From a843b20f7a9face01f9716c21107a9deb86d135f Mon Sep 17 00:00:00 2001
From: Daniel M <danielm-github@dnml.de>
Date: Thu, 24 Mar 2022 00:14:28 +0100
Subject: [PATCH] Fix dns names changed + log levels

- The dns names are now stored as a HashSet instead of a Vec to match
  regardless of ordering
- Fixed print without log & changed log level for http logs to debug
---
 src/certs.rs  | 13 +++++++------
 src/config.rs |  4 ++--
 src/http.rs   | 14 +++++++-------
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/certs.rs b/src/certs.rs
index f7b5306..cd994be 100644
--- a/src/certs.rs
+++ b/src/certs.rs
@@ -6,7 +6,7 @@ use acme2::{
     DirectoryBuilder, OrderBuilder, OrderStatus,
 };
 use log::{debug, info};
-use std::{sync::Arc, time::Duration, fmt::Display};
+use std::{sync::Arc, time::Duration, fmt::Display, collections::HashSet};
 use tokio::fs;
 
 #[derive(thiserror::Error, Debug)]
@@ -37,7 +37,7 @@ pub trait CertExt {
     /// expired already
     fn expires_in_days(&self) -> i32;
     /// Get a list of all domain names for which this cert is valid
-    fn dns_names(&self) -> Vec<String>;
+    fn dns_names(&self) -> HashSet<String>;
 }
 
 /// The ACME API endpoint that should be used. This can be the Letsencrypt production or tesing, as
@@ -105,11 +105,12 @@ impl CertRequester {
 
         let acc = match fs::read(&self.conf.account_file).await {
             Ok(pem) => {
+                info!("Using account '{}'", &self.conf.account_file);
                 let key = PKey::private_key_from_pem(&pem)?;
                 builder.private_key(key).build().await?
             }
             Err(_) => {
-                println!("Creating new account!");
+                info!("Account '{}' does not exists. Creating new", &self.conf.account_file);
                 let acc = builder.terms_of_service_agreed(true).build().await?;
                 let key = acc.private_key().private_key_to_pem_pkcs8()?;
                 fs::write(&self.conf.account_file, &key).await?;
@@ -203,7 +204,7 @@ impl CertRequester {
             return Err(ReqErr::NoChain);
         }
 
-        info!("The new certificate expires in {}", certs[0].expires_in_days());
+        info!("The new certificate expires in {} days", certs[0].expires_in_days());
 
         let x = certs
             .into_iter()
@@ -225,8 +226,8 @@ impl CertExt for X509 {
         diff.days
     }
 
-    fn dns_names(&self) -> Vec<String> {
-        let mut names = Vec::new();
+    fn dns_names(&self) -> HashSet<String> {
+        let mut names = HashSet::new();
 
         if let Some(alt_names) = self.subject_alt_names() {
             names.extend(
diff --git a/src/config.rs b/src/config.rs
index 55f20a7..8f641ce 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,5 +1,5 @@
 use serde_derive::Deserialize;
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
 
 #[derive(Debug, Deserialize)]
 pub struct Config {
@@ -24,7 +24,7 @@ pub struct ConfigCert {
     /// Path to the fullchain certificate file that will be created or updated
     pub fullchain_file: String,
     /// List of domain names to include in the certificate
-    pub domains: Vec<String>,
+    pub domains: HashSet<String>,
     /// Renew the certificate this many days before expiration
     pub renew_days: i32,
     /// Optional custom endpoint. If no enpoint is specified, the production letsencrypt endpoint 
diff --git a/src/http.rs b/src/http.rs
index a1ccff0..3f9a624 100644
--- a/src/http.rs
+++ b/src/http.rs
@@ -1,6 +1,6 @@
 use std::{sync::Arc, collections::HashMap, net::{SocketAddr, AddrParseError}, convert::Infallible, future::Future};
 use hyper::{Server, service::{make_service_fn, service_fn}, Request, Body, Response, Method};
-use log::info;
+use log::debug;
 use tokio::sync::{RwLock, oneshot};
 
 #[derive(Debug, Clone)]
@@ -68,10 +68,10 @@ impl ChallengeServer {
     }
 
     async fn serve_challenges(req: Request<Body>, mgr: ChallengeManager) -> Response<Body> {
-        info!("New http request: {}", req.uri());
+        debug!("New http request: {}", req.uri());
     
         if !matches!(req.method(), &Method::GET) {
-            info!("Request is not GET -> Reject");
+            debug!("Request is not GET -> Reject");
     
             return Response::builder()
                 .status(405)
@@ -83,7 +83,7 @@ impl ChallengeServer {
     
         let path = req.uri().path();
         if !path.starts_with(challenge_prefix) {
-            info!("Request is not for /.well-known -> Reject");
+            debug!("Request is not for /.well-known -> Reject");
     
             return Response::builder()
                 .status(404)
@@ -92,18 +92,18 @@ impl ChallengeServer {
         }
     
         let tok = &path[challenge_prefix.len()..];
-        info!("Requested token: {}", tok);
+        debug!("Requested token: {}", tok);
     
         match mgr.get(tok).await {
             Some(auth) => {
-                info!("Answering Request = {auth}");
+                debug!("Answering Request = {auth}");
                 Response::builder()
                     .status(200)
                     .body(auth.to_string().into())
                     .unwrap()
             }
             None => {
-                info!("No matching challenge");
+                debug!("No matching challenge");
                 Response::builder()
                     .status(404)
                     .body(String::new().into())