Fix/fix certificate provisioning failures caused by acme account serialization issue and localstack auth changes

Cargo.toml

@@ -9,9 +9,9 @@ tokio = { version = "1", features = ["full"] }
 async-trait = "0.1"
 
 # Web frameworks
-hyper = "1.7"
+hyper = "1.9"
 hyper-util = "0.1"
-reqwest = "0.12"
+reqwest = "0.13"
 tower = "0.5"
 hyper-rustls = { version = "0.27", features = ["http2"] }
 axum = { version = "0.8", features = ["macros"] }
@@ -30,13 +30,13 @@ sea-orm-migration = { version = "1.1", features = [
 moka = { version = "0.12", features = ["future"] }
 
 # Cryptography and Security
-rand = "0.9"
+rand = "0.10"
 pem = "3"
 coset = "0.4"
 instant-acme = "0.8"
 rustls = "0.23"
 webpki-roots = "1"
-rustls-pki-types = "1.13"
+rustls-pki-types = "1.14"
 secrecy = { version = "0.10", features = ["serde"] }
 rcgen = { version = "0.14", features = ["pem"] }
 jsonwebtoken = { version = "10", features = ["aws_lc_rs"] }
@@ -74,11 +74,11 @@ flate2 = "1.1"
 x509-parser = "0.18"
 public-suffix = "0.1"
 tokio-cron-scheduler = "0.15"
-metrics-exporter-prometheus = "0.17"
+metrics-exporter-prometheus = "0.18"
 metrics-process = "2.4"
 
 [dependencies.redis]
-version = "0.32"
+version = "1.2"
 features = ["tokio-rustls-comp", "connection-manager"]
 
 [dependencies.p256]
@@ -88,6 +88,7 @@ features = ["pkcs8", "ecdsa", "alloc", "pem"]
 [dev-dependencies]
 sealed_test = "1.1.0"
 sea-orm = { version = "1.1", features = ["mock"] }
+testcontainers-modules = { version = "0.15", features = ["redis", "localstack"] }
 
 [target.'cfg(not(target_env = "msvc"))'.dependencies]
 tikv-jemallocator = "0.6"

docker-compose.yml

@@ -1,6 +1,6 @@
 services:
   db:
-    image: postgres:17-alpine
+    image: postgres:18.4
     restart: always
     container_name: status-list-db
     ports:
@@ -10,7 +10,7 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
       POSTGRES_DB: ${POSTGRES_DB:-status-list}
     volumes:
-      - pgdata:/var/lib/postgresql/data
+      - pgdata:/var/lib/postgresql
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U postgres"]
       interval: 5s
@@ -20,7 +20,7 @@ services:
       - status-list-network
 
   redis:
-    image: redis:8.0-alpine
+    image: redis:8.6
     container_name: redis
     ports:
       - 6379:6379
@@ -29,7 +29,7 @@ services:
 
   localstack:
     container_name: localstack
-    image: localstack/localstack
+    image: localstack/localstack:4.14
     ports:
       - 4566:4566
     environment:
@@ -43,15 +43,15 @@ services:
       - status-list-network
 
   challtestsrv:
-    image: ghcr.io/letsencrypt/pebble-challtestsrv:latest
+    image: ghcr.io/letsencrypt/pebble-challtestsrv:2.10
     command: -http01 "" -https01 "" -tlsalpn01 ""
     ports:
       - 8055:8055
     networks:
       - status-list-network
 
   pebble:
-    image: ghcr.io/letsencrypt/pebble:latest
+    image: ghcr.io/letsencrypt/pebble:2.10
     command: -config /test/pebble_config.json -strict -dnsserver challtestsrv:8053
     ports:
       - 14000:14000
@@ -90,7 +90,7 @@ services:
       - status-list-network
 
   prometheus:
-    image: prom/prometheus
+    image: prom/prometheus:v3.11.3
     container_name: prometheus
     ports:
       - 9090:9090
@@ -106,7 +106,7 @@ services:
       - '--web.console.templates=/usr/share/prometheus/consoles'
 
   pushgateway:
-    image: prom/pushgateway
+    image: prom/pushgateway:v1.11.2
     container_name: pushgateway
     ports:
       - 9091:9091

src/config.rs

@@ -100,7 +100,7 @@ impl RedisConfig {
                 _ => {
                     tracing::warn!("Client authentication required but no certificates provided");
                     return Err(redis::RedisError::from((
-                        redis::ErrorKind::IoError,
+                        redis::ErrorKind::Io,
                         "Client authentication required but no certificates provided",
                     )));
                 }
@@ -117,7 +117,8 @@ impl RedisConfig {
             )?
         };
 
-        let config = ConnectionManagerConfig::new().set_connection_timeout(Duration::from_secs(60));
+        let config =
+            ConnectionManagerConfig::new().set_connection_timeout(Some(Duration::from_secs(60)));
         client.get_connection_manager_with_config(config).await
     }
 }

src/lib.rs

@@ -10,4 +10,4 @@ pub mod models;
 pub mod startup;
 pub mod web;
 
-pub use utils::{bits_validation::BitFlag, cert_manager, state};
+pub use utils::{bits_validation, cert_manager, state};

src/utils/bits_validation.rs

@@ -24,7 +24,7 @@ impl BitFlag {
     /// # Examples
     ///
     /// ```
-    /// use status_list_server::BitFlag;
+    /// # use status_list_server::bits_validation::BitFlag;
     /// let valid = BitFlag::new(4);
     /// assert!(valid.is_some());
     ///
@@ -43,7 +43,7 @@ impl BitFlag {
     /// # Examples
     ///
     /// ```
-    /// use status_list_server::BitFlag;
+    /// # use status_list_server::bits_validation::BitFlag;
     /// let bit = BitFlag::new(2).unwrap();
     /// assert_eq!(bit.value(), 2);
     /// ```

src/utils/keygen.rs

@@ -3,15 +3,18 @@ use p256::{
     ecdsa::{SigningKey, VerifyingKey},
     pkcs8::{DecodePrivateKey, EncodePrivateKey, LineEnding},
 };
-use rand::{rand_core::OsError, rngs::OsRng, TryRngCore};
+use rand::{
+    rngs::{SysError, SysRng},
+    TryRng,
+};
 use thiserror::Error;
 
 const SECRET_KEY_LENGTH: usize = 32;
 
 #[derive(Debug, Error)]
 pub enum Error {
     #[error("Failed to generate key: {0}")]
-    KeyGen(#[from] OsError),
+    KeyGen(#[from] SysError),
     #[error("Failed to parse key: {0}")]
     Parsing(#[source] Report),
 }
@@ -34,7 +37,7 @@ impl Keypair {
         const MAX_ATTEMPTS: u8 = 3;
         // Try up to 3 times to generate a random seed as a safeguard against bad RNG
         for attempt in 0..MAX_ATTEMPTS {
-            match OsRng.try_fill_bytes(&mut seed) {
+            match SysRng.try_fill_bytes(&mut seed) {
                 Ok(()) => break,
                 Err(err) => {
                     if attempt == MAX_ATTEMPTS - 1 {