feat: use confargs for argument parsing

Cargo.toml

@@ -30,7 +30,7 @@ tracing = "^0.1.29"
 anyhow = "^1.0.55"
 base64 = "^0.13.0"
 mime = "^0.3.16"
-toml = { version = "0.5.9", default-features = false }
+confargs = "^0.1.3"
 
 [dev-dependencies]
 tower = { version = "^0.4.11", features = ["util"] }

src/crypto/pki.rs

@@ -1,7 +1,7 @@
 // SPDX-FileCopyrightText: 2022 Profian Inc. <opensource@profian.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 
-use anyhow::{anyhow, Result};
+use anyhow::{anyhow, bail, Result};
 use pkcs8::{ObjectIdentifier, PrivateKeyInfo, SubjectPublicKeyInfo};
 use zeroize::Zeroizing;
 
@@ -63,7 +63,7 @@ impl<'a> PrivateKeyInfoExt for PrivateKeyInfo<'a> {
  EcdsaKeyPair::generate_pkcs8(&ALG, &rand)?
  }
 
- _ => return Err(anyhow!("unsupported")),
+ _ => bail!("unsupported"),
  };
 
  Ok(doc.as_ref().to_vec().into())
@@ -79,15 +79,15 @@ impl<'a> PrivateKeyInfoExt for PrivateKeyInfo<'a> {
  subject_public_key: pk,
  })
  }
- _ => return Err(anyhow!("unsupported")),
+ _ => bail!("unsupported"),
  }
  }
 
  fn signs_with(&self) -> Result<AlgorithmIdentifier<'_>> {
  match self.algorithm.oids()? {
  (ECPK, Some(P256)) => Ok(ES256),
  (ECPK, Some(P384)) => Ok(ES384),
- _ => return Err(anyhow!("unsupported")),
+ _ => bail!("unsupported"),
  }
  }
 
@@ -106,7 +106,7 @@ impl<'a> PrivateKeyInfoExt for PrivateKeyInfo<'a> {
  Ok(kp.sign(&rng, body)?.as_ref().to_vec())
  }
 
- _ => Err(anyhow!("unsupported")),
+ _ => bail!("unsupported"),
  }
  }
 }

src/main.rs

@@ -14,7 +14,6 @@ use ext::{kvm::Kvm, sgx::Sgx, snp::Snp, ExtVerifier};
 use rustls_pemfile::Item;
 use x509::ext::pkix::name::GeneralName;
 
-use std::fs::read;
 use std::net::{IpAddr, SocketAddr};
 use std::path::{Path, PathBuf};
 use std::sync::Arc;
@@ -44,6 +43,7 @@ use x509::time::{Time, Validity};
 use x509::{Certificate, PkiPath, TbsCertificate};
 
 use clap::Parser;
+use confargs::{prefix_char_filter, Toml};
 use zeroize::Zeroizing;
 
 const PKCS10: &str = "application/pkcs10";
@@ -174,38 +174,9 @@ impl State {
 async fn main() -> anyhow::Result<()> {
  tracing_subscriber::fmt::init();
 
- let args = std::env::args()
- .try_fold(Vec::new(), |mut args, arg| {
- if let Some(path) = arg.strip_prefix('@') {
- let conf = read(path).context(format!("failed to read config file at `{path}`"))?;
- match toml::from_slice(&conf)
- .context(format!("failed to parse config file at `{path}` as TOML"))?
- {
- toml::Value::Table(kv) => kv.into_iter().try_for_each(|(k, v)| {
- match v {
- toml::Value::String(v) => args.push(format!("--{k}={v}")),
- toml::Value::Integer(v) => args.push(format!("--{k}={v}")),
- toml::Value::Float(v) => args.push(format!("--{k}={v}")),
- toml::Value::Boolean(v) => {
- if v {
- args.push(format!("--{k}"))
- }
- }
- _ => bail!(
- "unsupported value type for field `{k}` in config file at `{path}`"
- ),
- }
- Ok(())
- })?,
- _ => bail!("invalid config file format in file at `{path}`"),
- }
- } else {
- args.push(arg);
- }
- Ok(args)
- })
- .map(Args::parse_from)
- .context("Failed to parse arguments")?;
+ let args = confargs::args::<Toml>(prefix_char_filter::<'@'>)
+ .context("Failed to parse config")
+ .map(Args::parse_from)?;
  let addr = SocketAddr::from((args.addr, args.port));
  let state = match (args.key, args.crt, args.host) {
  (None, None, Some(host)) => State::generate(args.san, &host)?,

