dergecko
diff --git a/‎test-certs/src/configuration/certificates.rs‎
Lines changed: 47 additions & 53 deletions b/‎test-certs/src/configuration/certificates.rs‎
Lines changed: 47 additions & 53 deletions
diff --git a/‎test-certs/src/configuration/mod.rs‎
Lines changed: 5 additions & 5 deletions b/‎test-certs/src/configuration/mod.rs‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎test-certs/src/lib.rs‎
Lines changed: 21 additions & 26 deletions b/‎test-certs/src/lib.rs‎
Lines changed: 21 additions & 26 deletions
@@ -9,7 +9,7 @@ use serde::{Deserialize, Serialize};
 pub struct CertificateRoot {
     /// All certificates
     #[serde(flatten)]
-    pub certificates: HashMap<String, CertificateTypes>,
+    pub certificates: HashMap<String, CertificateType>,
 }
 
 /// The certificate authority to sign other certificates.
@@ -21,7 +21,7 @@ pub struct CertificateAuthorityConfiguration {
 
     /// Certificates that are signed by this CA.
     #[serde(skip_serializing_if = "HashMap::is_empty")]
-    pub certificates: HashMap<String, CertificateTypes>,
+    pub certificates: HashMap<String, CertificateType>,
 }
 
 /// A certificate used for client authentication.
@@ -43,7 +43,7 @@ pub struct ServerConfiguration {
 /// All kinds of different certificates.
 #[derive(Debug, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(tag = "type", rename_all = "lowercase")]
-pub enum CertificateTypes {
+pub enum CertificateType {
     /// A certificate that acts as a Certificate Authority.
     #[serde(alias = "ca")]
     CertificateAuthority(CertificateAuthorityConfiguration),
@@ -55,34 +55,34 @@ pub enum CertificateTypes {
     Server(ServerConfiguration),
 }
 
-impl CertificateTypes {
-    /// Should the private key be exported or not
+/// Is used to provide a reference to an empty HashMap.
+/// The [`LazyLock`] is required as a HashMap::new is not usable in const expressions.
+static NO_CERTIFICATES: LazyLock<HashMap<String, CertificateType>> = LazyLock::new(HashMap::new);
+
+impl CertificateType {
+    /// Should the private key be exported or not.
     pub fn export_key(&self) -> bool {
         match self {
-            CertificateTypes::CertificateAuthority(certificate_authority) => {
+            CertificateType::CertificateAuthority(certificate_authority) => {
                 certificate_authority.export_key
             }
-            CertificateTypes::Client(client) => client.export_key,
-            CertificateTypes::Server(server) => server.export_key,
+            CertificateType::Client(client) => client.export_key,
+            CertificateType::Server(server) => server.export_key,
         }
     }
 
     /// Certificates issued by this certificate.
-    pub fn certificates(&self) -> &HashMap<String, CertificateTypes> {
+    pub fn certificates(&self) -> &HashMap<String, CertificateType> {
         match self {
-            CertificateTypes::CertificateAuthority(certificate_authority) => {
+            CertificateType::CertificateAuthority(certificate_authority) => {
                 &certificate_authority.certificates
             }
-            CertificateTypes::Client(_client) => &NO_CERTIFICATES,
-            CertificateTypes::Server(_server) => &NO_CERTIFICATES,
+            CertificateType::Client(_client) => &NO_CERTIFICATES,
+            CertificateType::Server(_server) => &NO_CERTIFICATES,
         }
     }
 }
 
-/// Is used to provide a reference to an empty HashMap.
-/// The [`LazyLock`] is required as a HashMap::new is not usable in const expressions.
-static NO_CERTIFICATES: LazyLock<HashMap<String, CertificateTypes>> = LazyLock::new(HashMap::new);
-
 impl Default for ClientConfiguration {
     fn default() -> Self {
         Self { export_key: true }
@@ -100,47 +100,41 @@ impl Default for ServerConfiguration {
 pub mod fixtures {
     use super::*;
 
-    /// Creates a certificate authority and a server and client certificated that are issued by it.
-    pub fn certificate_ca_with_client() -> CertificateRoot {
+    /// Provides a [`CertificateRoot`] with a ca certificate that issues one client certificate.
+    pub fn ca_with_client_certificates() -> CertificateRoot {
         let certs = CertificateRoot {
-            certificates: HashMap::from([("ca".to_string(), ca_with_client())]),
+            certificates: HashMap::from([("ca".to_string(), ca_with_client_certificate_type())]),
         };
         certs
     }
 
