feat: ✨ make IPAddress optional for client and server certs

README.md

@@ -25,15 +25,14 @@ The input file can either be parsed as YAML or JSON
 
 You can also pipe in a configuration via stdin:
 
-`echo "my-client:\n type: client\n ip: 127.0.0.1\n dns_name: my-client.com" | test-certs`
+`echo "my-client:\n type: client\n dns_name: my-client.org" | test-certs`
 
 This enables you to use heredoc to generate certificates:
 
 ```bash
 cat << EOF | test-certs
 my-client:
   type: client
-  ip: 127.0.0.1
   dns_name: my-client.org
 EOF
 ```

test-certs/src/configuration/certificates.rs

@@ -70,6 +70,7 @@ pub struct ServerConfiguration {
 #[serde(deny_unknown_fields)]
 pub struct SubjectAlternativeNames {
     /// Ip addresses of the client.
+    #[serde(default)]
     #[serde_as(as = "OneOrMany<_, PreferOne>")]
     pub ip: Vec<IpAddr>,
 
@@ -306,6 +307,27 @@ mod tests {
 
         #[test]
         fn should_deserialize_client() {
+            let expected = ClientConfiguration {
+                export_key: false,
+                subject_alternative_names: SubjectAlternativeNames {
+                    ip: vec![],
+                    dns_name: vec!["my-client.org".to_string()],
+                },
+                include_certificate_chain: false,
+            };
+            let json = json!({
+                "export_key": false,
+                "dns_name": "my-client.org",
+                "include_certificate_chain": false
+            });
+
+            let deserialized: ClientConfiguration = serde_json::from_value(json).unwrap();
+
+            assert_eq!(deserialized, expected)
+        }
+
+        #[test]
+        fn should_deserialize_client_with_ip() {
             let expected = ClientConfiguration {
                 export_key: false,
                 subject_alternative_names: SubjectAlternativeNames {

test-certs/src/lib.rs

@@ -45,23 +45,6 @@ pub struct Certificate {
     issuer: Option<Issuer>,
 }
 
-impl PartialEq for Certificate {
-    fn eq(&self, other: &Self) -> bool {
-        let Certificate {
-            certificate,
-            key,
-            export_key,
-            name,
-            issuer,
-        } = self;
-        certificate.der() == other.certificate.der()
-            && key.serialized_der() == other.key.serialize_der()
-            && *export_key == other.export_key
-            && *name == other.name
-            && *issuer == other.issuer
-    }
-}
-
 impl Certificate {
     /// Write the certificate and the key if marked for export to the specified folder.
     pub fn write(&self, directory: &Path) -> Result<(), Error> {
@@ -165,6 +148,23 @@ impl Debug for Certificate {
     }
 }
 
+impl PartialEq for Certificate {
+    fn eq(&self, other: &Self) -> bool {
+        let Certificate {
+            certificate,
+            key,
+            export_key,
+            name,
+            issuer,
+        } = self;
+        certificate.der() == other.certificate.der()
+            && key.serialized_der() == other.key.serialize_der()
+            && *export_key == other.export_key
+            && *name == other.name
+            && *issuer == other.issuer
+    }
+}
+
 #[cfg(test)]
 mod test {
     use configuration::certificates::fixtures::{

test-certs/tests/examples/intermediate_ca.yaml

@@ -1,17 +1,18 @@
 # Creates a root ca
 my-root-ca:
-  # the my-root-ca key file is by default not exported
+  # The my-root-ca key file is by default not exported
   type: ca
   certificates:
-    # my-intermediate-ca is issued by my-root-ca
+    # The my-intermediate-ca is issued by my-root-ca
     my-intermediate-ca:
       type: ca
-      # We want to export the my-intermediate-ca key to be exported
+      # We want the my-intermediate-ca key to be exported
       export_key: true
       certificates:
         # Create a client auth certificate issued by my-intermediate-ca
         my-client:
           type: client
+          # IP addresses are optional
           ip: 192.168.1.10
           dns_name: "my-client.org"
         # Create a server auth certificate issued by my-intermediate-ca