paperkey: move code to src/tools/paperkey.rs
This commit is contained in:
parent
5f34d69bcc
commit
639a6782bd
@ -1,9 +1,6 @@
|
||||
use std::path::PathBuf;
|
||||
use std::io::Write;
|
||||
use std::process::{Stdio, Command};
|
||||
|
||||
use anyhow::{bail, format_err, Error};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use serde_json::Value;
|
||||
|
||||
use proxmox::api::api;
|
||||
@ -20,6 +17,10 @@ use proxmox::sys::linux::tty;
|
||||
use proxmox::tools::fs::{file_get_contents, replace_file, CreateOptions};
|
||||
|
||||
use proxmox_backup::{
|
||||
tools::paperkey::{
|
||||
PaperkeyFormat,
|
||||
generate_paper_key,
|
||||
},
|
||||
api2::types::{
|
||||
PASSWORD_HINT_SCHEMA,
|
||||
KeyInfo,
|
||||
@ -32,17 +33,6 @@ use proxmox_backup::{
|
||||
tools,
|
||||
};
|
||||
|
||||
#[api()]
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
#[serde(rename_all = "lowercase")]
|
||||
/// Paperkey output format
|
||||
pub enum PaperkeyFormat {
|
||||
/// Format as Utf8 text. Includes QR codes as ascii-art.
|
||||
Text,
|
||||
/// Format as Html. Includes QR codes as png images.
|
||||
Html,
|
||||
}
|
||||
|
||||
pub const DEFAULT_ENCRYPTION_KEY_FILE_NAME: &str = "encryption-key.json";
|
||||
pub const MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem";
|
||||
|
||||
@ -464,46 +454,7 @@ fn paper_key(
|
||||
let data = file_get_contents(&path)?;
|
||||
let data = String::from_utf8(data)?;
|
||||
|
||||
let (data, is_private_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n") {
|
||||
let lines: Vec<String> = data
|
||||
.lines()
|
||||
.map(|s| s.trim_end())
|
||||
.filter(|s| !s.is_empty())
|
||||
.map(String::from)
|
||||
.collect();
|
||||
|
||||
if !lines[lines.len()-1].starts_with("-----END ENCRYPTED PRIVATE KEY-----") {
|
||||
bail!("unexpected key format");
|
||||
}
|
||||
|
||||
if lines.len() < 20 {
|
||||
bail!("unexpected key format");
|
||||
}
|
||||
|
||||
(lines, true)
|
||||
} else {
|
||||
match serde_json::from_str::<KeyConfig>(&data) {
|
||||
Ok(key_config) => {
|
||||
let lines = serde_json::to_string_pretty(&key_config)?
|
||||
.lines()
|
||||
.map(String::from)
|
||||
.collect();
|
||||
|
||||
(lines, false)
|
||||
},
|
||||
Err(err) => {
|
||||
eprintln!("Couldn't parse '{:?}' as KeyConfig - {}", path, err);
|
||||
bail!("Neither a PEM-formatted private key, nor a PBS key file.");
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
let format = output_format.unwrap_or(PaperkeyFormat::Html);
|
||||
|
||||
match format {
|
||||
PaperkeyFormat::Html => paperkey_html(&data, subject, is_private_key),
|
||||
PaperkeyFormat::Text => paperkey_text(&data, subject, is_private_key),
|
||||
}
|
||||
generate_paper_key(std::io::stdout(), &data, subject, output_format)
|
||||
}
|
||||
|
||||
pub fn cli() -> CliCommandMap {
|
||||
@ -545,169 +496,3 @@ pub fn cli() -> CliCommandMap {
|
||||
.insert("show", key_show_cmd_def)
|
||||
.insert("paperkey", paper_key_cmd_def)
|
||||
}
|
||||
|
||||
fn paperkey_html(lines: &[String], subject: Option<String>, is_private: bool) -> Result<(), Error> {
|
||||
|
||||
let img_size_pt = 500;
|
||||
|
||||
println!("<!DOCTYPE html>");
|
||||
println!("<html lang=\"en\">");
|
||||
println!("<head>");
|
||||
println!("<meta charset=\"utf-8\">");
|
||||
println!("<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">");
|
||||
