Skip to content

Commit

Permalink
fix(vanish): returns private key too now
Browse files Browse the repository at this point in the history
  • Loading branch information
@shubhexists
shubhexists committed Aug 31, 2024
1 parent 94eb51f commit bc14217
Show file tree
Hide file tree
Showing 6 changed files with 189 additions and 84 deletions.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
node_modules
reference.rs
reference.rs
certs
230 changes: 153 additions & 77 deletions core/src/commands/generate.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ pub fn generate(
country: country.clone(),
state: state.clone(),
};
let ca_req_certificate: X509Req =
let (ca_req_certificate, private_key) =
CAReq::new(distinguished_name)?.generate_certificate()?;
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
Expand All @@ -46,13 +46,20 @@ pub fn generate(
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name: PathBuf = output_path.join(format!("csr-{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
CAReq::save_certificate_to_file(&ca_req_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf = output_path.join(format!("csr-{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
CAReq::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
} else {
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
Expand All @@ -79,7 +86,7 @@ pub fn generate(
};
let csr_object: X509Req = CAReq::read_csr_from_file(csr)?;
let leaf_cert_object: LeafCert = LeafCert::new(distinguished_name)?;
let leaf_certificate: X509 = LeafCert::generate_certificate(
let (leaf_certificate, _private_key) = LeafCert::generate_certificate(
leaf_cert_object,
&cert,
&pkey,
Expand Down Expand Up @@ -121,34 +128,57 @@ pub fn generate(
state: state.clone(),
};
let leaf_cert_object: LeafCert = LeafCert::new(distinguished_name)?;
let leaf_certificate: X509 =
let (leaf_certificate, private_key) =
LeafCert::generate_certificate(leaf_cert_object, &cert, &pkey, None)?;
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
if !output_path.exists() {
fs::create_dir_all(output_path)?;
}
let output_path: PathBuf = if output_path.is_absolute() {
output_path.to_path_buf()
if let Some(private_key) = private_key {
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
if !output_path.exists() {
fs::create_dir_all(output_path)?;
}
let output_path: PathBuf = if output_path.is_absolute() {
output_path.to_path_buf()
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf =
output_path.join(format!("{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
LeafCert::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf =
output_path.join(format!("{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
LeafCert::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
}
} else {
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
eprintln!(
"Oops! We lost your private key for domain {}. Please try again!",
domain
)
}
}
}
Expand All @@ -170,7 +200,7 @@ pub fn generate(
};
let csr_object: X509Req = CAReq::read_csr_from_file(csr)?;
let leaf_cert_object: LeafCert = LeafCert::new(distinguished_name)?;
let leaf_certificate: X509 = LeafCert::generate_certificate(
let (leaf_certificate, _private_key) = LeafCert::generate_certificate(
leaf_cert_object,
&d_cert,
&d_pkey,
Expand Down Expand Up @@ -212,34 +242,57 @@ pub fn generate(
state: state.clone(),
};
let leaf_cert_object: LeafCert = LeafCert::new(distinguished_name)?;
let leaf_certificate: X509 =
let (leaf_certificate, private_key) =
LeafCert::generate_certificate(leaf_cert_object, &d_cert, &d_pkey, None)?;
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
if !output_path.exists() {
fs::create_dir_all(output_path)?;
}
let output_path: PathBuf = if output_path.is_absolute() {
output_path.to_path_buf()
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
if let Some(private_key) = private_key {
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
if !output_path.exists() {
fs::create_dir_all(output_path)?;
}
let output_path: PathBuf = if output_path.is_absolute() {
output_path.to_path_buf()
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf =
output_path.join(format!("{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
LeafCert::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf =
output_path.join(format!("{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
LeafCert::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
}
} else {
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
eprintln!(
"Oops! We lost your private key for domain {}. Please try again!",
domain
)
}
}
}
Expand Down Expand Up @@ -267,7 +320,7 @@ pub fn generate(
};
let csr_object: X509Req = CAReq::read_csr_from_file(csr)?;
let leaf_cert_object: LeafCert = LeafCert::new(distinguished_name)?;
let leaf_certificate: X509 = LeafCert::generate_certificate(
let (leaf_certificate, _private_key) = LeafCert::generate_certificate(
leaf_cert_object,
&created_cert,
&created_key,
Expand Down Expand Up @@ -309,38 +362,61 @@ pub fn generate(
state: state.clone(),
};
let leaf_cert_object: LeafCert = LeafCert::new(distinguished_name)?;
let leaf_certificate: X509 = LeafCert::generate_certificate(
let (leaf_certificate, private_key) = LeafCert::generate_certificate(
leaf_cert_object,
&created_cert,
&created_key,
None,
)?;
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
if !output_path.exists() {
fs::create_dir_all(output_path)?;
}
let output_path: PathBuf = if output_path.is_absolute() {
output_path.to_path_buf()
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
if let Some(private_key) = private_key {
if let Some(output) = &output {
let output_path: &Path = Path::new(output);
if !output_path.exists() {
fs::create_dir_all(output_path)?;
}
let output_path: PathBuf = if output_path.is_absolute() {
output_path.to_path_buf()
} else {
std::env::current_dir()?.join(output_path)
};
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf =
output_path.join(format!("{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
LeafCert::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
let key_file_name: PathBuf =
output_path.join(format!("{}-key.pem", domain));
let key_file_name_str: Option<&str> = key_file_name.to_str();
if let Some(key_file_name_str) = key_file_name_str {
LeafCert::save_key(&private_key, key_file_name_str)?;
} else {
eprintln!("Error: Error creating file for key : {}", domain);
}
}
} else {
let output_path: PathBuf = std::env::current_dir()?;
let file_name: PathBuf = output_path.join(format!("{}.pem", domain));
let file_name_str: Option<&str> = file_name.to_str();
if let Some(file_name_str) = file_name_str {
LeafCert::save_cert(&leaf_certificate, file_name_str)?;
} else {
eprintln!("Error: Error creating file for domain : {}", domain);
}
eprintln!(
"Oops! We lost your private key for domain {}. Please try again!",
domain
)
}
}
}
Expand Down
5 changes: 5 additions & 0 deletions core/src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,11 @@ fn main() {
std::process::exit(1);
}

