b4tman/peazyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: b4tman:21d6eb268af0ccb89aefc480f6efb4d780f8788c
Branches Tags
b4tman:master
b4tman:ovpn-refactor
b4tman:https
b4tman:internal_openssl
...
compare: b4tman:cdac6d2aa52706955b3c705feba8193e29f10aba
Branches Tags
b4tman:master
b4tman:ovpn-refactor
b4tman:https
b4tman:internal_openssl

9 Commits
21d6eb268a ... cdac6d2aa5

Author SHA1 Message Date
Dmitry
cdac6d2aa5
openssl providers in separate files
All checks were successful
Docker Image CI / test (push) Successful in 2m34s
Details
Docker Image CI / push (push) Successful in 14m47s
Details
2024-10-22 16:23:53 +03:00
Dmitry
f5e207654c
upd Dockerfile 2024-10-22 16:13:44 +03:00
Dmitry
232ad335fa
upd tokio 2024-10-22 16:05:39 +03:00
Dmitry
c7677bdb70
refactor 2024-10-22 15:45:36 +03:00
Dmitry
fa9c1ecb2c
+ san email 2024-10-22 14:18:55 +03:00
Dmitry
8c1add6ff1
+internal openssl cert provider 2024-10-22 00:41:06 +03:00
Dmitry
e20aecea81
src files 2024-10-21 16:33:47 +03:00
Dmitry
531e0bcc24
upd .gitignore 2024-10-21 16:32:51 +03:00
Dmitry
023f262fea
ICryptoProvider trait 2024-10-20 14:29:19 +03:00
12 changed files with 1216 additions and 477 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1,3 @@
/target
/.env.ps1
/.vscode

267
Cargo.lock generated
View File

@ -26,6 +26,21 @@ dependencies = [
"memchr",
]
[[package]]
name = "android-tzdata"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
[[package]]
name = "anstream"
version = "0.6.15"
@ -125,10 +140,31 @@ dependencies = [
]
[[package]]
name = "bytes"
version = "1.7.2"
name = "bitflags"
version = "2.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "428d9aa8fbc0670b7b8d6030a7fadd0f86151cae55e4dbbece15f3780a3dfaf3"
checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"
[[package]]
name = "bumpalo"
version = "3.16.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
[[package]]
name = "bytes"
version = "1.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ac0150caa2ae65ca5bd83f25c7de183dea78d4d366469f148435e2acfbad0da"
[[package]]
name = "cc"
version = "1.1.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c2e7962b54006dcfcc61cb72735f4d89bb97061dd6a7ed882ec6b8ee53714c6f"
dependencies = [
"shlex",
]
[[package]]
name = "cfg-if"
@ -136,6 +172,20 @@ version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "chrono"
version = "0.4.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401"
dependencies = [
"android-tzdata",
"iana-time-zone",
"js-sys",
"num-traits",
"wasm-bindgen",
"windows-targets",
]
[[package]]
name = "clap"
version = "4.5.20"
@ -182,6 +232,12 @@ version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3fd119d74b830634cea2a0f58bbd0d54540518a14397557951e79340abc28c0"
[[package]]
name = "core-foundation-sys"
version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]]
name = "encoding"
version = "0.2.33"
@ -246,6 +302,21 @@ version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a246d82be1c9d791c5dfde9a2bd045fc3cbba3fa2b11ad558f27d01712f00569"
[[package]]
name = "foreign-types"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
dependencies = [
"foreign-types-shared",
]
[[package]]
name = "foreign-types-shared"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
[[package]]
name = "futures"
version = "0.3.31"
@ -353,18 +424,62 @@ version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024"
[[package]]
name = "iana-time-zone"
version = "0.1.61"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "235e081f3925a06703c2d0117ea8b91f042756fd6e7a6e5d901e8ca1a996b220"
dependencies = [
"android_system_properties",
"core-foundation-sys",
"iana-time-zone-haiku",
"js-sys",
"wasm-bindgen",
"windows-core",
]
[[package]]
name = "iana-time-zone-haiku"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
dependencies = [
"cc",
]
[[package]]
name = "is_terminal_polyfill"
version = "1.70.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
[[package]]
name = "js-sys"
version = "0.3.72"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a88f1bda2bd75b0452a14784937d796722fdebfe50df998aeb3f0b7603019a9"
dependencies = [
"wasm-bindgen",
]
[[package]]
name = "lazy_static"
version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
[[package]]
name = "libc"
version = "0.2.161"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e9489c2807c139ffd9c1794f4af0ebe86a828db53ecdc7fea2111d0fed085d1"
[[package]]
name = "log"
version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
[[package]]
name = "memchr"
version = "2.7.4"
@ -392,6 +507,15 @@ dependencies = [
"windows-sys",
]
[[package]]
name = "num-traits"
version = "0.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
dependencies = [
"autocfg",
]
[[package]]
name = "object"
version = "0.36.5"
@ -401,17 +525,64 @@ dependencies = [
"memchr",
]
[[package]]
name = "once_cell"
version = "1.20.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1261fe7e33c73b354eab43b1273a57c8f967d0391e80353e51f764ac02cf6775"
[[package]]
name = "openssl"
version = "0.10.68"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6174bc48f102d208783c2c84bf931bb75927a617866870de8a4ea85597f871f5"
dependencies = [
"bitflags",
"cfg-if",
"foreign-types",
"libc",
"once_cell",
"openssl-macros",
"openssl-sys",
]
[[package]]
name = "openssl-macros"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "openssl-sys"
version = "0.9.104"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741"
dependencies = [
"cc",
"libc",
"pkg-config",
"vcpkg",
]
[[package]]
name = "peazyrsa"
version = "0.1.0"
dependencies = [
"anyhow",
"async-stream",
"chrono",
"clap",
"encoding",
"futures",
"futures-core",
"futures-util",
"lazy_static",
"openssl",
"regex",
"tokio",
]
@ -428,6 +599,12 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
name = "pkg-config"
version = "0.3.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2"
[[package]]
name = "proc-macro2"
version = "1.0.88"
@ -481,6 +658,12 @@ version = "0.1.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "signal-hook-registry"
version = "1.4.2"
@ -507,9 +690,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.79"
version = "2.0.82"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590"
checksum = "83540f837a8afc019423a8edb95b52a8effe46957ee402287f4292fae35be021"
dependencies = [
"proc-macro2",
"quote",
@ -518,9 +701,9 @@ dependencies = [
[[package]]
name = "tokio"
version = "1.40.0"
version = "1.41.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e2b070231665d27ad9ec9b8df639893f46727666c6767db40317fbe920a5d998"
checksum = "145f3413504347a2be84393cc8a7d2fb4d863b375909ea59f2158261aa258bbb"
dependencies = [
"backtrace",
"bytes",
@ -555,12 +738,82 @@ version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
[[package]]
name = "vcpkg"
version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
[[package]]
name = "wasi"
version = "0.11.0+wasi-snapshot-preview1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]]
name = "wasm-bindgen"
version = "0.2.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "128d1e363af62632b8eb57219c8fd7877144af57558fb2ef0368d0087bddeb2e"
dependencies = [
"cfg-if",
"once_cell",
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb6dd4d3ca0ddffd1dd1c9c04f94b868c37ff5fac97c30b97cff2d74fce3a358"
dependencies = [
"bumpalo",
"log",
"once_cell",
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e79384be7f8f5a9dd5d7167216f022090cf1f9ec128e6e6a482a2cb5c5422c56"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26c6ab57572f7a24a4985830b120de1594465e5d500f24afe89e16b4e833ef68"
dependencies = [
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "65fc09f10666a9f147042251e0dda9c18f166ff7de300607007e96bdebc1068d"
[[package]]
name = "windows-core"
version = "0.52.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9"
dependencies = [
"windows-targets",
]
[[package]]
name = "windows-sys"
version = "0.52.0"

