From 596747b3668117734eb0a38122bbab939d9ab330 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 10 Dec 2021 16:45:15 +0200
Subject: TLS certificates

Sponsored-by: author
---
 src/obnam.rs | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/obnam.rs b/src/obnam.rs
index e6badb9..e4ed09e 100644
--- a/src/obnam.rs
+++ b/src/obnam.rs
@@ -1,11 +1,19 @@
 //! Manage and execute Obnam.
 
+use lazy_static::lazy_static;
 use serde::Serialize;
 use std::path::{Path, PathBuf};
 use tempfile::{tempdir, TempDir};
 
 const SERVER_PORT: u16 = 8888;
 
+lazy_static! {
+    static ref TLS_KEY: Vec<u8> =
+        std::fs::read(concat!(env!("CARGO_MANIFEST_DIR"), "/tls.key")).unwrap();
+    static ref TLS_CERT: Vec<u8> =
+        std::fs::read(concat!(env!("CARGO_MANIFEST_DIR"), "/tls.pem")).unwrap();
+}
+
 /// An Obnam system.
 ///
 /// Manage an Obnam server and run the Obnam client.
@@ -50,12 +58,24 @@ impl Obnam {
         self.configs().join("server.yaml")
     }
 
+    fn tls_key(&self) -> PathBuf {
+        self.configs().join("tls.key")
+    }
+
+    fn tls_cert(&self) -> PathBuf {
+        self.configs().join("tls.pem")
+    }
+
     fn client_config(&self) -> PathBuf {
         self.configs().join("client.yaml")
     }
 
     fn configure(&self) -> Result<(), ObnamError> {
-        ServerConfig::new(SERVER_PORT, self.chunks()).write(&self.server_config())?;
+        let key = self.tls_key();
+        let cert = self.tls_cert();
+        std::fs::write(&key, TLS_KEY.to_vec())?;
+        std::fs::write(&cert, TLS_KEY.to_vec())?;
+        ServerConfig::new(SERVER_PORT, self.chunks(), &key, &cert).write(&self.server_config())?;
         ClientConfig::new(SERVER_PORT, self.root()).write(&self.client_config())?;
         Ok(())
     }
@@ -86,12 +106,12 @@ struct ServerConfig {
 }
 
 impl ServerConfig {
-    fn new(port: u16, chunks: &Path) -> Self {
+    fn new(port: u16, chunks: &Path, tls_key: &Path, tls_cert: &Path) -> Self {
         Self {
             address: format!("localhost:{}", port),
             chunks: chunks.to_path_buf(),
-            tls_key: PathBuf::from("tls.key"),
-            tls_cert: PathBuf::from("tls.pem"),
+            tls_key: tls_key.to_path_buf(),
+            tls_cert: tls_cert.to_path_buf(),
         }
     }
 
-- 
cgit v1.2.1