Compare commits
2 Commits
af1dc183ec
...
28104f36e1
Author | SHA1 | Date | |
---|---|---|---|
|
28104f36e1 | ||
|
811aef209a |
@ -2,11 +2,19 @@ use std::{sync, time};
|
|||||||
|
|
||||||
use crate::domain::acme::{self, Certificate, PrivateKey};
|
use crate::domain::acme::{self, Certificate, PrivateKey};
|
||||||
use crate::error::unexpected::{self, Intoable, Mappable};
|
use crate::error::unexpected::{self, Intoable, Mappable};
|
||||||
use crate::{domain, util};
|
use crate::{domain, token, util};
|
||||||
|
|
||||||
const LETS_ENCRYPT_URL: &str = "https://acme-v02.api.letsencrypt.org/directory";
|
const LETS_ENCRYPT_URL: &str = "https://acme-v02.api.letsencrypt.org/directory";
|
||||||
|
|
||||||
pub type GetHttp01ChallengeKeyError = acme::store::GetHttp01ChallengeKeyError;
|
#[derive(thiserror::Error, Debug)]
|
||||||
|
pub enum GetHttp01ChallengeKeyError {
|
||||||
|
#[error("not found")]
|
||||||
|
NotFound,
|
||||||
|
|
||||||
|
#[error(transparent)]
|
||||||
|
Unexpected(#[from] unexpected::Error),
|
||||||
|
}
|
||||||
|
|
||||||
pub type GetCertificateError = acme::store::GetCertificateError;
|
pub type GetCertificateError = acme::store::GetCertificateError;
|
||||||
|
|
||||||
#[mockall::automock]
|
#[mockall::automock]
|
||||||
@ -27,14 +35,20 @@ pub trait Manager {
|
|||||||
|
|
||||||
pub struct ManagerImpl {
|
pub struct ManagerImpl {
|
||||||
store: Box<dyn acme::store::Store + Send + Sync>,
|
store: Box<dyn acme::store::Store + Send + Sync>,
|
||||||
|
token_store: Box<dyn token::Store + Send + Sync>,
|
||||||
account: sync::Arc<acme2::Account>,
|
account: sync::Arc<acme2::Account>,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl ManagerImpl {
|
impl ManagerImpl {
|
||||||
pub async fn new<Store: acme::store::Store + Send + Sync + 'static>(
|
pub async fn new<AcmeStore, TokenStore>(
|
||||||
store: Store,
|
store: AcmeStore,
|
||||||
|
token_store: TokenStore,
|
||||||
config: &domain::ConfigACME,
|
config: &domain::ConfigACME,
|
||||||
) -> Result<Self, unexpected::Error> {
|
) -> Result<Self, unexpected::Error>
|
||||||
|
where
|
||||||
|
AcmeStore: acme::store::Store + Send + Sync + 'static,
|
||||||
|
TokenStore: token::Store + Send + Sync + 'static,
|
||||||
|
{
|
||||||
let dir = acme2::DirectoryBuilder::new(LETS_ENCRYPT_URL.to_string())
|
let dir = acme2::DirectoryBuilder::new(LETS_ENCRYPT_URL.to_string())
|
||||||
.build()
|
.build()
|
||||||
.await
|
.await
|
||||||
@ -78,6 +92,7 @@ impl ManagerImpl {
|
|||||||
|
|
||||||
Ok(Self {
|
Ok(Self {
|
||||||
store: Box::from(store),
|
store: Box::from(store),
|
||||||
|
token_store: Box::from(token_store),
|
||||||
account,
|
account,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
@ -140,8 +155,8 @@ impl Manager for ManagerImpl {
|
|||||||
.or_unexpected_while("getting challenge key from authorization")?
|
.or_unexpected_while("getting challenge key from authorization")?
