Added the HTTPs client to OVHClient to remove this lengthy argument always passed alongside it to simplify the arguments required for functions
Signed-off-by: Louis Vallat <louis@louis-vallat.xyz>
This commit is contained in:
parent
76c23edfab
commit
4d51571e9b
45
src/main.rs
45
src/main.rs
@ -1,5 +1,5 @@
|
|||||||
use hyper_tls::HttpsConnector;
|
use hyper_tls::HttpsConnector;
|
||||||
use hyper::{Client, client::HttpConnector};
|
use hyper::Client;
|
||||||
use walkdir::WalkDir;
|
use walkdir::WalkDir;
|
||||||
use crate::{
|
use crate::{
|
||||||
utils::{OVHClient, get_delta, get_subdomain_zone_domain_from_pem, compute_certificate, get_hash_from_cert},
|
utils::{OVHClient, get_delta, get_subdomain_zone_domain_from_pem, compute_certificate, get_hash_from_cert},
|
||||||
@ -12,31 +12,36 @@ mod utils;
|
|||||||
mod records;
|
mod records;
|
||||||
|
|
||||||
async fn scan_and_update_whole_folder(base_cert_dir: &str, list: &List,
|
async fn scan_and_update_whole_folder(base_cert_dir: &str, list: &List,
|
||||||
ovh_client: &OVHClient, issuer_hash: &str,
|
ovh_client: &OVHClient, issuer_hash: &str) {
|
||||||
client: &Client<HttpsConnector<HttpConnector>>) {
|
|
||||||
let interesting_records = vec!["A", "AAAA", "MX", "CNAME"];
|
let interesting_records = vec!["A", "AAAA", "MX", "CNAME"];
|
||||||
|
|
||||||
for entry in WalkDir::new(base_cert_dir).into_iter().filter_map(|e| e.ok()) {
|
for entry in WalkDir::new(base_cert_dir).into_iter().filter_map(|e| e.ok()) {
|
||||||
if !entry.path().ends_with("cert.pem") { continue; }
|
if !entry.path().ends_with("cert.pem") { continue; }
|
||||||
|
|
||||||
println!("Found certificate! Located at '{}'.", entry.path().display());
|
println!("Found certificate! Located at '{}'.", entry.path().display());
|
||||||
let (subdomain, zone, domain) = get_subdomain_zone_domain_from_pem(entry.path(), base_cert_dir, list);
|
let (subdomain, zone, domain) =
|
||||||
let (subdomain, zone, domain) = (subdomain.as_str(), zone.as_str(), domain.as_str());
|
get_subdomain_zone_domain_from_pem(entry.path(), base_cert_dir, list);
|
||||||
|
let (subdomain, zone, domain) =
|
||||||
|
(subdomain.as_str(), zone.as_str(), domain.as_str());
|
||||||
println!("Computing domain '{}', which has domain '{}' and subdomain '{}'.",
|
println!("Computing domain '{}', which has domain '{}' and subdomain '{}'.",
|
||||||
domain, zone, subdomain);
|
domain, zone, subdomain);
|
||||||
let records = get_all_records_from_zone(&ovh_client, &client, zone, subdomain)
|
|
||||||
|
let records = get_all_records_from_zone(&ovh_client, zone, subdomain)
|
||||||
.await;
|
.await;
|
||||||
if !records.iter().any(|r| interesting_records.contains(&r.field_type.as_str())) {
|
if !records.iter().any(|r| interesting_records.contains(&r.field_type.as_str())) {
|
||||||
println!("\tDomain '{}' has no known interesting record. Flushing.", domain);
|
println!("\tDomain '{}' has no known interesting record. Flushing.",
|
||||||
flush_tlsa_record_for_subdomain(&ovh_client, &client, zone, subdomain).await;
|
domain);
|
||||||
|
flush_tlsa_record_for_subdomain(&ovh_client, zone, subdomain).await;
|
||||||
println!();
|
println!();
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
compute_certificate(ovh_client, client, &entry.path(), base_cert_dir, issuer_hash, list).await;
|
compute_certificate(ovh_client, &entry.path(), base_cert_dir, issuer_hash,
|
||||||
|
list).await;
|
||||||
println!();
|