println!("<title>Proxmox Backup Paperkey</title>");
|
||||
println!("<style type=\"text/css\">");
|
||||
|
||||
println!(" p {{");
|
||||
println!(" font-size: 12pt;");
|
||||
println!(" font-family: monospace;");
|
||||
println!(" white-space: pre-wrap;");
|
||||
println!(" line-break: anywhere;");
|
||||
println!(" }}");
|
||||
|
||||
println!("</style>");
|
||||
|
||||
println!("</head>");
|
||||
|
||||
println!("<body>");
|
||||
|
||||
if let Some(subject) = subject {
|
||||
println!("<p>Subject: {}</p>", subject);
|
||||
}
|
||||
|
||||
if is_private {
|
||||
const BLOCK_SIZE: usize = 20;
|
||||
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
|
||||
|
||||
for i in 0..blocks {
|
||||
let start = i*BLOCK_SIZE;
|
||||
let mut end = start + BLOCK_SIZE;
|
||||
if end > lines.len() {
|
||||
end = lines.len();
|
||||
}
|
||||
let data = &lines[start..end];
|
||||
|
||||
println!("<div style=\"page-break-inside: avoid;page-break-after: always\">");
|
||||
println!("<p>");
|
||||
|
||||
for l in start..end {
|
||||
println!("{:02}: {}", l, lines[l]);
|
||||
}
|
||||
|
||||
println!("</p>");
|
||||
|
||||
let qr_code = generate_qr_code("svg", data)?;
|
||||
let qr_code = base64::encode_config(&qr_code, base64::STANDARD_NO_PAD);
|
||||
|
||||
println!("<center>");
|
||||
println!("<img");
|
||||
println!("width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt);
|
||||
println!("src=\"data:image/svg+xml;base64,{}\"/>", qr_code);
|
||||
println!("</center>");
|
||||
println!("</div>");
|
||||
}
|
||||
|
||||
println!("</body>");
|
||||
println!("</html>");
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
println!("<div style=\"page-break-inside: avoid\">");
|
||||
|
||||
println!("<p>");
|
||||
|
||||
println!("-----BEGIN PROXMOX BACKUP KEY-----");
|
||||
|
||||
for line in lines {
|
||||
println!("{}", line);
|
||||
}
|
||||
|
||||
println!("-----END PROXMOX BACKUP KEY-----");
|
||||
|
||||
println!("</p>");
|
||||
|
||||
let qr_code = generate_qr_code("svg", lines)?;
|
||||
let qr_code = base64::encode_config(&qr_code, base64::STANDARD_NO_PAD);
|
||||
|
||||
println!("<center>");
|
||||
println!("<img");
|
||||
println!("width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt);
|
||||
println!("src=\"data:image/svg+xml;base64,{}\"/>", qr_code);
|
||||
println!("</center>");
|
||||
|
||||
println!("</div>");
|
||||
|
||||
println!("</body>");
|
||||
println!("</html>");
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn paperkey_text(lines: &[String], subject: Option<String>, is_private: bool) -> Result<(), Error> {
|
||||
|
||||
if let Some(subject) = subject {
|
||||
println!("Subject: {}\n", subject);
|
||||
}
|
||||
|
||||
if is_private {
|
||||
const BLOCK_SIZE: usize = 5;
|
||||
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
|
||||
|
||||
for i in 0..blocks {
|
||||
let start = i*BLOCK_SIZE;
|
||||
let mut end = start + BLOCK_SIZE;
|
||||
if end > lines.len() {
|
||||
end = lines.len();
|
||||
}
|
||||
let data = &lines[start..end];
|
||||
|
||||
for l in start..end {
|
||||
println!("{:-2}: {}", l, lines[l]);
|
||||
}
|
||||
let qr_code = generate_qr_code("utf8i", data)?;
|
||||
let qr_code = String::from_utf8(qr_code)
|
||||
.map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
|
||||
println!("{}", qr_code);
|
||||
println!("{}", char::from(12u8)); // page break