5
Cargo.toml
View File

@ -6,13 +6,16 @@ edition = "2021"
[dependencies]
anyhow = "1.0.90"
async-stream = "0.3.6"
chrono = "0.4.38"
clap = { version = "4.5.20", features = ["derive"] }
encoding = "0.2.33"
futures = "0.3.31"
futures-core = "0.3.31"
futures-util = "0.3.31"
lazy_static = "1.5.0"
openssl = { version="0.10.68" }
regex = "1.11.0"
tokio = { version = "1.40.0", features = ["fs", "rt", "process", "macros", "io-util"] }
tokio = { version = "1.41.0", features = ["fs", "rt", "process", "macros", "io-util"] }
[profile.release]
opt-level = 3

1
Dockerfile
View File

@ -1,5 +1,6 @@
FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
WORKDIR /app
RUN apt --no-install-recommends update && apt install -y libssl-dev
FROM chef AS planner
COPY . .

122
src/certs.rs Normal file
View File

@ -0,0 +1,122 @@
use anyhow::{anyhow, Context, Result};
use std::{path::PathBuf, sync::Arc};
use crate::common::{is_file_exist, read_file, write_file, AppConfig, OpenSSLProviderArg, VarsMap};
use crate::crypto_provider::ICryptoProvider;
use crate::openssl::{external::OpenSSLExternalProvider, internal::OpenSSLInternalProvider};
pub(crate) struct Certs<T>
where
T: ICryptoProvider,
{
pub(crate) encoding: String,
pub(crate) ca_file: PathBuf,
pub(crate) key_file: PathBuf,
pub(crate) cert_file: PathBuf,
pub(crate) config_file: PathBuf,
pub(crate) template_file: PathBuf,
pub(crate) provider: Arc<T>,
}
impl<T> Certs<T>
where
T: ICryptoProvider,
{
pub(crate) fn new(cfg: &AppConfig, provider: T) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let config_dir = base_dir.clone().join(cfg.config_subdir.clone());
let name = cfg.name.clone();
Certs {
encoding: cfg.encoding.clone(),
ca_file: keys_dir.join(cfg.ca_filename.clone()),
key_file: keys_dir.join(format!("{}.key", &name)),
cert_file: keys_dir.join(format!("{}.crt", &name)),
config_file: config_dir.join(format!("{}.ovpn", &name)),
template_file: base_dir.clone().join(cfg.template_file.clone()),
provider: Arc::new(provider),
}
}
async fn is_config_exists(&self) -> bool {
is_file_exist(&self.config_file).await
}
pub(crate) async fn request(&self) -> Result<()> {
self.provider.request().await
}
pub(crate) async fn sign(&self) -> Result<()> {
self.provider.sign().await
}
pub(crate) async fn build_client_config(&self) -> Result<bool> {
if self.is_config_exists().await {
return Ok(false);
}
self.request().await.context("req error")?;
self.sign().await.context("sign error")?;
let (template_file, ca_file, cert_file, key_file) = (
self.template_file.clone(),
self.ca_file.clone(),
self.cert_file.clone(),
self.key_file.clone(),
);
let enc = self.encoding.clone();
let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone());
if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
tokio::spawn(read_file(template_file, enc1)),
tokio::spawn(read_file(ca_file, enc2)),
tokio::spawn(read_file(cert_file, enc3)),
tokio::spawn(read_file(key_file, enc4))
) {
let text = template
.replace("{{ca}}", ca.trim())
.replace("{{cert}}", cert.trim())
.replace("{{key}}", key.trim());
write_file(&self.config_file, text, &self.encoding).await?;
Ok(true)
} else {
Err(anyhow!("files read error"))
}
}
}
pub async fn build_client_config(config: &AppConfig, vars: VarsMap) -> Result<()> {
let result_file: PathBuf;
let created: bool;
if let OpenSSLProviderArg::ExternalBin(_) = config.openssl {
let certs = Certs::new(config, OpenSSLExternalProvider::from_cfg(config, vars));
created = certs
.build_client_config()
.await
.context("external openssl error")?;
result_file = certs.config_file;
} else {
let certs = Certs::new(config, OpenSSLInternalProvider::from_cfg(config, vars));
created = certs
.build_client_config()
.await
.context("internal openssl error")?;
result_file = certs.config_file;
}
let result_file = result_file
.to_str()
.ok_or(anyhow!("result_file PathBuf to str convert error"))?;
if created {
println!("created: {result_file}");
Ok(())
} else {
Err(anyhow!("file exists: {result_file}"))
}
}