println!();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn watch_folder(base_cert_dir: &str, ovh_client: &OVHClient, list: &List,
|
async fn watch_folder(base_cert_dir: &str, ovh_client: &OVHClient, list: &List,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
|
||||||
rx: &Receiver<RawEvent>, issuer_hash: &str) {
|
rx: &Receiver<RawEvent>, issuer_hash: &str) {
|
||||||
loop {
|
loop {
|
||||||
match rx.recv() {
|
match rx.recv() {
|
||||||
@ -44,15 +49,18 @@ async fn watch_folder(base_cert_dir: &str, ovh_client: &OVHClient, list: &List,
|
|||||||
if !path.ends_with("cert.pem")
|
if !path.ends_with("cert.pem")
|
||||||
|| (op != Op::CLOSE_WRITE && op != Op::REMOVE) { continue; }
|
|| (op != Op::CLOSE_WRITE && op != Op::REMOVE) { continue; }
|
||||||
if op == Op::CLOSE_WRITE {
|
if op == Op::CLOSE_WRITE {
|
||||||
println!("Certificate '{}' modified or created. Updating.", path.display());
|
println!("Certificate '{}' modified or created. Updating.",
|
||||||
compute_certificate(ovh_client, client, &path.as_path(), base_cert_dir, issuer_hash, list).await;
|
path.display());
|
||||||
|
compute_certificate(ovh_client, &path.as_path(), base_cert_dir,
|
||||||
|
issuer_hash, list).await;
|
||||||
}
|
}
|
||||||
if op == Op::REMOVE {
|
if op == Op::REMOVE {
|
||||||
println!("Certificate '{}' deleted. Flushing.", path.display());
|
println!("Certificate '{}' deleted. Flushing.", path.display());
|
||||||
let (subdomain, zone, _) =
|
let (subdomain, zone, _) =
|
||||||
get_subdomain_zone_domain_from_pem(&path.as_path(), base_cert_dir, list);
|
get_subdomain_zone_domain_from_pem(&path.as_path(),
|
||||||
|
base_cert_dir, list);
|
||||||
let (subdomain, zone) = (subdomain.as_str(), zone.as_str());
|
let (subdomain, zone) = (subdomain.as_str(), zone.as_str());
|
||||||
flush_tlsa_record_for_subdomain(ovh_client, client, zone,
|
flush_tlsa_record_for_subdomain(ovh_client, zone,
|
||||||
subdomain).await;
|
subdomain).await;
|
||||||
}
|
}
|
||||||
println!();
|
println!();
|
||||||
@ -65,7 +73,6 @@ async fn watch_folder(base_cert_dir: &str, ovh_client: &OVHClient, list: &List,
|
|||||||
|
|
||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
async fn main() {
|
async fn main() {
|
||||||
let client = Client::builder().build::<_, hyper::Body>(HttpsConnector::new());
|
|
||||||
let list = List::fetch().unwrap();
|
let list = List::fetch().unwrap();
|
||||||
|
|
||||||
let base_cert_dir = "/etc/nginx/certs/";
|
let base_cert_dir = "/etc/nginx/certs/";
|
||||||
@ -79,20 +86,22 @@ async fn main() {
|
|||||||
.expect("Missing key value 'OVH_CONSUMER_KEY'."),
|
.expect("Missing key value 'OVH_CONSUMER_KEY'."),
|
||||||
endpoint: env::var("OVH_API_ENDPOINT")
|
endpoint: env::var("OVH_API_ENDPOINT")
|
||||||
.expect("Missing key value 'OVH_API_ENDPOINT'."),
|
.expect("Missing key value 'OVH_API_ENDPOINT'."),
|
||||||
|
client:
|
||||||
|
Client::builder().build::<_, hyper::Body>(HttpsConnector::new()),
|
||||||
delta: 0
|
delta: 0
|
||||||
};
|
};
|
||||||
|
|
||||||
let (tx, rx) = channel();
|
let (tx, rx) = channel();
|
||||||
let mut watcher = raw_watcher(tx).unwrap();
|
let mut watcher = raw_watcher(tx).unwrap();
|
||||||
watcher.watch(base_cert_dir, RecursiveMode::Recursive).unwrap();
|
watcher.watch(base_cert_dir, RecursiveMode::Recursive).unwrap();
|
||||||
ovh_client.delta = get_delta(&ovh_client, &client).await;
|
ovh_client.delta = get_delta(&ovh_client).await;
|
||||||
println!("Delta time is {}", ovh_client.delta);
|
