b4tman/peazyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: b4tman:master
Branches Tags
b4tman:master
b4tman:ovpn-refactor
b4tman:https
b4tman:internal_openssl
...
pull from: b4tman:https
Branches Tags
b4tman:master
b4tman:ovpn-refactor
b4tman:https
b4tman:internal_openssl

2 Commits
master ... https

Author SHA1 Message Date
Dmitry
64f013a8fb
fix args and config 2024-10-23 16:02:18 +03:00
Dmitry
a1fcc5125c
peazyrsa-srv version 2024-10-23 15:31:52 +03:00
9 changed files with 149 additions and 474 deletions
Show Stats Expand all files Collapse all files

6
Cargo.lock generated
View File

@ -92,9 +92,9 @@ dependencies = [
[[package]] [[package]]
name = "anyhow" name = "anyhow"
version = "1.0.90" version = "1.0.91"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "37bf3594c4c988a53154954629820791dde498571819ae4ca50ca811e060cc95" checksum = "c042108f3ed77fd83760a5fd79b53be043192bb3b9dba91d8c574c0ada7850c8"
[[package]] [[package]]
name = "async-stream" name = "async-stream"
@ -570,7 +570,7 @@ dependencies = [
] ]
[[package]] [[package]]
name = "peazyrsa" name = "peazyrsa-srv"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"anyhow", "anyhow",

8
Cargo.toml
View File

@ -1,10 +1,14 @@
[package] [package]
name = "peazyrsa" name = "peazyrsa-srv"
version = "0.1.0" version = "0.1.0"
edition = "2021" edition = "2021"
[[bin]]
name = "peazysrv"
path = "src/main.rs"
[dependencies] [dependencies]
anyhow = "1.0.90" anyhow = "1.0.91"
async-stream = "0.3.6" async-stream = "0.3.6"
chrono = "0.4.38" chrono = "0.4.38"
clap = { version = "4.5.20", features = ["derive"] } clap = { version = "4.5.20", features = ["derive"] }

