Group imports

Signed-off-by: Joshua Potts <[email protected]>

Author: iamjpotts

.github/workflows/ci.yml

@@ -13,8 +13,26 @@ env:
     RUSTFLAGS: -D warnings
 
 jobs:
+    fmt:
+        name: Format (unstable)
+        runs-on: ubuntu-latest
+        steps:
+            - name: Checkout sources
+              uses: actions/checkout@v5
+              with:
+                  persist-credentials: false
+            - name: Install rust nightly toolchain
+              uses: dtolnay/rust-toolchain@master
+              with:
+                  toolchain: nightly
+                  components: rustfmt
+            - name: Check formatting (unstable)
+              run: cargo +nightly fmt -- --check
+            - if: ${{ failure() }}
+              run: echo "Nightly formatting check failed. Please run \`cargo +nightly fmt\`"
+
     lint:
-        name: Format & clippy
+        name: Clippy
         runs-on: ubuntu-latest
         continue-on-error: true
         steps:
@@ -25,8 +43,7 @@ jobs:
             - name: Install rust toolchain
               uses: dtolnay/rust-toolchain@stable
               with:
-                  components: clippy, rustfmt
-            - run: cargo fmt -- --check
+                  components: clippy
             # `fips` and `aws_lc_rs_unstable` cannot be used together, so avoid `--all-features`
             - run: cargo clippy --features ring,pem,x509-parser --all-targets
             # rustls-cert-gen require either aws_lc_rs or ring feature

.rustfmt.toml

@@ -1,2 +1,5 @@
 hard_tabs = true
 match_block_trailing_comma = true
+
+unstable_features = true
+group_imports = "StdExternalCrate"

rcgen/examples/rsa-irc-openssl.rs

@@ -1,9 +1,10 @@
 #[cfg(unix)]
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-	use rcgen::{date_time_ymd, CertificateParams, DistinguishedName};
 	use std::fmt::Write;
 	use std::fs;
 
+	use rcgen::{date_time_ymd, CertificateParams, DistinguishedName};
+
 	let mut params: CertificateParams = Default::default();
 	params.not_before = date_time_ymd(2021, 5, 19);
 	params.not_after = date_time_ymd(4096, 1, 1);

rcgen/examples/simple.rs

@@ -1,6 +1,7 @@
-use rcgen::{date_time_ymd, CertificateParams, DistinguishedName, DnType, KeyPair, SanType};
 use std::fs;
 
+use rcgen::{date_time_ymd, CertificateParams, DistinguishedName, DnType, KeyPair, SanType};
+
 fn main() -> Result<(), Box<dyn std::error::Error>> {
 	let mut params: CertificateParams = Default::default();
 	params.not_before = date_time_ymd(1975, 1, 1);

rcgen/src/csr.rs

@@ -96,9 +96,10 @@ impl CertificateSigningRequestParams {
 	/// [`rustls_pemfile::csr()`]: https://docs.rs/rustls-pemfile/latest/rustls_pemfile/fn.csr.html
 	#[cfg(feature = "x509-parser")]
 	pub fn from_der(csr: &CertificateSigningRequestDer<'_>) -> Result<Self, Error> {
-		use crate::KeyUsagePurpose;
 		use x509_parser::prelude::FromDer;
 
+		use crate::KeyUsagePurpose;
+
 		let csr = x509_parser::certification_request::X509CertificationRequest::from_der(csr)
 			.map_err(|_| Error::CouldNotParseCertificationRequest)?
 			.1;
@@ -211,10 +212,11 @@ impl CertificateSigningRequestParams {
 
 #[cfg(all(test, feature = "x509-parser"))]
 mod tests {
-	use crate::{CertificateParams, ExtendedKeyUsagePurpose, KeyPair, KeyUsagePurpose};
 	use x509_parser::certification_request::X509CertificationRequest;
 	use x509_parser::prelude::{FromDer, ParsedExtension};
 
+	use crate::{CertificateParams, ExtendedKeyUsagePurpose, KeyPair, KeyUsagePurpose};
+
 	#[test]
 	fn dont_write_sans_extension_if_no_sans_are_present() {
 		let mut params = CertificateParams::default();

rcgen/src/key_pair.rs

@@ -1,6 +1,8 @@
 #[cfg(feature = "crypto")]
 use std::fmt;
 
+#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+use aws_lc_rs::unstable::signature::PqdsaKeyPair;
 #[cfg(feature = "pem")]
 use pem::Pem;
 #[cfg(feature = "crypto")]
@@ -27,8 +29,6 @@ use crate::sign_algo::{algo::*, SignAlgo};
 #[cfg(feature = "pem")]
 use crate::ENCODE_CONFIG;
 use crate::{sign_algo::SignatureAlgorithm, Error};
-#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
-use aws_lc_rs::unstable::signature::PqdsaKeyPair;
 
 /// A key pair variant
 #[allow(clippy::large_enum_variant)]
@@ -762,7 +762,6 @@ pub(crate) fn serialize_public_key_der(key: &(impl PublicKeyData + ?Sized), writ
 #[cfg(all(test, feature = "crypto"))]
 mod test {
 	use super::*;
-
 	use crate::ring_like::{
 		rand::SystemRandom,
 		signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING},

rcgen/src/lib.rs

@@ -41,18 +41,6 @@ use std::net::IpAddr;
 use std::net::{Ipv4Addr, Ipv6Addr};
 use std::ops::Deref;
 
