adrian
/
schematics
1
0
Fork 0
Code Issues Pull Requests Releases Activity
A library for writing host-specific, single-binary configuration management and deployment tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 Commits
1 Branch
0 Tags
810 KiB
Tree: e4b3424ba6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e4b3424ba6'
${ noResults }
schematics/src/symbols/acme/chain.rs

117 lines
3.0 KiB
Raw Normal View History

Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Use chained cert for nginx
7 years ago
Update to edition 2018
5 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Use chained cert for nginx
7 years ago
AcmeFactory
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Lint
5 years ago
Update to edition 2018
5 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Lint
5 years ago
Cargo fix
5 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
Update rustfmt
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Update rustfmt
5 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Cargo format
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Command runner args, Paths and AsRef
5 years ago
Cargo format
5 years ago
Use chained cert for nginx
7 years ago
Cargo fix
5 years ago
Update rustfmt
5 years ago
Cargo format
5 years ago
AcmeFactory
5 years ago
Update rustfmt
5 years ago
Use chained cert for nginx
7 years ago
Command runner args, Paths and AsRef
5 years ago
Use chained cert for nginx
7 years ago
WIP Impl Action
7 years ago
Cargo fix
5 years ago
WIP Impl Action
7 years ago
Cargo format
5 years ago
WIP Impl Action
7 years ago
Use chained cert for nginx
7 years ago
Cargo format
5 years ago
  1. use std::error::Error;
  2. use std::fmt;
  3. use std::fs::File as FsFile;
  4. use std::io::Write;
  5. use std::path::{Path, PathBuf};
  7. use crate::command_runner::CommandRunner;
  8. use crate::resources::Resource;
  9. use crate::symbols::{Action, OwnedSymbolAction, Symbol, SymbolAction, SymbolRunner};
  11. pub struct AcmeCertChain<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> {
  12. domain: D,
  13. command_runner: &'a C,
  14. root_cert: R,
  15. }
  17. impl<'a, D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> AcmeCertChain<'a, D, R, C> {
  18. pub fn new(domain: D, command_runner: &'a C, root_cert: R) -> Self {
  19. AcmeCertChain {
  20. domain,
  21. command_runner,
  22. root_cert,
  23. }
  24. }
  26. fn get_single_cert_path(&self) -> PathBuf {
  27. format!("/etc/ssl/local_certs/{}.crt", self.domain.as_ref()).into()
  28. }
  30. fn get_cert_chain_path(&self) -> PathBuf {
  31. format!("/etc/ssl/local_certs/{}.chained.crt", self.domain.as_ref()).into()
  32. }
  33. }
  35. impl<D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> fmt::Display for AcmeCertChain<'_, D, R, C> {
  36. fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
  37. write!(f, "AcmeCertChain {}", self.domain.as_ref())
  38. }
  39. }
  41. const DAYS_IN_SECONDS: u32 = 24 * 60 * 60;
  43. impl<D: AsRef<str>, R: AsRef<Path>, C: CommandRunner> Symbol for AcmeCertChain<'_, D, R, C> {
  44. fn target_reached(&self) -> Result<bool, Box<dyn Error>> {
  45. if !self.get_cert_chain_path().exists() {
  46. return Ok(false);
  47. }
  49. let stdout = self.command_runner.get_output(
  50. "openssl",
  51. args![
  52. "x509",
  53. "-in",
  54. self.get_cert_chain_path(),
  55. "-noout",
  56. "-subject",
  57. "-checkend",
  58. (30 * DAYS_IN_SECONDS).to_string(),
  59. ],
  60. )?;
  61. if stdout
  62. != format!(
  63. "subject=CN = {}\nCertificate will not expire\n",
  64. self.domain.as_ref()
  65. )
  66. .as_bytes()
  67. {
  68. return Ok(false);
  69. }
  70. // FIXME: From my understanding, the -untrusted *.pem parameter shouldn't be necessary, but is necessary with openssl 1.1.0f-3
  71. Ok(
  72. self
  73. .command_runner
  74. .run_successfully(
  75. "openssl",
  76. args![
  77. "verify",
  78. "-untrusted",
  79. self.root_cert.as_ref(),
  80. self.get_cert_chain_path(),
  81. ],
  82. )
  83. .is_ok(),
  84. )
  85. }
  87. fn execute(&self) -> Result<(), Box<dyn Error>> {
  88. let output = self.command_runner.get_output(
  89. "cat",
  90. args![self.get_single_cert_path(), self.root_cert.as_ref(),],
  91. )?;
  92. let mut file = FsFile::create(self.get_cert_chain_path())?;
  93. file.write_all(&output)?;
  94. Ok(())
  95. }
  97. fn get_prerequisites(&self) -> Vec<Resource> {
  98. vec![Resource::new(
  99. "file",
  100. self.get_single_cert_path().to_str().unwrap(),
  101. )]
  102. }
  104. fn as_action<'b>(&'b self, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b> {
  105. Box::new(SymbolAction::new(runner, self))
  106. }
  108. fn into_action<'b>(self: Box<Self>, runner: &'b dyn SymbolRunner) -> Box<dyn Action + 'b>
  109. where
  110. Self: 'b,
  111. {
  112. Box::new(OwnedSymbolAction::new(runner, *self))
  113. }
  114. }
  116. #[cfg(test)]
  117. mod test {}