98
src/certs.rs
View File

@ -1,21 +1,17 @@
use anyhow::{anyhow, Context, Result}; use anyhow::{anyhow, Result};
use std::{path::PathBuf, sync::Arc}; use std::{path::PathBuf, sync::Arc};
use crate::common::{is_file_exist, read_file, write_file, AppConfig, OpenSSLProviderArg, VarsMap}; use crate::common::AppConfig;
use crate::crypto_provider::ICryptoProvider; use crate::crypto_provider::ICryptoProvider;
use crate::openssl::{external::OpenSSLExternalProvider, internal::OpenSSLInternalProvider}; use crate::openssl::internal::OpenSSLInternalProvider;
pub(crate) struct Certs<T> pub(crate) struct Certs<T>
where where
T: ICryptoProvider, T: ICryptoProvider,
{ {
pub(crate) encoding: String,
pub(crate) ca_file: PathBuf,
pub(crate) key_file: PathBuf, pub(crate) key_file: PathBuf,
pub(crate) cert_file: PathBuf, pub(crate) cert_file: PathBuf,
pub(crate) config_file: PathBuf,
pub(crate) template_file: PathBuf,
pub(crate) provider: Arc<T>, pub(crate) provider: Arc<T>,
} }
@ -25,25 +21,16 @@ where
{ {
pub(crate) fn new(cfg: &AppConfig, provider: T) -> Self { pub(crate) fn new(cfg: &AppConfig, provider: T) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory); let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone()); let keys_dir = base_dir.clone();
let config_dir = base_dir.clone().join(cfg.config_subdir.clone());
let name = cfg.name.clone(); let name = cfg.name.clone();
Certs { Certs {
encoding: cfg.encoding.clone(),
ca_file: keys_dir.join(cfg.ca_filename.clone()),
key_file: keys_dir.join(format!("{}.key", &name)), key_file: keys_dir.join(format!("{}.key", &name)),
cert_file: keys_dir.join(format!("{}.crt", &name)), cert_file: keys_dir.join(format!("{}.crt", &name)),
config_file: config_dir.join(format!("{}.ovpn", &name)),
template_file: base_dir.clone().join(cfg.template_file.clone()),
provider: Arc::new(provider), provider: Arc::new(provider),
} }
} }
async fn is_config_exists(&self) -> bool {
is_file_exist(&self.config_file).await
}
pub(crate) async fn request(&self) -> Result<()> { pub(crate) async fn request(&self) -> Result<()> {
self.provider.request().await self.provider.request().await
} }
@ -51,72 +38,23 @@ where
pub(crate) async fn sign(&self) -> Result<()> { pub(crate) async fn sign(&self) -> Result<()> {
self.provider.sign().await self.provider.sign().await
} }
pub(crate) async fn build_client_config(&self) -> Result<bool> {
if self.is_config_exists().await {
return Ok(false);
}
self.request().await.context("req error")?;
self.sign().await.context("sign error")?;
let (template_file, ca_file, cert_file, key_file) = (
self.template_file.clone(),
self.ca_file.clone(),
self.cert_file.clone(),
self.key_file.clone(),
);
let enc = self.encoding.clone();
let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone());
if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
tokio::spawn(read_file(template_file, enc1)),
tokio::spawn(read_file(ca_file, enc2)),
tokio::spawn(read_file(cert_file, enc3)),
tokio::spawn(read_file(key_file, enc4))
) {
let text = template
.replace("{{ca}}", ca.trim())
.replace("{{cert}}", cert.trim())
.replace("{{key}}", key.trim());
write_file(&self.config_file, text, &self.encoding).await?;
Ok(true)
} else {
Err(anyhow!("files read error"))
}
}
} }
pub async fn build_client_config(config: &AppConfig, vars: VarsMap) -> Result<()> { pub async fn build_cert(config: &AppConfig) -> Result<()> {
let result_file: PathBuf; let certs = Certs::new(config, OpenSSLInternalProvider::from_cfg(config));
let created: bool; certs.request().await?;
certs.sign().await?;
if let OpenSSLProviderArg::ExternalBin(_) = config.openssl { let key_file = certs
let certs = Certs::new(config, OpenSSLExternalProvider::from_cfg(config, vars)); .key_file
created = certs
.build_client_config()
.await
.context("external openssl error")?;
result_file = certs.config_file;
} else {
let certs = Certs::new(config, OpenSSLInternalProvider::from_cfg(config, vars));
created = certs
.build_client_config()
.await
.context("internal openssl error")?;
result_file = certs.config_file;
}
let result_file = result_file
.to_str() .to_str()
.ok_or(anyhow!("result_file PathBuf to str convert error"))?; .ok_or(anyhow!("key_file PathBuf to str convert error"))?;
if created { let cert_file = certs
println!("created: {result_file}"); .cert_file
Ok(()) .to_str()
} else { .ok_or(anyhow!("req_file PathBuf to str convert error"))?;
Err(anyhow!("file exists: {result_file}"))
} println!("created: \n key: {key_file},\n cert: {cert_file}");
Ok(())
} }

