From 596747b3668117734eb0a38122bbab939d9ab330 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 10 Dec 2021 16:45:15 +0200
Subject: TLS certificates

Sponsored-by: author
---
 Cargo.lock   |  1 +
 Cargo.toml   |  1 +
 src/obnam.rs | 28 ++++++++++++++++++++++++----
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 4928489..ec7a287 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -603,6 +603,7 @@ dependencies = [
  "anyhow",
  "fehler",
  "glob",
+ "lazy_static",
  "log",
  "pretty_env_logger",
  "serde",
diff --git a/Cargo.toml b/Cargo.toml
index bb00a15..07fe5e1 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -8,6 +8,7 @@ edition = "2018"
 
 [dependencies]
 anyhow = "1.0.51"
+lazy_static = "1.4.0"
 log = "0.4.14"
 pretty_env_logger = "0.4.0"
 serde = { version = "1.0.101", features = ["derive"] }
diff --git a/src/obnam.rs b/src/obnam.rs
index e6badb9..e4ed09e 100644
--- a/src/obnam.rs
+++ b/src/obnam.rs
@@ -1,11 +1,19 @@
 //! Manage and execute Obnam.
 
+use lazy_static::lazy_static;
 use serde::Serialize;
 use std::path::{Path, PathBuf};
 use tempfile::{tempdir, TempDir};
 
 const SERVER_PORT: u16 = 8888;
 
+lazy_static! {
+    static ref TLS_KEY: Vec<u8> =
+        std::fs::read(concat!(env!("CARGO_MANIFEST_DIR"), "/tls.key")).unwrap();
+    static ref TLS_CERT: Vec<u8> =
+        std::fs::read(concat!(env!("CARGO_MANIFEST_DIR"), "/tls.pem")).unwrap();
+}
+
 /// An Obnam system.
 ///
 /// Manage an Obnam server and run the Obnam client.
@@ -50,12 +58,24 @@ impl Obnam {
         self.configs().join("server.yaml")
     }
 
+    fn tls_key(&self) -> PathBuf {
+        self.configs().join("tls.key")
+    }
+
+    fn tls_cert(&self) -> PathBuf {
+        self.configs().join("tls.pem")
+    }
+
     fn client_config(&self) -> PathBuf {
         self.configs().join("client.yaml")
     }
 
     fn configure(&self) -> Result<(), ObnamError> {
-        ServerConfig::new(SERVER_PORT, self.chunks()).write(&self.server_config())?;
+        let key = self.tls_key();
+        let cert = self.tls_cert();
+        std::fs::write(&key, TLS_KEY.to_vec())?;
+        std::fs::write(&cert, TLS_KEY.to_vec())?;
+        ServerConfig::new(SERVER_PORT, self.chunks(), &key, &cert).write(&self.server_config())?;
         ClientConfig::new(SERVER_PORT, self.root()).write(&self.client_config())?;
         Ok(())
     }
@@ -86,12 +106,12 @@ struct ServerConfig {
 }
 
 impl ServerConfig {
-    fn new(port: u16, chunks: &Path) -> Self {
+    fn new(port: u16, chunks: &Path, tls_key: &Path, tls_cert: &Path) -> Self {
         Self {
             address: format!("localhost:{}", port),
             chunks: chunks.to_path_buf(),
-            tls_key: PathBuf::from("tls.key"),
-            tls_cert: PathBuf::from("tls.pem"),
+            tls_key: tls_key.to_path_buf(),
+            tls_cert: tls_cert.to_path_buf(),
         }
     }
 
-- 
cgit v1.2.1