225
src/common.rs Normal file
View File

@ -0,0 +1,225 @@
use anyhow::{anyhow, Context, Result};
use async_stream::stream;
use clap::Parser;
use encoding::{label::encoding_from_whatwg_label, EncoderTrap};
use std::{
collections::BTreeMap,
fmt::Display,
path::{Path, PathBuf},
str::FromStr,
};
use tokio::{
fs::{self, File},
io::{AsyncBufReadExt, BufReader},
};
use futures_core::stream::Stream;
pub(crate) type VarsMap = BTreeMap<String, String>;
#[derive(Debug, Clone, PartialEq)]
pub enum OpenSSLProviderArg {
Internal,
ExternalBin(String),
}
impl FromStr for OpenSSLProviderArg {
type Err = anyhow::Error;
fn from_str(s: &str) -> Result<Self, Self::Err> {
match s.to_ascii_lowercase().as_str() {
"internal" => Ok(OpenSSLProviderArg::Internal),
x => Ok(OpenSSLProviderArg::ExternalBin(x.to_string())),
}
}
}
impl Display for OpenSSLProviderArg {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self {
OpenSSLProviderArg::ExternalBin(x) => write!(f, "{}", x),
_ => write!(f, "internal"),
}
}
}
#[derive(Parser)]
#[command(author, version, about, long_about = None)]
pub(crate) struct Args {
/// new client name
pub(crate) name: String,
/// pki directory
#[arg(short, long)]
pub(crate) directory: Option<String>,
/// client email
#[arg(short, long)]
pub(crate) email: Option<String>,
/// files encoding
#[arg(short = 'c', long)]
pub(crate) encoding: Option<String>,
/// keys subdir
#[arg(long, default_value = "keys")]
pub(crate) keys_dir: String,
/// config subdir
#[arg(long, default_value = "config")]
pub(crate) config_dir: String,
/// valid days
#[arg(long, default_value = "3650")]
pub(crate) days: u32,
/// openssl binary or (internal)
#[arg(long, short, default_value = "internal")]
pub(crate) openssl: OpenSSLProviderArg,
/// template file
#[arg(long, default_value = "template.ovpn")]
pub(crate) template_file: String,
}
pub(crate) struct AppConfig {
pub(crate) encoding: String,
pub(crate) req_days: u32,
pub(crate) keys_subdir: String,
pub(crate) config_subdir: String,
pub(crate) template_file: String,
pub(crate) openssl_default_cnf: String,
pub(crate) openssl_cnf_env: String,
pub(crate) ca_filename: String,
pub(crate) default_email_domain: String,
pub(crate) openssl: OpenSSLProviderArg,
pub(crate) base_directory: String,
pub(crate) email: String,
pub(crate) name: String,
}
impl Default for AppConfig {
fn default() -> Self {
Self {
encoding: "cp866".into(),
req_days: 30650,
keys_subdir: "keys".into(),
config_subdir: "config".into(),
template_file: "template.ovpn".into(),
openssl_default_cnf: "openssl-1.0.0.cnf".into(),
openssl_cnf_env: "KEY_CONFIG".into(),
ca_filename: "ca.crt".into(),
default_email_domain: "example.com".into(),
openssl: OpenSSLProviderArg::Internal,
base_directory: ".".into(),
email: "name@example.com".into(),
name: "user".into(),
}
}
}
impl From<&Args> for AppConfig {
fn from(args: &Args) -> Self {
let defaults = Self::default();
let base_directory = args
.directory
.as_ref()
.unwrap_or(&defaults.base_directory)
.clone();
let email = args.email.clone().unwrap_or(format!(
"{}@{}",
&args.name,
defaults.default_email_domain.clone()
));
let encoding = if let Some(enc) = args.encoding.clone() {
enc.to_string()
} else {
defaults.encoding.clone()
};
let name = args.name.clone();
let openssl = args.openssl.clone();
let template_file = args.template_file.clone();
let req_days = args.days;
let keys_subdir = args.keys_dir.clone();
let config_subdir = args.config_dir.clone();
Self {
base_directory,
email,
encoding,
name,
openssl,
template_file,
req_days,
keys_subdir,
config_subdir,
..defaults
}
}
}
pub(crate) async fn is_file_exist(filepath: &PathBuf) -> bool {
let metadata = tokio::fs::metadata(&filepath).await;
if metadata.is_err() {
return false;
}
if !metadata.unwrap().is_file() {
return false;
}
true
}
pub(crate) async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result<String>
where
S: AsRef<str> + std::cmp::PartialEq<&'a str>,
P: AsRef<Path>,
{
let filepath = PathBuf::from(filepath.as_ref());
if encoding == "utf8" {
return Ok(fs::read_to_string(filepath).await?);
}
let enc = encoding_from_whatwg_label(encoding.as_ref()).ok_or(anyhow!("encoding not found"))?;
let bytes = fs::read(filepath).await?;
enc.decode(&bytes, encoding::DecoderTrap::Ignore)
.map_err(|_| anyhow!("could not read file"))
}
pub(crate) async fn write_file(filepath: &PathBuf, text: String, encoding: &str) -> Result<()> {
if encoding == "utf8" {
return Ok(fs::write(filepath, text).await?);
}
let enc = encoding_from_whatwg_label(encoding).ok_or(anyhow!("encoding not found"))?;
let mut bytes = Vec::new();
enc.encode_to(&text, EncoderTrap::Ignore, &mut bytes)
.map_err(|_| anyhow!("can't encode"))?;
fs::write(filepath, bytes).await.context("can't write file")
}
pub(crate) async fn read_file_by_lines(
filepath: &PathBuf,
encoding: &str,
) -> Result<Box<dyn Stream<Item = String>>> {
Ok(if encoding == "utf8" {
let f = File::open(filepath).await?;
let reader = BufReader::new(f);
let mut lines = reader.lines();
Box::new(stream! {
while let Ok(Some(line)) = lines.next_line().await {
yield line
}
})
} else {
let text = read_file(filepath, encoding).await?;
Box::new(stream! {
for line in text.lines() {
yield line.to_string()
}
})
})
}

