load auth keys on startup

diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs
index f7ee6e6b49da06405ecb523da008da91fdd53b15..0ad3f8b6666b9ab3e91830d7cde9bf0332ed9ef7 100644 (file)
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@@ -1,8 +1,11 @@
 use crate::tools;
 
 use failure::*;
+use lazy_static::lazy_static;
 
 use openssl::rsa::{Rsa};
+use openssl::pkey::{PKey, Public, Private};
+
 use std::path::PathBuf;
 
 pub fn generate_csrf_key() -> Result<(), Error> {
@@ -50,3 +53,49 @@ pub fn generate_auth_key() -> Result<(), Error> {
 
     Ok(())
 }
+
+pub fn csrf_secret() -> &'static [u8] {
+
+    lazy_static! {
+        static ref SECRET: Vec<u8> =
+            tools::file_get_contents("/etc/proxmox-backup/csrf.key").unwrap();
+    }
+
+    &SECRET
+}
+
+fn load_private_auth_key() -> Result<PKey<Private>, Error> {
+
+    let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.key")?;
+    let rsa = Rsa::private_key_from_pem(&pem)?;
+    let key = PKey::from_rsa(rsa)?;
+
+    Ok(key)
+}
+
+pub fn private_auth_key() -> &'static PKey<Private> {
+
+    lazy_static! {
+        static ref KEY: PKey<Private> = load_private_auth_key().unwrap();
+    }
+
+    &KEY
+}
+
+fn load_public_auth_key() -> Result<PKey<Public>, Error> {
+
+    let pem = tools::file_get_contents("/etc/proxmox-backup/authkey.pub")?;
+    let rsa = Rsa::public_key_from_pem(&pem)?;
+    let key = PKey::from_rsa(rsa)?;
+
+    Ok(key)
+}
+
+pub fn public_auth_key() -> &'static PKey<Public> {
+
+    lazy_static! {
+        static ref KEY: PKey<Public> = load_public_auth_key().unwrap();
+    }
+
+    &KEY
+}

diff --git a/src/bin/proxmox-backup-api.rs b/src/bin/proxmox-backup-api.rs
index 4f86b070a32fab594ca2b5052efac1dd2a2dc091..ba9d3029d6d2cfebf38b82d055410b453336edfc 100644 (file)
--- a/src/bin/proxmox-backup-api.rs
+++ b/src/bin/proxmox-backup-api.rs
@@ -2,7 +2,7 @@ extern crate proxmox_backup;
 
 use std::sync::Arc;
 
-use proxmox_backup::tools;
+//use proxmox_backup::tools;
 use proxmox_backup::api::schema::*;
 use proxmox_backup::api::router::*;
 use proxmox_backup::api::config::*;
@@ -30,11 +30,13 @@ fn main() {
         eprintln!("unable to generate auth key: {}", err);
         std::process::exit(-1);
     }
+    let _ = private_auth_key(); // load with lazy_static
 
     if let Err(err) = generate_csrf_key() {
         eprintln!("unable to generate csrf key: {}", err);
         std::process::exit(-1);
     }
+    let _ = csrf_secret(); // load with lazy_static
 
     let command : Arc<Schema> = StringSchema::new("Command.")
         .format(Arc::new(ApiStringFormat::Enum(vec![

diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index f14161d0168ea8cb8b0119628d960093bf419713..5d3455e7068633400ceab388ac9bf14cef9aeba2 100644 (file)
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -7,6 +7,7 @@ use proxmox_backup::api::router::*;
 use proxmox_backup::api::config::*;
 use proxmox_backup::server::rest::*;
 use proxmox_backup::getopts;
+use proxmox_backup::auth_helpers::*;
 
 //use failure::*;
 use lazy_static::lazy_static;
@@ -25,6 +26,9 @@ fn main() {
         std::process::exit(-1);
     }
 
+    let _ = public_auth_key(); // load with lazy_static
+    let _ = csrf_secret(); // load with lazy_static
+
     let command : Arc<Schema> = StringSchema::new("Command.")
         .format(Arc::new(ApiStringFormat::Enum(vec![
             "start".into(),