|
||||||
.ok_or(unexpected::Error::from("expected challenge to have key"))?;
|
.ok_or(unexpected::Error::from("expected challenge to have key"))?;
|
||||||
|
|
||||||
self.store
|
self.token_store
|
||||||
.set_http01_challenge_key(challenge_token, &challenge_key)
|
.set(challenge_token.clone(), challenge_key)
|
||||||
.or_unexpected_while("storing challenge token")?;
|
.or_unexpected_while("storing challenge token")?;
|
||||||
|
|
||||||
// At this point the manager is prepared to serve the challenge key via the
|
// At this point the manager is prepared to serve the challenge key via the
|
||||||
@ -165,8 +180,8 @@ impl Manager for ManagerImpl {
|
|||||||
let challenge_res = challenge.wait_done(time::Duration::from_secs(5), 3).await;
|
let challenge_res = challenge.wait_done(time::Duration::from_secs(5), 3).await;
|
||||||
|
|
||||||
// no matter what the result is, clean up the challenge key
|
// no matter what the result is, clean up the challenge key
|
||||||
self.store
|
self.token_store
|
||||||
.del_http01_challenge_key(challenge_token)
|
.del(challenge_token)
|
||||||
.or_unexpected_while("deleting challenge token")?;
|
.or_unexpected_while("deleting challenge token")?;
|
||||||
|
|
||||||
let challenge = challenge_res.or_unexpected_while("getting challenge status")?;
|
let challenge = challenge_res.or_unexpected_while("getting challenge status")?;
|
||||||
@ -296,7 +311,11 @@ impl Manager for ManagerImpl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError> {
|
fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError> {
|
||||||
self.store.get_http01_challenge_key(token)
|
match self.token_store.get(token) {
|
||||||
|
Ok(Some(v)) => Ok(v),
|
||||||
|
Ok(None) => Err(GetHttp01ChallengeKeyError::NotFound),
|
||||||
|
Err(e) => Err(e.into()),
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Returned vec is guaranteed to have len > 0
|
/// Returned vec is guaranteed to have len > 0
|
||||||
|
@ -6,9 +6,7 @@ use crate::domain::acme::{Certificate, PrivateKey};
|
|||||||
use crate::error::unexpected::{self, Mappable};
|
use crate::error::unexpected::{self, Mappable};
|
||||||
use crate::util;
|
use crate::util;
|
||||||
|
|
||||||
use hex::ToHex;
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use sha2::{Digest, Sha256};
|
|
||||||
|
|
||||||
#[derive(thiserror::Error, Debug)]
|
#[derive(thiserror::Error, Debug)]
|
||||||
pub enum GetAccountKeyError {
|
pub enum GetAccountKeyError {
|
||||||
@ -19,15 +17,6 @@ pub enum GetAccountKeyError {
|
|||||||
Unexpected(#[from] unexpected::Error),
|
Unexpected(#[from] unexpected::Error),
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(thiserror::Error, Debug)]
|
|
||||||
pub enum GetHttp01ChallengeKeyError {
|
|
||||||
#[error("not found")]
|
|
||||||
NotFound,
|
|
||||||
|
|
||||||
#[error(transparent)]
|
|
||||||
Unexpected(#[from] unexpected::Error),
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(thiserror::Error, Debug)]
|
#[derive(thiserror::Error, Debug)]
|
||||||
pub enum GetCertificateError {
|
pub enum GetCertificateError {
|
||||||
#[error("not found")]
|
#[error("not found")]
|
||||||
@ -42,10 +31,6 @@ pub trait Store {
|
|||||||
fn set_account_key(&self, k: &PrivateKey) -> Result<(), unexpected::Error>;
|
fn set_account_key(&self, k: &PrivateKey) -> Result<(), unexpected::Error>;
|
||||||
fn get_account_key(&self) -> Result<PrivateKey, GetAccountKeyError>;
|
fn get_account_key(&self) -> Result<PrivateKey, GetAccountKeyError>;
|
||||||
|
|
||||||
fn set_http01_challenge_key(&self, token: &str, key: &str) -> Result<(), unexpected::Error>;
|
|
||||||
fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError>;
|
|
||||||
fn del_http01_challenge_key(&self, token: &str) -> Result<(), unexpected::Error>;
|
|
||||||
|
|
||||||
fn set_certificate(
|
fn set_certificate(
|
||||||
&self,
|
&self,
|
||||||
domain: &str,
|
domain: &str,
|
||||||
@ -93,16 +78,6 @@ impl FSStore {
|
|||||||
self.dir_path.join("account.key")
|
self.dir_path.join("account.key")
|
||||||
}
|
}
|
||||||
|
|
||||||
fn http01_challenge_key_path(&self, token: &str) -> path::PathBuf {
|
|
||||||
// hash it for safety
|
|
||||||
let mut h = Sha256::new();