|
||||
|
||||
}
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
println!("-----BEGIN PROXMOX BACKUP KEY-----");
|
||||
for line in lines {
|
||||
println!("{}", line);
|
||||
}
|
||||
println!("-----END PROXMOX BACKUP KEY-----");
|
||||
|
||||
let qr_code = generate_qr_code("utf8i", &lines)?;
|
||||
let qr_code = String::from_utf8(qr_code)
|
||||
.map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
|
||||
|
||||
println!("{}", qr_code);
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn generate_qr_code(output_type: &str, lines: &[String]) -> Result<Vec<u8>, Error> {
|
||||
let mut child = Command::new("qrencode")
|
||||
.args(&["-t", output_type, "-m0", "-s1", "-lm", "--output", "-"])
|
||||
.stdin(Stdio::piped())
|
||||
.stdout(Stdio::piped())
|
||||
.spawn()?;
|
||||
|
||||
{
|
||||
let stdin = child.stdin.as_mut()
|
||||
.ok_or_else(|| format_err!("Failed to open stdin"))?;
|
||||
let data = lines.join("\n");
|
||||
stdin.write_all(data.as_bytes())
|
||||
.map_err(|_| format_err!("Failed to write to stdin"))?;
|
||||
}
|
||||
|
||||
let output = child.wait_with_output()
|
||||
.map_err(|_| format_err!("Failed to read stdout"))?;
|
||||
|
||||
let output = crate::tools::command_output(output, None)?;
|
||||
|
||||
Ok(output)
|
||||
}
|
||||
|
@ -43,6 +43,7 @@ pub mod ticket;
|
||||
pub mod xattr;
|
||||
pub mod zip;
|
||||
pub mod sgutils2;
|
||||
pub mod paperkey;
|
||||
|
||||
pub mod parallel_handler;
|
||||
pub use parallel_handler::ParallelHandler;
|
||||
|
250
src/tools/paperkey.rs
Normal file
250
src/tools/paperkey.rs
Normal file
@ -0,0 +1,250 @@
|
||||
use std::io::Write;
|
||||
use std::process::{Stdio, Command};
|
||||
|
||||
use anyhow::{bail, format_err, Error};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use proxmox::api::api;
|
||||
|
||||
use crate::backup::KeyConfig;
|
||||
|
||||
#[api()]
|
||||
#[derive(Debug, Serialize, Deserialize)]
|
||||
#[serde(rename_all = "lowercase")]
|
||||
/// Paperkey output format
|
||||
pub enum PaperkeyFormat {
|
||||
/// Format as Utf8 text. Includes QR codes as ascii-art.
|
||||
Text,
|
||||
/// Format as Html. Includes QR codes as SVG images.
|
||||
Html,
|
||||
}
|
||||
|
||||
/// Generate a paper key (html or utf8 text)
|
||||
///
|
||||
/// This function takes an encryption key (either RSA private key
|
||||
/// text, or `KeyConfig` json), and generates a printable text or html
|
||||
/// page, including a scanable QR code to recover the key.
|
||||
pub fn generate_paper_key<W: Write>(
|
||||
output: W,
|
||||
data: &str,
|
||||
subject: Option<String>,
|
||||
output_format: Option<PaperkeyFormat>,
|
||||
) -> Result<(), Error> {
|
||||
|
||||
let (data, is_private_key) = if data.starts_with("-----BEGIN ENCRYPTED PRIVATE KEY-----\n") {
|
||||
let lines: Vec<String> = data
|
||||
.lines()
|
||||
.map(|s| s.trim_end())
|
||||
.filter(|s| !s.is_empty())
|
||||
.map(String::from)
|
||||
.collect();
|
||||
|
||||
if !lines[lines.len()-1].starts_with("-----END ENCRYPTED PRIVATE KEY-----") {
|
||||
bail!("unexpected key format");
|
||||
}
|
||||
|
||||
if lines.len() < 20 {
|
||||
bail!("unexpected key format");
|
||||
}
|
||||
|
||||
(lines, true)
|
||||
} else {
|
||||
match serde_json::from_str::<KeyConfig>(&data) {
|
||||
Ok(key_config) => {
|
||||
let lines = serde_json::to_string_pretty(&key_config)?
