src/bin/proxmox_backup_manager/cert.rs

   1 use anyhow::{bail, Error};
   2
   3 use proxmox::api::{api, cli::*};
   4
   5 use proxmox_backup::config;
   6 use proxmox_backup::auth_helpers::*;
   7
   8 #[api]
   9 /// Display node certificate information.
  10 fn cert_info() -> Result<(), Error> {
  11
  12     let cert = proxmox_backup::cert_info()?;
  13
  14     println!("Subject: {}", cert.subject_name()?);
  15
  16     if let Some(san) = cert.subject_alt_names() {
  17         for name in san.iter() {
  18             if let Some(v) = name.dnsname() {
  19                 println!("    DNS:{}", v);
  20             } else if let Some(v) = name.ipaddress() {
  21                 println!("    IP:{:?}", v);
  22             } else if let Some(v) = name.email() {
  23                 println!("    EMAIL:{}", v);
  24             } else if let Some(v) = name.uri() {
  25                 println!("    URI:{}", v);
  26             }
  27         }
  28     }
  29
  30     println!("Issuer: {}", cert.issuer_name()?);
  31     println!("Validity:");
  32     println!("    Not Before: {}", cert.not_before());
  33     println!("    Not After : {}", cert.not_after());
  34
  35     println!("Fingerprint (sha256): {}", cert.fingerprint()?);
  36
  37     let pubkey = cert.public_key()?;
  38     println!("Public key type: {}", openssl::nid::Nid::from_raw(pubkey.id().as_raw()).long_name()?);
  39     println!("Public key bits: {}", pubkey.bits());
  40
  41     Ok(())
  42 }
  43
  44 #[api(
  45     input: {
  46         properties: {
  47             force: {
  48                 description: "Force generation of new SSL certifate.",
  49                 type:  Boolean,
  50                 optional:true,
  51             },
  52         }
  53     },
  54 )]
  55 /// Update node certificates and generate all needed files/directories.
  56 fn update_certs(force: Option<bool>) -> Result<(), Error> {
  57
  58     config::create_configdir()?;
  59
  60     if let Err(err) = generate_auth_key() {
  61         bail!("unable to generate auth key - {}", err);
  62     }
  63
  64     if let Err(err) = generate_csrf_key() {
  65         bail!("unable to generate csrf key - {}", err);
  66     }
  67
  68     config::update_self_signed_cert(force.unwrap_or(false))?;
  69
  70     Ok(())
  71 }
  72
  73 pub fn cert_mgmt_cli() -> CommandLineInterface {
  74
  75     let cmd_def = CliCommandMap::new()
  76         .insert("info", CliCommand::new(&API_METHOD_CERT_INFO))
  77         .insert("update", CliCommand::new(&API_METHOD_UPDATE_CERTS));
  78
  79     cmd_def.into()
  80 }