chore: remove hyper 0.14

Author: robjtede

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Unreleased
 
+- Update `reqwest` dependency to `0.12`.
 - Minimum supported Rust version (MSRV) is now 1.72.
 
 ## 0.1.1

Cargo.toml

@@ -25,7 +25,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 name = "acme"
 
 [dependencies]
-base64 = "0.21"
+base64 = "0.22"
 der = { version = "0.7", features = ["std", "time"] }
 ecdsa = { version = "0.16", features = ["signing", "verifying"] }
 eyre = "0.6"
@@ -35,7 +35,7 @@ parking_lot = "0.12"
 pem = { package = "pem-rfc7468", version = "0.7" }
 pkcs8 = "0.10"
 rand = "0.8"
-reqwest = { version = "0.11", default-features = false, features = ["json"] }
+reqwest = { version = "0.12", default-features = false, features = ["json"] }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 sha2 = { version = "0.10.6", features = ["oid"] }
@@ -48,9 +48,10 @@ zeroize = "1"
 actix-files = "0.6"
 actix-web = "4"
 color-eyre = "0.6"
-env_logger = "0.10"
-hyper = { version = "0.14", features = ["server", "tcp", "http1"] }
-rcgen = "0.11"
+env_logger = "0.11"
+actix-http = "3.5"
+actix-server = "2"
+rcgen = "0.13"
 regex = "1.4"
-rustls = "0.21"
+rustls = "0.23"
 tokio = { version = "1.24.2", features = ["full"] }

examples/tls-alpn-01.rs

@@ -2,7 +2,10 @@ use std::{collections::HashMap, sync::Arc, thread, time::Duration};
 
 use acme::{create_p256_key, Directory, DirectoryUrl};
 use parking_lot::Mutex;
-use rustls::server::Acceptor;
+use rustls::{
+    pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer},
+    server::Acceptor,
+};
 use tokio::fs;
 
 const CERTIFICATE_DIR: &str = "./acme-certificates";
@@ -163,21 +166,22 @@ fn acme_tls_server(ids: AcmeIdentityMap) {
 
 /// Generate a self-signed server configuration for the ACME negotiator.
 fn acme_tls_server_config(server_name: &str, acme_identity: [u8; 32]) -> Arc<rustls::ServerConfig> {
-    let mut cert_params = rcgen::CertificateParams::new(vec![server_name.to_owned()]);
+    let mut cert_params = rcgen::CertificateParams::new(vec![server_name.to_owned()]).unwrap();
     cert_params.extended_key_usages = vec![rcgen::ExtendedKeyUsagePurpose::ServerAuth];
     cert_params.custom_extensions =
         vec![rcgen::CustomExtension::new_acme_identifier(&acme_identity)];
 
-    let cert = rcgen::Certificate::from_params(cert_params).unwrap();
-    let cert_der = cert.serialize_der().unwrap();
-    let key_der = cert.serialize_private_key_der();
+    let key_pair = rcgen::KeyPair::generate().unwrap();
+    let key_der = key_pair.serialize_der();
+
+    let cert = cert_params.self_signed(&key_pair).unwrap();
+    let cert_der = cert.der();
 
     let mut server_config = rustls::ServerConfig::builder()
-        .with_safe_defaults()
         .with_no_client_auth()
         .with_single_cert(
-            vec![rustls::Certificate(cert_der.clone())],
-            rustls::PrivateKey(key_der.clone()),
+            vec![cert_der.clone()],
+            PrivateKeyDer::Pkcs8(PrivatePkcs8KeyDer::from(key_der)),
         )
         .unwrap();
 

justfile

@@ -7,7 +7,8 @@ clippy:
     cargo hack --feature-powerset --depth=3 clippy --workspace
 
 test:
-    cargo test --all-features
+    cargo nextest run --all-features
+    cargo test --doc --all-features
     @just test-coverage-codecov
     @just test-coverage-lcov
     RUSTDOCFLAGS="-D warnings" cargo doc --workspace --no-deps --all-features
@@ -18,22 +19,22 @@ test-coverage-codecov:
 test-coverage-lcov:
     cargo llvm-cov --workspace --all-features --lcov --output-path lcov.info
 
-doc:
-    RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --all-features
+doc *args:
+    RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --all-features {{ args }}
 
-doc-watch:
-    RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --all-features --open
-    cargo watch -- RUSTDOCFLAGS="--cfg=docsrs" cargo +nightly doc --no-deps --workspace --all-features
+doc-watch: (doc "--open")
+    cargo watch -- just doc
 
 check:
     just --unstable --fmt --check
-    npx -y prettier --check $(fd --hidden -e=md -e=yml)
-    taplo lint
+    fd --hidden --extension=md --extension=yml --exec-batch prettier --check
+    fd --hidden --extension=toml --exec-batch taplo format --check
+    fd --hidden --extension=toml --exec-batch taplo lint
     cargo +nightly fmt -- --check
 
 fmt:
     just --unstable --fmt
     nix fmt
-    npx -y prettier --write $(fd --hidden -e=md -e=yml)
-    taplo format
+    fd --hidden --extension=md --extension=yml --exec-batch prettier --write
+    fd --hidden --extension=toml --exec-batch taplo format
     cargo +nightly fmt

src/test.rs

@@ -1,13 +1,11 @@
 #![allow(clippy::trivial_regex)]
 