|
||||
.lines()
|
||||
.map(String::from)
|
||||
.collect();
|
||||
|
||||
(lines, false)
|
||||
},
|
||||
Err(err) => {
|
||||
eprintln!("Couldn't parse data as KeyConfig - {}", err);
|
||||
bail!("Neither a PEM-formatted private key, nor a PBS key file.");
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
let format = output_format.unwrap_or(PaperkeyFormat::Html);
|
||||
|
||||
match format {
|
||||
PaperkeyFormat::Html => paperkey_html(output, &data, subject, is_private_key),
|
||||
PaperkeyFormat::Text => paperkey_text(output, &data, subject, is_private_key),
|
||||
}
|
||||
}
|
||||
|
||||
fn paperkey_html<W: Write>(
|
||||
mut output: W,
|
||||
lines: &[String],
|
||||
subject: Option<String>,
|
||||
is_private: bool,
|
||||
) -> Result<(), Error> {
|
||||
|
||||
let img_size_pt = 500;
|
||||
|
||||
writeln!(output, "<!DOCTYPE html>")?;
|
||||
writeln!(output, "<html lang=\"en\">")?;
|
||||
writeln!(output, "<head>")?;
|
||||
writeln!(output, "<meta charset=\"utf-8\">")?;
|
||||
writeln!(output, "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">")?;
|
||||
writeln!(output, "<title>Proxmox Backup Paperkey</title>")?;
|
||||
writeln!(output, "<style type=\"text/css\">")?;
|
||||
|
||||
writeln!(output, " p {{")?;
|
||||
writeln!(output, " font-size: 12pt;")?;
|
||||
writeln!(output, " font-family: monospace;")?;
|
||||
writeln!(output, " white-space: pre-wrap;")?;
|
||||
writeln!(output, " line-break: anywhere;")?;
|
||||
writeln!(output, " }}")?;
|
||||
|
||||
writeln!(output, "</style>")?;
|
||||
|
||||
writeln!(output, "</head>")?;
|
||||
|
||||
writeln!(output, "<body>")?;
|
||||
|
||||
if let Some(subject) = subject {
|
||||
writeln!(output, "<p>Subject: {}</p>", subject)?;
|
||||
}
|
||||
|
||||
if is_private {
|
||||
const BLOCK_SIZE: usize = 20;
|
||||
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
|
||||
|
||||
for i in 0..blocks {
|
||||
let start = i*BLOCK_SIZE;
|
||||
let mut end = start + BLOCK_SIZE;
|
||||
if end > lines.len() {
|
||||
end = lines.len();
|
||||
}
|
||||
let data = &lines[start..end];
|
||||
|
||||
writeln!(output, "<div style=\"page-break-inside: avoid;page-break-after: always\">")?;
|
||||
writeln!(output, "<p>")?;
|
||||
|
||||
for l in start..end {
|
||||
writeln!(output, "{:02}: {}", l, lines[l])?;
|
||||
}
|
||||
|
||||
writeln!(output, "</p>")?;
|
||||
|
||||
let qr_code = generate_qr_code("svg", data)?;
|
||||
let qr_code = base64::encode_config(&qr_code, base64::STANDARD_NO_PAD);
|
||||
|
||||
writeln!(output, "<center>")?;
|
||||
writeln!(output, "<img")?;
|
||||
writeln!(output, "width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt)?;
|
||||
writeln!(output, "src=\"data:image/svg+xml;base64,{}\"/>", qr_code)?;
|
||||
writeln!(output, "</center>")?;
|
||||
writeln!(output, "</div>")?;
|
||||
}
|
||||
|
||||
writeln!(output, "</body>")?;
|
||||
writeln!(output, "</html>")?;
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
writeln!(output, "<div style=\"page-break-inside: avoid\">")?;
|
||||
|
||||
writeln!(output, "<p>")?;
|
||||
|
||||
writeln!(output, "-----BEGIN PROXMOX BACKUP KEY-----")?;
|
||||