-    /// Creates a certificate of type ca with a client cert.
-    pub fn ca_with_client() -> CertificateTypes {
-        CertificateTypes::CertificateAuthority(CertificateAuthorityConfiguration {
-            certificates: HashMap::from([(
-                "client".to_string(),
-                CertificateTypes::Client(ClientConfiguration::default()),
-            )]),
+    /// Provides a [`CertificateType`] that is a ca certificate that issues one client certificate.
+    pub fn ca_with_client_certificate_type() -> CertificateType {
+        CertificateType::CertificateAuthority(CertificateAuthorityConfiguration {
+            certificates: HashMap::from([("client".to_string(), client_certificate_type())]),
             ..Default::default()
         })
     }
 
-    /// Creates a client certificate.
-    pub fn certificate_client() -> CertificateRoot {
+    /// Provides a [`CertificateRoot`] with only a client certificate.
+    pub fn single_client_certificate() -> CertificateRoot {
         let certs = CertificateRoot {
-            certificates: HashMap::from([(
-                "client".to_string(),
-                CertificateTypes::Client(ClientConfiguration::default()),
-            )]),
+            certificates: HashMap::from([("client".to_string(), client_certificate_type())]),
         };
         certs
     }
 
-    /// Creates a certificate of type client.
-    pub fn client() -> CertificateTypes {
-        CertificateTypes::Client(ClientConfiguration::default())
+    /// Provides a [`CertificateType`] that is a client certificate.
+    pub fn client_certificate_type() -> CertificateType {
+        CertificateType::Client(ClientConfiguration::default())
     }
 
-    /// Creates a certificate authority without any other certificates.
-    pub fn certificate_ca() -> CertificateRoot {
+    /// Provides a [`CertificateRoot`] with only one ca certificate.
+    pub fn single_ca_certificate() -> CertificateRoot {
         let certs = CertificateRoot {
             certificates: HashMap::from([(
                 "ca".to_string(),
-                CertificateTypes::CertificateAuthority(CertificateAuthorityConfiguration::default()),
+                CertificateType::CertificateAuthority(CertificateAuthorityConfiguration::default()),
             )]),
         };
         certs
@@ -150,13 +144,13 @@ pub mod fixtures {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use fixtures::certificate_ca_with_client;
+    use fixtures::ca_with_client_certificates;
     use serde_json::json;
 
-    fn get_ca(cert: &CertificateTypes) -> &CertificateAuthorityConfiguration {
-        assert!(matches!(cert, CertificateTypes::CertificateAuthority(_)));
+    fn get_ca(cert: &CertificateType) -> &CertificateAuthorityConfiguration {
+        assert!(matches!(cert, CertificateType::CertificateAuthority(_)));
         let ca = match cert {
-            CertificateTypes::CertificateAuthority(certificate_authority) => certificate_authority,
+            CertificateType::CertificateAuthority(certificate_authority) => certificate_authority,
             _ => panic!("expected ca certificate"),
         };
         ca
@@ -171,9 +165,9 @@ mod tests {
                 "type": "ca",
             });
 
-            let ca: CertificateTypes = serde_json::from_value(json).unwrap();
+            let ca: CertificateType = serde_json::from_value(json).unwrap();
 
-            assert!(matches!(ca, CertificateTypes::CertificateAuthority(_)))
+            assert!(matches!(ca, CertificateType::CertificateAuthority(_)))
         }
 
         #[test]
@@ -183,7 +177,7 @@ mod tests {
                 "bambu": "solala"
             });
 
-            let result: Result<CertificateTypes, _> = serde_json::from_value(json);
+            let result: Result<CertificateType, _> = serde_json::from_value(json);
 
             assert!(result.is_err())
         }
@@ -209,7 +203,7 @@ mod tests {
             }
             });
 
-            let ca: CertificateTypes = serde_json::from_value(json).unwrap();
+            let ca: CertificateType = serde_json::from_value(json).unwrap();
             let ca = get_ca(&ca);
             let intermediate_ca = ca.certificates.get("intermediate_ca").unwrap();
             let intermediate_ca = get_ca(intermediate_ca);
@@ -219,7 +213,7 @@ mod tests {
 