println!("Delta time is {}", ovh_client.delta);
|
||||||
println!("Starting initialization procedure.");
|
println!("Starting initialization procedure.");
|
||||||
|
|
||||||
scan_and_update_whole_folder(base_cert_dir, &list, &ovh_client,
|
scan_and_update_whole_folder(base_cert_dir, &list, &ovh_client,
|
||||||
issuer_hash.as_str(), &client).await;
|
issuer_hash.as_str()).await;
|
||||||
|
|
||||||
println!("Initializing sequence finished. Entering sentinel mode.");
|
println!("Initializing sequence finished. Entering sentinel mode.");
|
||||||
watch_folder(base_cert_dir, &ovh_client, &list, &client, &rx, issuer_hash.as_str()).await;
|
watch_folder(base_cert_dir, &ovh_client, &list, &rx, issuer_hash.as_str()).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
102
src/records.rs
102
src/records.rs
@ -1,5 +1,4 @@
|
|||||||
use hyper::{Method, Client, client::HttpConnector};
|
use hyper::Method;
|
||||||
use hyper_tls::HttpsConnector;
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
use serde_json::{from_str, json};
|
use serde_json::{from_str, json};
|
||||||
use crate::utils::{OVHClient, build_request, body_to_str, get_tlsa_subdomain};
|
use crate::utils::{OVHClient, build_request, body_to_str, get_tlsa_subdomain};
|
||||||
@ -17,128 +16,121 @@ pub struct Record {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
pub async fn get_record_from_zone(ovh_client: &OVHClient,
|
pub async fn get_record_from_zone(ovh_client: &OVHClient, zone: &str, id: u64)
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
-> Record {
|
||||||
zone: &str, id: u64) -> Record {
|
|
||||||
let req = build_request(ovh_client, &Method::GET,
|
let req = build_request(ovh_client, &Method::GET,
|
||||||
format!("/domain/zone/{}/record/{}",
|
format!("/domain/zone/{}/record/{}", zone, id)
|
||||||
zone, id).as_str(), "");
|
.as_str(), "");
|
||||||
let res = client.request(req).await.unwrap();
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
return from_str(body_to_str(res.into_body()).await.as_str()).unwrap();
|
return from_str(body_to_str(res.into_body()).await.as_str()).unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_records_from_zone(ovh_client: &OVHClient,
|
pub async fn get_records_from_zone(ovh_client: &OVHClient, zone: &str,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
field: &str, subdomain: &str) -> Vec<Record> {
|
||||||
zone: &str, field: &str, subdomain: &str) -> Vec<Record> {
|
|
||||||
let req = build_request(ovh_client, &Method::GET,
|
let req = build_request(ovh_client, &Method::GET,
|
||||||
format!("/domain/zone/{}/record?fieldType={}&subDomain={}",
|
format!("/domain/zone/{}/record?fieldType={}&subDomain={}",
|
||||||
zone, field, subdomain).as_str(), "");
|
zone, field, subdomain).as_str(), "");
|
||||||
let res = client.request(req).await.unwrap();
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
let array: Vec<u64> = from_str(body_to_str(res.into_body()).await.as_str()).unwrap();
|
let array: Vec<u64> = from_str(body_to_str(res.into_body()).await.as_str())
|
||||||
|
.unwrap();
|
||||||
let mut records = vec![];
|
let mut records = vec![];
|
||||||
for i in array {
|
for i in array {
|
||||||
records.push(get_record_from_zone(ovh_client, client, zone, i).await);
|
records.push(get_record_from_zone(ovh_client, zone, i).await);
|
||||||
}
|
}
|
||||||
return records;
|
return records;
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_all_records_from_zone(ovh_client: &OVHClient,
|