155
src/common.rs
View File

@ -1,26 +1,16 @@
use anyhow::{anyhow, Context, Result}; use anyhow::{anyhow, Result};
use async_stream::stream;
use clap::Parser; use clap::Parser;
use encoding::{label::encoding_from_whatwg_label, EncoderTrap}; use encoding::label::encoding_from_whatwg_label;
use std::{ use std::{
collections::BTreeMap,
fmt::Display, fmt::Display,
path::{Path, PathBuf}, path::{Path, PathBuf},
str::FromStr, str::FromStr,
}; };
use tokio::{ use tokio::fs;
fs::{self, File},
io::{AsyncBufReadExt, BufReader},
};
use futures_core::stream::Stream;
pub(crate) type VarsMap = BTreeMap<String, String>;
#[derive(Debug, Clone, PartialEq)] #[derive(Debug, Clone, PartialEq)]
pub enum OpenSSLProviderArg { pub enum OpenSSLProviderArg {
Internal, Internal,
ExternalBin(String),
} }
impl FromStr for OpenSSLProviderArg { impl FromStr for OpenSSLProviderArg {
@ -28,7 +18,7 @@ impl FromStr for OpenSSLProviderArg {
fn from_str(s: &str) -> Result<Self, Self::Err> { fn from_str(s: &str) -> Result<Self, Self::Err> {
match s.to_ascii_lowercase().as_str() { match s.to_ascii_lowercase().as_str() {
"internal" => Ok(OpenSSLProviderArg::Internal), "internal" => Ok(OpenSSLProviderArg::Internal),
x => Ok(OpenSSLProviderArg::ExternalBin(x.to_string())), &_ => todo!(),
} }
} }
} }
@ -36,8 +26,7 @@ impl FromStr for OpenSSLProviderArg {
impl Display for OpenSSLProviderArg { impl Display for OpenSSLProviderArg {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
match self { match self {
OpenSSLProviderArg::ExternalBin(x) => write!(f, "{}", x), OpenSSLProviderArg::Internal => write!(f, "internal"),
_ => write!(f, "internal"),
} }
} }
} }
@ -60,41 +49,60 @@ pub(crate) struct Args {
#[arg(short = 'c', long)] #[arg(short = 'c', long)]
pub(crate) encoding: Option<String>, pub(crate) encoding: Option<String>,
/// keys subdir
#[arg(long, default_value = "keys")]
pub(crate) keys_dir: String,
/// config subdir
#[arg(long, default_value = "config")]
pub(crate) config_dir: String,
/// valid days /// valid days
#[arg(long, default_value = "3650")] #[arg(long, default_value = "3650")]
pub(crate) days: u32, pub(crate) days: u32,
/// openssl binary or (internal) /// dns name
#[arg(long, short, default_value = "internal")] #[arg(short = 'n', long)]
pub(crate) openssl: OpenSSLProviderArg, pub(crate) dns: Vec<String>,
/// template file /// IP address
#[arg(long, default_value = "template.ovpn")] #[arg(short, long)]
pub(crate) template_file: String, pub(crate) ip: Vec<String>,
/// Country
#[arg(long)]
pub(crate) country: Option<String>,
/// Province
#[arg(long)]
pub(crate) province: Option<String>,
/// Location
#[arg(long)]
pub(crate) loc: Option<String>,
/// Organization
#[arg(long)]
pub(crate) org: Option<String>,
/// Organization Unit
#[arg(long)]
pub(crate) ou: Option<String>,
/// Key size
#[arg(long, default_value = "2048")]
pub(crate) key_size: u32,
} }
pub(crate) struct AppConfig { pub(crate) struct AppConfig {
pub(crate) encoding: String, pub(crate) encoding: String,
pub(crate) req_days: u32, pub(crate) req_days: u32,
pub(crate) keys_subdir: String,
pub(crate) config_subdir: String,
pub(crate) template_file: String,
pub(crate) openssl_default_cnf: String,
pub(crate) openssl_cnf_env: String,
pub(crate) ca_filename: String, pub(crate) ca_filename: String,
pub(crate) default_email_domain: String, pub(crate) default_email_domain: String,
