adrian
/
schematics
1
0
Fork 0
Code Issues Pull Requests Releases Activity
A library for writing host-specific, single-binary configuration management and deployment tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59 Commits
1 Branch
0 Tags
810 KiB
Tree: 9bab810b91
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9bab810b91'
${ noResults }
schematics/src/symbols/acme/chain.rs

75 lines
2.5 KiB
Raw Normal View History

Use chained cert for nginx
7 years ago
WIP Impl Action
7 years ago
Use chained cert for nginx
7 years ago
Switch CommandRunner to OsStr
7 years ago
Use chained cert for nginx
7 years ago
Switch CommandRunner to OsStr
7 years ago
Use chained cert for nginx
7 years ago
Switch CommandRunner to OsStr
7 years ago
Coding style
5 years ago
Use chained cert for nginx
7 years ago
Switch CommandRunner to OsStr
7 years ago
Use chained cert for nginx
7 years ago
Switch CommandRunner to OsStr
7 years ago
Cargo fix
5 years ago
Use chained cert for nginx
7 years ago
Cargo fix
5 years ago
Switch CommandRunner to OsStr
7 years ago
Use chained cert for nginx
7 years ago
WIP Impl Action
7 years ago
Cargo fix
5 years ago
WIP Impl Action
7 years ago
Cargo fix
5 years ago
WIP Impl Action
7 years ago
Use chained cert for nginx
7 years ago
  1. use std::borrow::Cow;
  2. use std::error::Error;
  3. use std::fmt;
  4. use std::fs::File as FsFile;
  5. use std::io::Write;
  6. use std::path::Path;
  8. use command_runner::CommandRunner;
  9. use symbols::{Action, OwnedSymbolAction, Symbol, SymbolAction, SymbolRunner};
  10. use resources::Resource;
  12. pub struct AcmeCertChain<'a, C: 'a + CommandRunner> {
  13. domain: Cow<'a, str>,
  14. command_runner: &'a C
  15. }
  17. impl<'a, C: CommandRunner> AcmeCertChain<'a, C> {
  18. pub fn new(domain: Cow<'a, str>, command_runner: &'a C) -> Self {
  19. AcmeCertChain { domain, command_runner }
  20. }
  22. fn get_single_cert_path(&self) -> String {
  23. format!("/etc/ssl/local_certs/{}.crt", self.domain)
  24. }
  26. fn get_cert_chain_path(&self) -> String {
  27. format!("/etc/ssl/local_certs/{}.chained.crt", self.domain)
  28. }
  29. }
  31. impl<'a, C: CommandRunner> fmt::Display for AcmeCertChain<'a, C> {
  32. fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
  33. write!(f, "AcmeCertChain {}", self.domain)
  34. }
  35. }
  37. const DAYS_IN_SECONDS: u32 = 24*60*60;
  39. impl<'a, C: CommandRunner> Symbol for AcmeCertChain<'a, C> {
  40. fn target_reached(&self) -> Result<bool, Box<dyn Error>> {
  41. if !Path::new(&self.get_cert_chain_path()).exists() {
  42. return Ok(false);
  43. }
  45. let stdout = try!(self.command_runner.get_output("openssl", &["x509", "-in", &self.get_cert_chain_path(), "-noout", "-subject", "-checkend", &(30*DAYS_IN_SECONDS).to_string()]));
  46. if stdout != format!("subject=CN = {}\nCertificate will not expire\n", self.domain).as_bytes() {
  47. return Ok(false);
  48. }
  49. // FIXME: From my understanding, the -untrusted *.pem parameter shouldn't be necessary, but is necessary with openssl 1.1.0f-3
  50. Ok(self.command_runner.run_successfully("openssl", &["verify", "-untrusted", "/home/acme/lets_encrypt_x3_cross_signed.pem", &self.get_cert_chain_path()]).is_ok())
  51. }
  53. fn execute(&self) -> Result<(), Box<dyn Error>> {
  54. let output = try!(self.command_runner.get_output("cat", &[self.get_single_cert_path().as_ref(), "/home/acme/lets_encrypt_x3_cross_signed.pem"]));
  55. let mut file = try!(FsFile::create(self.get_cert_chain_path()));
  56. try!(file.write_all(&output));
  57. Ok(())
  58. }
  60. fn get_prerequisites(&self) -> Vec<Resource> {
  61. vec![ Resource::new("file", self.get_single_cert_path()) ]
  62. }
  64. fn as_action<'b>(&'b self, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b> {
  65. Box::new(SymbolAction::new(runner, self))
  66. }
  68. fn into_action<'b>(self: Box<Self>, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b> where Self: 'b {
  69. Box::new(OwnedSymbolAction::new(runner, *self))
  70. }
  71. }
  73. #[cfg(test)]
  74. mod test {
  75. }