config: factor out certificate writing
for reuse in the certificate api Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
a576e6685b
commit
f912ba6a3e
@ -98,10 +98,6 @@ pub fn create_configdir() -> Result<(), Error> {
|
|||||||
/// Update self signed node certificate.
|
/// Update self signed node certificate.
|
||||||
pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
|
pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
|
||||||
|
|
||||||
let backup_user = crate::backup::backup_user()?;
|
|
||||||
|
|
||||||
create_configdir()?;
|
|
||||||
|
|
||||||
let key_path = PathBuf::from(configdir!("/proxy.key"));
|
let key_path = PathBuf::from(configdir!("/proxy.key"));
|
||||||
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
|
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
|
||||||
|
|
||||||
@ -111,15 +107,6 @@ pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
|
|||||||
|
|
||||||
let priv_pem = rsa.private_key_to_pem()?;
|
let priv_pem = rsa.private_key_to_pem()?;
|
||||||
|
|
||||||
replace_file(
|
|
||||||
&key_path,
|
|
||||||
&priv_pem,
|
|
||||||
CreateOptions::new()
|
|
||||||
.perm(Mode::from_bits_truncate(0o0640))
|
|
||||||
.owner(nix::unistd::ROOT)
|
|
||||||
.group(backup_user.gid),
|
|
||||||
)?;
|
|
||||||
|
|
||||||
let mut x509 = X509Builder::new()?;
|
let mut x509 = X509Builder::new()?;
|
||||||
|
|
||||||
x509.set_version(2)?;
|
x509.set_version(2)?;
|
||||||
@ -198,14 +185,24 @@ pub fn update_self_signed_cert(force: bool) -> Result<(), Error> {
|
|||||||
let x509 = x509.build();
|
let x509 = x509.build();
|
||||||
let cert_pem = x509.to_pem()?;
|
let cert_pem = x509.to_pem()?;
|
||||||
|
|
||||||
replace_file(
|
set_proxy_certificate(&cert_pem, &priv_pem)?;
|
||||||
&cert_path,
|
|
||||||
&cert_pem,
|
|
||||||
CreateOptions::new()
|
|
||||||
.perm(Mode::from_bits_truncate(0o0640))
|
|
||||||
.owner(nix::unistd::ROOT)
|
|
||||||
.group(backup_user.gid),
|
|
||||||
)?;
|
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub(crate) fn set_proxy_certificate(cert_pem: &[u8], key_pem: &[u8]) -> Result<(), Error> {
|
||||||
|
let backup_user = crate::backup::backup_user()?;
|
||||||
|
let options = CreateOptions::new()
|
||||||
|
.perm(Mode::from_bits_truncate(0o0640))
|
||||||
|
.owner(nix::unistd::ROOT)
|
||||||
|
.group(backup_user.gid);
|
||||||
|
let key_path = PathBuf::from(configdir!("/proxy.key"));
|
||||||
|
let cert_path = PathBuf::from(configdir!("/proxy.pem"));
|
||||||
|
|
||||||
|
create_configdir()?;
|
||||||
|
replace_file(&key_path, &key_pem, options.clone())
|
||||||
|
.map_err(|err| format_err!("error writing certificate private key - {}", err))?;
|
||||||
|
replace_file(&cert_path, &cert_pem, options)
|
||||||
|
.map_err(|err| format_err!("error writing certificate file - {}", err))?;
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user