6
src/crypto_provider.rs Normal file
View File

@ -0,0 +1,6 @@
use anyhow::Result;
pub(crate) trait ICryptoProvider {
async fn request(&self) -> Result<()>;
async fn sign(&self) -> Result<()>;
}

480
src/main.rs
View File

@ -1,464 +1,15 @@
use anyhow::{anyhow, Context, Result};
use anyhow::{anyhow, Result};
use clap::Parser;
use encoding::{label::encoding_from_whatwg_label, EncoderTrap};
use regex::Regex;
use std::{
collections::BTreeMap,
path::{Path, PathBuf},
pin::Pin,
};
use tokio::{
fs::{self, File},
io::{AsyncBufReadExt, BufReader},
};
use tokio::{pin, process::Command};
use async_stream::stream;
mod certs;
mod common;
mod crypto_provider;
mod openssl;
mod vars;
use futures_core::stream::Stream;
use futures_util::stream::StreamExt;
#[derive(Parser)]
#[command(author, version, about, long_about = None)]
struct Args {
/// new client name
name: String,
/// pki directory
#[arg(short, long)]
directory: Option<String>,
/// client email
#[arg(short, long)]
email: Option<String>,
/// files encoding
#[arg(short = 'c', long)]
encoding: Option<String>,
/// keys subdir
#[arg(long, default_value = "keys")]
keys_dir: String,
/// config subdir
#[arg(long, default_value = "config")]
config_dir: String,
/// valid days
#[arg(long, default_value = "30650")]
days: u32,
/// openssl binary
#[arg(long, default_value = "openssl")]
openssl: String,
/// template file
#[arg(long, default_value = "template.ovpn")]
template_file: String,
}
struct VarsFile {
filepath: PathBuf,
vars: Option<BTreeMap<String, String>>,
encoding: String,
}
struct AppConfig {
encoding: String,
req_days: u32,
keys_subdir: String,
config_subdir: String,
template_file: String,
openssl_default_cnf: String,
openssl_cnf_env: String,
ca_filename: String,
default_email_domain: String,
openssl: String,
base_directory: String,
email: String,
name: String,
}
impl Default for AppConfig {
fn default() -> Self {
Self {
encoding: "cp866".into(),
req_days: 30650,
keys_subdir: "keys".into(),
config_subdir: "config".into(),
template_file: "template.ovpn".into(),
openssl_default_cnf: "openssl-1.0.0.cnf".into(),
openssl_cnf_env: "KEY_CONFIG".into(),
ca_filename: "ca.crt".into(),
default_email_domain: "example.com".into(),
openssl: "openssl".into(),
base_directory: ".".into(),
email: "name@example.com".into(),
name: "user".into(),
}
}
}
impl From<&Args> for AppConfig {
fn from(args: &Args) -> Self {
let defaults = Self::default();
let base_directory = args
.directory
.as_ref()
.unwrap_or(&defaults.base_directory)
.clone();
let email = args.email.clone().unwrap_or(format!(
"{}@{}",
&args.name,
defaults.default_email_domain.clone()
));
let encoding = if let Some(enc) = args.encoding.clone() {
enc.to_string()
} else {
defaults.encoding.clone()
};
let name = args.name.clone();
let openssl = args.openssl.clone();
let template_file = args.template_file.clone();
let req_days = args.days;
let keys_subdir = args.keys_dir.clone();
let config_subdir = args.config_dir.clone();
Self {
base_directory,
email,
encoding,
name,
openssl,
template_file,
req_days,
keys_subdir,
config_subdir,
..defaults
}
}
}
async fn is_file_exist(filepath: &PathBuf) -> bool {
let metadata = tokio::fs::metadata(&filepath).await;
if metadata.is_err() {
return false;
}
if !metadata.unwrap().is_file() {
return false;
}
true
}
async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result<String>
where
S: AsRef<str> + std::cmp::PartialEq<&'a str>,
P: AsRef<Path>,
{
let filepath = PathBuf::from(filepath.as_ref());
if encoding == "utf8" {
return Ok(fs::read_to_string(filepath).await?);
}
let enc = encoding_from_whatwg_label(encoding.as_ref()).ok_or(anyhow!("encoding not found"))?;
let bytes = fs::read(filepath).await?;
enc.decode(&bytes, encoding::DecoderTrap::Ignore)
.map_err(|_| anyhow!("could not read file"))
}
async fn write_file(filepath: &PathBuf, text: String, encoding: &str) -> Result<()> {
if encoding == "utf8" {
return Ok(fs::write(filepath, text).await?);
}
let enc = encoding_from_whatwg_label(encoding).ok_or(anyhow!("encoding not found"))?;
let mut bytes = Vec::new();
enc.encode_to(&text, EncoderTrap::Ignore, &mut bytes)
.map_err(|_| anyhow!("can't encode"))?;
fs::write(filepath, bytes).await.context("can't write file")
}
async fn read_file_by_lines(
filepath: &PathBuf,
encoding: &str,
) -> Result<Box<dyn Stream<Item = String>>> {
Ok(if encoding == "utf8" {
let f = File::open(filepath).await?;
let reader = BufReader::new(f);
let mut lines = reader.lines();
Box::new(stream! {
while let Ok(Some(line)) = lines.next_line().await {
yield line
}
})
} else {
let text = read_file(filepath, encoding).await?;
Box::new(stream! {
for line in text.lines() {
yield line.to_string()
}
})
})
}
impl VarsFile {
async fn from_file(filepath: &PathBuf, encoding: String) -> Result<Self> {
let metadata = tokio::fs::metadata(&filepath).await.context(format!(
"file not found {}",
filepath.to_str().expect("str")
))?;
if !metadata.is_file() {
Err(anyhow!("{} is not a file", filepath.to_str().expect("str")))?
}
Ok(VarsFile {
filepath: filepath.to_path_buf(),
vars: None,
encoding,
})
}
async fn from_dir(dir: PathBuf, encoding: String) -> Result<Self> {
let filepath = dir.join("vars");
let err_context = format!(
"vars or vars.bat file not found in {}",
dir.to_str().expect("str")
);
