b4tman/peazyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases1 Wiki Activity

Compare commits

..

No commits in common. "master" and "internal_openssl" have entirely different histories.
master ... internal_o

11 changed files with 350 additions and 1182 deletions

2
.gitignore vendored

@ -1,5 +1,3 @@
/target
/.env.ps1
/.vscode
/.idea

745
Cargo.lock generated

File diff suppressed because it is too large Load Diff

3
Cargo.toml

@ -1,7 +1,7 @@
[package]
name = "peazyrsa"
version = "0.1.0"
edition = "2024"
edition = "2021"
[dependencies]
anyhow = "1.0.90"
@ -15,7 +15,6 @@ futures-util = "0.3.31"
lazy_static = "1.5.0"
openssl = { version="0.10.68" }
regex = "1.11.0"
tera = "1.20.0"
tokio = { version = "1.41.0", features = ["fs", "rt", "process", "macros", "io-util"] }
[profile.release]

69
src/arcstr.rs

@ -1,69 +0,0 @@
use std::ffi::OsStr;
use std::fmt::{Display, Formatter};
use std::ops::Deref;
use std::path::Path;
use std::sync::Arc;
#[derive(Debug, Clone, PartialEq, Ord, PartialOrd, Eq)]
pub(crate) struct ArcStr {
inner: Arc<str>,
}
impl Deref for ArcStr {
type Target = str;
fn deref(&self) -> &Self::Target {
self.inner.deref()
}
}
impl From<&str> for ArcStr {
fn from(value: &str) -> Self {
Self {
inner: Arc::from(value),
}
}
}
#[allow(suspicious_double_ref_op)]
impl From<&&str> for ArcStr {
fn from(value: &&str) -> Self {
Self {
inner: Arc::from(value.deref()),
}
}
}
impl AsRef<OsStr> for ArcStr {
fn as_ref(&self) -> &OsStr {
self.inner.as_ref().as_ref()
}
}
impl AsRef<Path> for ArcStr {
fn as_ref(&self) -> &Path {
self.inner.as_ref().as_ref()
}
}
impl AsRef<ArcStr> for ArcStr {
fn as_ref(&self) -> &ArcStr {
self
}
}
impl Display for ArcStr {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "{}", self.deref())
}
}
impl ArcStr {
pub(crate) fn as_path(&self) -> &Path {
self.as_ref()
}
pub(crate) fn as_str(&self) -> &str {
self.inner.deref()
}
}

97
src/certs.rs

@ -1,17 +1,21 @@
use anyhow::{Context, Result};
use anyhow::{anyhow, Context, Result};
use std::{path::PathBuf, sync::Arc};
use crate::common::AppConfig;
use crate::common::{is_file_exist, read_file, write_file, AppConfig, OpenSSLProviderArg, VarsMap};
use crate::crypto_provider::ICryptoProvider;
use crate::openssl::{external::OpenSSLExternalProvider, internal::OpenSSLInternalProvider};
pub(crate) struct Certs<T>
where
T: ICryptoProvider,
{
pub(crate) encoding: String,
pub(crate) ca_file: PathBuf,
pub(crate) key_file: PathBuf,
pub(crate) cert_file: PathBuf,
pub(crate) config_file: PathBuf,
pub(crate) template_file: PathBuf,
pub(crate) provider: Arc<T>,
}
@ -20,16 +24,26 @@ where
T: ICryptoProvider,
{
pub(crate) fn new(cfg: &AppConfig, provider: T) -> Self {
let provider = Arc::new(provider);
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let config_dir = base_dir.clone().join(cfg.config_subdir.clone());
let name = cfg.name.clone();
Certs {
ca_file: cfg.ca_filepath.clone(),
key_file: cfg.key_filepath.clone(),
cert_file: cfg.cert_filepath.clone(),
provider,
encoding: cfg.encoding.clone(),
ca_file: keys_dir.join(cfg.ca_filename.clone()),
key_file: keys_dir.join(format!("{}.key", &name)),
cert_file: keys_dir.join(format!("{}.crt", &name)),
config_file: config_dir.join(format!("{}.ovpn", &name)),
template_file: base_dir.clone().join(cfg.template_file.clone()),
provider: Arc::new(provider),
}
}
async fn is_config_exists(&self) -> bool {
is_file_exist(&self.config_file).await
}
pub(crate) async fn request(&self) -> Result<()> {
self.provider.request().await
}
@ -38,10 +52,71 @@ where
self.provider.sign().await
}
pub(crate) async fn build_all(&self) -> Result<()> {
self.request().await.context("request")?;
self.sign().await.context("sign")?;
pub(crate) async fn build_client_config(&self) -> Result<bool> {
if self.is_config_exists().await {
return Ok(false);
}
Ok(())
self.request().await.context("req error")?;
self.sign().await.context("sign error")?;
let (template_file, ca_file, cert_file, key_file) = (
self.template_file.clone(),
self.ca_file.clone(),
self.cert_file.clone(),
self.key_file.clone(),
);
let enc = self.encoding.clone();
let (enc1, enc2, enc3, enc4) = (enc.clone(), enc.clone(), enc.clone(), enc.clone());
if let (Ok(Ok(template)), Ok(Ok(ca)), Ok(Ok(cert)), Ok(Ok(key))) = tokio::join!(
tokio::spawn(read_file(template_file, enc1)),
tokio::spawn(read_file(ca_file, enc2)),
tokio::spawn(read_file(cert_file, enc3)),
tokio::spawn(read_file(key_file, enc4))
) {
let text = template
.replace("{{ca}}", ca.trim())
.replace("{{cert}}", cert.trim())
.replace("{{key}}", key.trim());
write_file(&self.config_file, text, &self.encoding).await?;
Ok(true)
} else {
Err(anyhow!("files read error"))
}
}
}
pub async fn build_client_config(config: &AppConfig, vars: VarsMap) -> Result<()> {
let result_file: PathBuf;
let created: bool;
if let OpenSSLProviderArg::ExternalBin(_) = config.openssl {
let certs = Certs::new(config, OpenSSLExternalProvider::from_cfg(config, vars));
created = certs
.build_client_config()
.await
.context("external openssl error")?;
result_file = certs.config_file;
} else {
let certs = Certs::new(config, OpenSSLInternalProvider::from_cfg(config, vars));
created = certs
.build_client_config()
.await
.context("internal openssl error")?;
result_file = certs.config_file;
}
let result_file = result_file
.to_str()
.ok_or(anyhow!("result_file PathBuf to str convert error"))?;
if created {
println!("created: {result_file}");
Ok(())
} else {
Err(anyhow!("file exists: {result_file}"))
}
}