pub(crate) openssl: OpenSSLProviderArg, #[allow(unused)]
pub(crate) base_directory: String, pub(crate) base_directory: String,
pub(crate) email: String, pub(crate) email: String,
pub(crate) name: String, pub(crate) name: String,
pub(crate) dns: Vec<String>,
pub(crate) ip: Vec<String>,
pub(crate) country: Option<String>,
pub(crate) province: Option<String>,
pub(crate) loc: Option<String>,
pub(crate) org: Option<String>,
pub(crate) ou: Option<String>,
pub(crate) key_size: u32,
} }
impl Default for AppConfig { impl Default for AppConfig {
@ -102,17 +110,19 @@ impl Default for AppConfig {
Self { Self {
encoding: "cp866".into(), encoding: "cp866".into(),
req_days: 30650, req_days: 30650,
keys_subdir: "keys".into(),
config_subdir: "config".into(),
template_file: "template.ovpn".into(),
openssl_default_cnf: "openssl-1.0.0.cnf".into(),
openssl_cnf_env: "KEY_CONFIG".into(),
ca_filename: "ca.crt".into(), ca_filename: "ca.crt".into(),
default_email_domain: "example.com".into(), default_email_domain: "example.com".into(),
openssl: OpenSSLProviderArg::Internal,
base_directory: ".".into(), base_directory: ".".into(),
email: "name@example.com".into(), email: "name@example.com".into(),
name: "user".into(), name: "user".into(),
dns: Vec::new(),
ip: Vec::new(),
country: None,
province: None,
loc: None,
org: None,
ou: None,
key_size: 2048,
} }
} }
} }
@ -137,22 +147,31 @@ impl From<&Args> for AppConfig {
defaults.encoding.clone() defaults.encoding.clone()
}; };
let name = args.name.clone(); let name = args.name.clone();
let openssl = args.openssl.clone();
let template_file = args.template_file.clone();
let req_days = args.days; let req_days = args.days;
let keys_subdir = args.keys_dir.clone(); let (dns, ip, country, province, loc, org, ou) = (
let config_subdir = args.config_dir.clone(); args.dns.clone(),
args.ip.clone(),
args.country.clone(),
args.province.clone(),
args.loc.clone(),
args.org.clone(),
args.ou.clone(),
);
Self { Self {
base_directory, base_directory,
email, email,
encoding, encoding,
name, name,
openssl,
template_file,
req_days, req_days,
keys_subdir, dns,
config_subdir, ip,
country,
province,
loc,
org,
ou,
key_size: args.key_size,
..defaults ..defaults
} }
} }
@ -187,39 +206,3 @@ where
enc.decode(&bytes, encoding::DecoderTrap::Ignore) enc.decode(&bytes, encoding::DecoderTrap::Ignore)
.map_err(|_| anyhow!("could not read file")) .map_err(|_| anyhow!("could not read file"))
} }
pub(crate) async fn write_file(filepath: &PathBuf, text: String, encoding: &str) -> Result<()> {
if encoding == "utf8" {
return Ok(fs::write(filepath, text).await?);
}
let enc = encoding_from_whatwg_label(encoding).ok_or(anyhow!("encoding not found"))?;
let mut bytes = Vec::new();
enc.encode_to(&text, EncoderTrap::Ignore, &mut bytes)
.map_err(|_| anyhow!("can't encode"))?;
fs::write(filepath, bytes).await.context("can't write file")
}
pub(crate) async fn read_file_by_lines(
filepath: &PathBuf,
encoding: &str,
) -> Result<Box<dyn Stream<Item = String>>> {
Ok(if encoding == "utf8" {
let f = File::open(filepath).await?;
let reader = BufReader::new(f);
let mut lines = reader.lines();
Box::new(stream! {
while let Ok(Some(line)) = lines.next_line().await {
yield line
}
})
} else {
let text = read_file(filepath, encoding).await?;
Box::new(stream! {
for line in text.lines() {
yield line.to_string()
}
})
})
}