match Self::from_file(&filepath, encoding.clone()).await {
Ok(res) => Ok(res),
Err(_) => Self::from_file(&filepath.with_extension("bat"), encoding.clone())
.await
.map_err(|e| e.context(err_context)),
}
}
async fn from_config(config: &AppConfig) -> Result<Self> {
Self::from_dir(
PathBuf::from(&config.base_directory),
config.encoding.clone(),
)
.await
}
async fn parse(&mut self) -> Result<()> {
let mut result = BTreeMap::new();
let lines = read_file_by_lines(&self.filepath, &self.encoding).await?;
let lines = Pin::from(lines);
pin!(lines);
let re_v2 =
Regex::new(r#"^(export|set)\s\b(?P<key>[\w\d_]+)\b=\s?"?(?P<value>[^\#]+?)"?$"#)
.context("regex v2")?;
let re_v3 = Regex::new(r"^set_var\s(?P<key1>[\w\d_]+)\s+(?P<value1>[^\#]+?)$")
.context("regex v3")?;
while let Some(line) = lines.next().await {
if let Some(caps) = re_v2.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
continue;
}
if let Some(caps) = re_v3.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
};
}
self.vars = Some(result);
Ok(())
}
#[allow(dead_code)]
fn apply(&self) -> Result<()> {
if let Some(vars) = self.vars.clone() {
for (key, value) in vars.iter() {
unsafe {
std::env::set_var(key, value);
}
}
} else {
Err(anyhow!("vars not parsed"))?
}
Ok(())
}
}
struct Certs {
base_dir: PathBuf,
encoding: String,
req_days: u32,
ca_file: PathBuf,
req_file: PathBuf,
key_file: PathBuf,
cert_file: PathBuf,
config_file: PathBuf,
template_file: PathBuf,
openssl_cnf: PathBuf,
openssl: String,
vars: BTreeMap<String, String>,
}
impl Certs {
fn new(cfg: &AppConfig, vars: BTreeMap<String, String>) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let config_dir = base_dir.clone().join(cfg.config_subdir.clone());
let mut vars = vars;
let name = cfg.name.clone();
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
Self {
base_dir: base_dir.clone(),
encoding: cfg.encoding.clone(),
req_days: cfg.req_days,
ca_file: keys_dir.join(cfg.ca_filename.clone()),
req_file: keys_dir.join(format!("{}.csr", &name)),
key_file: keys_dir.join(format!("{}.key", &name)),
cert_file: keys_dir.join(format!("{}.crt", &name)),
config_file: config_dir.join(format!("{}.ovpn", &name)),
template_file: base_dir.clone().join(cfg.template_file.clone()),
openssl_cnf: base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone())
.unwrap_or(cfg.openssl_default_cnf.clone()),
),
openssl: cfg.openssl.clone(),
vars,
}
}
async fn is_ca_exists(&self) -> bool {
is_file_exist(&self.ca_file).await
}
async fn is_config_exists(&self) -> bool {
is_file_exist(&self.config_file).await
}
async fn is_cert_exists(&self) -> bool {
is_file_exist(&self.cert_file).await
}
async fn is_req_exists(&self) -> bool {
is_file_exist(&self.req_file).await
}
async fn request(&self) -> Result<()> {
if self.is_req_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let status = Command::new(&self.openssl)
.args([
"req",
"-nodes",
"-new",
"-keyout",
self.key_file.to_str().unwrap(),
"-out",
self.req_file.to_str().unwrap(),
"-config",
self.openssl_cnf.to_str().unwrap(),
"-batch",
])
.current_dir(&self.base_dir)
.envs(&self.vars)
.status()
.await?;
match status.success() {
true => Ok(()),
false => Err(anyhow!("openssl req execution failed")),
}
}
async fn sign(&self) -> Result<()> {
if self.is_cert_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let status = Command::new(&self.openssl)
.args([
"ca",
"-days",
format!("{}", self.req_days).as_str(),
"-out",
self.cert_file.to_str().unwrap(),
"-in",
self.req_file.to_str().unwrap(),
"-config",
self.openssl_cnf.to_str().unwrap(),
"-batch",
])
.current_dir(&self.base_dir)
.envs(&self.vars)
.status()
.await?;
match status.success() {
true => Ok(()),
false => Err(anyhow!("ssl ca execution failed")),
}
}
async fn build_client_config(&self) -> Result<bool> {
if self.is_config_exists().await {
return Ok(false);
}
self.request().await?;
self.sign().await?;
let (template_file, ca_file, cert_file, key_file) = (
self.template_file.clone(),
self.ca_file.clone(),
self.cert_file.clone(),
self.key_file.clone(),
);
let enc = self.encoding.clone();
let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone());
if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
tokio::spawn(read_file(template_file, enc1)),
tokio::spawn(read_file(ca_file, enc2)),
tokio::spawn(read_file(cert_file, enc3)),
tokio::spawn(read_file(key_file, enc4))
) {
let text = template
.replace("{{ca}}", ca.trim())
.replace("{{cert}}", cert.trim())
.replace("{{key}}", key.trim());
write_file(&self.config_file, text, &self.encoding).await?;
Ok(true)
} else {
Err(anyhow!("files read error"))
}
}
}
use crate::certs::build_client_config;
use crate::common::{AppConfig, Args};
use crate::vars::VarsFile;
#[tokio::main(flavor = "current_thread")]
async fn main() -> Result<()> {
@ -470,15 +21,6 @@ async fn main() -> Result<()> {
println!("found vars: {}", vars.filepath.to_str().expect("fff"));
println!("loaded: {:#?}", &vars.vars);
let certs = Certs::new(&config, vars.vars.unwrap());
let created = certs.build_client_config().await?;
let result_file = certs.config_file.to_str().unwrap();
if created {
println!("created: {result_file}");
Ok(())
} else {
Err(anyhow!("file exists: {result_file}"))
}
let vars = vars.vars.ok_or(anyhow!("no vars loaded"))?;
build_client_config(&config, vars).await
}