136
src/common.rs

@ -3,8 +3,10 @@ use async_stream::stream;
use clap::Parser;
use encoding::{label::encoding_from_whatwg_label, EncoderTrap};
use std::{
collections::BTreeMap,
fmt::Display,
path::{Path, PathBuf},
str::FromStr,
};
use tokio::{
fs::{self, File},
@ -13,8 +15,7 @@ use tokio::{
use futures_core::stream::Stream;
pub(crate) const UTF8_STR: &str = "utf8";
pub(crate) const DEFAULT_ENCODING: &str = UTF8_STR;
pub(crate) type VarsMap = BTreeMap<String, String>;
#[derive(Debug, Clone, PartialEq)]
pub enum OpenSSLProviderArg {
@ -22,11 +23,12 @@ pub enum OpenSSLProviderArg {
ExternalBin(String),
}
impl From<Option<&String>> for OpenSSLProviderArg {
fn from(value: Option<&String>) -> Self {
match value {
Some(x) => OpenSSLProviderArg::ExternalBin(x.clone()),
_ => OpenSSLProviderArg::Internal,
impl FromStr for OpenSSLProviderArg {
type Err = anyhow::Error;
fn from_str(s: &str) -> Result<Self, Self::Err> {
match s.to_ascii_lowercase().as_str() {
"internal" => Ok(OpenSSLProviderArg::Internal),
x => Ok(OpenSSLProviderArg::ExternalBin(x.to_string())),
}
}
}
@ -70,9 +72,9 @@ pub(crate) struct Args {
#[arg(long, default_value = "3650")]
pub(crate) days: u32,
/// use openssl binary
#[arg(long = "with-openssl", short)]
pub(crate) openssl: Option<String>,
/// openssl binary or (internal)
#[arg(long, short, default_value = "internal")]
pub(crate) openssl: OpenSSLProviderArg,
/// template file
#[arg(long, default_value = "template.ovpn")]
@ -82,54 +84,35 @@ pub(crate) struct Args {
pub(crate) struct AppConfig {
pub(crate) encoding: String,
pub(crate) req_days: u32,
pub(crate) template_file: PathBuf,
pub(crate) keys_subdir: String,
pub(crate) config_subdir: String,
pub(crate) template_file: String,
pub(crate) openssl_default_cnf: String,
pub(crate) openssl_cnf_env: String,
pub(crate) ca_filepath: PathBuf,
pub(crate) ca_key_filepath: PathBuf,
pub(crate) ca_filename: String,
pub(crate) default_email_domain: String,
pub(crate) openssl: OpenSSLProviderArg,
pub(crate) base_directory: PathBuf,
pub(crate) base_directory: String,
pub(crate) email: String,
pub(crate) name: String,
pub(crate) conf_filepath: PathBuf,
pub(crate) req_filepath: PathBuf,
pub(crate) key_filepath: PathBuf,
pub(crate) cert_filepath: PathBuf,
}
impl Default for AppConfig {
fn default() -> Self {
let name = String::from("user");
let base_directory: PathBuf = ".".into();
let keys_directory = base_directory.join("keys");
let config_directory = base_directory.join("config");
let template_file = base_directory.join("template.ovpn");
let openssl_default_cnf = String::from("openssl-1.0.0.cnf");
let ca_filepath = keys_directory.join("ca.crt");
let ca_key_filepath = keys_directory.join("ca.key");
let req_filepath = keys_directory.join(format!("{}.csr", &name));
let key_filepath = keys_directory.join(format!("{}.key", &name));
let cert_filepath = keys_directory.join(format!("{}.crt", &name));
let conf_filepath = config_directory.join(format!("{}.ovpn", &name));
Self {
encoding: DEFAULT_ENCODING.into(),
encoding: "cp866".into(),
req_days: 30650,
template_file,
conf_filepath,
req_filepath,
key_filepath,
cert_filepath,
openssl_default_cnf,
keys_subdir: "keys".into(),
config_subdir: "config".into(),
template_file: "template.ovpn".into(),
openssl_default_cnf: "openssl-1.0.0.cnf".into(),
openssl_cnf_env: "KEY_CONFIG".into(),
ca_filepath,
ca_key_filepath,
ca_filename: "ca.crt".into(),
default_email_domain: "example.com".into(),
openssl: OpenSSLProviderArg::Internal,
base_directory,
base_directory: ".".into(),
email: "name@example.com".into(),
name,
name: "user".into(),
}
}
}