         #[test]
         fn should_serde_roundtrip() {
-            let certs = certificate_ca_with_client();
+            let certs = ca_with_client_certificates();
 
             let serialized = serde_json::to_string(&certs).unwrap();
             let deserialized: CertificateRoot = serde_json::from_str(&serialized).unwrap();
@@ -236,7 +230,7 @@ mod tests {
             let certificates = CertificateRoot {
                 certificates: HashMap::from([(
                     "my-ca".to_string(),
-                    CertificateTypes::CertificateAuthority(CertificateAuthorityConfiguration {
+                    CertificateType::CertificateAuthority(CertificateAuthorityConfiguration {
                         certificates: HashMap::new(),
                         export_key: false,
                     }),
@@ -258,23 +252,23 @@ mod tests {
         fn should_deserialize_ca() {
             let yaml = r#"type: ca"#;
 
-            let ca: CertificateTypes = serde_yaml::from_str(yaml).unwrap();
+            let ca: CertificateType = serde_yaml::from_str(yaml).unwrap();
 
-            assert!(matches!(ca, CertificateTypes::CertificateAuthority(_)))
+            assert!(matches!(ca, CertificateType::CertificateAuthority(_)))
         }
 
         #[test]
         fn should_deserialize_certificateauthority() {
             let yaml = r#"type: certificateauthority"#;
 
-            let ca: CertificateTypes = serde_yaml::from_str(yaml).unwrap();
+            let ca: CertificateType = serde_yaml::from_str(yaml).unwrap();
 
-            assert!(matches!(ca, CertificateTypes::CertificateAuthority(_)))
+            assert!(matches!(ca, CertificateType::CertificateAuthority(_)))
         }
 
         #[test]
         fn should_serde_roundtrip() {
-            let certs = certificate_ca_with_client();
+            let certs = ca_with_client_certificates();
 
             let serialized = serde_yaml::to_string(&certs).unwrap();
             let deserialized: CertificateRoot = serde_yaml::from_str(&serialized).unwrap();
 
@@ -9,9 +9,9 @@ pub mod certificates;
 #[derive(Parser, Debug)]
 #[command(version, about, long_about = None)]
 pub struct Args {
-    /// Configuration file that contains the certificate generation definition.
-    #[arg(short, long, default_value = "./certificate_generation.yaml")]
-    pub configuration: PathBuf,
+    /// The input file that contains the certificate generation configuration.
+    #[arg(short, long, default_value = "./certificates.yaml")]
+    pub input: PathBuf,
 
     /// Folder where all generated certificates will be saved.
     #[arg(short, long = "out-dir", default_value = "./certificates.d/")]
@@ -47,10 +47,10 @@ mod tests {
     #[test]
     fn should_parse_args() {
         let args =
-            Args::try_parse_from(&["", "--configuration", "./file.yaml", "--out-dir", "./certs", "json"])
+            Args::try_parse_from(&["", "--input", "./file.yaml", "--out-dir", "./certs", "json"])
                 .unwrap();
 
-        assert_eq!(args.configuration.display().to_string(), "./file.yaml");
+        assert_eq!(args.input.display().to_string(), "./file.yaml");
         assert_eq!(args.format.to_string(), "json");
         assert_eq!(args.outdir.display().to_string(), "./certs");
     }
 
@@ -6,7 +6,7 @@
 
 use std::{fmt::Debug, io::Write, path::PathBuf};
 
-use configuration::certificates::CertificateTypes;
+use configuration::certificates::CertificateType;
 use rcgen::{
     BasicConstraints, CertificateParams, DistinguishedName, DnType, IsCa, KeyPair, KeyUsagePurpose,
 };
@@ -21,20 +21,19 @@ pub enum Error {
     FailedToCreateCertificate(#[from] rcgen::Error),
 
     /// Error to write the certificate to disk
-    #[error("Could not write certificate to '{0}'")]
-    FailedToWriteCertificate(PathBuf),
+    #[error("Could not write certificate")]
+    FailedToWriteCertificate(std::io::Error),
 
-    /// Error to write the certificate  key to disk
-    #[error("Could not write certificate key to '{0}'")]
-    FailedToWriteKey(PathBuf),
+    /// Error to write the certificate key to disk
+    #[error("Could not write certificate key")]
+    FailedToWriteKey(std::io::Error),
 
     /// Multiple errors that occurred while working with certificates
     #[error("Multiple errors occurred")]
     ErrorCollection(Vec<Error>),
 }
 