pub async fn get_all_records_from_zone(ovh_client: &OVHClient, zone: &str,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
subdomain: &str) -> Vec<Record> {
|
||||||
zone: &str, subdomain: &str) -> Vec<Record> {
|
|
||||||
let req = build_request(ovh_client, &Method::GET,
|
let req = build_request(ovh_client, &Method::GET,
|
||||||
format!("/domain/zone/{}/record?&subDomain={}",
|
format!("/domain/zone/{}/record?&subDomain={}",
|
||||||
zone, subdomain).as_str(), "");
|
zone, subdomain).as_str(), "");
|
||||||
let res = client.request(req).await.unwrap();
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
let array: Vec<u64> = from_str(body_to_str(res.into_body()).await.as_str()).unwrap();
|
let array: Vec<u64> = from_str(body_to_str(res.into_body()).await.as_str())
|
||||||
|
.unwrap();
|
||||||
let mut records = vec![];
|
let mut records = vec![];
|
||||||
for i in array {
|
for i in array {
|
||||||
records.push(get_record_from_zone(ovh_client, client, zone, i).await);
|
records.push(get_record_from_zone(ovh_client, zone, i).await);
|
||||||
}
|
}
|
||||||
return records;
|
return records;
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn add_record_to_zone(ovh_client: &OVHClient,
|
pub async fn add_record_to_zone(ovh_client: &OVHClient, zone: &str, record: &Record)
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
-> Record {
|
||||||
zone: &str, record: &Record) -> Record {
|
|
||||||
let req = build_request(ovh_client, &Method::POST,
|
let req = build_request(ovh_client, &Method::POST,
|
||||||
format!("/domain/zone/{}/record", zone).as_str(),
|
format!("/domain/zone/{}/record", zone).as_str(),
|
||||||
serde_json::to_string(record).unwrap().as_str());
|
serde_json::to_string(record).unwrap().as_str());
|
||||||
let res = client.request(req).await.unwrap();
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
return from_str(body_to_str(res.into_body()).await.as_str()).unwrap();
|
return from_str(body_to_str(res.into_body()).await.as_str()).unwrap();
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn update_record_in_zone(ovh_client: &OVHClient,
|
pub async fn update_record_in_zone(ovh_client: &OVHClient, zone: &str,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
record: &Record) {
|
||||||
zone: &str, record: &Record) {
|
|
||||||
let req = build_request(ovh_client, &Method::PUT,
|
let req = build_request(ovh_client, &Method::PUT,
|
||||||
format!("/domain/zone/{}/record/{}", zone, record.id).as_str(),
|
format!("/domain/zone/{}/record/{}", zone, record.id)
|
||||||
json!({"subDomain": record.sub_domain,
|
.as_str(), json!({"subDomain": record.sub_domain,
|
||||||
"target": record.target, "ttl": record.ttl}).to_string().as_str());
|
"target": record.target, "ttl": record.ttl})
|
||||||
let res = client.request(req).await.unwrap();
|
.to_string().as_str());
|
||||||
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn delete_record_from_zone(ovh_client: &OVHClient,
|
pub async fn delete_record_from_zone(ovh_client: &OVHClient, zone: &str, id: u64) {
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
|
||||||
zone: &str, id: u64) {
|
|
||||||
let req = build_request(ovh_client, &Method::DELETE,
|
let req = build_request(ovh_client, &Method::DELETE,
|
||||||
format!("/domain/zone/{}/record/{}", zone, id).as_str(),
|
format!("/domain/zone/{}/record/{}", zone, id).as_str(),
|
||||||
"");
|
"");
|
||||||
let res = client.request(req).await.unwrap();