if request && csr.is_some() {
eprint!("Error: `--req-only` and `csr` are incompatible. You can't generate requests from a request certificate.");
std::process::exit(1);
}

let _ = generate(
domains, noca, csr, certfile, keyfile, country, commonname, state, output,
request,
Expand Down
3 changes: 2 additions & 1 deletion core/src/x509/ca_cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,8 @@ impl CACert {
}

pub fn save_key(key: &PKey<Private>, path: &str) -> X509Result<()> {
let mut file: File = File::create(path).unwrap();
let mut file: File = File::create(path)
.map_err(|err: io::Error| X509Error::X509PEMFileCreationError(err))?;
file.write_all(
&key.private_key_to_pem_pkcs8()
.map_err(|err: ErrorStack| X509Error::PKCS8EncodingError(err))?,
Expand Down
15 changes: 13 additions & 2 deletions core/src/x509/ca_req.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ pub struct CAReq {
}

impl Certificate for CAReq {
type Output = X509Req;
type Output = (X509Req, PKey<Private>);
fn new(distinguished_name: DistinguishedName) -> X509Result<Self> {
match generate_cert_key_pair() {
Ok((rsa_priv, pkey)) => Ok(CAReq {
Expand Down Expand Up @@ -50,7 +50,7 @@ impl Certificate for CAReq {
.map_err(|err: ErrorStack| {
X509Error::X509CertificateBuilerEntryError(err, "Sign".to_string())
})?;
Ok(cert_req.build())
Ok((cert_req.build(), self.pkey))
}
}

Expand Down Expand Up @@ -79,4 +79,15 @@ impl CAReq {
})?;
Ok(csr)
}

pub fn save_key(key: &PKey<Private>, path: &str) -> X509Result<()> {
let mut file: File = File::create(path)
.map_err(|err: io::Error| X509Error::X509PEMFileCreationError(err))?;
file.write_all(
&key.private_key_to_pem_pkcs8()
.map_err(|err: ErrorStack| X509Error::PKCS8EncodingError(err))?,
)
.map_err(|err: io::Error| X509Error::X509WriteToFileError(err))?;
Ok(())
}
}
Loading

0 comments on commit bc14217

Please sign in to comment.