@@ -14,15 +14,15 @@ use cli::{
1414 Docker :: Inject ,
1515 File :: { CopyFromImage , CopyToImage } ,
1616 IdentityConfig :: {
17- SetConfig , SetDeviceCertificate , SetDeviceCertificateNoEst , SetIotLeafSasConfig ,
18- SetIotedgeGatewayConfig ,
17+ SetConfig , SetDeviceCertificate , SetDeviceCertificateNoEst , SetEdgeCaCertificate ,
18+ SetIotLeafSasConfig , SetIotedgeGatewayConfig ,
1919 } ,
2020 IotHubDeviceUpdate :: { self , SetDeviceConfig as IotHubDeviceUpdateSet } ,
2121 SshConfig :: { SetCertificate , SetConnection } ,
2222} ;
2323use file:: { compression:: Compression , functions:: FileCopyToParams } ;
2424use log:: error;
25- use std:: { fs, path:: PathBuf } ;
25+ use std:: { fs, path:: Path , path :: PathBuf } ;
2626use tokio:: fs:: remove_dir_all;
2727use uuid:: Uuid ;
2828
@@ -150,6 +150,46 @@ where
150150 Ok ( ( ) )
151151}
152152
153+ struct CertInfo {
154+ cert_path : PathBuf ,
155+ key_path : PathBuf ,
156+ }
157+
158+ struct CertificateOptions < ' a > {
159+ intermediate_full_chain_cert : & ' a Path ,
160+ intermediate_key : & ' a Path ,
161+ target_cert : & ' a str ,
162+ target_key : & ' a str ,
163+ subject : & ' a str ,
164+ validity_days : u32 ,
165+ }
166+
167+ fn create_image_cert ( image : & Path , cert_opts : CertificateOptions ) -> Result < CertInfo > {
168+ let intermediate_full_chain_cert_str =
169+ std:: fs:: read_to_string ( cert_opts. intermediate_full_chain_cert )
170+ . context ( "create_and_set_image_cert: couldn't read intermediate fullchain cert" ) ?;
171+ let intermediate_key_str = std:: fs:: read_to_string ( cert_opts. intermediate_key )
172+ . context ( "create_and_set_image_cert: couldn't read intermediate key" ) ?;
173+ let crypto = omnect_crypto:: Crypto :: new (
174+ intermediate_key_str. as_bytes ( ) ,
175+ intermediate_full_chain_cert_str. as_bytes ( ) ,
176+ ) ?;
177+ let ( cert_pem, key_pem) = crypto
178+ . create_cert_and_key ( cert_opts. subject , & None , cert_opts. validity_days )
179+ . context ( "create_and_set_image_cert: couldn't create device cert and key" ) ?;
180+
181+ let cert_path = file:: get_file_path ( image, cert_opts. target_cert ) ?;
182+ let key_path = file:: get_file_path ( image, cert_opts. target_key ) ?;
183+
184+ fs:: write ( & cert_path, cert_pem) . context ( "create_and_set_image_cert: write device_cert_path" ) ?;
185+ fs:: write ( & key_path, key_pem) . context ( "create_and_set_image_cert: write device_key_path" ) ?;
186+
187+ Ok ( CertInfo {
188+ cert_path : cert_path. to_path_buf ( ) ,
189+ key_path : key_path. to_path_buf ( ) ,
190+ } )
191+ }
192+
153193pub fn run ( ) -> Result < ( ) > {
154194 match cli:: from_args ( ) {
155195 Command :: Docker ( Inject {
@@ -211,32 +251,55 @@ pub fn run() -> Result<()> {
211251 generate_bmap,
212252 compress_image,
213253 } ) => {
214- let intermediate_full_chain_cert_str =
215- std:: fs:: read_to_string ( & intermediate_full_chain_cert)
216- . context ( "couldn't read intermediate fullchain cert" ) ?;
217- let intermediate_key_str = std:: fs:: read_to_string ( intermediate_key)
218- . context ( "couldn't read intermediate key" ) ?;
219- let crypto = omnect_crypto:: Crypto :: new (
220- intermediate_key_str. as_bytes ( ) ,
221- intermediate_full_chain_cert_str. as_bytes ( ) ,
222- ) ?;
223- let ( device_cert_pem, device_key_pem) = crypto
224- . create_cert_and_key ( & device_id, & None , days)
225- . context ( "couldn't create device cert and key" ) ?;
226-
227- let device_cert_path = file:: get_file_path ( & image, "device_cert_path.pem" ) ?;
228- let device_key_path = file:: get_file_path ( & image, "device_key_path.key.pem" ) ?;
229-
230- fs:: write ( & device_cert_path, device_cert_pem)
231- . context ( "set_device_cert: write device_cert_path" ) ?;
232- fs:: write ( & device_key_path, device_key_pem)
233- . context ( "set_device_cert: write device_key_path" ) ?;
254+ let cert_info = create_image_cert (
255+ & image,
256+ CertificateOptions {
257+ intermediate_full_chain_cert : & intermediate_full_chain_cert,
258+ intermediate_key : & intermediate_key,
259+ target_cert : "device_cert_path.pem" ,
260+ target_key : "device_key_path.key.pem" ,
261+ subject : & device_id,
262+ validity_days : days,
263+ } ,
264+ )
265+ . context ( "set_edge_ca_certificate: could not create certificate" ) ?;
234266
235267 run_image_command ( image, generate_bmap, compress_image, |img| {
236268 file:: set_device_cert (
237269 Some ( & intermediate_full_chain_cert) ,
238- & device_cert_path,
239- & device_key_path,
270+ & cert_info. cert_path ,
271+ & cert_info. key_path ,
272+ img,
273+ )
274+ } ) ?
275+ }
276+ Command :: Identity ( SetEdgeCaCertificate {
277+ intermediate_full_chain_cert,
278+ intermediate_key,
279+ image,
280+ subject,
281+ days,
282+ generate_bmap,
283+ compress_image,
284+ } ) => {
285+ let cert_info = create_image_cert (
286+ & image,
287+ CertificateOptions {
288+ intermediate_full_chain_cert : & intermediate_full_chain_cert,
289+ intermediate_key : & intermediate_key,
290+ target_cert : "edge_ca_cert_path.pem" ,
291+ target_key : "edge_ca_path.key.pem" ,
292+ subject : & subject,
293+ validity_days : days,
294+ } ,
295+ )
296+ . context ( "set_edge_ca_certificate: could not create certificate" ) ?;
297+
298+ run_image_command ( image, generate_bmap, compress_image, |img| {
299+ file:: set_edge_ca_cert (
300+ Some ( & intermediate_full_chain_cert) ,
301+ & cert_info. cert_path ,
302+ & cert_info. key_path ,
240303 img,
241304 )
242305 } ) ?
0 commit comments