Upgrade to hyper-rustls 0.25

.github/workflows/rust.yml

@@ -33,7 +33,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@master
         with:
-          toolchain: "1.63.0"
+          toolchain: "1.70.0"
       - run: cargo check --lib --all-features
 
   lint:

Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "gcp_auth"
-version = "0.10.0"
+version = "0.11.0"
 edition = "2021"
-rust-version = "1.63"
+rust-version = "1.70"
 repository = "https://github.com/hrvolapeter/gcp_auth"
 description = "Google cloud platform (GCP) authentication using default and custom service accounts"
 documentation = "https://docs.rs/gcp_auth/"
@@ -21,10 +21,10 @@ base64 = "0.21"
 chrono = { version = "0.4.31", features = ["serde"] }
 home = "0.5.5"
 hyper = { version = "0.14.2", features = ["client", "runtime", "http2"] }
-hyper-rustls = { version = "0.24", default-features = false, features = ["tokio-runtime", "http1", "http2"] }
+hyper-rustls = { version = "0.25", default-features = false, features = ["http1", "http2", "ring", "tokio-runtime"] }
 ring = "0.17"
-rustls = "0.21"
-rustls-pemfile = "1.0.0"
+rustls = "0.22"
+rustls-pemfile = "2"
 serde = { version = "1.0", features = ["derive", "rc"] }
 serde_json = "1.0"
 thiserror = "1.0"

src/authentication_manager.rs

@@ -44,10 +44,10 @@ impl AuthenticationManager {
     pub async fn new() -> Result<Self, Error> {
         tracing::debug!("Initializing gcp_auth");
         if let Some(service_account) = CustomServiceAccount::from_env()? {
-            return Ok(service_account.into());
+            return service_account.try_into();
         }
 
-        let client = types::client();
+        let client = types::client()?;
         let default_user_error = match ConfigDefaultCredentials::new(&client).await {
             Ok(service_account) => {
                 tracing::debug!("Using ConfigDefaultCredentials");
@@ -117,8 +117,10 @@ impl AuthenticationManager {
     }
 }
 
-impl From<CustomServiceAccount> for AuthenticationManager {
-    fn from(service_account: CustomServiceAccount) -> Self {
-        Self::build(types::client(), service_account)
+impl TryFrom<CustomServiceAccount> for AuthenticationManager {
+    type Error = Error;
+
+    fn try_from(service_account: CustomServiceAccount) -> Result<Self, Self::Error> {
+        Ok(Self::build(types::client()?, service_account))
     }
 }

src/lib.rs

@@ -55,7 +55,7 @@
 //! // `credentials_path` variable is the path for the credentials `.json` file.
 //! let credentials_path = PathBuf::from("service-account.json");
 //! let service_account = CustomServiceAccount::from_file(credentials_path)?;
-//! let authentication_manager = AuthenticationManager::from(service_account);
+//! let authentication_manager = AuthenticationManager::try_from(service_account)?;
 //! let scopes = &["https://www.googleapis.com/auth/cloud-platform"];
 //! let token = authentication_manager.get_token(scopes).await?;
 //! # Ok(())

src/types.rs

@@ -97,17 +97,12 @@ pub struct Signer {
 
 impl Signer {
     pub(crate) fn new(pem_pkcs8: &str) -> Result<Self, Error> {
-        let private_keys = rustls_pemfile::pkcs8_private_keys(&mut pem_pkcs8.as_bytes());
-
-        let key = match private_keys {
-            Ok(mut keys) if !keys.is_empty() => {
-                keys.truncate(1);
-                keys.remove(0)
-            }
-            Ok(_) => {
+        let key = match rustls_pemfile::private_key(&mut pem_pkcs8.as_bytes()) {
+            Ok(Some(key)) => key,
+            Ok(None) => {
                 return Err(io::Error::new(
                     io::ErrorKind::InvalidInput,
-                    "Not enough private keys in PEM",
+                    "No private key found in PEM",
                 )
                 .into())
             }
@@ -121,7 +116,7 @@ impl Signer {
         };
 
         Ok(Signer {
-            key: RsaKeyPair::from_pkcs8(&key).map_err(|_| Error::SignerInit)?,
+            key: RsaKeyPair::from_pkcs8(key.secret_der()).map_err(|_| Error::SignerInit)?,
             rng: SystemRandom::new(),
         })
     }
@@ -150,13 +145,13 @@ where
     Ok(Utc::now() + Duration::from_secs(seconds_from_now))
 }
 
-pub(crate) fn client() -> HyperClient {
+pub(crate) fn client() -> Result<HyperClient, Error> {
     #[cfg(feature = "webpki-roots")]
     let https = HttpsConnectorBuilder::new().with_webpki_roots();
     #[cfg(not(feature = "webpki-roots"))]
-    let https = HttpsConnectorBuilder::new().with_native_roots();
+    let https = HttpsConnectorBuilder::new().with_native_roots()?;
 
-    Client::builder().build::<_, hyper::Body>(https.https_or_http().enable_http2().build())
+    Ok(Client::builder().build::<_, hyper::Body>(https.https_or_http().enable_http2().build()))
 }
 
 pub(crate) type HyperClient =