|
||||
for line in lines {
|
||||
writeln!(output, "{}", line)?;
|
||||
}
|
||||
|
||||
writeln!(output, "-----END PROXMOX BACKUP KEY-----")?;
|
||||
|
||||
writeln!(output, "</p>")?;
|
||||
|
||||
let qr_code = generate_qr_code("svg", lines)?;
|
||||
let qr_code = base64::encode_config(&qr_code, base64::STANDARD_NO_PAD);
|
||||
|
||||
writeln!(output, "<center>")?;
|
||||
writeln!(output, "<img")?;
|
||||
writeln!(output, "width=\"{}pt\" height=\"{}pt\"", img_size_pt, img_size_pt)?;
|
||||
writeln!(output, "src=\"data:image/svg+xml;base64,{}\"/>", qr_code)?;
|
||||
writeln!(output, "</center>")?;
|
||||
|
||||
writeln!(output, "</div>")?;
|
||||
|
||||
writeln!(output, "</body>")?;
|
||||
writeln!(output, "</html>")?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn paperkey_text<W: Write>(
|
||||
mut output: W,
|
||||
lines: &[String],
|
||||
subject: Option<String>,
|
||||
is_private: bool,
|
||||
) -> Result<(), Error> {
|
||||
|
||||
if let Some(subject) = subject {
|
||||
writeln!(output, "Subject: {}\n", subject)?;
|
||||
}
|
||||
|
||||
if is_private {
|
||||
const BLOCK_SIZE: usize = 5;
|
||||
let blocks = (lines.len() + BLOCK_SIZE -1)/BLOCK_SIZE;
|
||||
|
||||
for i in 0..blocks {
|
||||
let start = i*BLOCK_SIZE;
|
||||
let mut end = start + BLOCK_SIZE;
|
||||
if end > lines.len() {
|
||||
end = lines.len();
|
||||
}
|
||||
let data = &lines[start..end];
|
||||
|
||||
for l in start..end {
|
||||
writeln!(output, "{:-2}: {}", l, lines[l])?;
|
||||
}
|
||||
let qr_code = generate_qr_code("utf8i", data)?;
|
||||
let qr_code = String::from_utf8(qr_code)
|
||||
.map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
|
||||
writeln!(output, "{}", qr_code)?;
|
||||
writeln!(output, "{}", char::from(12u8))?; // page break
|
||||
|
||||
}
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
writeln!(output, "-----BEGIN PROXMOX BACKUP KEY-----")?;
|
||||
for line in lines {
|
||||
writeln!(output, "{}", line)?;
|
||||
}
|
||||
writeln!(output, "-----END PROXMOX BACKUP KEY-----")?;
|
||||
|
||||
let qr_code = generate_qr_code("utf8i", &lines)?;
|
||||
let qr_code = String::from_utf8(qr_code)
|
||||
.map_err(|_| format_err!("Failed to read qr code (got non-utf8 data)"))?;
|
||||
|
||||
writeln!(output, "{}", qr_code)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn generate_qr_code(output_type: &str, lines: &[String]) -> Result<Vec<u8>, Error> {
|
||||
let mut child = Command::new("qrencode")
|
||||
.args(&["-t", output_type, "-m0", "-s1", "-lm", "--output", "-"])
|
||||
.stdin(Stdio::piped())
|
||||
.stdout(Stdio::piped())
|
||||
.spawn()?;
|
||||
|
||||
{
|
||||
let stdin = child.stdin.as_mut()
|
||||
.ok_or_else(|| format_err!("Failed to open stdin"))?;
|
||||
let data = lines.join("\n");
|
||||
stdin.write_all(data.as_bytes())
|
||||
.map_err(|_| format_err!("Failed to write to stdin"))?;
|
||||
}
|
||||
|
||||
let output = child.wait_with_output()
|
||||
.map_err(|_| format_err!("Failed to read stdout"))?;
|
||||
|
||||
let output = crate::tools::command_output(output, None)?;
|
||||
|
||||
Ok(output)
|
||||
}
|
Loading…
Reference in New Issue
Block a user