From d01e2420f71610aa0d2f7832df2be62edd73c96f Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 29 Jan 2019 17:21:58 +0100
Subject: [PATCH] load auth keys on startup

---
 src/auth_helpers.rs             | 49 +++++++++++++++++++++++++++++++++
 src/bin/proxmox-backup-api.rs   |  4 ++-
 src/bin/proxmox-backup-proxy.rs |  4 +++
 3 files changed, 56 insertions(+), 1 deletion(-)

diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs
index f7ee6e6b..0ad3f8b6 100644
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@@ -1,8 +1,11 @@
 use crate::tools;
 
 use failure::*;
+use lazy_static::lazy_static;
 
 use openssl::rsa::{Rsa};
+use openssl::pkey::{PKey, Public, Private};
+
 use std::path::PathBuf;
 
 pub fn generate_csrf_key() -> Result<(), Error> {
@@ -50,3 +53,49 @@ pub fn generate_auth_key() -> Result<(), Error> {
 
     Ok(())
 }
+
+pub fn csrf_secret() -> &'static [u8] {
+
+    lazy_static! {
+        static ref SECRET: Vec<u8> =
+            tools::file_get_contents("/etc/proxmox-backup/csrf.key").unwrap();
+    }
+
+    &SECRET
+}
+
+fn load_private_auth_key() -> Result<PKey<Private>, Error> {
+
+    let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.key")?;
+    let rsa = Rsa::private_key_from_pem(&pem)?;
+    let key = PKey::from_rsa(rsa)?;
+
+    Ok(key)
+}
+
+pub fn private_auth_key() -> &'static PKey<Private> {
+
+    lazy_static! {
+        static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
+    }
+
+    &KEY
+}
+
+fn load_public_auth_key() -> Result<PKey<Public>, Error> {
+
+    let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.pub")?;
+    let rsa = Rsa::public_key_from_pem(&pem)?;
+    let key = PKey::from_rsa(rsa)?;
+
+    Ok(key)
+}
+
+pub fn public_auth_key() -> &'static PKey<Public> {
+
+    lazy_static! {
+        static ref KEY: PKey<Public> = load_public_auth_key().unwrap();
+    }
+
+    &KEY
+}
diff --git a/src/bin/proxmox-backup-api.rs b/src/bin/proxmox-backup-api.rs
index 4f86b070..ba9d3029 100644
--- a/src/bin/proxmox-backup-api.rs
+++ b/src/bin/proxmox-backup-api.rs
@@ -2,7 +2,7 @@ extern crate proxmox_backup;
 
 use std::sync::Arc;
 
-use proxmox_backup::tools;
+//use proxmox_backup::tools;
 use proxmox_backup::api::schema::*;
 use proxmox_backup::api::router::*;
 use proxmox_backup::api::config::*;
@@ -30,11 +30,13 @@ fn main() {
         eprintln!("unable to generate auth key: {}", err);
         std::process::exit(-1);
     }
+    let _ = private_auth_key(); // load with lazy_static
 
     if let Err(err) = generate_csrf_key() {
         eprintln!("unable to generate csrf key: {}", err);
         std::process::exit(-1);
     }
+    let _ = csrf_secret(); // load with lazy_static
 
     let command : Arc<Schema> = StringSchema::new("Command.")
         .format(Arc::new(ApiStringFormat::Enum(vec![
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index f14161d0..5d3455e7 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -7,6 +7,7 @@ use proxmox_backup::api::router::*;
 use proxmox_backup::api::config::*;
 use proxmox_backup::server::rest::*;
 use proxmox_backup::getopts;
+use proxmox_backup::auth_helpers::*;
 
 //use failure::*;
 use lazy_static::lazy_static;
@@ -25,6 +26,9 @@ fn main() {
         std::process::exit(-1);
     }
 
+    let _ = public_auth_key(); // load with lazy_static
+    let _ = csrf_secret(); // load with lazy_static
+
     let command : Arc<Schema> = StringSchema::new("Command.")
         .format(Arc::new(ApiStringFormat::Enum(vec![
             "start".into(),