138
src/openssl/external.rs Normal file
View File

@ -0,0 +1,138 @@
use anyhow::{anyhow, Result};
use std::path::PathBuf;
use tokio::process::Command;
use crate::common::{is_file_exist, AppConfig, VarsMap};
use crate::crypto_provider::ICryptoProvider;
pub(crate) struct OpenSSLExternalProvider {
vars: VarsMap,
base_dir: PathBuf,
openssl_cnf: PathBuf,
openssl: String,
ca_file: PathBuf,
req_file: PathBuf,
key_file: PathBuf,
cert_file: PathBuf,
req_days: u32,
}
impl OpenSSLExternalProvider {
async fn is_ca_exists(&self) -> bool {
is_file_exist(&self.ca_file).await
}
async fn is_cert_exists(&self) -> bool {
is_file_exist(&self.cert_file).await
}
async fn is_req_exists(&self) -> bool {
is_file_exist(&self.req_file).await
}
pub(crate) fn from_cfg(cfg: &AppConfig, vars: VarsMap) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let name = cfg.name.clone();
let mut vars = vars;
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
let ca_file = keys_dir.join(cfg.ca_filename.clone());
let req_file = keys_dir.join(format!("{}.csr", &name));
let key_file = keys_dir.join(format!("{}.key", &name));
let cert_file = keys_dir.join(format!("{}.crt", &name));
let openssl_cnf = base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone()).unwrap_or(cfg.openssl_default_cnf.clone()),
);
Self {
vars,
base_dir,
openssl_cnf,
openssl: cfg.openssl.to_string(),
ca_file,
req_file,
key_file,
cert_file,
req_days: cfg.req_days,
}
}
}
impl ICryptoProvider for OpenSSLExternalProvider {
async fn request(&self) -> Result<()> {
if self.is_req_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let status = Command::new(&self.openssl)
.args([
"req",
"-nodes",
"-new",
"-keyout",
self.key_file.to_str().unwrap(),
"-out",
self.req_file.to_str().unwrap(),
"-config",
self.openssl_cnf.to_str().unwrap(),
"-batch",
])
.current_dir(&self.base_dir)
.envs(&self.vars)
.status()
.await?;
match status.success() {
true => Ok(()),
false => Err(anyhow!("openssl req execution failed")),
}
}
async fn sign(&self) -> Result<()> {
if self.is_cert_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let status = Command::new(&self.openssl)
.args([
"ca",
"-days",
format!("{}", self.req_days).as_str(),
"-out",
self.cert_file.to_str().unwrap(),
"-in",
self.req_file.to_str().unwrap(),
"-config",
self.openssl_cnf.to_str().unwrap(),
"-batch",
])
.current_dir(&self.base_dir)
.envs(&self.vars)
.status()
.await?;
match status.success() {
true => Ok(()),
false => Err(anyhow!("ssl ca execution failed")),
}
}
}