|
|
||||||
h.write_all(token.as_bytes())
|
|
||||||
.expect("token successfully hashed");
|
|
||||||
let n = h.finalize().encode_hex::<String>();
|
|
||||||
|
|
||||||
self.dir_path.join("http01_challenge_keys").join(n)
|
|
||||||
}
|
|
||||||
|
|
||||||
fn certificate_path(&self, domain: &str) -> path::PathBuf {
|
fn certificate_path(&self, domain: &str) -> path::PathBuf {
|
||||||
let mut domain = domain.to_string();
|
let mut domain = domain.to_string();
|
||||||
domain.push_str(".json");
|
domain.push_str(".json");
|
||||||
@ -144,42 +119,6 @@ impl Store for FSStore {
|
|||||||
.map_err(|err| err.into())
|
.map_err(|err| err.into())
|
||||||
}
|
}
|
||||||
|
|
||||||
fn set_http01_challenge_key(&self, token: &str, key: &str) -> Result<(), unexpected::Error> {
|
|
||||||
let path = self.http01_challenge_key_path(token);
|
|
||||||
{
|
|
||||||
let mut file = fs::File::create(path.as_path()).or_unexpected_while("creating file")?;
|
|
||||||
file.write_all(key.as_bytes())
|
|
||||||
.or_unexpected_while("writing file")
|
|
||||||
}
|
|
||||||
.map_unexpected_while(|| format!("path is {}", path.display()))?;
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn get_http01_challenge_key(&self, token: &str) -> Result<String, GetHttp01ChallengeKeyError> {
|
|
||||||
let path = self.http01_challenge_key_path(token);
|
|
||||||
{
|
|
||||||
let mut file =
|
|
||||||
match util::open_file(path.as_path()).or_unexpected_while("opening_file")? {
|
|
||||||
Some(file) => file,
|
|
||||||
None => return Err(GetHttp01ChallengeKeyError::NotFound),
|
|
||||||
};
|
|
||||||
|
|
||||||
let mut key = String::new();
|
|
||||||
file.read_to_string(&mut key)
|
|
||||||
.or_unexpected_while("reading file")?;
|
|
||||||
|
|
||||||
Ok::<String, unexpected::Error>(key)
|
|
||||||
}
|
|
||||||
.map_unexpected_while(|| format!("path is {}", path.display()))
|
|
||||||
.map_err(|err| err.into())
|
|
||||||
}
|
|
||||||
|
|
||||||
fn del_http01_challenge_key(&self, token: &str) -> Result<(), unexpected::Error> {
|
|
||||||
let path = self.http01_challenge_key_path(token);
|
|
||||||
fs::remove_file(path.as_path())
|
|
||||||
.map_unexpected_while(|| format!("path is {}", path.display()))
|
|
||||||
}
|
|
||||||
|
|
||||||
fn set_certificate(
|
fn set_certificate(
|
||||||
&self,
|
&self,
|
||||||
domain: &str,
|
domain: &str,
|
||||||
@ -251,38 +190,4 @@ mod tests {
|
|||||||
.expect("account private key retrieved")
|
.expect("account private key retrieved")
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
#[test]
|
|
||||||
fn http01_challenge_key() {
|
|
||||||
let tmp_dir = TempDir::new("domain_acme_store_http01_challenge_key").unwrap();
|
|
||||||
let store = FSStore::new(tmp_dir.path()).expect("store created");
|
|
||||||
|
|
||||||
let token = "foo".to_string();
|
|
||||||
let key = "bar".to_string();
|
|
||||||
|
|
||||||
assert!(matches!(
|
|
||||||
store.get_http01_challenge_key(&token),
|
|
||||||
Err::<String, GetHttp01ChallengeKeyError>(GetHttp01ChallengeKeyError::NotFound)
|
|
||||||
));
|
|
||||||
|
|
||||||
store
|
|
||||||
.set_http01_challenge_key(&token, &key)
|
|
||||||
.expect("http01 challenge set");
|
|
||||||
|
|
||||||
assert_eq!(
|
|
||||||
key,
|
|
||||||
store
|
|
||||||
.get_http01_challenge_key(&token)
|
|
||||||
.expect("retrieved http01 challenge"),
|
|
||||||
);
|
|
||||||
|
|
||||||
store
|
|
||||||
.del_http01_challenge_key(&token)
|
|
||||||
.expect("deleted http01 challenge");
|
|
||||||
|
|
||||||
assert!(matches!(
|
|
||||||
store.get_http01_challenge_key(&token),
|
|
||||||
Err::<String, GetHttp01ChallengeKeyError>(GetHttp01ChallengeKeyError::NotFound)
|
|
||||||
));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
use std::fmt::Write;
|
use std::fmt::Write;
|
||||||
use std::{error, fmt};
|
use std::{error, fmt, result};
|
||||||
|
|
||||||
#[derive(Debug, Clone, PartialEq)]
|
#[derive(Debug, Clone, PartialEq)]
|
||||||
/// Error is a String which implements the Error trait. It is intended to be used in
|
/// Error is a String which implements the Error trait. It is intended to be used in
|
||||||
@ -10,6 +10,8 @@ use std::{error, fmt};
|
|||||||
/// async situations.
