From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dietmar@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 08AD377881
 for <pbs-devel@lists.proxmox.com>; Wed, 28 Apr 2021 13:05:35 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id EEBA8D255
 for <pbs-devel@lists.proxmox.com>; Wed, 28 Apr 2021 13:05:34 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 5E5D5D246
 for <pbs-devel@lists.proxmox.com>; Wed, 28 Apr 2021 13:05:34 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E2A3945BE0
 for <pbs-devel@lists.proxmox.com>; Wed, 28 Apr 2021 13:05:33 +0200 (CEST)
To: Proxmox Backup Server development discussion
 <pbs-devel@lists.proxmox.com>, Wolfgang Bumiller <w.bumiller@proxmox.com>
References: <20210422140213.30989-1-w.bumiller@proxmox.com>
 <20210422140213.30989-6-w.bumiller@proxmox.com>
From: Dietmar Maurer <dietmar@proxmox.com>
Message-ID: <57bf0b9d-69c2-b309-b577-177f10516af0@proxmox.com>
Date: Wed, 28 Apr 2021 13:05:33 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <20210422140213.30989-6-w.bumiller@proxmox.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.443 Adjusted score from AWL reputation of From: address
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [PATCH v2 backup 05/27] CertInfo: add not_{after,
 before}_unix
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2021 11:05:35 -0000

is it really worth to add another dependency?

On 4/22/21 4:01 PM, Wolfgang Bumiller wrote:
> Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
> ---
>   Cargo.toml        |  1 +
>   src/tools/cert.rs | 36 ++++++++++++++++++++++++++++++++++--
>   2 files changed, 35 insertions(+), 2 deletions(-)
>
> diff --git a/Cargo.toml b/Cargo.toml
> index 3739d3af..74ccf361 100644
> --- a/Cargo.toml
> +++ b/Cargo.toml
> @@ -32,6 +32,7 @@ endian_trait = { version = "0.6", features = ["arrays"] }
>   env_logger = "0.7"
>   flate2 = "1.0"
>   anyhow = "1.0"
> +foreign-types = "0.3"
>   thiserror = "1.0"
>   futures = "0.3"
>   h2 = { version = "0.3", features = [ "stream" ] }
> diff --git a/src/tools/cert.rs b/src/tools/cert.rs
> index 0c7e9e5d..d3c221a4 100644
> --- a/src/tools/cert.rs
> +++ b/src/tools/cert.rs
> @@ -1,12 +1,32 @@
>   use std::path::PathBuf;
> +use std::mem::MaybeUninit;
>   
> -use anyhow::Error;
> +use anyhow::{bail, format_err, Error};
> +use foreign_types::ForeignTypeRef;
>   use openssl::x509::{X509, GeneralName};
>   use openssl::stack::Stack;
>   use openssl::pkey::{Public, PKey};
>   
>   use crate::configdir;
>   
> +// C type:
> +#[allow(non_camel_case_types)]
> +type ASN1_TIME = <openssl::asn1::Asn1TimeRef as ForeignTypeRef>::CType;
> +
> +extern "C" {
> +    fn ASN1_TIME_to_tm(s: *const ASN1_TIME, tm: *mut libc::tm) -> libc::c_int;
> +}
> +
> +fn asn1_time_to_unix(time: &openssl::asn1::Asn1TimeRef) -> Result<i64, Error> {
> +    let mut c_tm = MaybeUninit::<libc::tm>::uninit();
> +    let rc = unsafe { ASN1_TIME_to_tm(time.as_ptr(), c_tm.as_mut_ptr()) };
> +    if rc != 1 {
> +        bail!("failed to parse ASN1 time");
> +    }
> +    let mut c_tm = unsafe { c_tm.assume_init() };
> +    proxmox::tools::time::timegm(&mut c_tm)
> +}
> +
>   pub struct CertInfo {
>       x509: X509,
>   }
> @@ -25,7 +45,11 @@ impl CertInfo {
>       }
>   
>       pub fn from_path(path: PathBuf) -> Result<Self, Error> {
> -        let cert_pem = proxmox::tools::fs::file_get_contents(&path)?;
> +        Self::from_pem(&proxmox::tools::fs::file_get_contents(&path)?)
> +            .map_err(|err| format_err!("failed to load certificate from {:?} - {}", path, err))
> +    }
> +
> +    pub fn from_pem(cert_pem: &[u8]) -> Result<Self, Error> {
>           let x509 = openssl::x509::X509::from_pem(&cert_pem)?;
>           Ok(Self{
>               x509
> @@ -64,4 +88,12 @@ impl CertInfo {
>       pub fn not_after(&self) -> &openssl::asn1::Asn1TimeRef {
>           self.x509.not_after()
>       }
> +
> +    pub fn not_before_unix(&self) -> Result<i64, Error> {
> +        asn1_time_to_unix(&self.not_before())
> +    }
> +
> +    pub fn not_after_unix(&self) -> Result<i64, Error> {
> +        asn1_time_to_unix(&self.not_after())
> +    }
>   }