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn refresh_zone(ovh_client: &OVHClient, client: &Client<HttpsConnector<HttpConnector>>,
|
pub async fn refresh_zone(ovh_client: &OVHClient, zone: &str) {
|
||||||
zone: &str) {
|
|
||||||
let req = build_request(ovh_client, &Method::POST,
|
let req = build_request(ovh_client, &Method::POST,
|
||||||
format!("/domain/zone/{}/refresh", zone).as_str(),
|
format!("/domain/zone/{}/refresh", zone).as_str(), "");
|
||||||
"");
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
let res = client.request(req).await.unwrap();
|
|
||||||
assert!(res.status().is_success());
|
assert!(res.status().is_success());
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn flush_tlsa_record_for_subdomain(ovh_client: &OVHClient,
|
pub async fn flush_tlsa_record_for_subdomain(ovh_client: &OVHClient, zone: &str,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
subdomain: &str) {
|
||||||
zone: &str, subdomain: &str) {
|
let mut tlsa = get_records_from_zone(ovh_client, zone, "TLSA",
|
||||||
let mut tlsa = get_records_from_zone(ovh_client, client, zone, "TLSA",
|
|
||||||
get_tlsa_subdomain(subdomain, 25, "tcp")
|
get_tlsa_subdomain(subdomain, 25, "tcp")
|
||||||
.as_str()).await;
|
.as_str()).await;
|
||||||
tlsa.append(&mut get_records_from_zone(ovh_client, client, zone, "TLSA",
|
tlsa.append(&mut get_records_from_zone(ovh_client, zone, "TLSA",
|
||||||
get_tlsa_subdomain(subdomain, 443, "tcp")
|
get_tlsa_subdomain(subdomain, 443, "tcp")
|
||||||
.as_str()).await);
|
.as_str()).await);
|
||||||
for record in tlsa {
|
for record in tlsa {
|
||||||
delete_record_from_zone(ovh_client, client, zone, record.id).await;
|
delete_record_from_zone(ovh_client, zone, record.id).await;
|
||||||
}
|
}
|
||||||
refresh_zone(ovh_client, client, zone).await;
|
refresh_zone(ovh_client, zone).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn update_tlsa_for_subdomain(ovh_client: &OVHClient,
|
pub async fn update_tlsa_for_subdomain(ovh_client: &OVHClient, zone: &str,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
subdomain: &str, hash: &str,
|
||||||
zone: &str, subdomain: &str, hash: &str,
|
|
||||||
issuer_hash: &str, port: u32, protocol: &str) {
|
issuer_hash: &str, port: u32, protocol: &str) {
|
||||||
let tlsa_subdomain = get_tlsa_subdomain(subdomain, port, protocol);
|
let tlsa_subdomain = get_tlsa_subdomain(subdomain, port, protocol);
|
||||||
let records = get_records_from_zone(ovh_client, client, zone, "TLSA", &tlsa_subdomain).await;
|
let records = get_records_from_zone(ovh_client, zone, "TLSA", &tlsa_subdomain)
|
||||||
|
.await;
|
||||||
for record in records {
|
for record in records {
|
||||||
delete_record_from_zone(ovh_client, client, zone, record.id).await;
|
delete_record_from_zone(ovh_client, zone, record.id).await;
|
||||||
}
|
}
|
||||||
add_record_to_zone(ovh_client, client, zone, &Record {
|
add_record_to_zone(ovh_client, zone, &Record {
|
||||||
sub_domain: get_tlsa_subdomain(subdomain, port, protocol),
|
sub_domain: get_tlsa_subdomain(subdomain, port, protocol),
|
||||||
target: format!("3 1 1 {}", hash).to_string(),
|
target: format!("3 1 1 {}", hash).to_string(),
|
||||||
field_type: "TLSA".to_string(),
|
field_type: "TLSA".to_string(),
|
||||||
ttl: 0,
|
ttl: 0,
|
||||||
id: 0
|
id: 0
|
||||||
}).await;
|
}).await;
|
||||||
add_record_to_zone(ovh_client, client, zone, &Record {
|
add_record_to_zone(ovh_client, zone, &Record {
|
||||||
sub_domain: get_tlsa_subdomain(subdomain, port, protocol),
