh-links/zenoh-link-tls/src/lib.rs +++ b/io/zenoh-links/zenoh-link-tls/src/lib.rs @@ -71,7 +71,10 @@ impl ConfigurationInspector for TlsConfigurator { let c = config.transport().link().tls(); - match (c.root_ca_certificate(), c.root_ca_certificate_base64()) { + match ( + c.root_ca_certificate(), + c.private().root_ca_certificate_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'root_ca_certificate' and 'root_ca_certificate_base64' can be present!") } @@ -84,7 +87,10 @@ impl ConfigurationInspector for TlsConfigurator { _ => {} } - match (c.server_private_key(), c.server_private_key_base64()) { + match ( + c.server_private_key(), + c.private().server_private_key_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'server_private_key' and 'server_private_key_base64' can be present!") } @@ -97,7 +103,10 @@ impl ConfigurationInspector for TlsConfigurator { _ => {} } - match (c.server_certificate(), c.server_certificate_base64()) { + match ( + c.server_certificate(), + c.private().server_certificate_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'server_certificate' and 'server_certificate_base64' can be present!") } @@ -117,7 +126,10 @@ impl ConfigurationInspector for TlsConfigurator { }; } - match (c.client_private_key(), c.client_private_key_base64()) { + match ( + c.client_private_key(), + c.private().client_private_key_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'client_private_key' and 'client_private_key_base64' can be present!") } @@ -130,7 +142,10 @@ impl ConfigurationInspector for TlsConfigurator { _ => {} } - match (c.client_certificate(), c.client_certificate_base64()) { + match ( + c.client_certificate(), + c.private().client_certificate_base64(), + ) { (Some(_), Some(_)) => { bail!("Only one between 'client_certificate' and 'client_certificate_base64' can be present!") }