code quality

Author: aeltorio

src/bin/rs256keygen.rs

@@ -38,11 +38,14 @@
 
 use std::fs::File;
 use std::io::Write;
+use std::io::{self};
 use std::path::PathBuf;
+use std::sync::{
+    atomic::{AtomicBool, Ordering},
+    Arc,
+};
 use std::thread;
 use std::time::Duration;
-use std::sync::{Arc, atomic::{AtomicBool, Ordering}};
-use std::io::{self, Write as IoWrite};
 
 use anyhow::{Context, Result};
 use clap::Parser;
@@ -106,11 +109,11 @@ fn main() -> Result<()> {
     let args = Args::parse();
 
     println!("Generating RSA key pair with {} bits...", args.length);
-    
+
     // Flag to indicate when key generation is complete
     let generating = Arc::new(AtomicBool::new(true));
     let generating_clone = generating.clone();
-    
+
     // Spawn a thread to display a spinner while generating keys
     let spinner_handle = thread::spawn(move || {
         let spinner_chars = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
@@ -131,14 +134,14 @@ fn main() -> Result<()> {
     // Generate a new random RSA key pair with the specified bits
     let private_key =
         RsaPrivateKey::new(&mut rng, args.length).context("Failed to generate RSA private key")?;
-    
+
     // Signal that generation is complete
     generating.store(false, Ordering::Relaxed);
     // Wait for spinner thread to finish
     spinner_handle.join().ok();
-    
+
     println!("RSA key pair generation completed successfully.");
-    
+
     let public_key = RsaPublicKey::from(&private_key);
 
     // Convert keys to PKCS#1 PEM format

src/daemon/launch_daemon.rs

@@ -219,11 +219,19 @@ impl Daemon {
             .merge(("log_level", LogLevel::Normal));
 
         // Add RS256 keys to figment
-        if !config.visualization.rs256_public_key.is_empty() && !config.visualization.rs256_private_key.is_empty() {
+        if !config.visualization.rs256_public_key.is_empty()
+            && !config.visualization.rs256_private_key.is_empty()
+        {
             debug!("RS256 keys found in configuration");
             figment = figment
-                .merge(("rs256_public_key", config.visualization.rs256_public_key.clone()))
-                .merge(("rs256_private_key", config.visualization.rs256_private_key.clone()));
+                .merge((
+                    "rs256_public_key",
+                    config.visualization.rs256_public_key.clone(),
+                ))
+                .merge((
+                    "rs256_private_key",
+                    config.visualization.rs256_private_key.clone(),
+                ));
         }
 
         // Configure TLS if certificates are provided

src/visualization/jwt.rs

@@ -483,13 +483,13 @@ impl Issuer for JwtTokenMap {
             return Ok(Some(entry.grant.clone()));
         }
 
-    // Create custom validation
-    let mut validation = Validation::new(self.algorithm);
-    validation.validate_exp = true;
-    validation.validate_nbf = true;
-    validation.set_issuer(&[&self.issuer]);
-    // We should extract the audience from the token first and then validate it
-    // This approach is needed because we may not know the audience in advance
+        // Create custom validation
+        let mut validation = Validation::new(self.algorithm);
+        validation.validate_exp = true;
+        validation.validate_nbf = true;
+        validation.set_issuer(&[&self.issuer]);
+        // We should extract the audience from the token first and then validate it
+        // This approach is needed because we may not know the audience in advance
 
         let token_data = match decode::<JwtClaims>(token, &self.verification_key, &validation) {
             Ok(data) => data,

src/visualization/jwt_keys.rs

@@ -65,10 +65,10 @@ use base64::prelude::*;
 use jsonwebtoken::jwk::{Jwk, PublicKeyUse};
 use jsonwebtoken::{Algorithm, DecodingKey, EncodingKey};
 use rsa::pkcs1::DecodeRsaPublicKey;
+use rsa::sha2::Digest;
+use rsa::sha2::Sha256;
 use rsa::traits::PublicKeyParts;
 use rsa::RsaPublicKey;
-use rsa::sha2::Sha256;
-use rsa::sha2::Digest;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::fs::File;

src/visualization/oidc.rs

@@ -16,12 +16,12 @@
 //! capabilities and configuration, including supported signing algorithms and endpoints.
 
 use base64::Engine;
-use rocket::serde::json::{Json, Value, json};
+use rocket::serde::json::{json, Json, Value};
 use rocket::{get, State};
 use serde::{Deserialize, Serialize};
 
-use crate::visualization::jwt_keys::JwkKeySet;
 use super::oxide_auth::OxideState;
+use crate::visualization::jwt_keys::JwkKeySet;
 
