Merge pull request #266 from umccr/feat/c4gh-misc

mmalenic · web-flow · commit ded4d9d2d59c · 2024-09-19T09:58:17.000Z
fix: explicitly choose aws_lc_rs as the crypto provider
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/htsget-actix/Cargo.toml b/htsget-actix/Cargo.toml
@@ -24,6 +24,7 @@ default = []
 
 [dependencies]
 actix-web = { version = "4", features = ["rustls-0_23"] }
+rustls = "0.23"
 actix-cors = "0.7"
 http_1 = { package = "http", version = "1" }
 http = "0.2"
diff --git a/htsget-actix/src/lib.rs b/htsget-actix/src/lib.rs
@@ -147,6 +147,7 @@ mod tests {
   use actix_web::dev::ServiceResponse;
   use actix_web::{test, web, App};
   use async_trait::async_trait;
+  use rustls::crypto::aws_lc_rs;
   use tempfile::TempDir;
 
   use htsget_axum::server::BindServer;
@@ -261,6 +262,8 @@ mod tests {
 
   impl ActixTestServer {
     fn new_with_tls<P: AsRef<Path>>(path: P) -> Self {
+      let _ = aws_lc_rs::default_provider().install_default();
+
       Self {
         config: config_with_tls(path),
       }
diff --git a/htsget-actix/src/main.rs b/htsget-actix/src/main.rs
@@ -1,3 +1,5 @@
+use rustls::crypto::aws_lc_rs;
+use std::io;
 use tokio::select;
 use tracing::debug;
 
@@ -7,7 +9,11 @@ use htsget_axum::server::data;
 use htsget_config::command;
 
 #[actix_web::main]
-async fn main() -> std::io::Result<()> {
+async fn main() -> io::Result<()> {
+  aws_lc_rs::default_provider()
+    .install_default()
+    .map_err(|_| io::Error::other("setting crypto provider"))?;
+
   if let Some(path) = Config::parse_args_with_command(command!())? {
     let config = Config::from_path(&path)?;
 
diff --git a/htsget-axum/Cargo.toml b/htsget-axum/Cargo.toml
@@ -35,6 +35,7 @@ default = []
 [dependencies]
 # Axum server
 hyper = { version = "1", features = ["http1", "http2", "server"] }
+rustls = "0.23"
 hyper-util = "0.1"
 tower-http = { version = "0.5", features = ["trace", "cors", "fs"] }
 http = "1"
diff --git a/htsget-axum/src/main.rs b/htsget-axum/src/main.rs
@@ -1,3 +1,4 @@
+use rustls::crypto::aws_lc_rs;
 use std::io;
 use tokio::select;
 use tracing::debug;
@@ -8,6 +9,10 @@ use htsget_config::config::Config;
 
 #[tokio::main]
 async fn main() -> io::Result<()> {
+  aws_lc_rs::default_provider()
+    .install_default()
+    .map_err(|_| io::Error::other("setting crypto provider"))?;
+
   if let Some(path) =
     Config::parse_args_with_command(command!()).expect("expected valid command parsing")
   {
diff --git a/htsget-axum/src/server/data.rs b/htsget-axum/src/server/data.rs
@@ -90,6 +90,7 @@ mod tests {
   use http::header::HeaderName;
   use http::{HeaderMap, Method};
   use reqwest::{Client, ClientBuilder, RequestBuilder};
+  use rustls::crypto::aws_lc_rs;
   use tempfile::{tempdir, TempDir};
   use tokio::fs::{create_dir, File};
   use tokio::io::AsyncWriteExt;
@@ -209,6 +210,8 @@ mod tests {
 
   #[tokio::test]
   async fn test_tls_server() {
+    let _ = aws_lc_rs::default_provider().install_default();
+
     let (_, base_path) = create_local_test_files().await;
     let config = config_with_tls(base_path.path()).data_server().clone();
     let server_config = config.into_tls().unwrap();
@@ -261,6 +264,8 @@ mod tests {
   }
 
   fn tls_formatter() -> BindServer {
+    let _ = aws_lc_rs::default_provider().install_default();
+
     let tmp_dir = tempdir().unwrap();
     let config = config_with_tls(tmp_dir.path()).data_server().clone();
     let server_config = config.into_tls().unwrap();
diff --git a/htsget-axum/src/server/ticket.rs b/htsget-axum/src/server/ticket.rs
@@ -118,6 +118,7 @@ mod tests {
   };
   use http::header::HeaderName;
   use http::{Method, Request};
+  use rustls::crypto::aws_lc_rs;
   use tempfile::TempDir;
   use tower::ServiceExt;
 
@@ -208,6 +209,8 @@ mod tests {
 
   impl AxumTestServer {
     fn new_with_tls<P: AsRef<Path>>(path: P) -> Self {
+      let _ = aws_lc_rs::default_provider().install_default();
+
       Self {
         config: config_with_tls(path),
       }
diff --git a/htsget-config/src/config/mod.rs b/htsget-config/src/config/mod.rs
@@ -494,12 +494,11 @@ pub(crate) mod tests {
   use std::fmt::Display;
 
   use crate::config::parser::from_str;
-  use figment::Jail;
-  use http::uri::Authority;
-
   use crate::storage::Storage;
   use crate::tls::tests::with_test_certificates;
   use crate::types::Scheme::Http;
+  use figment::Jail;
+  use http::uri::Authority;
 
   use super::*;
 
diff --git a/htsget-config/src/tls/mod.rs b/htsget-config/src/tls/mod.rs
@@ -203,6 +203,7 @@ pub(crate) mod tests {
   use std::path::Path;
 
   use rcgen::generate_simple_self_signed;
+  use rustls::crypto::aws_lc_rs;
   use rustls_pemfile::{certs, pkcs8_private_keys};
   use tempfile::TempDir;
 
@@ -245,6 +246,8 @@ pub(crate) mod tests {
   where
     F: FnOnce(&Path, PrivateKeyDer<'static>, CertificateDer<'static>),
   {
+    let _ = aws_lc_rs::default_provider().install_default();
+
     let tmp_dir = TempDir::new().unwrap();
 
     let key_path = tmp_dir.path().join("key.pem");
diff --git a/htsget-lambda/Cargo.toml b/htsget-lambda/Cargo.toml
@@ -25,6 +25,7 @@ default = []
 [dependencies]
 tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
 tower-http = { version = "0.5", features = ["cors"] }
+rustls = "0.23"
 lambda_http = { version = "0.13" }
 lambda_runtime = { version = "0.13" }
 serde = { version = "1" }
diff --git a/htsget-lambda/src/main.rs b/htsget-lambda/src/main.rs
@@ -1,13 +1,18 @@
-use std::env::set_var;
-
 use htsget_axum::server::ticket::TicketServer;
 use htsget_config::command;
 use htsget_config::config::Config;
 use lambda_http::{run, Error};
+use rustls::crypto::aws_lc_rs;
+use std::env::set_var;
+use std::io;
 use tracing::debug;
 
 #[tokio::main]
 async fn main() -> Result<(), Error> {
+  aws_lc_rs::default_provider()
+    .install_default()
+    .map_err(|_| io::Error::other("setting crypto provider"))?;
+
   // Ignore the API gateway stage.
   // See https://github.com/awslabs/aws-lambda-rust-runtime/tree/main/lambda-http#integration-with-api-gateway-stages
   set_var("AWS_LAMBDA_HTTP_IGNORE_STAGE_IN_PATH", "true");
