proxmox_client_tools: move common key related functions to key_source.rs
Add a new module containing key-related functions and schemata from all over, code moved is not changed as much as possible. Requires adapting some 'use' statements across proxmox-backup-client and putting the XDG helpers quite cozily into proxmox_client_tools/mod.rs Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
This commit is contained in:
Stefan Reiter
committed by
Thomas Lamprecht
Thomas Lamprecht
parent
4876393562
commit
ff8945fd2f
@ -20,114 +20,10 @@ use proxmox_backup::{
|
||||
tools::paperkey::{generate_paper_key, PaperkeyFormat},
|
||||
};
|
||||
|
||||
use crate::KeyWithSource;
|
||||
|
||||
pub const DEFAULT_ENCRYPTION_KEY_FILE_NAME: &str = "encryption-key.json";
|
||||
pub const DEFAULT_MASTER_PUBKEY_FILE_NAME: &str = "master-public.pem";
|
||||
|
||||
pub fn find_default_master_pubkey() -> Result<Option<PathBuf>, Error> {
|
||||
super::find_xdg_file(
|
||||
DEFAULT_MASTER_PUBKEY_FILE_NAME,
|
||||
"default master public key file",
|
||||
)
|
||||
}
|
||||
|
||||
pub fn place_default_master_pubkey() -> Result<PathBuf, Error> {
|
||||
super::place_xdg_file(
|
||||
DEFAULT_MASTER_PUBKEY_FILE_NAME,
|
||||
"default master public key file",
|
||||
)
|
||||
}
|
||||
|
||||
pub fn find_default_encryption_key() -> Result<Option<PathBuf>, Error> {
|
||||
super::find_xdg_file(
|
||||
DEFAULT_ENCRYPTION_KEY_FILE_NAME,
|
||||
"default encryption key file",
|
||||
)
|
||||
}
|
||||
|
||||
pub fn place_default_encryption_key() -> Result<PathBuf, Error> {
|
||||
super::place_xdg_file(
|
||||
DEFAULT_ENCRYPTION_KEY_FILE_NAME,
|
||||
"default encryption key file",
|
||||
)
|
||||
}
|
||||
|
||||
#[cfg(not(test))]
|
||||
pub(crate) fn read_optional_default_encryption_key() -> Result<Option<KeyWithSource>, Error> {
|
||||
find_default_encryption_key()?
|
||||
.map(|path| file_get_contents(path).map(KeyWithSource::from_default))
|
||||
.transpose()
|
||||
}
|
||||
|
||||
#[cfg(not(test))]
|
||||
pub(crate) fn read_optional_default_master_pubkey() -> Result<Option<KeyWithSource>, Error> {
|
||||
find_default_master_pubkey()?
|
||||
.map(|path| file_get_contents(path).map(KeyWithSource::from_default))
|
||||
.transpose()
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
static mut TEST_DEFAULT_ENCRYPTION_KEY: Result<Option<Vec<u8>>, Error> = Ok(None);
|
||||
|
||||
#[cfg(test)]
|
||||
pub(crate) fn read_optional_default_encryption_key() -> Result<Option<KeyWithSource>, Error> {
|
||||
// not safe when multiple concurrent test cases end up here!
|
||||
unsafe {
|
||||
match &TEST_DEFAULT_ENCRYPTION_KEY {
|
||||
Ok(Some(key)) => Ok(Some(KeyWithSource::from_default(key.clone()))),
|
||||
Ok(None) => Ok(None),
|
||||
Err(_) => bail!("test error"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
// not safe when multiple concurrent test cases end up here!
|
||||
pub(crate) unsafe fn set_test_encryption_key(value: Result<Option<Vec<u8>>, Error>) {
|
||||
TEST_DEFAULT_ENCRYPTION_KEY = value;
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
static mut TEST_DEFAULT_MASTER_PUBKEY: Result<Option<Vec<u8>>, Error> = Ok(None);
|
||||
|
||||
#[cfg(test)]
|
||||
pub(crate) fn read_optional_default_master_pubkey() -> Result<Option<KeyWithSource>, Error> {
|
||||
// not safe when multiple concurrent test cases end up here!
|
||||
unsafe {
|
||||
match &TEST_DEFAULT_MASTER_PUBKEY {
|
||||
Ok(Some(key)) => Ok(Some(KeyWithSource::from_default(key.clone()))),
|
||||
Ok(None) => Ok(None),
|
||||
Err(_) => bail!("test error"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
// not safe when multiple concurrent test cases end up here!
|
||||
pub(crate) unsafe fn set_test_default_master_pubkey(value: Result<Option<Vec<u8>>, Error>) {
|
||||
TEST_DEFAULT_MASTER_PUBKEY = value;
|
||||
}
|
||||
|
||||
pub fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
|
||||
// fixme: implement other input methods
|
||||
|
||||
use std::env::VarError::*;
|
||||
match std::env::var("PBS_ENCRYPTION_PASSWORD") {
|
||||
Ok(p) => return Ok(p.as_bytes().to_vec()),
|
||||
Err(NotUnicode(_)) => bail!("PBS_ENCRYPTION_PASSWORD contains bad characters"),
|
||||
Err(NotPresent) => {
|
||||
// Try another method
|
||||
}
|
||||
}
|
||||
|
||||
// If we're on a TTY, query the user for a password
|
||||
if tty::stdin_isatty() {
|
||||
return Ok(tty::read_password("Encryption Key Password: ")?);
|
||||
}
|
||||
|
||||
bail!("no password input mechanism available");
|
||||
}
|
||||
use crate::proxmox_client_tools::key_source::{
|
||||
find_default_encryption_key, find_default_master_pubkey, get_encryption_key_password,
|
||||
place_default_encryption_key, place_default_master_pubkey,
|
||||
};
|
||||
|
||||
#[api(
|
||||
input: {
|
||||
|
||||
Reference in New Issue
Block a user