Skip to content

Commit

Permalink
Impl tedge cert renew c8y
Browse files Browse the repository at this point in the history
Signed-off-by: Didier Wenzek <[email protected]>
  • Loading branch information
didier-wenzek committed Nov 22, 2024
1 parent 2ee837c commit fba8ed6
Show file tree
Hide file tree
Showing 3 changed files with 82 additions and 2 deletions.
2 changes: 2 additions & 0 deletions crates/core/tedge/src/cli/certificate/c8y/mod.rs
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
mod upload;
mod download;
mod renew;

pub use upload::UploadCertCmd;
pub use download::DownloadCertCmd;
pub use renew::RenewCertCmd;
42 changes: 42 additions & 0 deletions crates/core/tedge/src/cli/certificate/c8y/renew.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
use crate::command::Command;
use crate::log::MaybeFancy;
use anyhow::Error;
use camino::Utf8PathBuf;
use certificate::CloudRootCerts;
use tedge_config::HostPort;
use tedge_config::HTTPS_PORT;
use tedge_config::MQTT_TLS_PORT;

/// Command to renew a device certificate from Cumulocity
pub struct RenewCertCmd {
/// The device identifier to be used as the common name for the certificate
pub device_id: String,

/// Cumulocity MQTT end-point where the device is authenticated
pub c8y_mqtt: HostPort<MQTT_TLS_PORT>,

/// Cumulocity instance from where the device got his current certificate
pub c8y_url: HostPort<HTTPS_PORT>,

/// Root certificates used to authenticate the Cumulocity instance
pub root_certs: CloudRootCerts,

/// The path where the device certificate will be stored
pub cert_path: Utf8PathBuf,

/// The path where the device private key will be stored
pub key_path: Utf8PathBuf,

/// The path where the device CSR file will be stored
pub csr_path: Utf8PathBuf,
}

impl Command for RenewCertCmd {
fn description(&self) -> String {
format!("Renew the device certificate from {}", self.c8y_url)
}

fn execute(&self) -> Result<(), MaybeFancy<Error>> {
todo!()
}
}
40 changes: 38 additions & 2 deletions crates/core/tedge/src/cli/certificate/cli.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,14 @@ pub enum TEdgeCertCli {
},

/// Renew the device certificate
Renew,
Renew {
/// CA from which the certificate will be renew
#[arg(value_enum, default_value = "self-signed")]
ca: CertRenewalCA,

#[clap(long, hide = true)]
profile: Option<ProfileName>,
},

/// Show the device certificate, if any
Show,
Expand Down Expand Up @@ -136,14 +143,34 @@ impl BuildCommand for TEdgeCertCli {
cmd.into_boxed()
}

TEdgeCertCli::Renew => {
TEdgeCertCli::Renew {
ca: CertRenewalCA::SelfSigned,
..
} => {
let cmd = RenewCertCmd {
cert_path: config.device.cert_path.clone(),
key_path: config.device.key_path.clone(),
bridge_location,
};
cmd.into_boxed()
}

TEdgeCertCli::Renew {
ca: CertRenewalCA::C8y,
profile,
} => {
let c8y_config = config.c8y.try_get(profile.as_deref())?;
let cmd = c8y::RenewCertCmd {
device_id: config.device.id.try_read(&config)?.clone(),
c8y_mqtt: c8y_config.mqtt.or_err()?.to_owned(),
c8y_url: c8y_config.http.or_err()?.to_owned(),
root_certs: config.cloud_root_certs(),
cert_path: config.device.cert_path.clone(),
key_path: config.device.key_path.clone(),
csr_path: config.device.csr_path.clone(),
};
cmd.into_boxed()
}
};
Ok(cmd)
}
Expand Down Expand Up @@ -224,3 +251,12 @@ pub enum DownloadCertCli {
profile: Option<ProfileName>,
},
}

#[derive(clap::ValueEnum, Clone, Debug)]
pub enum CertRenewalCA {
/// Self-signed a new device certificate
SelfSigned,

/// Renew the device certificate from Cumulocity
C8y,
}

0 comments on commit fba8ed6

Please sign in to comment.