adrian
/
schematics
1
0
Fork 0
Code Issues Pull Requests Releases Activity
A library for writing host-specific, single-binary configuration management and deployment tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 Commits
1 Branch
0 Tags
810 KiB
Tree: 3c2434eb66
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3c2434eb66'
${ noResults }
schematics/src/symbols/acme/chain.rs

119 lines
3.0 KiB
Raw Normal View History

Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Use chained cert for nginx
7 years ago
Update to edition 2018
5 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Update to edition 2018
5 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Cargo fix
5 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Update rustfmt
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Update rustfmt
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Cargo fix
5 years ago
Update rustfmt
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Update rustfmt
5 years ago
Use chained cert for nginx
7 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
WIP Impl Action
7 years ago
Cargo fix
5 years ago
WIP Impl Action
7 years ago
Cargo format
5 years ago
WIP Impl Action
7 years ago
Use chained cert for nginx
7 years ago
Cargo format
5 years ago
  1. use std::error::Error;
  2. use std::fmt;
  3. use std::fs::File as FsFile;
  4. use std::io::Write;
  5. use std::path::{Path, PathBuf};
  7. use crate::command_runner::CommandRunner;
  8. use crate::resources::Resource;
  9. use crate::symbols::{Action, OwnedSymbolAction, Symbol, SymbolAction, SymbolRunner};
  11. pub struct AcmeCertChain<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> {
  12. domain: D,
  13. command_runner: &'a C,
  14. root_cert: R,
  15. }
  17. impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> AcmeCertChain<'a, D, R, C> {
  18. pub fn new(domain: D, command_runner: &'a C, root_cert: R) -> Self {
  19. AcmeCertChain {
  20. domain,
  21. command_runner,
  22. root_cert,
  23. }
  24. }
  26. fn get_single_cert_path(&self) -> PathBuf {
  27. format!("/etc/ssl/local_certs/{}.crt", self.domain.as_ref()).into()
  28. }
  30. fn get_cert_chain_path(&self) -> PathBuf {
  31. format!("/etc/ssl/local_certs/{}.chained.crt", self.domain.as_ref()).into()
  32. }
  33. }
  35. impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> fmt::Display
  36. for AcmeCertChain<'a, D, R, C>
  37. {
  38. fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
  39. write!(f, "AcmeCertChain {}", self.domain.as_ref())
  40. }
  41. }
  43. const DAYS_IN_SECONDS: u32 = 24 * 60 * 60;
  45. impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> Symbol for AcmeCertChain<'a, D, R, C> {
  46. fn target_reached(&self) -> Result<bool, Box<dyn Error>> {
  47. if !self.get_cert_chain_path().exists() {
  48. return Ok(false);
  49. }
  51. let stdout = self.command_runner.get_output(
  52. "openssl",
  53. args![
  54. "x509",
  55. "-in",
  56. self.get_cert_chain_path(),
  57. "-noout",
  58. "-subject",
  59. "-checkend",
  60. (30 * DAYS_IN_SECONDS).to_string(),
  61. ],
  62. )?;
  63. if stdout
  64. != format!(
  65. "subject=CN = {}\nCertificate will not expire\n",
  66. self.domain.as_ref()
  67. )
  68. .as_bytes()
  69. {
  70. return Ok(false);
  71. }
  72. // FIXME: From my understanding, the -untrusted *.pem parameter shouldn't be necessary, but is necessary with openssl 1.1.0f-3
  73. Ok(
  74. self
  75. .command_runner
  76. .run_successfully(
  77. "openssl",
  78. args![
  79. "verify",
  80. "-untrusted",
  81. self.root_cert.as_ref(),
  82. self.get_cert_chain_path(),
  83. ],
  84. )
  85. .is_ok(),
  86. )
  87. }
  89. fn execute(&self) -> Result<(), Box<dyn Error>> {
  90. let output = self.command_runner.get_output(
  91. "cat",
  92. args![self.get_single_cert_path(), self.root_cert.as_ref(),],
  93. )?;
  94. let mut file = FsFile::create(self.get_cert_chain_path())?;
  95. file.write_all(&output)?;
  96. Ok(())
  97. }
  99. fn get_prerequisites(&self) -> Vec<Resource> {
  100. vec![Resource::new(
  101. "file",
  102. self.get_single_cert_path().to_str().unwrap(),
  103. )]
  104. }
  106. fn as_action<'b>(&'b self, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b> {
  107. Box::new(SymbolAction::new(runner, self))
  108. }
  110. fn into_action<'b>(self: Box<Self>, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b>
  111. where
  112. Self: 'b,
  113. {
  114. Box::new(OwnedSymbolAction::new(runner, *self))
  115. }
  116. }
  118. #[cfg(test)]
  119. mod test {}