Add binary agnos-generate-accounts-keys

krtab · krtab · commit 1fa16fe1a50d · 2023-03-02T13:42:28.000+01:00
Closes: #21
diff --git a/README.md b/README.md
@@ -121,6 +121,8 @@ or if you prefer a larger key:
 openssl genrsa 4096 > /path/to/store/the/key.pem
 ```
 
+Alternatively, you can use the provided `agnos-generate-accounts-keys` binary to automatically generate private keys for the accounts listed in the configuration file.
+
 ## Agnos configuration
 
 Agnos is configured via a single [TOML](https://toml.io/) file. A commented example is available in [config_example.toml](https://github.com/krtab/agnos/blob/main/config_example.toml).
diff --git a/src/bin/agnos-generate-accounts-keys.rs b/src/bin/agnos-generate-accounts-keys.rs
@@ -0,0 +1,68 @@
+use std::io::Write;
+
+use agnos::config::Config;
+use clap::{Arg, ArgAction};
+
+fn main() -> anyhow::Result<()> {
+    let mut stdin_lines = std::io::stdin().lines();
+    let cli_ops = clap::command!()
+        .about("Generate non existing private accounts keys from agnos' configuration.")
+        .arg_required_else_help(true)
+        .arg(
+            Arg::new("config")
+                .required(true)
+                .action(ArgAction::Set)
+                .value_name("config.toml")
+                .help("Path to the configuration file."),
+        )
+        .arg(
+            Arg::new("key-size")
+                .long("key-size")
+                .action(ArgAction::Set)
+                .default_value("4096")
+                .help("Size in bits of the RSA private key.")
+                .value_parser(clap::value_parser!(u32)),
+        )
+        .arg(
+            Arg::new("no-confirm")
+                .long("no-confirm")
+                .action(ArgAction::SetTrue)
+                .help("Do not prompt user and create all non-existing keys."),
+        )
+        .get_matches();
+    let key_size = cli_ops.get_one("key-size").unwrap();
+    let no_confirm = cli_ops.get_flag("no-confirm");
+    let config_file = std::fs::read_to_string(cli_ops.get_one::<String>("config").unwrap())?;
+    let config: Config = toml::from_str(&config_file)?;
+    'accounts_loop: for account in config.accounts {
+        if !account.private_key_path.exists() {
+            println!(
+                "Private key for account <{}> expected to be located at {} does not exist.",
+                account.email,
+                account.private_key_path.display()
+            );
+            if !no_confirm {
+                'input_loop: loop {
+                    print!("Do you want to create it? (y(es) | n(o) -- default: yes)? ");
+                    std::io::stdout().flush()?;
+                    let l = match stdin_lines.next() {
+                        None => return Ok(()),
+                        Some(l) => l?,
+                    };
+                    match l.trim() {
+                        "" | "y" | "yes" | "Y" | "YES" => break 'input_loop,
+                        "n" | "no" | "N" | "NO" => continue 'accounts_loop,
+                        _ => continue 'input_loop,
+                    }
+                }
+            }
+            print!("Generating private key... ");
+            std::io::stdout().flush()?;
+            let key = openssl::rsa::Rsa::generate(*key_size)?;
+            let pem = key.private_key_to_pem()?;
+            std::fs::write(account.private_key_path, &pem)?;
+            println!("Private key generated!")
+        }
+    }
+    Ok(())
+}
diff --git a/src/main_logic.rs b/src/main_logic.rs
@@ -65,6 +65,14 @@ pub async fn process_config_account(
 ) -> anyhow::Result<()> {
     tracing::info!("Processing account {}", &config_account.email);
     let priv_key = {
+        if !config_account.private_key_path.exists() {
+            bail!(
+                "Private key for account <{}>, expected to be located at {} does not exist. \
+                Consider generating it with agnos-generate-accounts-keys.",
+                config_account.email,
+                config_account.private_key_path.display()
+            )
+        }
         let buf = tokio::fs::read(&config_account.private_key_path).await?;
         openssl::pkey::PKey::private_key_from_pem(&buf)?
     };
diff --git a/test-docker/agnos/Dockerfile b/test-docker/agnos/Dockerfile
@@ -12,16 +12,15 @@ FROM chef AS builder
 COPY --from=planner /app/recipe.json recipe.json
 # Build dependencies - this is the caching Docker layer!
 RUN cargo chef cook --recipe-path recipe.json
-RUN openssl genrsa 2048 > priv_key_1.pem
-RUN openssl genrsa 2048 > priv_key_2.pem
 RUN wget https://raw.githubusercontent.com/letsencrypt/pebble/main/test/certs/pebble.minica.pem -O pebbleCA.pem
 RUN wget https://raw.githubusercontent.com/vishnubob/wait-for-it/master/wait-for-it.sh -O wait-for-it.sh
 # Build application
 COPY ./src ./src
 COPY ./Cargo.toml ./Cargo.lock ./
 COPY ./test-docker/agnos/config_test.toml ./test-docker/agnos/config_test.toml
 
-RUN cargo build  --bin agnos
+RUN cargo build  --bins
+RUN /app/target/debug/agnos-generate-accounts-keys --key-size 2048 --no-confirm test-docker/agnos/config_test.toml
 
 EXPOSE 53/tcp 53/udp
 