14
src/main.rs
View File

@ -1,26 +1,18 @@
use anyhow::{anyhow, Result}; use anyhow::Result;
use clap::Parser; use clap::Parser;
mod certs; mod certs;
mod common; mod common;
mod crypto_provider; mod crypto_provider;
mod openssl; mod openssl;
mod vars;
use crate::certs::build_client_config; use crate::certs::build_cert;
use crate::common::{AppConfig, Args}; use crate::common::{AppConfig, Args};
use crate::vars::VarsFile;
#[tokio::main(flavor = "current_thread")] #[tokio::main(flavor = "current_thread")]
async fn main() -> Result<()> { async fn main() -> Result<()> {
let args = Args::parse(); let args = Args::parse();
let config = AppConfig::from(&args); let config = AppConfig::from(&args);
let mut vars = VarsFile::from_config(&config).await?;
vars.parse().await?;
println!("found vars: {}", vars.filepath.to_str().expect("fff")); build_cert(&config).await
println!("loaded: {:#?}", &vars.vars);
let vars = vars.vars.ok_or(anyhow!("no vars loaded"))?;
build_client_config(&config, vars).await
} }

138
src/openssl/external.rs
View File

@ -1,138 +0,0 @@
use anyhow::{anyhow, Result};
use std::path::PathBuf;
use tokio::process::Command;
use crate::common::{is_file_exist, AppConfig, VarsMap};
use crate::crypto_provider::ICryptoProvider;
pub(crate) struct OpenSSLExternalProvider {
vars: VarsMap,
base_dir: PathBuf,
openssl_cnf: PathBuf,
openssl: String,
ca_file: PathBuf,
req_file: PathBuf,
key_file: PathBuf,
cert_file: PathBuf,
req_days: u32,
}
impl OpenSSLExternalProvider {
async fn is_ca_exists(&self) -> bool {
is_file_exist(&self.ca_file).await
}
async fn is_cert_exists(&self) -> bool {
is_file_exist(&self.cert_file).await
}
async fn is_req_exists(&self) -> bool {
is_file_exist(&self.req_file).await
}
pub(crate) fn from_cfg(cfg: &AppConfig, vars: VarsMap) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let name = cfg.name.clone();
let mut vars = vars;
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
let ca_file = keys_dir.join(cfg.ca_filename.clone());
let req_file = keys_dir.join(format!("{}.csr", &name));
let key_file = keys_dir.join(format!("{}.key", &name));
let cert_file = keys_dir.join(format!("{}.crt", &name));
let openssl_cnf = base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone()).unwrap_or(cfg.openssl_default_cnf.clone()),
);
Self {
vars,
base_dir,
openssl_cnf,
openssl: cfg.openssl.to_string(),
ca_file,
req_file,
key_file,
cert_file,
req_days: cfg.req_days,
}
}
}
impl ICryptoProvider for OpenSSLExternalProvider {
async fn request(&self) -> Result<()> {
if self.is_req_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let status = Command::new(&self.openssl)
.args([
"req",
"-nodes",
"-new",
"-keyout",
self.key_file.to_str().unwrap(),
"-out",
self.req_file.to_str().unwrap(),
"-config",
self.openssl_cnf.to_str().unwrap(),
"-batch",
])
.current_dir(&self.base_dir)
.envs(&self.vars)
.status()
.await?;
match status.success() {
true => Ok(()),
false => Err(anyhow!("openssl req execution failed")),
}
}
async fn sign(&self) -> Result<()> {
if self.is_cert_exists().await {
return Ok(());
}
if !self.is_ca_exists().await {
return Err(anyhow!(
"ca file not found: {}",
&self.ca_file.to_str().unwrap()
));
}
let status = Command::new(&self.openssl)
.args([
"ca",
"-days",
format!("{}", self.req_days).as_str(),
"-out",
self.cert_file.to_str().unwrap(),
"-in",
self.req_file.to_str().unwrap(),
"-config",
self.openssl_cnf.to_str().unwrap(),
"-batch",
])
.current_dir(&self.base_dir)
.envs(&self.vars)
.status()
.await?;
match status.success() {
true => Ok(()),
false => Err(anyhow!("ssl ca execution failed")),
}
}
}