testdata/ca.crt

@@ -1,13 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICCzCCAbKgAwIBAgIUFUI9KsxZrnwvpL4fs8FHbi+/tHQwCgYIKoZIzj0EAwIw
+MIICDjCCAbSgAwIBAgIUKKexKKtf3u8j2+3IgSGm8Dxr1EAwCgYIKoZIzj0EAwIw
 VjELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYDVQQH
-DAdSYWxlaWdoMRwwGgYDVQQDDBNzdGV3YXJkLnByb2ZpYW4uY29tMB4XDTIyMDYy
-NDE4MDcxNVoXDTIyMDcyNDE4MDcxNVowVjELMAkGA1UEBhMCVVMxFzAVBgNVBAgM
-Dk5vcnRoIENhcm9saW5hMRAwDgYDVQQHDAdSYWxlaWdoMRwwGgYDVQQDDBNzdGV3
-YXJkLnByb2ZpYW4uY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4uMncOOK
-DK3djhJy+Xk2M+yv6qFjHRImz2gCRzxpkCaA8SMk743RJnYFbF2ayP0hnMFiOcls
-QliBxz4IKtxhQqNeMFwwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYJ
-YIZIAYb4QgENBBAWDkNBIGNlcnRpZmljYXRlMB0GA1UdDgQWBBRnBS5ISxw5d0TM
-OstPUQA+WuWpLzAKBggqhkjOPQQDAgNHADBEAiBoAsZaAt4negzjVMEodR0R586g
-rsd9Q8W9Qoq3bAaVsQIgd+li6LH8bHdpBHaJNQJ7V4NUTp//0VwRY9nU8pes2+M=
+DAdSYWxlaWdoMRwwGgYDVQQDDBNzdGV3YXJkLnByb2ZpYW4uY29tMCAXDTIyMDgz
+MTA5MDQwMVoYDzIwNTAwMTE1MDkwNDAxWjBWMQswCQYDVQQGEwJVUzEXMBUGA1UE
+CAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxHDAaBgNVBAMME3N0
+ZXdhcmQucHJvZmlhbi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARqwu9H
+3O8mJ0+k5rh0RqRFaaquj47U/reOjDFEc/JkcZq1e/5MOMFRi2rd1e3VGbVUQMdT
+XkQVXJmfd/5cDn/Fo14wXDAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAd
+BglghkgBhvhCAQ0EEBYOQ0EgY2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0+JBdjjca/
+j8D21TZQD1cITKApMAoGCCqGSM49BAMCA0gAMEUCIG6LvOlXMTyah22qHnzUkxQZ
+uEaJ18eTisJjy37SAxdeAiEAw/YyLgt8IVCmmLaHq57lsBfT2kLq6O5UJWaWTtPP
+V1Q=
 -----END CERTIFICATE-----

testdata/ca.key

@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgja5rCS6PrHy0k56D
-yM8l3H0xJ6b6FioXpIrJKexFsjGhRANCAATi4ydw44oMrd2OEnL5eTYz7K/qoWMd
-EibPaAJHPGmQJoDxIyTvjdEmdgVsXZrI/SGcwWI5yWxCWIHHPggq3GFC
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6dIc79A3CmYGE8MP
+ukAodJZqKFblVdTLaKzOK1nFxi6hRANCAARqwu9H3O8mJ0+k5rh0RqRFaaquj47U
+/reOjDFEc/JkcZq1e/5MOMFRi2rd1e3VGbVUQMdTXkQVXJmfd/5cDn/F
 -----END PRIVATE KEY-----

testdata/generate.sh

@@ -5,6 +5,6 @@ printf "\nCA "
 openssl pkey -noout -text -in ca.key
 
 printf "\nGenerating CA certificate\n"
-openssl req -new -x509 -config ca.conf -key ca.key -out ca.crt
+openssl req -new -x509 -days 9999 -config ca.conf -key ca.key -out ca.crt
 printf "\nCA "
 openssl x509 -noout -text -in ca.crt