-use std::{convert::Infallible, net::TcpListener, sync::OnceLock};
+use std::{convert::Infallible, future::ready, net::TcpListener, sync::OnceLock};
 
-use hyper::{
-    service::{make_service_fn, service_fn},
-    Body, Method, Request, Response, Server,
-};
+use actix_http::{HttpService, Method, Request, Response, StatusCode};
+use actix_server::{Server, ServerHandle};
+use actix_web::body::MessageBody;
 use regex::Regex;
-use tokio::sync::oneshot;
 
 static RE_URL: OnceLock<Regex> = OnceLock::new();
 
@@ -17,16 +15,16 @@ fn re_url() -> &'static Regex {
 
 pub struct TestServer {
     pub dir_url: String,
-    shutdown: Option<oneshot::Sender<()>>,
+    handle: ServerHandle,
 }
 
 impl Drop for TestServer {
     fn drop(&mut self) {
-        self.shutdown.take().unwrap().send(()).ok();
+        drop(self.handle.stop(false));
     }
 }
 
-fn get_directory(url: &str) -> Response<Body> {
+fn get_directory(url: &str) -> Response<impl MessageBody> {
     const BODY: &str = r#"{
     "keyChange": "<URL>/acme/key-change",
     "newAccount": "<URL>/acme/new-acct",
@@ -40,25 +38,24 @@ fn get_directory(url: &str) -> Response<Body> {
     }
     }"#;
 
-    Response::new(Body::from(
+    Response::with_body(
+        StatusCode::OK,
         RE_URL
             .get_or_init(|| Regex::new("<URL>").unwrap())
             .replace_all(BODY, url),
-    ))
+    )
 }
 
-fn head_new_nonce() -> Response<Body> {
-    Response::builder()
-        .status(204)
-        .header(
+fn head_new_nonce() -> Response<impl MessageBody> {
+    Response::build(StatusCode::NO_CONTENT)
+        .insert_header((
             "Replay-Nonce",
             "8_uBBV3N2DBRJczhoiB46ugJKUkUHxGzVe6xIMpjHFM",
-        )
-        .body(Body::empty())
-        .unwrap()
+        ))
+        .finish()
 }
 
-fn post_new_acct(url: &str) -> Response<Body> {
+fn post_new_acct(url: &str) -> Response<impl MessageBody> {
     const BODY: &str = r#"{
     "id": 7728515,
     "key": {
@@ -81,14 +78,12 @@ fn post_new_acct(url: &str) -> Response<Body> {
         .replace_all("<URL>/acme/acct/7728515", url)
         .into_owned();
 
-    Response::builder()
-        .status(201)
-        .header("Location", location)
-        .body(Body::from(BODY))
-        .unwrap()
+    Response::build(StatusCode::CREATED)
+        .insert_header(("Location", location))
+        .body(BODY)
 }
 
-fn post_new_order(url: &str) -> Response<Body> {
+fn post_new_order(url: &str) -> Response<impl MessageBody> {
     const BODY: &str = r#"{
     "status": "pending",
     "expires": "2019-01-09T08:26:43.570360537Z",
@@ -108,14 +103,12 @@ fn post_new_order(url: &str) -> Response<Body> {
         .replace_all("<URL>/acme/order/YTqpYUthlVfwBncUufE8", url)
         .into_owned();
 
-    Response::builder()
-        .status(201)
-        .header("Location", location)
-        .body(Body::from(re_url().replace_all(BODY, url)))
-        .unwrap()
+    Response::build(StatusCode::CREATED)
+        .insert_header(("Location", location))
+        .body(re_url().replace_all(BODY, url))
 }
 
-fn post_get_order(url: &str) -> Response<Body> {
+fn post_get_order(url: &str) -> Response<impl MessageBody> {
     const BODY: &str = r#"{
     "status": "<STATUS>",
     "expires": "2019-01-09T08:26:43.570360537Z",
@@ -134,13 +127,10 @@ fn post_get_order(url: &str) -> Response<Body> {
 
     let body = re_url().replace_all(BODY, url).into_owned();
 
-    Response::builder()
-        .status(200)
-        .body(Body::from(body))
-        .unwrap()
+    Response::build(StatusCode::OK).body(body)
 }
 