@ -138,25 +121,11 @@ impl From<&Args> for AppConfig {
fn from(args: &Args) -> Self {
let defaults = Self::default();
let name = args.name.clone();
let base_directory = args
.directory
.as_ref()
.map(PathBuf::from)
.unwrap_or(defaults.base_directory)
.unwrap_or(&defaults.base_directory)
.clone();
let keys_directory = base_directory.join(&args.keys_dir);
let config_directory = base_directory.join(&args.config_dir);
let template_file = base_directory.join(&args.template_file);
let openssl_default_cnf = String::from("openssl-1.0.0.cnf");
let ca_filepath = keys_directory.join("ca.crt");
let ca_key_filepath = keys_directory.join("ca.key");
let req_filepath = keys_directory.join(format!("{}.csr", &name));
let key_filepath = keys_directory.join(format!("{}.key", &name));
let cert_filepath = keys_directory.join(format!("{}.crt", &name));
let conf_filepath = config_directory.join(format!("{}.ovpn", &name));
let email = args.email.clone().unwrap_or(format!(
"{}@{}",
&args.name,
@ -168,74 +137,75 @@ impl From<&Args> for AppConfig {
defaults.encoding.clone()
};
let name = args.name.clone();
let openssl: OpenSSLProviderArg = args.openssl.as_ref().into();
let openssl = args.openssl.clone();
let template_file = args.template_file.clone();
let req_days = args.days;
let keys_subdir = args.keys_dir.clone();
let config_subdir = args.config_dir.clone();
Self {
base_directory,
template_file,
openssl_default_cnf,
ca_filepath,
ca_key_filepath,
req_filepath,
key_filepath,
cert_filepath,
conf_filepath,
email,
encoding,
name,
openssl,
template_file,
req_days,
keys_subdir,
config_subdir,
..defaults
}
}
}
pub(crate) async fn is_file_exist(filepath: &PathBuf) -> bool {
match tokio::fs::metadata(&filepath).await {
Ok(x) => x.is_file(),
_ => false,
let metadata = tokio::fs::metadata(&filepath).await;
if metadata.is_err() {
return false;
}
if !metadata.unwrap().is_file() {
return false;
}
true
}
pub(crate) async fn read_file<P>(filepath: P, encoding: &str) -> Result<String>
pub(crate) async fn read_file<'a, S, P>(filepath: P, encoding: S) -> Result<String>
where
S: AsRef<str> + std::cmp::PartialEq<&'a str>,
P: AsRef<Path>,
{
let filepath = PathBuf::from(filepath.as_ref());
if encoding == UTF8_STR {
if encoding == "utf8" {
return Ok(fs::read_to_string(filepath).await?);
}
let enc = encoding_from_whatwg_label(encoding).ok_or(anyhow!("encoding not found"))?;
let enc = encoding_from_whatwg_label(encoding.as_ref()).ok_or(anyhow!("encoding not found"))?;
let bytes = fs::read(filepath).await?;
enc.decode(&bytes, encoding::DecoderTrap::Ignore)
.map_err(|_| anyhow!("could not read file"))
}
pub(crate) async fn write_file<P: AsRef<Path>>(
filepath: P,
text: &str,
encoding: &str,
) -> Result<()> {
if encoding == UTF8_STR {
pub(crate) async fn write_file(filepath: &PathBuf, text: String, encoding: &str) -> Result<()> {
if encoding == "utf8" {
return Ok(fs::write(filepath, text).await?);
}
let enc = encoding_from_whatwg_label(encoding).ok_or(anyhow!("encoding not found"))?;
let mut bytes = Vec::new();
enc.encode_to(text, EncoderTrap::Ignore, &mut bytes)
.map_err(|e| anyhow!("can't encode: {:?}", e))?;
enc.encode_to(&text, EncoderTrap::Ignore, &mut bytes)
.map_err(|_| anyhow!("can't encode"))?;
fs::write(filepath, bytes).await.context("can't write file")
}
pub(crate) async fn read_file_by_lines<P: AsRef<Path>>(
filepath: P,
pub(crate) async fn read_file_by_lines(
filepath: &PathBuf,
encoding: &str,
) -> Result<Box<dyn Stream<Item = String>>> {
Ok(if encoding == UTF8_STR {
Ok(if encoding == "utf8" {
let f = File::open(filepath).await?;
let reader = BufReader::new(f);
let mut lines = reader.lines();