|
/// async situations.
|
||||||
pub struct Error(String);
|
pub struct Error(String);
|
||||||
|
|
||||||
|
pub type Result<T> = result::Result<T, Error>;
|
||||||
|
|
||||||
impl Error {
|
impl Error {
|
||||||
fn from_displays<D1, D2, D3>(prefix: Option<D1>, body: &D2, source: Option<D3>) -> Error
|
fn from_displays<D1, D2, D3>(prefix: Option<D1>, body: &D2, source: Option<D3>) -> Error
|
||||||
where
|
where
|
||||||
@ -55,24 +57,24 @@ impl error::Error for Error {}
|
|||||||
|
|
||||||
pub trait Mappable<T> {
|
pub trait Mappable<T> {
|
||||||
/// or_unexpected returns an Err(Error) wrapping self's Err, or the Ok value of self.
|
/// or_unexpected returns an Err(Error) wrapping self's Err, or the Ok value of self.
|
||||||
fn or_unexpected(self) -> Result<T, Error>;
|
fn or_unexpected(self) -> Result<T>;
|
||||||
|
|
||||||
/// or_unexpected_while is like or_unexpected, but will prefix the error message. The prefix
|
/// or_unexpected_while is like or_unexpected, but will prefix the error message. The prefix
|
||||||
/// should be worded as if it started with the word "while", e.g.: `opening file {path}`.
|
/// should be worded as if it started with the word "while", e.g.: `opening file {path}`.
|
||||||
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T, Error>;
|
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T>;
|
||||||
|
|
||||||
/// map_unexpected_while is like or_unexpected_while, but uses a closure to produce the error
|
/// map_unexpected_while is like or_unexpected_while, but uses a closure to produce the error
|
||||||
/// prefix.
|
/// prefix.
|
||||||
fn map_unexpected_while<F, D>(self, f: F) -> Result<T, Error>
|
fn map_unexpected_while<F, D>(self, f: F) -> Result<T>
|
||||||
where
|
where
|
||||||
F: FnOnce() -> D,
|
F: FnOnce() -> D,
|
||||||
D: fmt::Display;
|
D: fmt::Display;
|
||||||
}
|
}
|
||||||
|
|
||||||
fn map_unexpected_maybe_while<T, E, F, D>(
|
fn map_unexpected_maybe_while<T, E, F, D>(
|
||||||
res: Result<T, E>,
|
res: result::Result<T, E>,
|
||||||
prefix_fn: Option<F>,
|
prefix_fn: Option<F>,
|
||||||
) -> Result<T, Error>
|
) -> Result<T>
|
||||||
where
|
where
|
||||||
E: error::Error,
|
E: error::Error,
|
||||||
F: FnOnce() -> D,
|
F: FnOnce() -> D,
|
||||||
@ -84,17 +86,17 @@ where
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<T, E: error::Error> Mappable<T> for Result<T, E> {
|
impl<T, E: error::Error> Mappable<T> for result::Result<T, E> {
|
||||||
fn or_unexpected(self) -> Result<T, Error> {
|
fn or_unexpected(self) -> Result<T> {
|
||||||
let no_fn = None::<Box<dyn FnOnce() -> Box<dyn fmt::Display>>>; // lol, good job rust
|
let no_fn = None::<Box<dyn FnOnce() -> Box<dyn fmt::Display>>>; // lol, good job rust
|
||||||
map_unexpected_maybe_while(self, no_fn)
|
map_unexpected_maybe_while(self, no_fn)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T, Error> {
|
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T> {
|
||||||
map_unexpected_maybe_while(self, Some(|| prefix))
|
map_unexpected_maybe_while(self, Some(|| prefix))
|
||||||
}
|
}
|
||||||
|
|
||||||
fn map_unexpected_while<F, D>(self, f: F) -> Result<T, Error>
|
fn map_unexpected_while<F, D>(self, f: F) -> Result<T>
|
||||||
where
|
where
|
||||||
F: FnOnce() -> D,
|
F: FnOnce() -> D,
|
||||||
D: fmt::Display,
|
D: fmt::Display,
|
||||||
@ -106,16 +108,16 @@ impl<T, E: error::Error> Mappable<T> for Result<T, E> {
|
|||||||
static OPTION_NONE_ERROR: &str = "expected Some but got None";
|
static OPTION_NONE_ERROR: &str = "expected Some but got None";
|
||||||
|
|
||||||
impl<T> Mappable<T> for Option<T> {