107
src/openssl/internal.rs
View File

@ -16,28 +16,12 @@ use std::path::{Path, PathBuf};
use tokio::fs; use tokio::fs;
use crate::{ use crate::{
common::{is_file_exist, read_file, AppConfig, VarsMap}, common::{is_file_exist, read_file, AppConfig},
crypto_provider::ICryptoProvider, crypto_provider::ICryptoProvider,
}; };
use lazy_static::lazy_static;
use std::collections::HashMap;
use chrono::{Datelike, Days, Timelike, Utc}; use chrono::{Datelike, Days, Timelike, Utc};
lazy_static! {
static ref KEYMAP: HashMap<&'static str, &'static str> = {
let mut m = HashMap::new();
m.insert("C", "KEY_COUNTRY");
m.insert("ST", "KEY_PROVINCE");
m.insert("O", "KEY_ORG");
m.insert("OU", "KEY_OU");
m.insert("CN", "KEY_CN");
m.insert("name", "KEY_NAME");
m
};
}
trait ToPemX { trait ToPemX {
fn to_pem_x(&self) -> Result<Vec<u8>>; fn to_pem_x(&self) -> Result<Vec<u8>>;
} }
@ -92,11 +76,6 @@ fn get_time_str_x509(days: u32) -> Result<String> {
} }
pub(crate) struct OpenSSLInternalProvider { pub(crate) struct OpenSSLInternalProvider {
vars: VarsMap,
#[allow(unused)]
base_dir: PathBuf,
#[allow(unused)]
openssl_cnf: PathBuf,
ca_file: PathBuf, ca_file: PathBuf,
ca_key_file: PathBuf, ca_key_file: PathBuf,
req_file: PathBuf, req_file: PathBuf,
@ -105,6 +84,15 @@ pub(crate) struct OpenSSLInternalProvider {
req_days: u32, req_days: u32,
key_size: u32, key_size: u32,
encoding: String, encoding: String,
name: String,
email: String,
dns: Vec<String>,
ip: Vec<String>,
country: Option<String>,
province: Option<String>,
location: Option<String>,
org: Option<String>,
ou: Option<String>,
} }
impl OpenSSLInternalProvider { impl OpenSSLInternalProvider {
@ -120,43 +108,37 @@ impl OpenSSLInternalProvider {
is_file_exist(&self.req_file).await is_file_exist(&self.req_file).await
} }
pub(crate) fn from_cfg(cfg: &AppConfig, vars: VarsMap) -> Self { pub(crate) fn from_cfg(cfg: &AppConfig) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory); let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone()); let keys_dir = base_dir.clone();
let name = cfg.name.clone(); let name = cfg.name.clone();
let mut vars = vars;
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
let ca_file = keys_dir.join(cfg.ca_filename.clone()); let ca_file = keys_dir.join(cfg.ca_filename.clone());
let ca_key_file = ca_file.with_extension("key"); let ca_key_file = ca_file.with_extension("key");
let req_file = keys_dir.join(format!("{}.csr", &name)); let req_file = keys_dir.join(format!("{}.csr", &name));
let key_file = keys_dir.join(format!("{}.key", &name)); let key_file = keys_dir.join(format!("{}.key", &name));
let cert_file = keys_dir.join(format!("{}.crt", &name)); let cert_file = keys_dir.join(format!("{}.crt", &name));
let openssl_cnf = base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone()).unwrap_or(cfg.openssl_default_cnf.clone()),
);
let default_key_size = "2048".to_string();
let key_size_s = vars.get("KEY_SIZE").unwrap_or(&default_key_size);
let key_size: u32 = key_size_s.parse().unwrap();
let encoding = cfg.encoding.clone(); let encoding = cfg.encoding.clone();
Self { Self {
vars,
base_dir,
openssl_cnf,
ca_file, ca_file,
ca_key_file, ca_key_file,
req_file, req_file,
key_file, key_file,
cert_file, cert_file,
req_days: cfg.req_days, req_days: cfg.req_days,
key_size, key_size: cfg.key_size,
encoding, encoding,
name,
email: cfg.email.clone(),
dns: cfg.dns.clone(),
ip: cfg.ip.clone(),
country: cfg.country.clone(),
province: cfg.province.clone(),
location: cfg.loc.clone(),
org: cfg.org.clone(),
ou: cfg.ou.clone(),
} }
} }
@ -204,32 +186,43 @@ impl OpenSSLInternalProvider {
fn build_x509_name(&self) -> Result<X509Name> { fn build_x509_name(&self) -> Result<X509Name> {
let mut name_builder = let mut name_builder =