63
src/main.rs

@ -1,71 +1,26 @@
use anyhow::{anyhow, Context, Result};
use anyhow::{anyhow, Result};
use clap::Parser;
use common::{is_file_exist, OpenSSLProviderArg};
use crypto_provider::ICryptoProvider;
mod arcstr;
mod certs;
mod common;
mod crypto_provider;
mod openssl;
mod ovpn;
mod vars;
use crate::certs::Certs;
use crate::certs::build_client_config;
use crate::common::{AppConfig, Args};
use crate::openssl::{external::OpenSSLExternalProvider, internal::OpenSSLInternalProvider};
use crate::ovpn::OvpnConfig;
use crate::vars::{VarsFile, VarsMap};
async fn build_client_with<T: ICryptoProvider>(config: &AppConfig, provider: T) -> Result<String> {
let config_file = config.conf_filepath.clone();
let config_file_str = config_file
.to_str()
.ok_or(anyhow!("config file exist err"))?
.to_string();
if is_file_exist(&config_file).await {
return Err(anyhow!("Config file exist: {}", &config_file_str));
}
let certs = Certs::new(config, provider);
OvpnConfig::try_from_certs(certs, config)
.await?
.render()?
.to_file(&config_file)
.await?;
Ok(config_file_str)
}
async fn build_client_config(config: &AppConfig, vars: VarsMap) -> Result<String> {
match config.openssl {
OpenSSLProviderArg::Internal => {
let provider = OpenSSLInternalProvider::try_from_cfg(config, vars)?;
build_client_with(config, provider).await
}
OpenSSLProviderArg::ExternalBin(_) => {
let provider = OpenSSLExternalProvider::from_cfg(config, vars);
build_client_with(config, provider).await
}
}
}
use crate::vars::VarsFile;
#[tokio::main(flavor = "current_thread")]
async fn main() -> Result<()> {
let args = Args::parse();
let config = AppConfig::from(&args);
let vars = VarsFile::from_config(&config)
.await
.context("vars from config")?
.parse()
.await
.context("parse vars")?;
let mut vars = VarsFile::from_config(&config).await?;
vars.parse().await?;
println!("loaded: {:#?}", &vars);
println!("found vars: {}", vars.filepath.to_str().expect("fff"));
println!("loaded: {:#?}", &vars.vars);
let config_file = build_client_config(&config, vars).await?;
println!("created: {}", &config_file);
Ok(())
let vars = vars.vars.ok_or(anyhow!("no vars loaded"))?;
build_client_config(&config, vars).await
}

