tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor CertInfo to tools 

we want to reuse some of the functionality elsewhere

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
This commit is contained in:
Dominik Csapak 2020-07-10 10:51:11 +02:00 committed by Dietmar Maurer
parent 660a34892d
commit ec01eeadc6
3 changed files with 73 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
src/bin/proxmox_backup_manager/cert.rs
View File

@ -1,32 +1,18 @@
use std::path::PathBuf;
use anyhow::{bail, Error}; use anyhow::{bail, Error};
use proxmox::api::{api, cli::*}; use proxmox::api::{api, cli::*};
use proxmox_backup::config; use proxmox_backup::config;
use proxmox_backup::configdir;
use proxmox_backup::auth_helpers::*; use proxmox_backup::auth_helpers::*;
use proxmox_backup::tools::cert::CertInfo;
fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error> {
let mut parts = Vec::new();
for entry in name.entries() {
parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?));
}
Ok(parts.join(", "))
}
#[api] #[api]
/// Display node certificate information. /// Display node certificate information.
fn cert_info() -> Result<(), Error> { fn cert_info() -> Result<(), Error> {
let cert_path = PathBuf::from(configdir!("/proxy.pem")); let cert = CertInfo::new()?;
let cert_pem = proxmox::tools::fs::file_get_contents(&cert_path)?; println!("Subject: {}", cert.subject_name()?);
let cert = openssl::x509::X509::from_pem(&cert_pem)?;
println!("Subject: {}", x509name_to_string(cert.subject_name())?);
if let Some(san) = cert.subject_alt_names() { if let Some(san) = cert.subject_alt_names() {
for name in san.iter() { for name in san.iter() {
@ -42,17 +28,12 @@ fn cert_info() -> Result<(), Error> {
} }
} }
println!("Issuer: {}", x509name_to_string(cert.issuer_name())?); println!("Issuer: {}", cert.issuer_name()?);
println!("Validity:"); println!("Validity:");
println!(" Not Before: {}", cert.not_before()); println!(" Not Before: {}", cert.not_before());
println!(" Not After : {}", cert.not_after()); println!(" Not After : {}", cert.not_after());
let fp = cert.digest(openssl::hash::MessageDigest::sha256())?; println!("Fingerprint (sha256): {}", cert.fingerprint()?);
let fp_string = proxmox::tools::digest_to_hex(&fp);
let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
.collect::<Vec<&str>>().join(":");
println!("Fingerprint (sha256): {}", fp_string);
let pubkey = cert.public_key()?; let pubkey = cert.public_key()?;
println!("Public key type: {}", openssl::nid::Nid::from_raw(pubkey.id().as_raw()).long_name()?); println!("Public key type: {}", openssl::nid::Nid::from_raw(pubkey.id().as_raw()).long_name()?);

1
src/tools.rs
View File

@ -23,6 +23,7 @@ pub use proxmox::tools::fd::Fd;
pub mod acl; pub mod acl;
pub mod async_io; pub mod async_io;
pub mod borrow; pub mod borrow;
pub mod cert;
pub mod daemon; pub mod daemon;
pub mod disks; pub mod disks;
pub mod fs; pub mod fs;

67
src/tools/cert.rs Normal file
View File

@ -0,0 +1,67 @@
use std::path::PathBuf;
use anyhow::Error;
use openssl::x509::{X509, GeneralName};
use openssl::stack::Stack;
use openssl::pkey::{Public, PKey};
use crate::configdir;
pub struct CertInfo {
x509: X509,
}
fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error> {
let mut parts = Vec::new();
for entry in name.entries() {
parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?));
}
Ok(parts.join(", "))
}
impl CertInfo {
pub fn new() -> Result<Self, Error> {
Self::from_path(PathBuf::from(configdir!("/proxy.pem")))
}
pub fn from_path(path: PathBuf) -> Result<Self, Error> {
let cert_pem = proxmox::tools::fs::file_get_contents(&path)?;
let x509 = openssl::x509::X509::from_pem(&cert_pem)?;
Ok(Self{
x509
})
}
pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>> {
self.x509.subject_alt_names()
}
pub fn subject_name(&self) -> Result<String, Error> {
Ok(x509name_to_string(self.x509.subject_name())?)
}
pub fn issuer_name(&self) -> Result<String, Error> {
Ok(x509name_to_string(self.x509.issuer_name())?)
}
pub fn fingerprint(&self) -> Result<String, Error> {
let fp = self.x509.digest(openssl::hash::MessageDigest::sha256())?;
let fp_string = proxmox::tools::digest_to_hex(&fp);
let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
.collect::<Vec<&str>>().join(":");
Ok(fp_string)
}
pub fn public_key(&self) -> Result<PKey<Public>, Error> {
let pubkey = self.x509.public_key()?;
Ok(pubkey)
}
pub fn not_before(&self) -> &openssl::asn1::Asn1TimeRef {
self.x509.not_before()
}
pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef {
self.x509.not_after()
}
}