349
src/openssl/internal.rs Normal file
View File

@ -0,0 +1,349 @@
use anyhow::{anyhow, Context, Result};
use openssl::{
asn1::Asn1Time,
conf::{Conf, ConfMethod},
hash::MessageDigest,
pkey::{PKey, Private},
rsa::Rsa,
stack::Stack,
x509::{
extension::{ExtendedKeyUsage, KeyUsage, SubjectAlternativeName},
X509Extension, X509Name, X509NameBuilder, X509Req, X509ReqBuilder, X509,
},
};
use std::path::{Path, PathBuf};
use tokio::fs;
use crate::{
common::{is_file_exist, read_file, AppConfig, VarsMap},
crypto_provider::ICryptoProvider,
};
use lazy_static::lazy_static;
use std::collections::HashMap;
use chrono::{Datelike, Days, Timelike, Utc};
lazy_static! {
static ref KEYMAP: HashMap<&'static str, &'static str> = {
let mut m = HashMap::new();
m.insert("C", "KEY_COUNTRY");
m.insert("ST", "KEY_PROVINCE");
m.insert("O", "KEY_ORG");
m.insert("OU", "KEY_OU");
m.insert("CN", "KEY_CN");
m.insert("name", "KEY_NAME");
m
};
}
trait ToPemX {
fn to_pem_x(&self) -> Result<Vec<u8>>;
}
impl ToPemX for X509 {
fn to_pem_x(&self) -> Result<Vec<u8>> {
Ok(self.to_pem()?)
}
}
impl ToPemX for X509Req {
fn to_pem_x(&self) -> Result<Vec<u8>> {
Ok(self.to_pem()?)
}
}
impl ToPemX for PKey<Private> {
fn to_pem_x(&self) -> Result<Vec<u8>> {
Ok(self.private_key_to_pem_pkcs8()?)
}
}
struct Pem<'a, T: ToPemX>(&'a T);
trait WritePem {
async fn write<T: AsRef<Path>>(&self, path: T) -> Result<()>;
}
impl<'a, P: ToPemX> WritePem for Pem<'a, P> {
async fn write<T: AsRef<Path>>(&self, path: T) -> Result<()> {
let pem = self.0.to_pem_x().context("to_pem()")?;
fs::write(path, pem).await.context("write pem")?;
Ok(())
}
}
fn get_time_str_x509(days: u32) -> Result<String> {
let dt = Utc::now();
let dt = dt
.checked_add_days(Days::new(days as u64))
.ok_or(anyhow!("failed to add days"))
.context("checked_add_days")?;
let year = dt.year() % 10000;
let month = dt.month() % 13;
let day = dt.day() % 32;
let hour = dt.hour() % 25;
let minute = dt.minute() % 60;
let second = dt.second() % 60;
let s = format!("{year:04}{month:02}{day:02}{hour:02}{minute:02}{second:02}Z");
Ok(s)
}
pub(crate) struct OpenSSLInternalProvider {
vars: VarsMap,
#[allow(unused)]
base_dir: PathBuf,
#[allow(unused)]
openssl_cnf: PathBuf,
ca_file: PathBuf,
ca_key_file: PathBuf,
req_file: PathBuf,
key_file: PathBuf,
cert_file: PathBuf,
req_days: u32,
key_size: u32,
encoding: String,
}
impl OpenSSLInternalProvider {
async fn is_ca_exists(&self) -> bool {
is_file_exist(&self.ca_file).await
}
async fn is_cert_exists(&self) -> bool {
is_file_exist(&self.cert_file).await
}
async fn is_req_exists(&self) -> bool {
is_file_exist(&self.req_file).await
}
pub(crate) fn from_cfg(cfg: &AppConfig, vars: VarsMap) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let name = cfg.name.clone();
let mut vars = vars;
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
let ca_file = keys_dir.join(cfg.ca_filename.clone());
let ca_key_file = ca_file.with_extension("key");
let req_file = keys_dir.join(format!("{}.csr", &name));
let key_file = keys_dir.join(format!("{}.key", &name));
let cert_file = keys_dir.join(format!("{}.crt", &name));
let openssl_cnf = base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone()).unwrap_or(cfg.openssl_default_cnf.clone()),
);
let default_key_size = "2048".to_string();
let key_size_s = vars.get("KEY_SIZE").unwrap_or(&default_key_size);
let key_size: u32 = key_size_s.parse().unwrap();
let encoding = cfg.encoding.clone();
Self {
vars,
base_dir,
openssl_cnf,
ca_file,
ca_key_file,
req_file,
key_file,
cert_file,
req_days: cfg.req_days,
key_size,
encoding,
}
}
fn generate_key_pair(&self) -> Result<(Rsa<Private>, PKey<Private>)> {
let rsa = Rsa::generate(self.key_size)?;
let pkey = PKey::from_rsa(rsa.clone())?;
Ok((rsa, pkey))
}
async fn get_ca_cert(&self) -> Result<X509> {
let text = read_file(self.ca_file.clone(), &self.encoding).await?;
Ok(X509::from_pem(text.as_bytes())?)
}
async fn get_ca_key(&self) -> Result<PKey<Private>> {
let text = read_file(self.ca_key_file.clone(), &self.encoding).await?;
Ok(PKey::from_rsa(Rsa::private_key_from_pem(text.as_bytes())?)?)
}
async fn get_key(&self) -> Result<(Rsa<Private>, PKey<Private>)> {
let text = read_file(self.key_file.clone(), &self.encoding).await?;
let rsa = Rsa::private_key_from_pem(text.as_bytes())?;
let pkey = PKey::from_rsa(rsa.clone())?;
Ok((rsa, pkey))
}
async fn get_req(&self) -> Result<X509Req> {
let text = read_file(self.req_file.clone(), &self.encoding).await?;
Ok(X509Req::from_pem(text.as_bytes())?)
}
async fn ensure_key(&self) -> Result<(Rsa<Private>, PKey<Private>)> {
if is_file_exist(&self.key_file).await {
self.get_key().await
} else {
let (rsa, pkey) = self.generate_key_pair()?;
Pem(&pkey)
.write(&self.key_file)
.await
.context("key write pem")?;
Ok((rsa, pkey))
}
}
fn build_x509_name(&self) -> Result<X509Name> {
let mut name_builder =
X509NameBuilder::new().context("Failed to create X509 name builder")?;
for (&key, &var) in KEYMAP.iter() {
let value = self
.vars
.get(var)
.ok_or(anyhow!("variable not set: {}", var))?;
name_builder.append_entry_by_text(key, value).unwrap();
}
Ok(name_builder.build())
}
fn gen_x509_extensions(
context: &openssl::x509::X509v3Context,
vars: &VarsMap,
) -> Result<Vec<X509Extension>> {
let key_usage = KeyUsage::new()
.key_agreement()
.digital_signature()
.build()?;
let key_extended_ext = ExtendedKeyUsage::new().client_auth().build()?;
let mut san_extension = SubjectAlternativeName::new();
if let Some(name) = vars.get("KEY_NAME") {
san_extension.dns(name);
}
if let Some(email) = vars.get("KEY_EMAIL") {
san_extension.email(email);
}
let san_ext = san_extension.build(context).context("build san")?;
Ok(vec![san_ext, key_usage, key_extended_ext])
}
fn gen_x509_extensions_stack(
context: &openssl::x509::X509v3Context,
vars: &VarsMap,
) -> Result<Stack<X509Extension>> {
let mut stack = Stack::new()?;
for extension in Self::gen_x509_extensions(context, vars)?.into_iter() {
stack.push(extension).context("push ext")?;
}
Ok(stack)
}
}
impl ICryptoProvider for OpenSSLInternalProvider {
async fn request(&self) -> Result<()> {
if self.is_req_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let (_, pkey) = self.ensure_key().await?;
let name = self.build_x509_name()?;
let conf = Conf::new(ConfMethod::default()).context("conf new")?;
// Create certificate signing request (CSR)
let mut csr_builder = X509ReqBuilder::new()?;
csr_builder.set_version(2).context("set version")?;
csr_builder.set_pubkey(&pkey).context("set pubkey")?;
csr_builder
.set_subject_name(&name)
.context("set subject name")?;
let context = csr_builder.x509v3_context(Some(&conf));
let extensions = Self::gen_x509_extensions_stack(&context, &self.vars)?;
csr_builder.add_extensions(&extensions)?;
csr_builder.sign(&pkey, MessageDigest::sha512())?;
let csr = csr_builder.build();
Pem(&csr)
.write(&self.req_file)
.await
.context("req write pem")?;
Ok(())
}
async fn sign(&self) -> Result<()> {
if self.is_cert_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
if !self.is_req_exists().await {
return Err(anyhow!(
"csr file not found: {}",
&self.req_file.to_str().unwrap()
));
}
let ca_key = self.get_ca_key().await?;
let ca_cert = self.get_ca_cert().await?;
let req = self.get_req().await?;
let pub_key = req.public_key()?;
let subject_name = req.subject_name();
let mut builder = openssl::x509::X509Builder::new().context("new builder")?;
let not_before = Asn1Time::days_from_now(0).context("days_from_now 0")?;
let na_s = get_time_str_x509(self.req_days).context("na_s get_time_str_x509")?;
let not_after = Asn1Time::from_str_x509(&na_s)
.context(format!("not_after from_str_x509: {}", &na_s))?;
builder.set_version(2).context("set version")?;
builder
.set_not_before(&not_before)
.context("set not_before")?;
builder.set_not_after(&not_after).context("set not_after")?;
builder
.set_issuer_name(ca_cert.issuer_name())
.context("set_issuer_name")?;
builder.set_pubkey(&pub_key).context("set_pubkey")?;
builder
.set_subject_name(subject_name)
.context("set_subject_name")?;
let context = builder.x509v3_context(Some(&ca_cert), None);
for extension in Self::gen_x509_extensions(&context, &self.vars)? {
builder.append_extension(extension).context("append ext")?;
}
builder
.sign(&ca_key, MessageDigest::sha512())
.context("builder.sign")?;
let cert = builder.build();
Pem(&cert)
.write(&self.cert_file)
.await
.context("cert.to_pem()")?;
Ok(())
}
}