34
src/openssl/external.rs

@ -1,12 +1,10 @@
use anyhow::{anyhow, Result};
use std::ops::Deref;
use std::path::PathBuf;
use tokio::process::Command;
use crate::common::{is_file_exist, AppConfig};
use crate::common::{is_file_exist, AppConfig, VarsMap};
use crate::crypto_provider::ICryptoProvider;
use crate::vars::{IStrMap, VarsMap};
pub(crate) struct OpenSSLExternalProvider {
vars: VarsMap,
@ -35,16 +33,20 @@ impl OpenSSLExternalProvider {
pub(crate) fn from_cfg(cfg: &AppConfig, vars: VarsMap) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let name = cfg.name.clone();
let mut vars = vars;
vars.insert("KEY_CN", &cfg.name);
vars.insert("KEY_NAME", &cfg.name);
vars.insert("KEY_EMAIL", &cfg.email);
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
let openssl_cnf = base_dir.join(
std::env::var(&cfg.openssl_cnf_env)
.as_ref()
.unwrap_or(&cfg.openssl_default_cnf),
let ca_file = keys_dir.join(cfg.ca_filename.clone());
let req_file = keys_dir.join(format!("{}.csr", &name));
let key_file = keys_dir.join(format!("{}.key", &name));
let cert_file = keys_dir.join(format!("{}.crt", &name));
let openssl_cnf = base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone()).unwrap_or(cfg.openssl_default_cnf.clone()),
);
Self {
@ -52,10 +54,10 @@ impl OpenSSLExternalProvider {
base_dir,
openssl_cnf,
openssl: cfg.openssl.to_string(),
ca_file: cfg.ca_filepath.clone(),
req_file: cfg.req_filepath.clone(),
key_file: cfg.key_filepath.clone(),
cert_file: cfg.cert_filepath.clone(),
ca_file,
req_file,
key_file,
cert_file,
req_days: cfg.req_days,
}
}
@ -88,7 +90,7 @@ impl ICryptoProvider for OpenSSLExternalProvider {
"-batch",
])
.current_dir(&self.base_dir)
.envs(self.vars.deref())
.envs(&self.vars)
.status()
.await?;
@ -124,7 +126,7 @@ impl ICryptoProvider for OpenSSLExternalProvider {
"-batch",
])
.current_dir(&self.base_dir)
.envs(self.vars.deref())
.envs(&self.vars)
.status()
.await?;

64
src/openssl/internal.rs

@ -16,14 +16,13 @@ use std::path::{Path, PathBuf};
use tokio::fs;
use crate::{
common::{is_file_exist, read_file, AppConfig},
common::{is_file_exist, read_file, AppConfig, VarsMap},
crypto_provider::ICryptoProvider,
};
use lazy_static::lazy_static;
use std::collections::HashMap;
use crate::vars::{IStrMap, VarsMap};
use chrono::{Datelike, Days, Timelike, Utc};
lazy_static! {
@ -94,6 +93,10 @@ fn get_time_str_x509(days: u32) -> Result<String> {
pub(crate) struct OpenSSLInternalProvider {
vars: VarsMap,
#[allow(unused)]
base_dir: PathBuf,
#[allow(unused)]
openssl_cnf: PathBuf,
ca_file: PathBuf,
ca_key_file: PathBuf,
req_file: PathBuf,
@ -117,29 +120,44 @@ impl OpenSSLInternalProvider {
is_file_exist(&self.req_file).await
}
pub(crate) fn try_from_cfg(cfg: &AppConfig, vars: VarsMap) -> Result<Self> {
pub(crate) fn from_cfg(cfg: &AppConfig, vars: VarsMap) -> Self {
let base_dir = PathBuf::from(&cfg.base_directory);
let keys_dir = base_dir.clone().join(cfg.keys_subdir.clone());
let name = cfg.name.clone();
let mut vars = vars;
vars.insert("KEY_CN", &cfg.name);
vars.insert("KEY_NAME", &cfg.name);
vars.insert("KEY_EMAIL", &cfg.email);
