schematics/src/symbols/acme/cert.rs

use std::error::Error;
use std::fmt;
use std::fs::File as FsFile;
use std::io::Write;
use std::path::{Path, PathBuf};

use crate::command_runner::CommandRunner;
use crate::resources::Resource;
use crate::symbols::{Action, OwnedSymbolAction, Symbol, SymbolAction, SymbolRunner};

pub struct AcmeCert<
  'a,
  D: AsRef<str>,
  R: AsRef<Path>,
  C: CommandRunner,
  K: AsRef<Path>,
  CH: AsRef<Path>,
> {
  domain: D,
  command_runner: &'a C,
  root_cert_path: R,
  account_key_path: K,
  challenges_path: CH,
}

impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner, K: AsRef<Path>, CH: AsRef<Path>>
  AcmeCert<'a, D, R, C, K, CH>
{
  pub fn new(
    domain: D,
    command_runner: &'a C,
    root_cert_path: R,
    account_key_path: K,
    challenges_path: CH,
  ) -> Self {
    AcmeCert {
      domain,
      command_runner,
      root_cert_path,
      account_key_path,
      challenges_path,
    }
  }

  fn get_csr_path(&self) -> PathBuf {
    format!("/etc/ssl/local_certs/{}.csr", self.domain.as_ref()).into()
  }

  fn get_cert_path(&self) -> PathBuf {
    format!("/etc/ssl/local_certs/{}.crt", self.domain.as_ref()).into()
  }
}

impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner, K: AsRef<Path>, CH: AsRef<Path>>
  fmt::Display for AcmeCert<'a, D, R, C, K, CH>
{
  fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
    write!(f, "AcmeCert {}", self.domain.as_ref())
  }
}

const DAYS_IN_SECONDS: u32 = 24 * 60 * 60;

impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner, K: AsRef<Path>, CH: AsRef<Path>> Symbol
  for AcmeCert<'a, D, R, C, K, CH>
{
  fn target_reached(&self) -> Result<bool, Box<dyn Error>> {
    if !self.get_cert_path().exists() {
      return Ok(false);
    }

    let output = self.command_runner.run_with_args(
      "openssl",
      args![
        "x509",
        "-in",
        self.get_cert_path(),
        "-noout",
        "-subject",
        "-checkend",
        (30 * DAYS_IN_SECONDS).to_string(),
      ],
    )?;
    if output.status.success()
      && output.stdout
        == format!(
          "subject=CN = {}\nCertificate will not expire\n",
          self.domain.as_ref()
        )
        .as_bytes()
    {
      Ok(
        self
          .command_runner
          .run_successfully(
            "openssl",
            args![
              "verify",
              "--untrusted",
              self.root_cert_path.as_ref(),
              self.get_cert_path(),
            ],
          )
          .is_ok(),
      )
    } else if output.status.code() == Some(1)
      && output.stdout
        == format!(
          "subject=CN = {}\nCertificate will expire\n",
          self.domain.as_ref()
        )
        .as_bytes()
    {
      Ok(false)
    } else {
      Err(String::from_utf8(output.stderr)?.into())
    }
  }

  fn execute(&self) -> Result<(), Box<dyn Error>> {
    let output = self.command_runner.get_output(
      "acme-tiny",
      args![
        "--account-key",
        self.account_key_path.as_ref(),
        "--csr",
        self.get_csr_path(),
        "--acme-dir",
        self.challenges_path.as_ref(),
      ],
    )?;
    let mut file = FsFile::create(self.get_cert_path())?;
    file.write_all(&output)?;
    Ok(())
  }

  fn get_prerequisites(&self) -> Vec<Resource> {
    vec![Resource::new("file", self.get_csr_path().to_str().unwrap())]
  }

  fn as_action<'b>(&'b self, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b> {
    Box::new(SymbolAction::new(runner, self))
  }

  fn into_action<'b>(self: Box<Self>, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b>
  where
    Self: 'b,
  {
    Box::new(OwnedSymbolAction::new(runner, *self))
  }
}

#[cfg(test)]
mod test {}