|
impl<T> Mappable<T> for Option<T> {
|
||||||
fn or_unexpected(self) -> Result<T, Error> {
|
fn or_unexpected(self) -> Result<T> {
|
||||||
self.ok_or(Error::from(OPTION_NONE_ERROR)).or_unexpected()
|
self.ok_or(Error::from(OPTION_NONE_ERROR)).or_unexpected()
|
||||||
}
|
}
|
||||||
|
|
||||||
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T, Error> {
|
fn or_unexpected_while<D: fmt::Display>(self, prefix: D) -> Result<T> {
|
||||||
self.ok_or(Error::from(OPTION_NONE_ERROR))
|
self.ok_or(Error::from(OPTION_NONE_ERROR))
|
||||||
.or_unexpected_while(prefix)
|
.or_unexpected_while(prefix)
|
||||||
}
|
}
|
||||||
|
|
||||||
fn map_unexpected_while<F, D>(self, f: F) -> Result<T, Error>
|
fn map_unexpected_while<F, D>(self, f: F) -> Result<T>
|
||||||
where
|
where
|
||||||
F: FnOnce() -> D,
|
F: FnOnce() -> D,
|
||||||
D: fmt::Display,
|
D: fmt::Display,
|
||||||
|
@ -7,4 +7,5 @@ pub mod domain;
|
|||||||
pub mod error;
|
pub mod error;
|
||||||
pub mod origin;
|
pub mod origin;
|
||||||
pub mod service;
|
pub mod service;
|
||||||
|
pub mod token;
|
||||||
pub mod util;
|
pub mod util;
|
||||||
|
@ -78,6 +78,8 @@ async fn main() {
|
|||||||
config
|
config
|
||||||
};
|
};
|
||||||
|
|
||||||
|
let token_store = domani::token::MemStore::new();
|
||||||
|
|
||||||
let origin_store = domani::origin::git::FSStore::new(&config.origin)
|
let origin_store = domani::origin::git::FSStore::new(&config.origin)
|
||||||
.expect("git origin store initialization failed");
|
.expect("git origin store initialization failed");
|
||||||
|
|
||||||
@ -107,7 +109,11 @@ async fn main() {
|
|||||||
.expect("domain acme store initialization failed");
|
.expect("domain acme store initialization failed");
|
||||||
|
|
||||||
Some(
|
Some(
|
||||||
domani::domain::acme::manager::ManagerImpl::new(domain_acme_store, &acme_config)
|
domani::domain::acme::manager::ManagerImpl::new(
|
||||||
|
domain_acme_store,
|
||||||
|
token_store,
|
||||||
|
&acme_config,
|
||||||
|
)
|
||||||
.await
|
.await
|
||||||
.expect("domain acme manager initialization failed"),
|
.expect("domain acme manager initialization failed"),
|
||||||
)
|
)
|
||||||
|
37
src/token.rs
Normal file
37
src/token.rs
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
/// Provides utilites for storing and retrieving various named string tokens which are needed.
|
||||||
|
use crate::error::unexpected;
|
||||||
|
use std::{collections, sync};
|
||||||
|
|
||||||
|
pub trait Store {
|
||||||
|
fn get(&self, key: &str) -> unexpected::Result<Option<String>>;
|
||||||
|
fn set(&self, key: String, val: String) -> unexpected::Result<()>;
|
||||||
|
fn del(&self, key: &str) -> unexpected::Result<()>;
|
||||||
|
}
|
||||||
|
|
||||||
|
pub struct MemStore {
|
||||||
|
m: sync::Mutex<collections::HashMap<String, String>>,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl MemStore {
|
||||||
|
pub fn new() -> MemStore {
|
||||||
|
MemStore {
|
||||||
|
m: sync::Mutex::default(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Store for MemStore {
|
||||||
|
fn get(&self, key: &str) -> unexpected::Result<Option<String>> {
|
||||||
|
Ok(self.m.lock().unwrap().get(key).map(|s| s.to_string()))
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set(&self, key: String, val: String) -> unexpected::Result<()> {
|
||||||
|
self.m.lock().unwrap().insert(key, val);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
|
||||||
|
fn del(&self, key: &str) -> unexpected::Result<()> {
|
||||||
|
self.m.lock().unwrap().remove(key);
|
||||||
|
Ok(())
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user