 /// A pair of a certificate and the corresponding private key.
-#[allow(unused, reason = "Initial draft therefore values are not used yet")]
 pub struct Certificate {
     certificate: rcgen::Certificate,
     key: KeyPair,
@@ -44,32 +43,28 @@ pub struct Certificate {
 
 impl Certificate {
     /// Write the certificate and the key if marked for export to the specified folder.
-    ///
-    /// This fails if the folder is not accessible.
     pub fn write(&self, directory: &PathBuf) -> Result<(), Error> {
         let cert_file = directory.join(format!("{}.pem", &self.name));
 
-        let mut cert = std::fs::File::create(&cert_file)
-            .map_err(|_| Error::FailedToWriteCertificate(cert_file.clone()))?;
+        let mut cert =
+            std::fs::File::create(&cert_file).map_err(Error::FailedToWriteCertificate)?;
         cert.write_fmt(format_args!("{}", self.certificate.pem()))
-            .map_err(|_| Error::FailedToWriteCertificate(cert_file))?;
+            .map_err(Error::FailedToWriteCertificate)?;
 
         if self.export_key {
             let key_file = directory.join(format!("{}.key", &self.name));
-            let mut key = std::fs::File::create(&key_file)
-                .map_err(|_| Error::FailedToWriteCertificate(key_file.clone()))?;
+            let mut key = std::fs::File::create(&key_file).map_err(Error::FailedToWriteKey)?;
             key.write_fmt(format_args!("{}", self.key.serialize_pem()))
-                .map_err(|_| Error::FailedToWriteCertificate(key_file))?;
+                .map_err(Error::FailedToWriteKey)?;
         }
         Ok(())
     }
 }
 
+
+
 /// Generates all certificates that are present in the configuration file.
-///
-/// Each certificate chain is evaluated from the specified root certificate.
-/// If one certificate in the chain could not be created the corresponding
-/// error is reported and the chain will not be generated.
+// TODO: Make builder and return errors and certificates at the same time, maybe with an Iterator?
 pub fn generate(
     certificate_config: configuration::certificates::CertificateRoot,
 ) -> Result<Vec<Certificate>, Error> {
@@ -98,7 +93,7 @@ pub fn generate(
 /// Generates the certificate and all certificates issued by this one.
 fn generate_certificates(
     name: &str,
-    config: &CertificateTypes,
+    config: &CertificateType,
     issuer: Option<&Certificate>,
 ) -> Result<Vec<Certificate>, Error> {
     let mut result = vec![];
@@ -116,7 +111,7 @@ fn generate_certificates(
 /// Create the actual certificate and private key.
 fn create_certificate(
     name: &str,
-    certificate_config: &CertificateTypes,
+    certificate_config: &CertificateType,
     issuer: Option<&Certificate>,
 ) -> Result<Certificate, Error> {
     let key = KeyPair::generate()?;
@@ -161,15 +156,15 @@ fn issuer_params(common_name: &str) -> CertificateParams {
 #[cfg(test)]
 mod test {
     use configuration::certificates::fixtures::{
-        ca_with_client, certificate_ca_with_client, client,
+        ca_with_client_certificate_type, ca_with_client_certificates, client_certificate_type,
     };
     use testdir::testdir;
 
     use super::*;
 
     #[test]
     fn should_create_certificates() {
-        let certificate_config = certificate_ca_with_client();
+        let certificate_config = ca_with_client_certificates();
         let certificates = generate(certificate_config).unwrap();
         assert_eq!(
             certificates.len(),
@@ -180,15 +175,15 @@ mod test {
 
     #[test]
     fn should_create_certificate() {
-        let config = client();
+        let config = client_certificate_type();
         let result = create_certificate("test", &config, None);
 
         assert!(result.is_ok())
     }
 
     #[test]
     fn should_generate_certificates() {
-        let config = ca_with_client();
+        let config = ca_with_client_certificate_type();
         let result = generate_certificates("my-ca", &config, None);
 
         assert!(result.is_ok())
@@ -197,7 +192,7 @@ mod test {
     #[test]
     fn should_write_certificate_to_file() {
         let dir = testdir!();
-        let config = client();
+        let config = client_certificate_type();
         let certificates = generate_certificates("my-client", &config, None).unwrap();
         let certificate = certificates.first().unwrap();