-#[cfg(feature = "pem")]
-use pem::Pem;
-use pki_types::CertificateDer;
-use time::{OffsetDateTime, Time};
-use yasna::models::ObjectIdentifier;
-use yasna::models::{GeneralizedTime, UTCTime};
-use yasna::tags::{TAG_BMPSTRING, TAG_TELETEXSTRING, TAG_UNIVERSALSTRING};
-use yasna::DERWriter;
-use yasna::Tag;
-
-use crate::string::{BmpString, Ia5String, PrintableString, TeletexString, UniversalString};
-
 pub use certificate::{
 	date_time_ymd, Attribute, BasicConstraints, Certificate, CertificateParams, CidrSubnet,
 	CustomExtension, DnType, ExtendedKeyUsagePurpose, GeneralSubtree, IsCa, NameConstraints,
@@ -69,10 +57,21 @@ pub use key_pair::PublicKeyData;
 #[cfg(all(feature = "crypto", feature = "aws_lc_rs"))]
 pub use key_pair::RsaKeySize;
 pub use key_pair::{SigningKey, SubjectPublicKeyInfo};
+#[cfg(feature = "pem")]
+use pem::Pem;
+use pki_types::CertificateDer;
 #[cfg(feature = "crypto")]
 use ring_like::digest;
 pub use sign_algo::algo::*;
 pub use sign_algo::SignatureAlgorithm;
+use time::{OffsetDateTime, Time};
+use yasna::models::ObjectIdentifier;
+use yasna::models::{GeneralizedTime, UTCTime};
+use yasna::tags::{TAG_BMPSTRING, TAG_TELETEXSTRING, TAG_UNIVERSALSTRING};
+use yasna::DERWriter;
+use yasna::Tag;
+
+use crate::string::{BmpString, Ia5String, PrintableString, TeletexString, UniversalString};
 
 mod certificate;
 mod crl;
@@ -987,9 +986,10 @@ mod tests {
 
 	#[cfg(feature = "x509-parser")]
 	mod test_ip_address_from_octets {
+		use std::net::IpAddr;
+
 		use super::super::ip_addr_from_octets;
 		use super::super::Error;
-		use std::net::IpAddr;
 
 		#[test]
 		fn ipv4() {
@@ -1035,10 +1035,12 @@ mod tests {
 
 	#[cfg(feature = "x509-parser")]
 	mod test_san_type_from_general_name {
-		use crate::SanType;
 		use std::net::IpAddr;
+
 		use x509_parser::extensions::GeneralName;
 
+		use crate::SanType;
+
 		#[test]
 		fn with_ipv4() {
 			let octets = [1, 2, 3, 4];

rcgen/src/sign_algo.rs

@@ -1,17 +1,17 @@
 use std::fmt;
 use std::hash::{Hash, Hasher};
 
+#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
+use aws_lc_rs::unstable::signature::{
+	PqdsaSigningAlgorithm, ML_DSA_44_SIGNING, ML_DSA_65_SIGNING, ML_DSA_87_SIGNING,
+};
 use yasna::models::ObjectIdentifier;
 use yasna::DERWriter;
 use yasna::Tag;
 
 #[cfg(feature = "crypto")]
 use crate::ring_like::signature::{self, EcdsaSigningAlgorithm, EdDSAParameters, RsaEncoding};
 use crate::Error;
-#[cfg(all(feature = "aws_lc_rs_unstable", not(feature = "fips")))]
-use aws_lc_rs::unstable::signature::{
-	PqdsaSigningAlgorithm, ML_DSA_44_SIGNING, ML_DSA_65_SIGNING, ML_DSA_87_SIGNING,
-};
 
 #[cfg(feature = "crypto")]
 #[derive(Clone, Copy, Debug)]
@@ -119,9 +119,8 @@ impl SignatureAlgorithm {
 
 /// The list of supported signature algorithms
 pub(crate) mod algo {
-	use crate::oid::*;
-
 	use super::*;
+	use crate::oid::*;
 
 	/// RSA signing with PKCS#1 1.5 padding and SHA-256 hashing as per [RFC 4055](https://tools.ietf.org/html/rfc4055)
 	pub static PKCS_RSA_SHA256: SignatureAlgorithm = SignatureAlgorithm {

verify-tests/src/lib.rs

@@ -1,11 +1,10 @@
-use time::{Duration, OffsetDateTime};
-
 use rcgen::{BasicConstraints, Certificate, CertificateParams, Issuer, KeyPair};
 use rcgen::{
 	CertificateRevocationList, CrlDistributionPoint, CrlIssuingDistributionPoint, CrlScope,
 };
 use rcgen::{CertificateRevocationListParams, DnType, IsCa, KeyIdMethod};
 use rcgen::{KeyUsagePurpose, RevocationReason, RevokedCertParams, SerialNumber};
+use time::{Duration, OffsetDateTime};
 
 // Generated by adding `println!("{}", cert.serialize_private_key_pem());`
 // to the test_webpki_25519 test and panicing explicitly.

verify-tests/tests/botan.rs

@@ -1,12 +1,10 @@
 #![cfg(feature = "x509-parser")]
 
-use time::{Duration, OffsetDateTime};
-
 use rcgen::{BasicConstraints, Certificate, CertificateParams, DnType, IsCa, Issuer};
 use rcgen::{CertificateRevocationListParams, RevocationReason, RevokedCertParams};
 use rcgen::{DnValue, KeyPair};
 use rcgen::{KeyUsagePurpose, SerialNumber};
-
+use time::{Duration, OffsetDateTime};
 use verify_tests as util;
 
 fn default_params() -> (CertificateParams, KeyPair) {