vars.insert("KEY_CN".into(), name.clone());
vars.insert("KEY_NAME".into(), name.clone());
vars.insert("KEY_EMAIL".into(), cfg.email.clone());
let key_size_s = vars.get(&"KEY_SIZE").unwrap_or("2048");
let key_size: u32 = key_size_s.parse().context("parse key size error")?;
let ca_file = keys_dir.join(cfg.ca_filename.clone());
let ca_key_file = ca_file.with_extension("key");
let req_file = keys_dir.join(format!("{}.csr", &name));
let key_file = keys_dir.join(format!("{}.key", &name));
let cert_file = keys_dir.join(format!("{}.crt", &name));
let openssl_cnf = base_dir.clone().join(
std::env::var(cfg.openssl_cnf_env.clone()).unwrap_or(cfg.openssl_default_cnf.clone()),
);
let default_key_size = "2048".to_string();
let key_size_s = vars.get("KEY_SIZE").unwrap_or(&default_key_size);
let key_size: u32 = key_size_s.parse().unwrap();
let encoding = cfg.encoding.clone();
Ok(Self {
Self {
vars,
ca_file: cfg.ca_filepath.clone(),
ca_key_file: cfg.ca_key_filepath.clone(),
req_file: cfg.req_filepath.clone(),
key_file: cfg.key_filepath.clone(),
cert_file: cfg.cert_filepath.clone(),
base_dir,
openssl_cnf,
ca_file,
ca_key_file,
req_file,
key_file,
cert_file,
req_days: cfg.req_days,
key_size,
encoding,
})
}
}
fn generate_key_pair(&self) -> Result<(Rsa<Private>, PKey<Private>)> {
@ -149,24 +167,24 @@ impl OpenSSLInternalProvider {
}
async fn get_ca_cert(&self) -> Result<X509> {
let text = read_file(&self.ca_file, &self.encoding).await?;
let text = read_file(self.ca_file.clone(), &self.encoding).await?;
Ok(X509::from_pem(text.as_bytes())?)
}
async fn get_ca_key(&self) -> Result<PKey<Private>> {
let text = read_file(&self.ca_key_file, &self.encoding).await?;
let text = read_file(self.ca_key_file.clone(), &self.encoding).await?;
Ok(PKey::from_rsa(Rsa::private_key_from_pem(text.as_bytes())?)?)
}
async fn get_key(&self) -> Result<(Rsa<Private>, PKey<Private>)> {
let text = read_file(&self.key_file, &self.encoding).await?;
let text = read_file(self.key_file.clone(), &self.encoding).await?;
let rsa = Rsa::private_key_from_pem(text.as_bytes())?;
let pkey = PKey::from_rsa(rsa.clone())?;
Ok((rsa, pkey))
}
async fn get_req(&self) -> Result<X509Req> {
let text = read_file(&self.req_file, &self.encoding).await?;
let text = read_file(self.req_file.clone(), &self.encoding).await?;
Ok(X509Req::from_pem(text.as_bytes())?)
}
@ -189,9 +207,9 @@ impl OpenSSLInternalProvider {
for (&key, &var) in KEYMAP.iter() {
let value = self
.vars
.get(&var)
.get(var)
.ok_or(anyhow!("variable not set: {}", var))?;
name_builder.append_entry_by_text(key, value)?;
name_builder.append_entry_by_text(key, value).unwrap();
}
Ok(name_builder.build())
}
@ -207,10 +225,10 @@ impl OpenSSLInternalProvider {
let key_extended_ext = ExtendedKeyUsage::new().client_auth().build()?;
let mut san_extension = SubjectAlternativeName::new();
if let Some(name) = vars.get(&"KEY_NAME") {
if let Some(name) = vars.get("KEY_NAME") {
san_extension.dns(name);
}
if let Some(email) = vars.get(&"KEY_EMAIL") {
if let Some(email) = vars.get("KEY_EMAIL") {
san_extension.email(email);
}
let san_ext = san_extension.build(context).context("build san")?;

