[pbs-devel] applied: [PATCH proxmox-backup 1/3] refactor CertInfo to tools

Dietmar Maurer dietmar at proxmox.com
Fri Jul 10 11:10:52 CEST 2020 

applied all 3 patches

> On 07/10/2020 10:51 AM Dominik Csapak <d.csapak at proxmox.com> wrote:
> 
>  
> we want to reuse some of the functionality elsewhere
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  src/bin/proxmox_backup_manager/cert.rs | 29 ++---------
>  src/tools.rs                           |  1 +
>  src/tools/cert.rs                      | 67 ++++++++++++++++++++++++++
>  3 files changed, 73 insertions(+), 24 deletions(-)
>  create mode 100644 src/tools/cert.rs
> 
> diff --git a/src/bin/proxmox_backup_manager/cert.rs b/src/bin/proxmox_backup_manager/cert.rs
> index f5f725a..845c8ed 100644
> --- a/src/bin/proxmox_backup_manager/cert.rs
> +++ b/src/bin/proxmox_backup_manager/cert.rs
> @@ -1,32 +1,18 @@
> -use std::path::PathBuf;
> -
>  use anyhow::{bail, Error};
>  
>  use proxmox::api::{api, cli::*};
>  
>  use proxmox_backup::config;
> -use proxmox_backup::configdir;
>  use proxmox_backup::auth_helpers::*;
> -
> -fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error> {
> -    let mut parts = Vec::new();
> -    for entry in name.entries() {
> -        parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?));
> -    }
> -    Ok(parts.join(", "))
> -}
> +use proxmox_backup::tools::cert::CertInfo;
>  
>  #[api]
>  /// Display node certificate information.
>  fn cert_info() -> Result<(), Error> {
>  
> -    let cert_path = PathBuf::from(configdir!("/proxy.pem"));
> +    let cert = CertInfo::new()?;
>  
> -    let cert_pem = proxmox::tools::fs::file_get_contents(&cert_path)?;
> -
> -    let cert = openssl::x509::X509::from_pem(&cert_pem)?;
> -
> -    println!("Subject: {}", x509name_to_string(cert.subject_name())?);
> +    println!("Subject: {}", cert.subject_name()?);
>  
>      if let Some(san) = cert.subject_alt_names() {
>          for name in san.iter() {
> @@ -42,17 +28,12 @@ fn cert_info() -> Result<(), Error> {
>          }
>      }
>  
> -    println!("Issuer: {}", x509name_to_string(cert.issuer_name())?);
> +    println!("Issuer: {}", cert.issuer_name()?);
>      println!("Validity:");
>      println!("    Not Before: {}", cert.not_before());
>      println!("    Not After : {}", cert.not_after());
>  
> -    let fp = cert.digest(openssl::hash::MessageDigest::sha256())?;
> -    let fp_string = proxmox::tools::digest_to_hex(&fp);
> -    let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
> -        .collect::<Vec<&str>>().join(":");
> -
> -    println!("Fingerprint (sha256): {}", fp_string);
> +    println!("Fingerprint (sha256): {}", cert.fingerprint()?);
>  
>      let pubkey = cert.public_key()?;
>      println!("Public key type: {}", openssl::nid::Nid::from_raw(pubkey.id().as_raw()).long_name()?);
> diff --git a/src/tools.rs b/src/tools.rs
> index 75c8d9f..4bfc35c 100644
> --- a/src/tools.rs
> +++ b/src/tools.rs
> @@ -23,6 +23,7 @@ pub use proxmox::tools::fd::Fd;
>  pub mod acl;
>  pub mod async_io;
>  pub mod borrow;
> +pub mod cert;
>  pub mod daemon;
>  pub mod disks;
>  pub mod fs;
> diff --git a/src/tools/cert.rs b/src/tools/cert.rs
> new file mode 100644
> index 0000000..0c7e9e5
> --- /dev/null
> +++ b/src/tools/cert.rs
> @@ -0,0 +1,67 @@
> +use std::path::PathBuf;
> +
> +use anyhow::Error;
> +use openssl::x509::{X509, GeneralName};
> +use openssl::stack::Stack;
> +use openssl::pkey::{Public, PKey};
> +
> +use crate::configdir;
> +
> +pub struct CertInfo {
> +    x509: X509,
> +}
> +
> +fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result<String, Error> {
> +    let mut parts = Vec::new();
> +    for entry in name.entries() {
> +        parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?));
> +    }
> +    Ok(parts.join(", "))
> +}
> +
> +impl CertInfo {
> +    pub fn new() -> Result<Self, Error> {
> +        Self::from_path(PathBuf::from(configdir!("/proxy.pem")))
> +    }
> +
> +    pub fn from_path(path: PathBuf) -> Result<Self, Error> {
> +        let cert_pem = proxmox::tools::fs::file_get_contents(&path)?;
> +        let x509 = openssl::x509::X509::from_pem(&cert_pem)?;
> +        Ok(Self{
> +            x509
> +        })
> +    }
> +
> +    pub fn subject_alt_names(&self) -> Option<Stack<GeneralName>> {
> +        self.x509.subject_alt_names()
> +    }
> +
> +    pub fn subject_name(&self) -> Result<String, Error> {
> +        Ok(x509name_to_string(self.x509.subject_name())?)
> +    }
> +
> +    pub fn issuer_name(&self) -> Result<String, Error> {
> +        Ok(x509name_to_string(self.x509.issuer_name())?)
> +    }
> +
> +    pub fn fingerprint(&self) -> Result<String, Error> {
> +        let fp = self.x509.digest(openssl::hash::MessageDigest::sha256())?;
> +        let fp_string = proxmox::tools::digest_to_hex(&fp);
> +        let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap())
> +            .collect::<Vec<&str>>().join(":");
> +        Ok(fp_string)
> +    }
> +
> +    pub fn public_key(&self) -> Result<PKey<Public>, Error> {
> +        let pubkey = self.x509.public_key()?;
> +        Ok(pubkey)
> +    }
> +
> +    pub fn not_before(&self) -> &openssl::asn1::Asn1TimeRef {
> +        self.x509.not_before()
> +    }
> +
> +    pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef {
> +        self.x509.not_after()
> +    }
> +}
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel

More information about the pbs-devel mailing list