Browse Source

Add option to customize file extension

pull/154/head
famfo 7 months ago
parent
commit
76a5ba885d
Failed to extract signature
  1. 16
      acmed/src/config.rs
  2. 4
      acmed/src/main_event_loop.rs
  3. 11
      acmed/src/storage.rs
  4. 11
      man/en/acmed.toml.5

16
acmed/src/config.rs

@ -147,6 +147,13 @@ impl Config {
}
}
pub fn get_cert_file_ext(&self) -> Option<String> {
match &self.global {
Some(g) => g.cert_file_ext.to_owned(),
None => None,
}
}
pub fn get_pk_file_mode(&self) -> u32 {
match &self.global {
Some(g) => match g.pk_file_mode {
@ -170,6 +177,13 @@ impl Config {
None => None,
}
}
pub fn get_pk_file_ext(&self) -> Option<String> {
match &self.global {
Some(g) => g.pk_file_ext.to_owned(),
None => None,
}
}
}
#[derive(Clone, Deserialize)]
@ -179,6 +193,7 @@ pub struct GlobalOptions {
pub cert_file_group: Option<String>,
pub cert_file_mode: Option<u32>,
pub cert_file_user: Option<String>,
pub cert_file_ext: Option<String>,
pub certificates_directory: Option<String>,
#[serde(default)]
pub env: HashMap<String, String>,
@ -186,6 +201,7 @@ pub struct GlobalOptions {
pub pk_file_group: Option<String>,
pub pk_file_mode: Option<u32>,
pub pk_file_user: Option<String>,
pub pk_file_ext: Option<String>,
pub random_early_renew: Option<String>,
pub renew_delay: Option<String>,
pub root_certificates: Option<Vec<String>>,

4
acmed/src/main_event_loop.rs

@ -57,9 +57,11 @@ impl MainEventLoop {
cert_file_mode: cnf.get_cert_file_mode(),
cert_file_owner: cnf.get_cert_file_user(),
cert_file_group: cnf.get_cert_file_group(),
cert_file_ext: cnf.get_cert_file_ext(),
pk_file_mode: cnf.get_pk_file_mode(),
pk_file_owner: cnf.get_pk_file_user(),
pk_file_group: cnf.get_pk_file_group(),
pk_file_ext: cnf.get_pk_file_ext(),
hooks: acc
.get_hooks(&cnf)?
.iter()
@ -91,9 +93,11 @@ impl MainEventLoop {
cert_file_mode: cnf.get_cert_file_mode(),
cert_file_owner: cnf.get_cert_file_user(),
cert_file_group: cnf.get_cert_file_group(),
cert_file_ext: cnf.get_cert_file_ext(),
pk_file_mode: cnf.get_pk_file_mode(),
pk_file_owner: cnf.get_pk_file_user(),
pk_file_group: cnf.get_pk_file_group(),
pk_file_ext: cnf.get_pk_file_ext(),
hooks: hooks
.iter()
.filter(|h| !h.hook_type.is_disjoint(&file_hooks))

11
acmed/src/storage.rs

@ -22,9 +22,11 @@ pub struct FileManager {
pub cert_file_mode: u32,
pub cert_file_owner: Option<String>,
pub cert_file_group: Option<String>,
pub cert_file_ext: Option<String>,
pub pk_file_mode: u32,
pub pk_file_owner: Option<String>,
pub pk_file_group: Option<String>,
pub pk_file_ext: Option<String>,
pub hooks: Vec<Hook>,
pub env: HashMap<String, String>,
}
@ -93,17 +95,22 @@ fn get_file_full_path(
FileType::PrivateKey => &fm.crt_directory,
FileType::Certificate => &fm.crt_directory,
};
let ext = match file_type {
FileType::Account => "bin".to_string(),
FileType::PrivateKey => fm.pk_file_ext.clone().unwrap_or("pem".to_string()),
FileType::Certificate => fm.cert_file_ext.clone().unwrap_or("pem".to_string()),
};
let file_name = match file_type {
FileType::Account => format!(
"{account}.{file_type}.{ext}",
account = b64_encode(&fm.account_name),
file_type = file_type,
ext = "bin"
ext = ext
),
FileType::PrivateKey | FileType::Certificate => {
let fmt_data = CertFileFormat {
key_type: fm.crt_key_type.to_string(),
ext: "pem".into(),
ext,
file_type: file_type.to_string(),
name: fm.crt_name.to_owned(),
};

11
man/en/acmed.toml.5

@ -136,9 +136,10 @@ element, is used. Default is
Possible variables are:
.Bl -tag
.It Ic ext Ar string
File extension. Currently, only
.Dq pem
is supported.
File extension. See
.Xr cert_file_ext
and
.Xr pk_file_ext
.It Ic file_type Ar string
Contains
.Dq pk
@ -285,6 +286,8 @@ for more details.
Specify the user who will own newly-created certificates files. See
.Xr chown 2
for more details.
.It Cm cert_file_ext Ft string
Specify the file extension of certificate files.
.It Cm certificates_directory Ar string
Specify the directory where the certificates and their associated private keys are stored.
.It Ic env Ar table
@ -307,6 +310,8 @@ for more details.
Specify the user who will own newly-created private-key files. See
.Xr chown 2
for more details.
.It Cm pk_file_ext Ft string
Specify the file extension of private-key files.
.It Cm random_early_renew Ar string
Period of time before the usual certificate renewal, in which the certificate will renew at a random time. This is useful for when
you want to even out your certificate orders when you're dealing with very large numbers of certificates. The format is described in the

Loading…
Cancel
Save