From fba8ed6046048401649a89f5d09613a6cb801588 Mon Sep 17 00:00:00 2001 From: Didier Wenzek Date: Fri, 22 Nov 2024 17:00:13 +0100 Subject: [PATCH] Impl tedge cert renew c8y Signed-off-by: Didier Wenzek --- .../core/tedge/src/cli/certificate/c8y/mod.rs | 2 + .../tedge/src/cli/certificate/c8y/renew.rs | 42 +++++++++++++++++++ crates/core/tedge/src/cli/certificate/cli.rs | 40 +++++++++++++++++- 3 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 crates/core/tedge/src/cli/certificate/c8y/renew.rs diff --git a/crates/core/tedge/src/cli/certificate/c8y/mod.rs b/crates/core/tedge/src/cli/certificate/c8y/mod.rs index 8ca4e47dc61..d0375a41011 100644 --- a/crates/core/tedge/src/cli/certificate/c8y/mod.rs +++ b/crates/core/tedge/src/cli/certificate/c8y/mod.rs @@ -1,5 +1,7 @@ mod upload; mod download; +mod renew; pub use upload::UploadCertCmd; pub use download::DownloadCertCmd; +pub use renew::RenewCertCmd; diff --git a/crates/core/tedge/src/cli/certificate/c8y/renew.rs b/crates/core/tedge/src/cli/certificate/c8y/renew.rs new file mode 100644 index 00000000000..33d656c647d --- /dev/null +++ b/crates/core/tedge/src/cli/certificate/c8y/renew.rs @@ -0,0 +1,42 @@ +use crate::command::Command; +use crate::log::MaybeFancy; +use anyhow::Error; +use camino::Utf8PathBuf; +use certificate::CloudRootCerts; +use tedge_config::HostPort; +use tedge_config::HTTPS_PORT; +use tedge_config::MQTT_TLS_PORT; + +/// Command to renew a device certificate from Cumulocity +pub struct RenewCertCmd { + /// The device identifier to be used as the common name for the certificate + pub device_id: String, + + /// Cumulocity MQTT end-point where the device is authenticated + pub c8y_mqtt: HostPort, + + /// Cumulocity instance from where the device got his current certificate + pub c8y_url: HostPort, + + /// Root certificates used to authenticate the Cumulocity instance + pub root_certs: CloudRootCerts, + + /// The path where the device certificate will be stored + pub cert_path: Utf8PathBuf, + + /// The path where the device private key will be stored + pub key_path: Utf8PathBuf, + + /// The path where the device CSR file will be stored + pub csr_path: Utf8PathBuf, +} + +impl Command for RenewCertCmd { + fn description(&self) -> String { + format!("Renew the device certificate from {}", self.c8y_url) + } + + fn execute(&self) -> Result<(), MaybeFancy> { + todo!() + } +} diff --git a/crates/core/tedge/src/cli/certificate/cli.rs b/crates/core/tedge/src/cli/certificate/cli.rs index 8d232cd75cb..cab7f071515 100644 --- a/crates/core/tedge/src/cli/certificate/cli.rs +++ b/crates/core/tedge/src/cli/certificate/cli.rs @@ -34,7 +34,14 @@ pub enum TEdgeCertCli { }, /// Renew the device certificate - Renew, + Renew { + /// CA from which the certificate will be renew + #[arg(value_enum, default_value = "self-signed")] + ca: CertRenewalCA, + + #[clap(long, hide = true)] + profile: Option, + }, /// Show the device certificate, if any Show, @@ -136,7 +143,10 @@ impl BuildCommand for TEdgeCertCli { cmd.into_boxed() } - TEdgeCertCli::Renew => { + TEdgeCertCli::Renew { + ca: CertRenewalCA::SelfSigned, + .. + } => { let cmd = RenewCertCmd { cert_path: config.device.cert_path.clone(), key_path: config.device.key_path.clone(), @@ -144,6 +154,23 @@ impl BuildCommand for TEdgeCertCli { }; cmd.into_boxed() } + + TEdgeCertCli::Renew { + ca: CertRenewalCA::C8y, + profile, + } => { + let c8y_config = config.c8y.try_get(profile.as_deref())?; + let cmd = c8y::RenewCertCmd { + device_id: config.device.id.try_read(&config)?.clone(), + c8y_mqtt: c8y_config.mqtt.or_err()?.to_owned(), + c8y_url: c8y_config.http.or_err()?.to_owned(), + root_certs: config.cloud_root_certs(), + cert_path: config.device.cert_path.clone(), + key_path: config.device.key_path.clone(), + csr_path: config.device.csr_path.clone(), + }; + cmd.into_boxed() + } }; Ok(cmd) } @@ -224,3 +251,12 @@ pub enum DownloadCertCli { profile: Option, }, } + +#[derive(clap::ValueEnum, Clone, Debug)] +pub enum CertRenewalCA { + /// Self-signed a new device certificate + SelfSigned, + + /// Renew the device certificate from Cumulocity + C8y, +}