adrian
/
schematics
1
0
Fork 0
Code Issues Pull Requests Releases Activity
A library for writing host-specific, single-binary configuration management and deployment tools
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 Commits
1 Branch
0 Tags
810 KiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
schematics/src/symbols/tls/csr.rs

131 lines
3.6 KiB
Raw Permalink Blame History

use crate::command_runner::CommandRunner;
use crate::symbols::Symbol;
use async_trait::async_trait;
use std::borrow::Borrow;
use std::convert::AsRef;
use std::error::Error;
use std::path::Path;
#[derive(Debug)]
pub struct Csr<C, D, K, P> {
command_runner: C,
domain: D,
key_path: K,
csr_path: P,
}
impl<C, D, K, P> Csr<C, D, K, P> {
pub const fn new(command_runner: C, domain: D, key_path: K, csr_path: P) -> Self {
Self {
command_runner,
domain,
key_path,
csr_path,
}
}
}
#[async_trait(?Send)]
impl<C: CommandRunner, D: Borrow<str>, K: AsRef<Path>, P: AsRef<Path>> Symbol for Csr<C, D, K, P> {
async fn target_reached(&self) -> Result<bool, Box<dyn Error>> {
if !self.csr_path.as_ref().exists() {
return Ok(false);
}
let output = self
.command_runner
.get_stderr(
"openssl",
args!["req", "-in", self.csr_path.as_ref(), "-noout", "-verify",],
)
.await?;
Ok(output == b"verify OK\n" || output == b"Certificate request self-signature verify OK\n")
}
async fn execute(&self) -> Result<(), Box<dyn Error>> {
self
.command_runner
.run_successfully(
"openssl",
args![
"req",
"-new",
"-sha256",
"-key",
self.key_path.as_ref(),
"-out",
self.csr_path.as_ref(),
"-subj",
format!("/CN={}", self.domain.borrow()),
],
)
.await
}
}
#[cfg(test)]
mod test {
use super::{Csr, Symbol};
use crate::async_utils::run;
use crate::command_runner::MockCommandRunner;
#[test]
fn test_bookworm_success() {
let mut command_runner = MockCommandRunner::new();
command_runner
.expect_get_stderr()
.times(1)
.returning(|_, _| Ok("Certificate request self-signature verify OK\n".into()));
let symbol = Csr::new(command_runner, "", "/nonexisting", "/"); // FIXME: Csr path has to be an existing file
run(async {
assert_eq!(symbol.target_reached().await.unwrap(), true);
});
}
#[test]
fn test_bookworm_invalid() {
let mut command_runner = MockCommandRunner::new();
command_runner
.expect_get_stderr()
.times(1)
.returning(|_, _| {
Ok("Unable to load X509 request
40F746B61E7F0000:error:0480006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:763:Expecting: CERTIFICATE REQUEST
" .into())
});
let symbol = Csr::new(command_runner, "", "/nonexisting", "/"); // FIXME: Csr path has to be an existing file
run(async {
assert_eq!(symbol.target_reached().await.unwrap(), false);
});
}
#[test]
fn test_bullseye_success() {
let mut command_runner = MockCommandRunner::new();
command_runner
.expect_get_stderr()
.times(1)
.returning(|_, _| Ok("verify OK\n".into()));
let symbol = Csr::new(command_runner, "", "/nonexisting", "/"); // FIXME: Csr path has to be an existing file
run(async {
assert_eq!(symbol.target_reached().await.unwrap(), true);
});
}
#[test]
fn test_bullseye_invalid() {
let mut command_runner = MockCommandRunner::new();
command_runner
.expect_get_stderr()
.times(1)
.returning(|_, _| {
Ok("unable to load X509 request
140032085857600:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST
" .into())
});
let symbol = Csr::new(command_runner, "", "/nonexisting", "/"); // FIXME: Csr path has to be an existing file
run(async {
assert_eq!(symbol.target_reached().await.unwrap(), false);
});
}
}