 /// OpenID Connect Discovery Configuration
 ///
@@ -32,34 +32,34 @@ use super::oxide_auth::OxideState;
 pub struct OpenIdConfiguration {
     /// URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier
     pub issuer: String,
-    
+
     /// URL of the OP's OAuth 2.0 Authorization Endpoint
     pub authorization_endpoint: String,
-    
+
     /// URL of the OP's OAuth 2.0 Token Endpoint
     pub token_endpoint: String,
-    
+
     /// URL of the OP's JSON Web Key Set document
     pub jwks_uri: String,
-    
+
     /// JSON array containing a list of the OAuth 2.0 response_type values that this server supports
     pub response_types_supported: Vec<String>,
-    
+
     /// JSON array containing a list of the OAuth 2.0 Grant Type values that this server supports
     pub grant_types_supported: Vec<String>,
-    
+
     /// JSON array containing a list of the Subject Identifier types that this server supports
     pub subject_types_supported: Vec<String>,
-    
+
     /// JSON array containing a list of the JWS signing algorithms supported by this server for the ID Token
     pub id_token_signing_alg_values_supported: Vec<String>,
-    
+
     /// JSON array containing a list of the JWS algorithms that this server supports for the UserInfo Endpoint
     pub userinfo_signing_alg_values_supported: Vec<String>,
-    
+
     /// JSON array containing the scopes that this server supports
     pub scopes_supported: Vec<String>,
-    
+
     /// JSON array containing a list of the claim names of the Claims that the OpenID Provider supports
     pub claims_supported: Vec<String>,
 }
@@ -81,20 +81,26 @@ pub struct OpenIdConfiguration {
 fn generate_openid_configuration(base_url: &str, state: &OxideState) -> OpenIdConfiguration {
     // Determine which signing algorithms are supported
     let mut signing_algs = vec!["HS256".to_string()];
-    
+
     // If we have RS256 keys configured, add RS256
     log::debug!("RS256 public key length: {}", state.rs256_public_key.len());
-    log::debug!("RS256 private key length: {}", state.rs256_private_key.len());
-    
+    log::debug!(
+        "RS256 private key length: {}",
+        state.rs256_private_key.len()
+    );
+
     if !state.rs256_public_key.is_empty() && !state.rs256_private_key.is_empty() {
         // Add RS256 if we have keys, regardless of whether decoding succeeds
         signing_algs.push("RS256".to_string());
         log::debug!("RS256 signing algorithm added to OpenID configuration");
     } else {
-        log::warn!("RS256 keys are not properly configured - public key empty: {}, private key empty: {}", 
-                  state.rs256_public_key.is_empty(), state.rs256_private_key.is_empty());
+        log::warn!(
+            "RS256 keys are not properly configured - public key empty: {}, private key empty: {}",
+            state.rs256_public_key.is_empty(),
+            state.rs256_private_key.is_empty()
+        );
     }
-    
+
     OpenIdConfiguration {
         issuer: base_url.to_string(),
         authorization_endpoint: format!("{}/authorize", base_url),
@@ -149,10 +155,10 @@ pub async fn openid_configuration(state: &State<OxideState>) -> Json<OpenIdConfi
     // In a production environment, you would want to get the base URL from the request
     // or configuration. For simplicity, we're using a hardcoded value here.
     let base_url = "http://localhost:8080";
-    
+
     // Generate the configuration document
     let config = generate_openid_configuration(base_url, state);
-    
+
     Json(config)
 }
 
@@ -164,9 +170,9 @@ pub async fn openid_configuration(state: &State<OxideState>) -> Json<OpenIdConfi
 /// issued by this server.
 ///
 /// # URL
-/// 
-/// 
-/// 
+///
+///
+///
 ///
 /// `GET /.well-known/jwks.json`
 ///
@@ -177,17 +183,19 @@ pub async fn openid_configuration(state: &State<OxideState>) -> Json<OpenIdConfi
 pub async fn jwks(state: &State<OxideState>) -> Json<Value> {
     // Create a key set for our public keys
     let mut keys = vec![];
-    
+
     // If we have an RS256 public key, add it to the key set
-    if let Ok(rs256_pub_key) = base64::engine::general_purpose::STANDARD.decode(&state.rs256_public_key) {
+    if let Ok(rs256_pub_key) =
+        base64::engine::general_purpose::STANDARD.decode(&state.rs256_public_key)
+    {
         if !rs256_pub_key.is_empty() {
             // Parse the PEM encoded public key
             if let Ok(jwk) = JwkKeySet::create_jwk_from_pem(&rs256_pub_key) {
                 keys.push(jwk);
             }
         }
     }
-    
+
     // Return the key set
     Json(json!({
         "keys": keys

