From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B182561AD3 for ; Fri, 10 Jul 2020 11:11:35 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9E11A19308 for ; Fri, 10 Jul 2020 11:11:05 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 96495192F8 for ; Fri, 10 Jul 2020 11:11:03 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 5C27F40C45 for ; Fri, 10 Jul 2020 11:11:03 +0200 (CEST) Date: Fri, 10 Jul 2020 11:10:52 +0200 (CEST) From: Dietmar Maurer To: Proxmox Backup Server development discussion , Dominik Csapak Message-ID: <1413996720.449.1594372252812@webmail.proxmox.com> In-Reply-To: <20200710085113.19732-1-d.csapak@proxmox.com> References: <20200710085113.19732-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.3-Rev15 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.020 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, cert.rs, tools.rs] Subject: [pbs-devel] applied: [PATCH proxmox-backup 1/3] refactor CertInfo to tools X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jul 2020 09:11:35 -0000 applied all 3 patches > On 07/10/2020 10:51 AM Dominik Csapak wrote: > > > we want to reuse some of the functionality elsewhere > > Signed-off-by: Dominik Csapak > --- > src/bin/proxmox_backup_manager/cert.rs | 29 ++--------- > src/tools.rs | 1 + > src/tools/cert.rs | 67 ++++++++++++++++++++++++++ > 3 files changed, 73 insertions(+), 24 deletions(-) > create mode 100644 src/tools/cert.rs > > diff --git a/src/bin/proxmox_backup_manager/cert.rs b/src/bin/proxmox_backup_manager/cert.rs > index f5f725a..845c8ed 100644 > --- a/src/bin/proxmox_backup_manager/cert.rs > +++ b/src/bin/proxmox_backup_manager/cert.rs > @@ -1,32 +1,18 @@ > -use std::path::PathBuf; > - > use anyhow::{bail, Error}; > > use proxmox::api::{api, cli::*}; > > use proxmox_backup::config; > -use proxmox_backup::configdir; > use proxmox_backup::auth_helpers::*; > - > -fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result { > - let mut parts = Vec::new(); > - for entry in name.entries() { > - parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?)); > - } > - Ok(parts.join(", ")) > -} > +use proxmox_backup::tools::cert::CertInfo; > > #[api] > /// Display node certificate information. > fn cert_info() -> Result<(), Error> { > > - let cert_path = PathBuf::from(configdir!("/proxy.pem")); > + let cert = CertInfo::new()?; > > - let cert_pem = proxmox::tools::fs::file_get_contents(&cert_path)?; > - > - let cert = openssl::x509::X509::from_pem(&cert_pem)?; > - > - println!("Subject: {}", x509name_to_string(cert.subject_name())?); > + println!("Subject: {}", cert.subject_name()?); > > if let Some(san) = cert.subject_alt_names() { > for name in san.iter() { > @@ -42,17 +28,12 @@ fn cert_info() -> Result<(), Error> { > } > } > > - println!("Issuer: {}", x509name_to_string(cert.issuer_name())?); > + println!("Issuer: {}", cert.issuer_name()?); > println!("Validity:"); > println!(" Not Before: {}", cert.not_before()); > println!(" Not After : {}", cert.not_after()); > > - let fp = cert.digest(openssl::hash::MessageDigest::sha256())?; > - let fp_string = proxmox::tools::digest_to_hex(&fp); > - let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap()) > - .collect::>().join(":"); > - > - println!("Fingerprint (sha256): {}", fp_string); > + println!("Fingerprint (sha256): {}", cert.fingerprint()?); > > let pubkey = cert.public_key()?; > println!("Public key type: {}", openssl::nid::Nid::from_raw(pubkey.id().as_raw()).long_name()?); > diff --git a/src/tools.rs b/src/tools.rs > index 75c8d9f..4bfc35c 100644 > --- a/src/tools.rs > +++ b/src/tools.rs > @@ -23,6 +23,7 @@ pub use proxmox::tools::fd::Fd; > pub mod acl; > pub mod async_io; > pub mod borrow; > +pub mod cert; > pub mod daemon; > pub mod disks; > pub mod fs; > diff --git a/src/tools/cert.rs b/src/tools/cert.rs > new file mode 100644 > index 0000000..0c7e9e5 > --- /dev/null > +++ b/src/tools/cert.rs > @@ -0,0 +1,67 @@ > +use std::path::PathBuf; > + > +use anyhow::Error; > +use openssl::x509::{X509, GeneralName}; > +use openssl::stack::Stack; > +use openssl::pkey::{Public, PKey}; > + > +use crate::configdir; > + > +pub struct CertInfo { > + x509: X509, > +} > + > +fn x509name_to_string(name: &openssl::x509::X509NameRef) -> Result { > + let mut parts = Vec::new(); > + for entry in name.entries() { > + parts.push(format!("{} = {}", entry.object().nid().short_name()?, entry.data().as_utf8()?)); > + } > + Ok(parts.join(", ")) > +} > + > +impl CertInfo { > + pub fn new() -> Result { > + Self::from_path(PathBuf::from(configdir!("/proxy.pem"))) > + } > + > + pub fn from_path(path: PathBuf) -> Result { > + let cert_pem = proxmox::tools::fs::file_get_contents(&path)?; > + let x509 = openssl::x509::X509::from_pem(&cert_pem)?; > + Ok(Self{ > + x509 > + }) > + } > + > + pub fn subject_alt_names(&self) -> Option> { > + self.x509.subject_alt_names() > + } > + > + pub fn subject_name(&self) -> Result { > + Ok(x509name_to_string(self.x509.subject_name())?) > + } > + > + pub fn issuer_name(&self) -> Result { > + Ok(x509name_to_string(self.x509.issuer_name())?) > + } > + > + pub fn fingerprint(&self) -> Result { > + let fp = self.x509.digest(openssl::hash::MessageDigest::sha256())?; > + let fp_string = proxmox::tools::digest_to_hex(&fp); > + let fp_string = fp_string.as_bytes().chunks(2).map(|v| std::str::from_utf8(v).unwrap()) > + .collect::>().join(":"); > + Ok(fp_string) > + } > + > + pub fn public_key(&self) -> Result, Error> { > + let pubkey = self.x509.public_key()?; > + Ok(pubkey) > + } > + > + pub fn not_before(&self) -> &openssl::asn1::Asn1TimeRef { > + self.x509.not_before() > + } > + > + pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef { > + self.x509.not_after() > + } > +} > -- > 2.20.1 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel