refactor CertInfo to tools
we want to reuse some of the functionality elsewhere Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak
committed by
Dietmar Maurer
Dietmar Maurer
parent
660a34892d
commit
ec01eeadc6
@ -1,32 +1,18 @@
|
||||
use std::path::PathBuf;
|
||||
|
||||
use anyhow::{bail, Error};
|
||||
|
||||
use proxmox::api::{api, cli::*};
|
||||
|
||||
use proxmox_backup::config;
|
||||
use proxmox_backup::configdir;
|
||||
use proxmox_backup::auth_helpers::*;
|
||||
|
||||
fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error> {
|
||||
let mut parts = Vec::new();
|
||||
for entry in name.entries() {
|
||||
parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?));
|
||||
}
|
||||
Ok(parts.join(", "))
|
||||
}
|
||||
use proxmox_backup::tools::cert::CertInfo;
|
||||
|
||||
#[api]
|
||||
/// Display node certificate information.
|
||||
fn cert_info() -> Result<(), Error> {
|
||||
|
||||
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
|
||||
let cert = CertInfo::new()?;
|
||||
|
||||
let cert_pem = proxmox::tools::fs::file_get_contents(&cert_path)?;
|
||||
|
||||
let cert = openssl::x509::X509::from_pem(&cert_pem)?;
|
||||
|
||||
println!("Subject: {}", x509name_to_string(cert.subject_name())?);
|
||||
println!("Subject: {}", cert.subject_name()?);
|
||||
|
||||
if let Some(san) = cert.subject_alt_names() {
|
||||
for name in san.iter() {
|
||||
@ -42,17 +28,12 @@ fn cert_info() -> Result<(), Error> {
|
||||
}
|
||||
}
|
||||
|
||||
println!("Issuer: {}", x509name_to_string(cert.issuer_name())?);
|
||||
println!("Issuer: {}", cert.issuer_name()?);
|
||||
println!("Validity:");
|
||||
println!(" Not Before: {}", cert.not_before());
|
||||
println!(" Not After : {}", cert.not_after());
|
||||
|
||||
let fp = cert.digest(openssl::hash::MessageDigest::sha256())?;
|
||||
let fp_string = proxmox::tools::digest_to_hex(&fp);
|
||||
let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
|
||||
.collect::<Vec<&str>>().join(":");
|
||||
|
||||
println!("Fingerprint (sha256): {}", fp_string);
|
||||
println!("Fingerprint (sha256): {}", cert.fingerprint()?);
|
||||
|
||||
let pubkey = cert.public_key()?;
|
||||
println!("Public key type: {}", openssl::nid::Nid::from_raw(pubkey.id().as_raw()).long_name()?);
|
||||
|
||||
@ -23,6 +23,7 @@ pub use proxmox::tools::fd::Fd;
|
||||
pub mod acl;
|
||||
pub mod async_io;
|
||||
pub mod borrow;
|
||||
pub mod cert;
|
||||
pub mod daemon;
|
||||
pub mod disks;
|
||||
pub mod fs;
|
||||
|
||||
67
src/tools/cert.rs
Normal file
67
src/tools/cert.rs
Normal file
@ -0,0 +1,67 @@
|
||||
use std::path::PathBuf;
|
||||
|
||||
use anyhow::Error;
|
||||
use openssl::x509::{X509, GeneralName};
|
||||
use openssl::stack::Stack;
|
||||
use openssl::pkey::{Public, PKey};
|
||||
|
||||
use crate::configdir;
|
||||
|
||||
pub struct CertInfo {
|
||||
x509: X509,
|
||||
}
|
||||
|
||||
fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error> {
|
||||
let mut parts = Vec::new();
|
||||
for entry in name.entries() {
|
||||
parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?));
|
||||
}
|
||||
Ok(parts.join(", "))
|
||||
}
|
||||
|
||||
impl CertInfo {
|
||||
pub fn new() -> Result<Self, Error> {
|
||||
Self::from_path(PathBuf::from(configdir!("/proxy.pem")))
|
||||
}
|
||||
|
||||
pub fn from_path(path: PathBuf) -> Result<Self, Error> {
|
||||
let cert_pem = proxmox::tools::fs::file_get_contents(&path)?;
|
||||
let x509 = openssl::x509::X509::from_pem(&cert_pem)?;
|
||||
Ok(Self{
|
||||
x509
|
||||
})
|
||||
}
|
||||
|
||||
pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>> {
|
||||
self.x509.subject_alt_names()
|
||||
}
|
||||
|
||||
pub fn subject_name(&self) -> Result<String, Error> {
|
||||
Ok(x509name_to_string(self.x509.subject_name())?)
|
||||
}
|
||||
|
||||
pub fn issuer_name(&self) -> Result<String, Error> {
|
||||
Ok(x509name_to_string(self.x509.issuer_name())?)
|
||||
}
|
||||
|
||||
pub fn fingerprint(&self) -> Result<String, Error> {
|
||||
let fp = self.x509.digest(openssl::hash::MessageDigest::sha256())?;
|
||||
let fp_string = proxmox::tools::digest_to_hex(&fp);
|
||||
let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
|
||||
.collect::<Vec<&str>>().join(":");
|
||||
Ok(fp_string)
|
||||
}
|
||||
|
||||
pub fn public_key(&self) -> Result<PKey<Public>, Error> {
|
||||
let pubkey = self.x509.public_key()?;
|
||||
Ok(pubkey)
|
||||
}
|
||||
|
||||
pub fn not_before(&self) -> &openssl::asn1::Asn1TimeRef {
|
||||
self.x509.not_before()
|
||||
}
|
||||
|
||||
pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef {
|
||||
self.x509.not_after()
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user