src/visualization/server.rs

@@ -51,9 +51,9 @@
 //! ```
 
 use crate::include_png_as_base64;
-use base64::Engine;
+use crate::visualization::oidc::{jwks, openid_configuration}; // Add this import
 use crate::visualization::oxide_auth::{authorize, authorize_consent, refresh, token};
-use crate::visualization::oidc::{openid_configuration, jwks}; // Add this import
+use base64::Engine;
 use include_dir::{include_dir, Dir};
 use rocket::fairing::{Fairing, Info, Kind};
 use rocket::figment::Figment;
@@ -221,21 +221,27 @@ async fn options(_path: PathBuf) -> Result<(), std::io::Error> {
 pub async fn build_rocket(figment: Figment, hmac_secret: &str) -> Rocket<Build> {
     // Create OAuth2 state with the HMAC secret from config
     let mut oxide_state = OxideState::preconfigured(hmac_secret);
-    
+
     // Extract RS256 keys from figment if present
     if let Some(private_key) = figment.extract_inner::<String>("rs256_private_key").ok() {
         oxide_state.rs256_private_key = private_key;
     }
-    
+
     if let Some(public_key) = figment.extract_inner::<String>("rs256_public_key").ok() {
         oxide_state.rs256_public_key = public_key;
-        
+
         // If we have RS256 keys, update the JWT issuer
         if !oxide_state.rs256_public_key.is_empty() && !oxide_state.rs256_private_key.is_empty() {
-            if let Ok(decoded_private) = base64::engine::general_purpose::STANDARD.decode(&oxide_state.rs256_private_key) {
-                if let Ok(decoded_public) = base64::engine::general_purpose::STANDARD.decode(&oxide_state.rs256_public_key) {
+            if let Ok(decoded_private) =
+                base64::engine::general_purpose::STANDARD.decode(&oxide_state.rs256_private_key)
+            {
+                if let Ok(decoded_public) =
+                    base64::engine::general_purpose::STANDARD.decode(&oxide_state.rs256_public_key)
+                {
                     // Create a new JWT issuer with RS256 keys
-                    if let Ok(jwt_issuer) = super::jwt::JwtIssuer::with_rs256_pem(&decoded_private, &decoded_public) {
+                    if let Ok(jwt_issuer) =
+                        super::jwt::JwtIssuer::with_rs256_pem(&decoded_private, &decoded_public)
+                    {
                         oxide_state.issuer = std::sync::Arc::new(std::sync::Mutex::new(jwt_issuer));
                     }
                 }
@@ -361,9 +367,9 @@ pub fn build_rocket_test_instance() -> Rocket<Build> {
                 token,
                 refresh,
                 openid_configuration, // Add OIDC configuration endpoint
-                jwks, // Add JWKS endpoint
-                // TODO: Add introspection endpoint once fixed
-                // super::introspection::introspect,
+                jwks,                 // Add JWKS endpoint
+                                      // TODO: Add introspection endpoint once fixed
+                                      // super::introspection::introspect,
             ],
         )
         .mount(

tests/rs256_jwt_test.rs

@@ -4,15 +4,15 @@
 
 use base64::Engine;
 use jsonwebtoken::jwk::AlgorithmParameters;
+use jsonwebtoken::jwk::PublicKeyUse;
 use jsonwebtoken::{Algorithm, DecodingKey};
 use log::debug;
+use oxide_auth::endpoint::Issuer;
+use rocket::config::LogLevel;
 use rocket::http::{ContentType, Status};
-use rocket::{config::LogLevel};
-use jsonwebtoken::jwk::PublicKeyUse;
 use rsa::pkcs1::{EncodeRsaPrivateKey, EncodeRsaPublicKey};
 use rust_photoacoustic::visualization::jwt::JwtIssuer;
 use rust_photoacoustic::visualization::jwt_keys::JwkKeySet;
-use oxide_auth::endpoint::Issuer;
 use serde::de;
 use serde_json::Value;
 use std::time::{SystemTime, UNIX_EPOCH};
@@ -114,7 +114,7 @@ fn test_rs256_jwt_token_generation_and_validation() {
     let (_, wrong_public_key_bytes, _, _) = generate_test_rs256_keys();
     let wrong_decoding_key = DecodingKey::from_rsa_pem(&wrong_public_key_bytes)
         .expect("Failed to create wrong decoding key");
-    
+
     // The validation settings remain the same as above, with audience already set
     let wrong_verify_result =
         jsonwebtoken::decode::<serde_json::Value>(&token, &wrong_decoding_key, &validation);
@@ -263,7 +263,7 @@ async fn test_jwk_key_generation_from_public_key() {
     );
 
     assert!(
-        matches!(jwk.common.public_key_use,Some(PublicKeyUse::Signature)),
+        matches!(jwk.common.public_key_use, Some(PublicKeyUse::Signature)),
         "JWK key use should be 'sig' (signature)"
     );