-fn post_authz(url: &str) -> Response<Body> {
+fn post_authz(url: &str) -> Response<impl MessageBody> {
     const BODY: &str = r#"{
         "identifier": {
             "type": "dns",
@@ -170,70 +160,70 @@ fn post_authz(url: &str) -> Response<Body> {
         ]
     }"#;
 
-    Response::builder()
-        .status(201)
-        .body(Body::from(re_url().replace_all(BODY, url)))
-        .unwrap()
+    Response::build(StatusCode::CREATED).body(re_url().replace_all(BODY, url))
 }
 
-fn post_finalize(_url: &str) -> Response<Body> {
-    Response::builder().status(200).body(Body::empty()).unwrap()
+fn post_finalize(_url: &str) -> Response<impl MessageBody> {
+    Response::ok()
 }
 
-fn post_certificate(_url: &str) -> Response<Body> {
-    Response::builder()
-        .status(200)
-        .body("CERT HERE".into())
-        .unwrap()
+fn post_certificate(_url: &str) -> Response<impl MessageBody> {
+    Response::build(StatusCode::OK).body("CERT HERE")
 }
 
-fn route_request(req: Request<Body>, url: &str) -> Response<Body> {
-    match (req.method(), req.uri().path()) {
-        (&Method::GET, "/directory") => get_directory(url),
-        (&Method::HEAD, "/acme/new-nonce") => head_new_nonce(),
-        (&Method::POST, "/acme/new-acct") => post_new_acct(url),
-        (&Method::POST, "/acme/new-order") => post_new_order(url),
-        (&Method::POST, "/acme/order/YTqpYUthlVfwBncUufE8") => post_get_order(url),
-        (&Method::POST, "/acme/authz/YTqpYUthlVfwBncUufE8IRWLMSRqcSs") => post_authz(url),
-        (&Method::POST, "/acme/finalize/7738992/18234324") => post_finalize(url),
-        (&Method::POST, "/acme/cert/fae41c070f967713109028") => post_certificate(url),
-        (_, _) => Response::builder().status(404).body(Body::empty()).unwrap(),
+fn route_request(req: Request, url: &str) -> Response<impl MessageBody> {
+    match (req.method(), req.path()) {
+        (&Method::GET, "/directory") => get_directory(url).map_into_boxed_body(),
+        (&Method::HEAD, "/acme/new-nonce") => head_new_nonce().map_into_boxed_body(),
+        (&Method::POST, "/acme/new-acct") => post_new_acct(url).map_into_boxed_body(),
+        (&Method::POST, "/acme/new-order") => post_new_order(url).map_into_boxed_body(),
+
+        (&Method::POST, "/acme/order/YTqpYUthlVfwBncUufE8") => {
+            post_get_order(url).map_into_boxed_body()
+        }
+
+        (&Method::POST, "/acme/authz/YTqpYUthlVfwBncUufE8IRWLMSRqcSs") => {
+            post_authz(url).map_into_boxed_body()
+        }
+
+        (&Method::POST, "/acme/finalize/7738992/18234324") => {
+            post_finalize(url).map_into_boxed_body()
+        }
+
+        (&Method::POST, "/acme/cert/fae41c070f967713109028") => {
+            post_certificate(url).map_into_boxed_body()
+        }
+
+        (_, _) => Response::build(StatusCode::NOT_FOUND)
+            .finish()
+            .map_into_boxed_body(),
     }
 }
 
 pub fn with_directory_server() -> TestServer {
-    let tcp = TcpListener::bind("127.0.0.1:0").unwrap();
-    let port = tcp.local_addr().unwrap().port();
+    let lst = TcpListener::bind("127.0.0.1:0").unwrap();
+    let port = lst.local_addr().unwrap().port();
 
     let url = format!("http://127.0.0.1:{port}");
     let dir_url = format!("{url}/directory");
 
-    let (tx, rx) = oneshot::channel::<()>();
-
-    let make_service = make_service_fn(move |_| {
-        let url = url.clone();
-        async move {
+    let server = Server::build()
+        .listen("acme", lst, move || {
             let url = url.clone();
-            hyper::Result::Ok(service_fn(move |req| {
-                let url = url.clone();
-                async move { Ok::<_, Infallible>(route_request(req, &url)) }
-            }))
-        }
-    });
 
-    let server = Server::from_tcp(tcp)
+            HttpService::build()
+                .finish(move |req| ready(Ok::<_, Infallible>(route_request(req, &url))))
+                .tcp()
+        })
         .unwrap()
-        .serve(make_service)
-        .with_graceful_shutdown(async {
-            rx.await.ok();
-        });
+        .workers(1)
+        .run();
+
+    let handle = server.handle();
 
     tokio::spawn(server);
 
-    TestServer {
-        dir_url,
-        shutdown: Some(tx),
-    }
+    TestServer { dir_url, handle }
 }
 
 #[tokio::test]