183
src/ovpn.rs

@ -1,183 +0,0 @@
use std::path::{Path, PathBuf};
use crate::{
certs::Certs,
common::{read_file, write_file, AppConfig, DEFAULT_ENCODING},
crypto_provider::ICryptoProvider,
};
use anyhow::{anyhow, Context, Ok, Result};
use tera::Tera;
pub(crate) struct OvpnConfig {
pub(crate) name: String,
pub(crate) encoding: String,
pub(crate) email: Option<String>,
pub(crate) template: String,
pub(crate) template_filename: Option<String>,
pub(crate) ca_cert: String,
pub(crate) cert: String,
pub(crate) key: String,
}
impl From<&OvpnConfig> for tera::Context {
fn from(value: &OvpnConfig) -> Self {
let mut context = tera::Context::new();
context.insert("name", &value.name);
context.insert("encoding", &value.encoding);
context.insert("email", &value.email);
context.insert("template_filename", &value.template_filename);
context.insert("ca", &value.ca_cert);
context.insert("cert", &value.cert);
context.insert("key", &value.key);
context
}
}
#[derive(Debug, Default, Clone)]
pub(crate) struct OvpnConfigBuilder {
name: String,
encoding: Option<String>,
email: Option<String>,
template_file: PathBuf,
ca_cert_file: Option<PathBuf>,
cert_file: Option<PathBuf>,
key_file: Option<PathBuf>,
}
impl OvpnConfigBuilder {
pub(crate) fn new<P: Into<PathBuf>>(name: String, template_file: P) -> Self {
Self {
name,
template_file: template_file.into(),
..Default::default()
}
}
pub(crate) fn with_encoding(&mut self, encoding: String) -> &mut Self {
self.encoding = Some(encoding);
self
}
pub(crate) fn with_email(&mut self, email: String) -> &mut Self {
self.email = Some(email);
self
}
pub(crate) fn with_ca_cert_file<P: Into<PathBuf>>(&mut self, ca_cert_file: P) -> &mut Self {
self.ca_cert_file = Some(ca_cert_file.into());
self
}
pub(crate) fn with_cert_file<P: Into<PathBuf>>(&mut self, cert_file: P) -> &mut Self {
self.cert_file = Some(cert_file.into());
self
}
pub(crate) fn with_key_file<P: Into<PathBuf>>(&mut self, key_file: P) -> &mut Self {
self.key_file = Some(key_file.into());
self
}
pub(crate) async fn build(self) -> Result<OvpnConfig> {
let name = self.name;
let encoding = self.encoding.unwrap_or(DEFAULT_ENCODING.into());
let template = read_file(&self.template_file, &encoding)
.await
.context("template file read error")?;
let ca_cert_file = self.ca_cert_file.ok_or(anyhow!("ca cert file not set"))?;
let cert_file = self.cert_file.ok_or(anyhow!("cert file not set"))?;
let key_file = self.key_file.ok_or(anyhow!("key file not set"))?;
let ca_cert = read_file(ca_cert_file, &encoding)
.await
.context("ca cert file read error")?
.trim_end()
.to_string();
let cert = read_file(cert_file, &encoding)
.await
.context("cert file read error")?
.trim_end()
.to_string();
let key = read_file(key_file, &encoding)
.await
.context("key file read error")?
.trim_end()
.to_string();
let template_filename = self
.template_file
.file_name()
.ok_or(anyhow!("template_file filename"))?
.to_str()
.ok_or(anyhow!("template_file to_str"))?
.to_string();
Ok(OvpnConfig {
name,
encoding,
email: self.email,
template,
ca_cert,
cert,
key,
template_filename: Some(template_filename),
})
}
}
pub(crate) struct OvpnConfigRendered {
content: String,
encoding: String,
}
impl OvpnConfigRendered {
pub async fn to_file<P: AsRef<Path>>(&self, filepath: P) -> Result<()> {
write_file(filepath, &self.content, &self.encoding)
.await
.context("ovpn config file write error")
}
}
impl TryFrom<OvpnConfig> for OvpnConfigRendered {
type Error = anyhow::Error;
fn try_from(value: OvpnConfig) -> Result<Self> {
let mut tera = Tera::default();
tera.add_raw_template("template", &value.template)
.context("raw template add error")?;
let context: tera::Context = (&value).into();
let content = tera
.render("template", &context)
.context("config render error")?;
Ok(OvpnConfigRendered {
content,
encoding: value.encoding,
})
}
}
impl OvpnConfig {
pub(crate) fn render(self) -> Result<OvpnConfigRendered> {
OvpnConfigRendered::try_from(self)
}
pub(crate) async fn try_from_certs<T: ICryptoProvider>(
certs: Certs<T>,
config: &AppConfig,
) -> Result<Self> {
let base_dir = PathBuf::from(&config.base_directory);
let template_file = base_dir.join(&config.template_file);
certs.build_all().await.context("certs build all error")?;
let mut builder = OvpnConfigBuilder::new(config.name.clone(), template_file);
builder
.with_encoding(config.encoding.clone())
.with_ca_cert_file(certs.ca_file.clone())
.with_email(config.email.clone())
.with_cert_file(certs.cert_file.clone())
.with_key_file(certs.key_file.clone());
Ok(builder.build().await.context("ovpn config build error")?)
}
}

