proxy: allow .key/.pem files instead of a pkcs12/.pfx file

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2019-04-26 10:44:41 +02:00
parent 8b7c0def84
commit e888155712

View File

@ -1,3 +1,6 @@
use std::io;
use std::path::Path;
use proxmox_backup::try_block;
use proxmox_backup::configdir;
use proxmox_backup::tools;
@ -24,6 +27,20 @@ fn main() {
}
}
fn load_certificate<T: AsRef<Path>, U: AsRef<Path>>(
key: T,
cert: U,
) -> Result<openssl::pkcs12::Pkcs12, Error> {
let key = tools::file_get_contents(key)?;
let cert = tools::file_get_contents(cert)?;
let key = openssl::pkey::PKey::private_key_from_pem(&key)?;
let cert = openssl::x509::X509::from_pem(&cert)?;
Ok(openssl::pkcs12::Pkcs12::builder()
.build("", "", &key, &cert)?)
}
fn run() -> Result<(), Error> {
if let Err(err) = syslog::init(
syslog::Facility::LOG_DAEMON,
@ -56,7 +73,14 @@ fn run() -> Result<(), Error> {
let rest_server = RestServer::new(config);
let cert_path = configdir!("/proxy.pfx");
let raw_cert = tools::file_get_contents(cert_path)?;
let raw_cert = match std::fs::read(cert_path) {
Ok(pfx) => pfx,
Err(ref err) if err.kind() == io::ErrorKind::NotFound => {
let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?;
pkcs12.to_der()?
}
Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err),
};
let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
Ok(data) => data,