Cleanup certs

Cargo.toml

@@ -102,8 +102,8 @@ sqlx = { version = "0.8", features = [
 ] }
 ssh-key = "0.6"
 struct-patch = "0.10"
-strum = { version = "0.27", features = ["derive"] }
-strum_macros = "0.27"
+strum = { version = "0.28", features = ["derive"] }
+strum_macros = "0.28"
 tera = "1.20"
 thiserror = "2.0"
 # match axum-extra -> cookies

crates/defguard_certs/src/lib.rs

@@ -137,7 +137,7 @@ impl CertificateAuthority<'_> {
     }
 
     pub fn expiry(&self) -> Result<NaiveDateTime, CertificateError> {
-        let CertificateInfo { not_after, .. } = parse_certificate_info(&self.cert_der)?;
+        let CertificateInfo { not_after, .. } = CertificateInfo::from_der(&self.cert_der)?;
         Ok(not_after)
     }
 }
@@ -149,44 +149,48 @@ pub struct CertificateInfo {
     pub serial: String,
 }
 
-pub fn parse_certificate_info(cert_der: &[u8]) -> Result<CertificateInfo, CertificateError> {
-    let (_, parsed) = parse_x509_certificate(cert_der)
-        .map_err(|e| CertificateError::ParsingError(format!("Failed to parse certificate: {e}")))?;
+impl CertificateInfo {
+    /// Parse certificate from DER-encoded bytes.
+    pub fn from_der(cert_der: &[u8]) -> Result<Self, CertificateError> {
+        let (_, parsed) = parse_x509_certificate(cert_der).map_err(|e| {
+            CertificateError::ParsingError(format!("Failed to parse certificate: {e}"))
+        })?;
 
-    let subject = &parsed.tbs_certificate.subject;
-    let serial = parsed.raw_serial_as_string();
+        let subject = &parsed.tbs_certificate.subject;
+        let serial = parsed.raw_serial_as_string();
 
-    let cn = subject
-        .iter_common_name()
-        .next()
-        .ok_or_else(|| CertificateError::ParsingError("Common Name not found".to_string()))?
-        .as_str()
-        .map_err(|e| {
-            CertificateError::ParsingError(format!("Failed to parse CN as string: {e}"))
-        })?;
+        let cn = subject
+            .iter_common_name()
+            .next()
+            .ok_or_else(|| CertificateError::ParsingError("Common Name not found".to_string()))?
+            .as_str()
+            .map_err(|e| {
+                CertificateError::ParsingError(format!("Failed to parse CN as string: {e}"))
+            })?;
 
-    let validity = &parsed.tbs_certificate.validity;
-    let not_before = validity.not_before.to_datetime();
-    let not_after = validity.not_after.to_datetime();
-
-    Ok(CertificateInfo {
-        subject_common_name: cn.to_string(),
-        not_before: chrono::DateTime::from_timestamp(not_before.unix_timestamp(), 0)
-            .ok_or_else(|| {
-                CertificateError::ParsingError(format!(
-                    "Failed to convert certificate not_before {not_before} to NaiveDateTime",
-                ))
-            })?
-            .naive_utc(),
-        not_after: chrono::DateTime::from_timestamp(not_after.unix_timestamp(), 0)
-            .ok_or_else(|| {
-                CertificateError::ParsingError(format!(
-                    "Failed to convert certificate not_after {not_after} to NaiveDateTime",
-                ))
-            })?
-            .naive_utc(),
-        serial,
-    })
+        let validity = &parsed.tbs_certificate.validity;
+        let not_before = validity.not_before.to_datetime();
+        let not_after = validity.not_after.to_datetime();
+
+        Ok(Self {
+            subject_common_name: cn.to_string(),
+            not_before: chrono::DateTime::from_timestamp(not_before.unix_timestamp(), 0)
+                .ok_or_else(|| {
+                    CertificateError::ParsingError(format!(
+                        "Failed to convert certificate not_before {not_before} to NaiveDateTime",
+                    ))
+                })?
+                .naive_utc(),
+            not_after: chrono::DateTime::from_timestamp(not_after.unix_timestamp(), 0)
+                .ok_or_else(|| {
+                    CertificateError::ParsingError(format!(
+                        "Failed to convert certificate not_after {not_after} to NaiveDateTime",
+                    ))
+                })?
+                .naive_utc(),
+            serial,
+        })
+    }
 }
 
 pub struct Csr<'a> {

crates/defguard_common/src/db/models/vpn_session_stats.rs

@@ -86,6 +86,7 @@ impl VpnSessionStats<Id> {
     }
 }
 
+#[must_use]
 pub fn endpoint_without_port(endpoint: &str) -> Option<String> {
     // Remove port part
     let mut addr = endpoint.rsplit_once(':')?.0;

crates/defguard_common/src/utils.rs

@@ -44,6 +44,7 @@ pub struct SplitIp {
 ///    If they are not equal, we found the first modifiable segment (one of the segments of an address that may change between hosts in the same network),
 ///    append the rest of the segments to the modifiable part.
 /// 3. Join the segments with the delimiter and return the network part, modifiable part and the network prefix
+#[must_use]
 pub fn split_ip(ip: &IpAddr, network: &IpNetwork) -> SplitIp {
     let network_addr = network.network();
     let network_prefix = network.prefix();

crates/defguard_core/src/enterprise/limits.rs

@@ -1,5 +1,5 @@
 use defguard_common::global_value;
-use sqlx::{PgPool, error::Error as SqlxError, query};
+use sqlx::{error::Error as SqlxError, query};
 
 use super::license::License;
 #[cfg(test)]
@@ -60,11 +60,6 @@ pub async fn update_counts<'e, E: sqlx::PgExecutor<'e>>(executor: E) -> Result<(
     Ok(())
 }
 
-pub async fn do_count_update(pool: &PgPool) -> Result<(), SqlxError> {
-    update_counts(pool).await?;
-    Ok(())
-}
-
 impl Counts {
     pub(crate) const fn default() -> Self {
         Self {