136
src/vars.rs

@ -3,84 +3,38 @@ use regex::Regex;
use std::{path::PathBuf, pin::Pin};
use tokio::pin;
use crate::arcstr::ArcStr;
use crate::common::{read_file_by_lines, AppConfig};
use futures_util::stream::StreamExt;
use std::collections::BTreeMap;
use std::fmt::{Debug, Formatter};
use std::ops::Deref;
use std::path::Path;
pub(crate) type ArcVarsMap = BTreeMap<ArcStr, ArcStr>;
#[derive(Clone, PartialEq, Ord, PartialOrd, Eq)]
pub(crate) struct VarsMap(ArcVarsMap);
pub(crate) trait IStrMap {
fn get<S: AsRef<str> + Clone>(&self, key: &S) -> Option<&str>;
fn insert<S: AsRef<str> + Clone>(&mut self, key: S, value: S) -> Option<S>;
}
impl IStrMap for VarsMap {
fn get<S: AsRef<str> + Clone>(&self, key: &S) -> Option<&str> {
self.0.get(&ArcStr::from(key.as_ref())).map(|x| x.as_str())
}
fn insert<S: AsRef<str> + Clone>(&mut self, key: S, value: S) -> Option<S> {
let key = ArcStr::from(key.as_ref());
let value2 = ArcStr::from(value.clone().as_ref());
self.0.insert(key, value2).and(Some(value))
}
}
impl Deref for VarsMap {
type Target = BTreeMap<ArcStr, ArcStr>;
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl Debug for VarsMap {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
let debug_map: BTreeMap<_, _> =
self.iter().map(|(k, v)| (k.as_str(), v.as_str())).collect();
debug_map.fmt(f)
}
}
use crate::common::{read_file_by_lines, AppConfig, VarsMap};
pub(crate) struct VarsFile {
pub(crate) filepath: ArcStr,
pub(crate) encoding: ArcStr,
pub(crate) filepath: PathBuf,
pub(crate) vars: Option<VarsMap>,
pub(crate) encoding: String,
}
impl VarsFile {
async fn from_file<P>(filepath: P, encoding: ArcStr) -> Result<Self>
where
P: AsRef<Path>,
{
let filepath_str = filepath
.as_ref()
.to_str()
.ok_or(anyhow!("filepath to str"))?;
let metadata = tokio::fs::metadata(filepath_str)
.await
.context(format!("config file not found: {}", &filepath_str))?;
async fn from_file(filepath: &PathBuf, encoding: String) -> Result<Self> {
let metadata = tokio::fs::metadata(&filepath).await.context(format!(
"file not found {}",
filepath.to_str().expect("str")
))?;
if !metadata.is_file() {
Err(anyhow!("config is not a file {}", &filepath_str))?;
Err(anyhow!("{} is not a file", filepath.to_str().expect("str")))?
}
Ok(VarsFile {
filepath: ArcStr::from(filepath_str),
filepath: filepath.to_path_buf(),
vars: None,
encoding,
})
}
async fn from_dir<P>(dir: P, encoding: ArcStr) -> Result<Self>
where
P: AsRef<Path>,
{
let filepath = dir.as_ref().join("vars");
let err_context = "vars or vars.bat file not found";
async fn from_dir(dir: PathBuf, encoding: String) -> Result<Self> {
let filepath = dir.join("vars");
let err_context = format!(
"vars or vars.bat file not found in {}",
dir.to_str().expect("str")
);
match Self::from_file(&filepath, encoding.clone()).await {
Ok(res) => Ok(res),
@ -93,38 +47,50 @@ impl VarsFile {
pub(crate) async fn from_config(config: &AppConfig) -> Result<Self> {
Self::from_dir(
PathBuf::from(&config.base_directory),
ArcStr::from(config.encoding.as_str()),
config.encoding.clone(),
)
.await
}
pub(crate) async fn parse(&self) -> Result<VarsMap> {
let mut result = ArcVarsMap::new();
result.insert("__file__".into(), self.filepath.clone());
result.insert("__encoding__".into(), self.encoding.clone());
let lines = read_file_by_lines(&self.filepath.as_path(), &self.encoding)
.await
.context("vars read error")?;
pub(crate) async fn parse(&mut self) -> Result<()> {
let mut result = VarsMap::new();
let lines = read_file_by_lines(&self.filepath, &self.encoding).await?;
let lines = Pin::from(lines);
pin!(lines);
let re_v2 = Regex::new(r#"^(export|set)\s\b(?P<key>[\w\d_]+)\b=\s?"?(?P<value>[^#]+?)"?$"#)
.context("regex v2")
.context("re_v2 error")?;
let re_v3 = Regex::new(r"^set_var\s(?P<key1>[\w\d_]+)\s+(?P<value1>[^#]+?)$")
.context("regex v3")
.context("re_v3 error")?;
let re_v2 =
Regex::new(r#"^(export|set)\s\b(?P<key>[\w\d_]+)\b=\s?"?(?P<value>[^\#]+?)"?$"#)
.context("regex v2")?;
let re_v3 = Regex::new(r"^set_var\s(?P<key1>[\w\d_]+)\s+(?P<value1>[^\#]+?)$")
.context("regex v3")?;
while let Some(line) = lines.next().await {
for re in [&re_v2, &re_v3].iter() {
if let Some(caps) = re.captures(line.as_str()) {
let [key, value] = [&caps["key"], &caps["value"]].map(ArcStr::from);
result.insert(key, value);
continue;
if let Some(caps) = re_v2.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
continue;
}
if let Some(caps) = re_v3.captures(line.as_str()) {
result.insert(caps["key"].to_string(), caps["value"].to_string());
};
}
self.vars = Some(result);
Ok(())
}
#[allow(dead_code)]
fn apply(&self) -> Result<()> {
if let Some(vars) = self.vars.clone() {
for (key, value) in vars.iter() {
unsafe {
std::env::set_var(key, value);
}
}
} else {
Err(anyhow!("vars not parsed"))?
}
Ok(VarsMap(result))
Ok(())
}
}