Skip to content

Commit

Permalink
Make CreateCsrCmd fields less confusing
Browse files Browse the repository at this point in the history
Two fields were used to pass a device id to a CSR command,
one being only used if the other was not suitable.
Now the device id is provided by the caller.

Signed-off-by: Didier Wenzek <[email protected]>
  • Loading branch information
didier-wenzek committed Nov 27, 2024
1 parent 4cf7c88 commit 0de8244
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 16 deletions.
6 changes: 5 additions & 1 deletion crates/core/tedge/src/cli/certificate/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,13 @@ impl BuildCommand for TEdgeCertCli {
}

TEdgeCertCli::CreateCsr { id, output_path } => {
// Use the current device id if no id is provided
let id = match id {
Some(id) => id,
None => config.device.id.try_read(&config)?.clone(),
};
let cmd = CreateCsrCmd {
id,
cert_path: config.device.cert_path.clone(),
key_path: config.device.key_path.clone(),
// Use output file instead of csr_path from tedge config if provided
csr_path: output_path.unwrap_or_else(|| config.device.csr_path.clone()),
Expand Down
21 changes: 6 additions & 15 deletions crates/core/tedge/src/cli/certificate/create_csr.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
use super::create::cn_of_self_signed_certificate;
use super::error::CertError;
use crate::command::Command;
use crate::log::MaybeFancy;
Expand All @@ -12,9 +11,8 @@ use certificate::NewCertificateConfig;

/// Create a certificate signing request (CSR)
pub struct CreateCsrCmd {
/// The device identifier (either explicitly given or extracted from a previous certificate)
pub id: Option<String>,
pub cert_path: Utf8PathBuf,
/// The device identifier
pub id: String,

/// The path where the device private key will be stored
pub key_path: Utf8PathBuf,
Expand Down Expand Up @@ -45,16 +43,12 @@ impl CreateCsrCmd {
&self,
config: &NewCertificateConfig,
) -> Result<(), CertError> {
// Use id of public certificate if not provided
let id = match &self.id {
Some(id) => id.clone(),
None => cn_of_self_signed_certificate(&self.cert_path)?,
};
let id = &self.id;
let csr_path = &self.csr_path;
let key_path = &self.key_path;

let previous_key = reuse_private_key(key_path).unwrap_or(KeyKind::New);
let cert = KeyCertPair::new_certificate_sign_request(config, &id, &previous_key)?;
let cert = KeyCertPair::new_certificate_sign_request(config, id, &previous_key)?;

if let KeyKind::New = previous_key {
persist_new_private_key(
Expand Down Expand Up @@ -84,14 +78,12 @@ mod tests {
#[test]
fn create_signing_request_when_private_key_does_not_exist() {
let dir = tempdir().unwrap();
let cert_path = temp_file_path(&dir, "my-device-cert.pem");
let key_path = temp_file_path(&dir, "my-device-key.pem");
let csr_path = temp_file_path(&dir, "my-device-csr.csr");
let id = "my-device-id";

let cmd = CreateCsrCmd {
id: Some(String::from(id)),
cert_path: cert_path.clone(),
id: id.to_string(),
key_path: key_path.clone(),
csr_path: csr_path.clone(),
user: "mosquitto".to_string(),
Expand Down Expand Up @@ -135,8 +127,7 @@ mod tests {
let first_x509_cert = first_pem.parse_x509().expect("X.509: decoding DER failed");

let cmd = CreateCsrCmd {
id: Some(String::from(id)),
cert_path: cert_path.clone(),
id: id.to_string(),
key_path: key_path.clone(),
csr_path: csr_path.clone(),
user: "mosquitto".to_string(),
Expand Down

0 comments on commit 0de8244

Please sign in to comment.