2
src/openssl/mod.rs Normal file
View File

@ -0,0 +1,2 @@
pub(crate) mod external;
pub(crate) mod internal;

96
src/vars.rs Normal file
View File

@ -0,0 +1,96 @@
use anyhow::{anyhow, Context, Result};
use regex::Regex;
use std::{path::PathBuf, pin::Pin};
use tokio::pin;
use futures_util::stream::StreamExt;
use crate::common::{read_file_by_lines, AppConfig, VarsMap};
pub(crate) struct VarsFile {
pub(crate) filepath: PathBuf,
pub(crate) vars: Option<VarsMap>,
pub(crate) encoding: String,
}
impl VarsFile {
async fn from_file(filepath: &PathBuf, encoding: String) -> Result<Self> {
let metadata = tokio::fs::metadata(&filepath).await.context(format!(
"file not found {}",
filepath.to_str().expect("str")
))?;
if !metadata.is_file() {
Err(anyhow!("{} is not a file", filepath.to_str().expect("str")))?
}
Ok(VarsFile {
filepath: filepath.to_path_buf(),
vars: None,
encoding,
})
}
async fn from_dir(dir: PathBuf, encoding: String) -> Result<Self> {
let filepath = dir.join("vars");
let err_context = format!(
"vars or vars.bat file not found in {}",
dir.to_str().expect("str")
);
match Self::from_file(&filepath, encoding.clone()).await {
Ok(res) => Ok(res),
Err(_) => Self::from_file(&filepath.with_extension("bat"), encoding.clone())
.await
.map_err(|e| e.context(err_context)),
}
}
pub(crate) async fn from_config(config: &AppConfig) -> Result<Self> {
Self::from_dir(
PathBuf::from(&config.base_directory),
config.encoding.clone(),
)
.await
}
pub(crate) async fn parse(&mut self) -> Result<()> {
let mut result = VarsMap::new();
let lines = read_file_by_lines(&self.filepath, &self.encoding).await?;
let lines = Pin::from(lines);
pin!(lines);
let re_v2 =
Regex::new(r#"^(export|set)\s\b(?P<key>[\w\d_]+)\b=\s?"?(?P<value>[^\#]+?)"?$"#)
.context("regex v2")?;
let re_v3 = Regex::new(r"^set_var\s(?P<key1>[\w\d_]+)\s+(?P<value1>[^\#]+?)$")
.context("regex v3")?;
while let Some(line) = lines.next().await {
if let Some(caps) = re_v2.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
continue;
}
if let Some(caps) = re_v3.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
};
}
self.vars = Some(result);
Ok(())
}
#[allow(dead_code)]
fn apply(&self) -> Result<()> {
if let Some(vars) = self.vars.clone() {
for (key, value) in vars.iter() {
unsafe {
std::env::set_var(key, value);
}
}
} else {
Err(anyhow!("vars not parsed"))?
}
Ok(())
}
}