Fix dns names changed + log levels

- The dns names are now stored as a HashSet instead of a Vec to match regardless of ordering - Fixed print without log & changed log level for http logs to debug
2022-03-24 00:14:28 +01:00 · 2022-03-24 00:14:28 +01:00 · a843b20f7a
commit a843b20f7a
parent 8aaaeb21ad
3 changed files with 16 additions and 15 deletions
--- a/src/certs.rs
+++ b/src/certs.rs
@ -6,7 +6,7 @@ use acme2::{
    DirectoryBuilder, OrderBuilder, OrderStatus,
 };
 use log::{debug, info};
-use std::{sync::Arc, time::Duration, fmt::Display};
+use std::{sync::Arc, time::Duration, fmt::Display, collections::HashSet};
 use tokio::fs;

 #[derive(thiserror::Error, Debug)]
@ -37,7 +37,7 @@ pub trait CertExt {
    /// expired already
    fn expires_in_days(&self) -> i32;
    /// Get a list of all domain names for which this cert is valid
-    fn dns_names(&self) -> Vec<String>;
+    fn dns_names(&self) -> HashSet<String>;
 }

 /// The ACME API endpoint that should be used. This can be the Letsencrypt production or tesing, as
@ -105,11 +105,12 @@ impl CertRequester {

        let acc = match fs::read(&self.conf.account_file).await {
            Ok(pem) => {
+                info!("Using account '{}'", &self.conf.account_file);
                let key = PKey::private_key_from_pem(&pem)?;
                builder.private_key(key).build().await?
            }
            Err(_) => {
-                println!("Creating new account!");
+                info!("Account '{}' does not exists. Creating new", &self.conf.account_file);
                let acc = builder.terms_of_service_agreed(true).build().await?;
                let key = acc.private_key().private_key_to_pem_pkcs8()?;
                fs::write(&self.conf.account_file, &key).await?;
@ -203,7 +204,7 @@ impl CertRequester {
            return Err(ReqErr::NoChain);
        }

-        info!("The new certificate expires in {}", certs[0].expires_in_days());
+        info!("The new certificate expires in {} days", certs[0].expires_in_days());

        let x = certs
            .into_iter()
@ -225,8 +226,8 @@ impl CertExt for X509 {
        diff.days
    }

-    fn dns_names(&self) -> Vec<String> {
-        let mut names = Vec::new();
+    fn dns_names(&self) -> HashSet<String> {
+        let mut names = HashSet::new();

        if let Some(alt_names) = self.subject_alt_names() {
            names.extend(
--- a/src/config.rs
+++ b/src/config.rs
@ -1,5 +1,5 @@
 use serde_derive::Deserialize;
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};

 #[derive(Debug, Deserialize)]
 pub struct Config {
@ -24,7 +24,7 @@ pub struct ConfigCert {
    /// Path to the fullchain certificate file that will be created or updated
    pub fullchain_file: String,
    /// List of domain names to include in the certificate
-    pub domains: Vec<String>,
+    pub domains: HashSet<String>,
    /// Renew the certificate this many days before expiration
    pub renew_days: i32,
    /// Optional custom endpoint. If no enpoint is specified, the production letsencrypt endpoint 
--- a/src/http.rs
+++ b/src/http.rs
@ -1,6 +1,6 @@
 use std::{sync::Arc, collections::HashMap, net::{SocketAddr, AddrParseError}, convert::Infallible, future::Future};
 use hyper::{Server, service::{make_service_fn, service_fn}, Request, Body, Response, Method};
-use log::info;
+use log::debug;
 use tokio::sync::{RwLock, oneshot};

 #[derive(Debug, Clone)]
@ -68,10 +68,10 @@ impl ChallengeServer {
    }

    async fn serve_challenges(req: Request<Body>, mgr: ChallengeManager) -> Response<Body> {
-        info!("New http request: {}", req.uri());
+        debug!("New http request: {}", req.uri());
    
        if !matches!(req.method(), &Method::GET) {
-            info!("Request is not GET -> Reject");
+            debug!("Request is not GET -> Reject");
    
            return Response::builder()
                .status(405)
@ -83,7 +83,7 @@ impl ChallengeServer {
    
        let path = req.uri().path();
        if !path.starts_with(challenge_prefix) {
-            info!("Request is not for /.well-known -> Reject");
+            debug!("Request is not for /.well-known -> Reject");
    
            return Response::builder()
                .status(404)
@ -92,18 +92,18 @@ impl ChallengeServer {
        }
    
        let tok = &path[challenge_prefix.len()..];
-        info!("Requested token: {}", tok);
+        debug!("Requested token: {}", tok);
    
        match mgr.get(tok).await {
            Some(auth) => {
-                info!("Answering Request = {auth}");
+                debug!("Answering Request = {auth}");
                Response::builder()
                    .status(200)
                    .body(auth.to_string().into())
                    .unwrap()
            }
            None => {
-                info!("No matching challenge");
+                debug!("No matching challenge");
                Response::builder()
                    .status(404)
                    .body(String::new().into())