From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 74F4A77895 for ; Wed, 28 Apr 2021 13:13:02 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 61C0CD3E0 for ; Wed, 28 Apr 2021 13:12:32 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id C84D3D3D5 for ; Wed, 28 Apr 2021 13:12:31 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 99B5645BEF for ; Wed, 28 Apr 2021 13:12:31 +0200 (CEST) Date: Wed, 28 Apr 2021 13:12:30 +0200 From: Wolfgang Bumiller To: Dietmar Maurer Cc: Proxmox Backup Server development discussion Message-ID: <20210428111230.afyaijgvel6r7nth@wobu-vie.proxmox.com> References: <20210422140213.30989-1-w.bumiller@proxmox.com> <20210422140213.30989-6-w.bumiller@proxmox.com> <57bf0b9d-69c2-b309-b577-177f10516af0@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <57bf0b9d-69c2-b309-b577-177f10516af0@proxmox.com> User-Agent: NeoMutt/20180716 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.036 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH v2 backup 05/27] CertInfo: add not_{after, before}_unix X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2021 11:13:02 -0000 On Wed, Apr 28, 2021 at 01:05:33PM +0200, Dietmar Maurer wrote: > is it really worth to add another dependency? openssl uses `foreign-types` to provide access to the underlying data, it is described as a "framework for rust wrappers over C APIs", so if more crates use it, their raw data becomes available this way as well. The alternative would be to explicitly depend on openssl-sys. I don't mind either way. The function isn't otherwise exposed by the crate currently. > > On 4/22/21 4:01 PM, Wolfgang Bumiller wrote: > > Signed-off-by: Wolfgang Bumiller > > --- > > Cargo.toml | 1 + > > src/tools/cert.rs | 36 ++++++++++++++++++++++++++++++++++-- > > 2 files changed, 35 insertions(+), 2 deletions(-) > > > > diff --git a/Cargo.toml b/Cargo.toml > > index 3739d3af..74ccf361 100644 > > --- a/Cargo.toml > > +++ b/Cargo.toml > > @@ -32,6 +32,7 @@ endian_trait = { version = "0.6", features = ["arrays"] } > > env_logger = "0.7" > > flate2 = "1.0" > > anyhow = "1.0" > > +foreign-types = "0.3" > > thiserror = "1.0" > > futures = "0.3" > > h2 = { version = "0.3", features = [ "stream" ] } > > diff --git a/src/tools/cert.rs b/src/tools/cert.rs > > index 0c7e9e5d..d3c221a4 100644 > > --- a/src/tools/cert.rs > > +++ b/src/tools/cert.rs > > @@ -1,12 +1,32 @@ > > use std::path::PathBuf; > > +use std::mem::MaybeUninit; > > -use anyhow::Error; > > +use anyhow::{bail, format_err, Error}; > > +use foreign_types::ForeignTypeRef; > > use openssl::x509::{X509, GeneralName}; > > use openssl::stack::Stack; > > use openssl::pkey::{Public, PKey}; > > use crate::configdir; > > +// C type: > > +#[allow(non_camel_case_types)] > > +type ASN1_TIME = ::CType; > > + > > +extern "C" { > > + fn ASN1_TIME_to_tm(s: *const ASN1_TIME, tm: *mut libc::tm) -> libc::c_int; > > +} > > + > > +fn asn1_time_to_unix(time: &openssl::asn1::Asn1TimeRef) -> Result { > > + let mut c_tm = MaybeUninit::::uninit(); > > + let rc = unsafe { ASN1_TIME_to_tm(time.as_ptr(), c_tm.as_mut_ptr()) }; > > + if rc != 1 { > > + bail!("failed to parse ASN1 time"); > > + } > > + let mut c_tm = unsafe { c_tm.assume_init() }; > > + proxmox::tools::time::timegm(&mut c_tm) > > +} > > + > > pub struct CertInfo { > > x509: X509, > > } > > @@ -25,7 +45,11 @@ impl CertInfo { > > } > > pub fn from_path(path: PathBuf) -> Result { > > - let cert_pem = proxmox::tools::fs::file_get_contents(&path)?; > > + Self::from_pem(&proxmox::tools::fs::file_get_contents(&path)?) > > + .map_err(|err| format_err!("failed to load certificate from {:?} - {}", path, err)) > > + } > > + > > + pub fn from_pem(cert_pem: &[u8]) -> Result { > > let x509 = openssl::x509::X509::from_pem(&cert_pem)?; > > Ok(Self{ > > x509 > > @@ -64,4 +88,12 @@ impl CertInfo { > > pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef { > > self.x509.not_after() > > } > > + > > + pub fn not_before_unix(&self) -> Result { > > + asn1_time_to_unix(&self.not_before()) > > + } > > + > > + pub fn not_after_unix(&self) -> Result { > > + asn1_time_to_unix(&self.not_after()) > > + } > > }