X509NameBuilder::new().context("Failed to create X509 name builder")?; X509NameBuilder::new().context("Failed to create X509 name builder")?;
for (&key, &var) in KEYMAP.iter() { name_builder.append_entry_by_text("name", &self.name)?;
let value = self name_builder.append_entry_by_text("CN", &self.name)?;
.vars if let Some(country) = self.country.clone() {
.get(var) name_builder.append_entry_by_text("C", &country)?;
.ok_or(anyhow!("variable not set: {}", var))?; }
name_builder.append_entry_by_text(key, value).unwrap(); if let Some(province) = self.province.clone() {
name_builder.append_entry_by_text("ST", &province)?;
}
if let Some(location) = self.location.clone() {
name_builder.append_entry_by_text("L", &location)?;
}
if let Some(org) = self.org.clone() {
name_builder.append_entry_by_text("O", &org)?;
}
if let Some(ou) = self.ou.clone() {
name_builder.append_entry_by_text("OU", &ou)?;
} }
Ok(name_builder.build()) Ok(name_builder.build())
} }
fn gen_x509_extensions( fn gen_x509_extensions(
&self,
context: &openssl::x509::X509v3Context, context: &openssl::x509::X509v3Context,
vars: &VarsMap,
) -> Result<Vec<X509Extension>> { ) -> Result<Vec<X509Extension>> {
let key_usage = KeyUsage::new() let key_usage = KeyUsage::new()
.key_agreement()
.digital_signature() .digital_signature()
.data_encipherment()
.build()?; .build()?;
let key_extended_ext = ExtendedKeyUsage::new().client_auth().build()?; let key_extended_ext = ExtendedKeyUsage::new().server_auth().build()?;
let mut san_extension = SubjectAlternativeName::new(); let mut san_extension = SubjectAlternativeName::new();
if let Some(name) = vars.get("KEY_NAME") { san_extension.email(self.email.as_str());
san_extension.dns(name); for dns in self.dns.iter() {
san_extension.dns(dns);
} }
if let Some(email) = vars.get("KEY_EMAIL") { for ip in self.ip.iter() {
san_extension.email(email); san_extension.ip(ip);
} }
let san_ext = san_extension.build(context).context("build san")?; let san_ext = san_extension.build(context).context("build san")?;
@ -237,11 +230,11 @@ impl OpenSSLInternalProvider {
} }
fn gen_x509_extensions_stack( fn gen_x509_extensions_stack(
&self,
context: &openssl::x509::X509v3Context, context: &openssl::x509::X509v3Context,
vars: &VarsMap,
) -> Result<Stack<X509Extension>> { ) -> Result<Stack<X509Extension>> {
let mut stack = Stack::new()?; let mut stack = Stack::new()?;
for extension in Self::gen_x509_extensions(context, vars)?.into_iter() { for extension in self.gen_x509_extensions(context)?.into_iter() {
stack.push(extension).context("push ext")?; stack.push(extension).context("push ext")?;
} }
Ok(stack) Ok(stack)
@ -274,7 +267,7 @@ impl ICryptoProvider for OpenSSLInternalProvider {
.set_subject_name(&name) .set_subject_name(&name)
.context("set subject name")?; .context("set subject name")?;
let context = csr_builder.x509v3_context(Some(&conf)); let context = csr_builder.x509v3_context(Some(&conf));
let extensions = Self::gen_x509_extensions_stack(&context, &self.vars)?; let extensions = self.gen_x509_extensions_stack(&context)?;
csr_builder.add_extensions(&extensions)?; csr_builder.add_extensions(&extensions)?;
csr_builder.sign(&pkey, MessageDigest::sha512())?; csr_builder.sign(&pkey, MessageDigest::sha512())?;
let csr = csr_builder.build(); let csr = csr_builder.build();
@ -331,7 +324,7 @@ impl ICryptoProvider for OpenSSLInternalProvider {
.context("set_subject_name")?; .context("set_subject_name")?;
let context = builder.x509v3_context(Some(&ca_cert), None); let context = builder.x509v3_context(Some(&ca_cert), None);
for extension in Self::gen_x509_extensions(&context, &self.vars)? { for extension in self.gen_x509_extensions(&context)? {
builder.append_extension(extension).context("append ext")?; builder.append_extension(extension).context("append ext")?;
} }

1
src/openssl/mod.rs
View File

@ -1,2 +1 @@
pub(crate) mod external;
pub(crate) mod internal; pub(crate) mod internal;

96
src/vars.rs
View File

@ -1,96 +0,0 @@
use anyhow::{anyhow, Context, Result};
use regex::Regex;
use std::{path::PathBuf, pin::Pin};
use tokio::pin;
use futures_util::stream::StreamExt;
use crate::common::{read_file_by_lines, AppConfig, VarsMap};
pub(crate) struct VarsFile {
pub(crate) filepath: PathBuf,
pub(crate) vars: Option<VarsMap>,
pub(crate) encoding: String,
}
impl VarsFile {
async fn from_file(filepath: &PathBuf, encoding: String) -> Result<Self> {
let metadata = tokio::fs::metadata(&filepath).await.context(format!(
"file not found {}",
filepath.to_str().expect("str")
))?;
if !metadata.is_file() {
Err(anyhow!("{} is not a file", filepath.to_str().expect("str")))?
}
Ok(VarsFile {
filepath: filepath.to_path_buf(),
vars: None,
encoding,
})
}
async fn from_dir(dir: PathBuf, encoding: String) -> Result<Self> {
let filepath = dir.join("vars");
let err_context = format!(
"vars or vars.bat file not found in {}",
dir.to_str().expect("str")
);
match Self::from_file(&filepath, encoding.clone()).await {
Ok(res) => Ok(res),
Err(_) => Self::from_file(&filepath.with_extension("bat"), encoding.clone())
.await
.map_err(|e| e.context(err_context)),
}
}
pub(crate) async fn from_config(config: &AppConfig) -> Result<Self> {
Self::from_dir(
PathBuf::from(&config.base_directory),
config.encoding.clone(),
)
.await
}
pub(crate) async fn parse(&mut self) -> Result<()> {
let mut result = VarsMap::new();
let lines = read_file_by_lines(&self.filepath, &self.encoding).await?;
let lines = Pin::from(lines);
pin!(lines);
let re_v2 =
Regex::new(r#"^(export|set)\s\b(?P<key>[\w\d_]+)\b=\s?"?(?P<value>[^\#]+?)"?$"#)
.context("regex v2")?;
let re_v3 = Regex::new(r"^set_var\s(?P<key1>[\w\d_]+)\s+(?P<value1>[^\#]+?)$")
.context("regex v3")?;
while let Some(line) = lines.next().await {
if let Some(caps) = re_v2.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
continue;
}
if let Some(caps) = re_v3.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
};
}
self.vars = Some(result);
Ok(())
}
#[allow(dead_code)]
fn apply(&self) -> Result<()> {
if let Some(vars) = self.vars.clone() {
for (key, value) in vars.iter() {
unsafe {
std::env::set_var(key, value);
}
}
} else {
Err(anyhow!("vars not parsed"))?
}
Ok(())
}
}