adrian
/
schematics
1
0
Fork 0
Code Issues Pull Requests Releases Activity
A library for writing host-specific, single-binary configuration management and deployment tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 Commits
1 Branch
0 Tags
810 KiB
Tree: 3c2434eb66
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3c2434eb66'
${ noResults }
schematics/src/symbols/acme/mod.rs

97 lines
2.8 KiB
Raw Normal View History

AcmeFactory
5 years ago
Update
7 years ago
Use chained cert for nginx
7 years ago
Update
7 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
  1. use std::borrow::Cow;
  2. use std::path::{Path, PathBuf};
  4. use crate::command_runner::CommandRunner;
  5. use crate::command_runner::SetuidCommandRunner;
  6. use crate::symbols::dir::Dir;
  7. use crate::symbols::file::File;
  8. use crate::symbols::list::List;
  9. use crate::symbols::owner::Owner;
  10. use crate::symbols::Symbol;
  12. mod account_key;
  13. mod cert;
  14. mod chain;
  16. pub use self::account_key::AcmeAccountKey;
  17. pub use self::cert::AcmeCert;
  18. pub use self::chain::AcmeCertChain;
  20. const ROOT_CERT_FILE_NAME: &str = "lets_encrypt_x3_cross_signed.pem";
  21. const ACCOUNT_KEY_FILE_NAME: &str = "account.key";
  23. pub struct Factory<'a, U: AsRef<str>, H: AsRef<Path>, C: AsRef<str>, R: CommandRunner> {
  24. user_name: U,
  25. home_dir: H,
  26. cert: C,
  27. command_runner: &'a R,
  28. acme_command_runner: SetuidCommandRunner<'a, U, R>,
  29. }
  31. impl<'a, U: Clone + AsRef<str>, H: AsRef<Path>, C: AsRef<str>, R: CommandRunner>
  32. Factory<'a, U, H, C, R>
  33. {
  34. pub fn new(user_name: U, home_dir: H, cert: C, command_runner: &'a R) -> Self {
  35. let acme_command_runner = SetuidCommandRunner::new(user_name.clone(), command_runner);
  36. Self {
  37. user_name,
  38. home_dir,
  39. cert,
  40. command_runner,
  41. acme_command_runner,
  42. }
  43. }
  44. pub fn get_challenges_dir(&'a self) -> Cow<Path> {
  45. [self.home_dir.as_ref(), "challenges".as_ref()]
  46. .iter()
  47. .collect::<PathBuf>()
  48. .into()
  49. }
  50. pub fn get_init(&'a self) -> impl Symbol + 'a {
  51. let root_cert_path: PathBuf = [self.home_dir.as_ref(), ROOT_CERT_FILE_NAME.as_ref()]
  52. .iter()
  53. .collect();
  54. let account_key_file: PathBuf = [self.home_dir.as_ref(), ACCOUNT_KEY_FILE_NAME.as_ref()]
  55. .iter()
  56. .collect();
  57. List::from((
  58. AcmeAccountKey::new(account_key_file.clone(), self.command_runner),
  59. Owner::new(
  60. account_key_file,
  61. self.user_name.clone(),
  62. self.command_runner,
  63. ),
  64. Dir::new(self.get_challenges_dir()),
  65. Owner::new(
  66. self.get_challenges_dir(),
  67. self.user_name.clone(),
  68. self.command_runner,
  69. ),
  70. Dir::new("/etc/ssl/local_certs"),
  71. Owner::new(
  72. "/etc/ssl/local_certs",
  73. self.user_name.clone(),
  74. self.command_runner,
  75. ),
  76. File::new(root_cert_path, self.cert.as_ref()),
  77. ))
  78. }
  79. pub fn get_cert<HOST: 'a + Clone + AsRef<str>>(&'a self, host: HOST) -> impl Symbol + 'a {
  80. let root_cert_path: PathBuf = [self.home_dir.as_ref(), ROOT_CERT_FILE_NAME.as_ref()]
  81. .iter()
  82. .collect();
  83. let account_key_path: PathBuf = [self.home_dir.as_ref(), ACCOUNT_KEY_FILE_NAME.as_ref()]
  84. .iter()
  85. .collect();
  86. List::from((
  87. AcmeCert::new(
  88. host.clone(),
  89. &self.acme_command_runner,
  90. root_cert_path.clone(),
  91. account_key_path,
  92. self.get_challenges_dir(),
  93. ),
  94. AcmeCertChain::new(host, &self.acme_command_runner, root_cert_path),
  95. ))
  96. }
  97. }