|
sub_domain: get_tlsa_subdomain(subdomain, port, protocol),
|
||||||
target: format!("2 1 1 {}", issuer_hash).to_string(),
|
target: format!("2 1 1 {}", issuer_hash).to_string(),
|
||||||
field_type: "TLSA".to_string(),
|
field_type: "TLSA".to_string(),
|
||||||
ttl: 0,
|
ttl: 0,
|
||||||
id: 0
|
id: 0
|
||||||
}).await;
|
}).await;
|
||||||
refresh_zone(ovh_client, client, zone).await;
|
refresh_zone(ovh_client, zone).await;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
41
src/utils.rs
41
src/utils.rs
@ -10,6 +10,7 @@ pub struct OVHClient {
|
|||||||
pub app_secret: String,
|
pub app_secret: String,
|
||||||
pub consumer_key: String,
|
pub consumer_key: String,
|
||||||
pub endpoint: String,
|
pub endpoint: String,
|
||||||
|
pub client: Client<HttpsConnector<HttpConnector>>,
|
||||||
pub delta: i64
|
pub delta: i64
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -34,7 +35,8 @@ pub fn get_signature(ovh_client: &OVHClient, method: &Method, query: &str, body:
|
|||||||
return format!("$1${}", sha1::Sha1::from(stringapi).hexdigest());
|
return format!("$1${}", sha1::Sha1::from(stringapi).hexdigest());
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn build_request(ovh_client: &OVHClient, method: &Method, uri: &str, body: &str) -> Request<Body> {
|
pub fn build_request(ovh_client: &OVHClient, method: &Method, uri: &str, body: &str)
|
||||||
|
-> Request<Body> {
|
||||||
return Request::builder()
|
return Request::builder()
|
||||||
.method(method)
|
.method(method)
|
||||||
.uri(ovh_client.endpoint.clone() + uri)
|
.uri(ovh_client.endpoint.clone() + uri)
|
||||||
@ -42,17 +44,18 @@ pub fn build_request(ovh_client: &OVHClient, method: &Method, uri: &str, body: &
|
|||||||
.header("X-Ovh-Timestamp", SystemTime::now().duration_since(UNIX_EPOCH)
|
.header("X-Ovh-Timestamp", SystemTime::now().duration_since(UNIX_EPOCH)
|
||||||
.unwrap().as_secs() as i64 + ovh_client.delta)
|
.unwrap().as_secs() as i64 + ovh_client.delta)
|
||||||
.header("X-Ovh-Consumer", ovh_client.consumer_key.clone())
|
.header("X-Ovh-Consumer", ovh_client.consumer_key.clone())
|
||||||
.header("X-Ovh-Signature", get_signature(ovh_client, method,
|
.header("X-Ovh-Signature",
|
||||||
format!("{}{}",
|
get_signature(ovh_client, method,
|
||||||
ovh_client.endpoint, uri).as_str(), body))
|
format!("{}{}", ovh_client.endpoint, uri)
|
||||||
|
.as_str(), body))
|
||||||
.header("Content-Type", "application/json;charset=utf-8")
|
.header("Content-Type", "application/json;charset=utf-8")
|
||||||
.body(Body::from(body.to_string()))
|
.body(Body::from(body.to_string()))
|
||||||
.expect(uri);
|
.expect(uri);
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn get_delta(ovh_client: &OVHClient, client: &Client<HttpsConnector<HttpConnector>>) -> i64 {
|
pub async fn get_delta(ovh_client: &OVHClient) -> i64 {
|
||||||
let req = build_request(&ovh_client, &Method::GET, "/auth/time", "");
|
let req = build_request(&ovh_client, &Method::GET, "/auth/time", "");
|
||||||
let res = client.request(req).await.unwrap();
|
let res = ovh_client.client.request(req).await.unwrap();
|
||||||
let s = res.status();
|
let s = res.status();
|
||||||
assert!(s.is_success());
|
assert!(s.is_success());
|
||||||
let b = body_to_str(res.into_body()).await.parse::<i64>().unwrap();
|
let b = body_to_str(res.into_body()).await.parse::<i64>().unwrap();
|
||||||
@ -60,9 +63,12 @@ pub async fn get_delta(ovh_client: &OVHClient, client: &Client<HttpsConnector<Ht
|
|||||||
}
|
}
|
||||||
|
|
||||||
pub fn get_hash_from_cert(path: &str) -> String {
|
pub fn get_hash_from_cert(path: &str) -> String {
|
||||||
let certificate = std::fs::read_to_string(path).expect("Something went wrong reading certificate file.");
|
let certificate = std::fs::read_to_string(path)
|
||||||
let public_key = X509::from_pem(certificate.as_bytes()).unwrap().public_key().unwrap();
|
.expect("Something went wrong reading certificate file.");
|
||||||
let hashed = hash(MessageDigest::sha256(), &public_key.public_key_to_der().unwrap()).unwrap();
|
let public_key = X509::from_pem(certificate.as_bytes()).unwrap().public_key()
|
||||||
|
.unwrap();
|
||||||
|
let hashed = hash(MessageDigest::sha256(), &public_key.public_key_to_der().unwrap())
|
||||||
|
.unwrap();
|
||||||
let mut res = String::with_capacity(64);
|
let mut res = String::with_capacity(64);
|
||||||
for byte in &*hashed {
|
for byte in &*hashed {
|
||||||
write!(&mut res, "{:02x}", byte).unwrap();
|
write!(&mut res, "{:02x}", byte).unwrap();
|
||||||
@ -77,22 +83,23 @@ pub fn get_tlsa_subdomain(subdomain: &str, port: u32, protocol: &str) -> String
|
|||||||
subdomain);
|
subdomain);
|
||||||
}
|
}
|
||||||
|
|
||||||
pub async fn compute_certificate(ovh_client: &OVHClient,
|
pub async fn compute_certificate(ovh_client: &OVHClient, path: &Path,
|
||||||
client: &Client<HttpsConnector<HttpConnector>>,
|
base_cert_dir: &str, issuer_hash: &str, list: &List) {
|
||||||
path: &Path, base_cert_dir: &str, issuer_hash: &str, list: &List) {
|
let (subdomain, zone, domain) =
|
||||||
let (subdomain, zone, domain) = get_subdomain_zone_domain_from_pem(path, base_cert_dir, list);
|
get_subdomain_zone_domain_from_pem(path, base_cert_dir, list);
|
||||||
let (subdomain, zone, domain) = (subdomain.as_str(), zone.as_str(), domain.as_str());
|
let (subdomain, zone, domain) =
|
||||||
let records = get_all_records_from_zone(&ovh_client, &client, zone, subdomain).await;
|
(subdomain.as_str(), zone.as_str(), domain.as_str());
|
||||||
|
let records = get_all_records_from_zone(&ovh_client, zone, subdomain).await;
|
||||||
let hash = get_hash_from_cert(path.to_str().unwrap());
|
let hash = get_hash_from_cert(path.to_str().unwrap());
|
||||||
if records.iter().any(|r| r.field_type == "A" || r.field_type == "AAAA"
|
if records.iter().any(|r| r.field_type == "A" || r.field_type == "AAAA"
|
||||||
|| r.field_type == "CNAME") {
|
|| r.field_type == "CNAME") {
|
||||||
println!("\tDomain '{}' is associated with website. Updating.", domain);
|
println!("\tDomain '{}' is associated with website. Updating.", domain);
|
||||||
update_tlsa_for_subdomain(&ovh_client, &client, zone, subdomain,
|
update_tlsa_for_subdomain(&ovh_client, zone, subdomain,
|
||||||
hash.as_str(), issuer_hash, 443, "tcp").await;
|
hash.as_str(), issuer_hash, 443, "tcp").await;
|
||||||
}
|
}
|
||||||
if records.iter().any(|r| r.field_type == "MX" && r.sub_domain == subdomain) {
|
if records.iter().any(|r| r.field_type == "MX" && r.sub_domain == subdomain) {
|
||||||
println!("\tDomain '{}' is associated with mail. Updating.", domain);
|
println!("\tDomain '{}' is associated with mail. Updating.", domain);
|
||||||
update_tlsa_for_subdomain(&ovh_client, &client, zone, subdomain,
|
update_tlsa_for_subdomain(&ovh_client, zone, subdomain,
|
||||||
hash.as_str(), issuer_hash, 25, "tcp").await;
|
hash.as_str(), issuer_hash, 25, "tcp").await;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user