From e88815571291d15d90a7b0fa133777d613cdab1d Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 26 Apr 2019 10:44:41 +0200
Subject: [PATCH] proxy: allow .key/.pem files instead of a pkcs12/.pfx file

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/bin/proxmox-backup-proxy.rs | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index 46d62194..8d5445da 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -1,3 +1,6 @@
+use std::io;
+use std::path::Path;
+
 use proxmox_backup::try_block;
 use proxmox_backup::configdir;
 use proxmox_backup::tools;
@@ -24,6 +27,20 @@ fn main() {
     }
 }
 
+fn load_certificate<T: AsRef<Path>, U: AsRef<Path>>(
+    key: T,
+    cert: U,
+) -> Result<openssl::pkcs12::Pkcs12, Error> {
+    let key = tools::file_get_contents(key)?;
+    let cert = tools::file_get_contents(cert)?;
+
+    let key = openssl::pkey::PKey::private_key_from_pem(&key)?;
+    let cert = openssl::x509::X509::from_pem(&cert)?;
+
+    Ok(openssl::pkcs12::Pkcs12::builder()
+        .build("", "", &key, &cert)?)
+}
+
 fn run() -> Result<(), Error> {
     if let Err(err) = syslog::init(
         syslog::Facility::LOG_DAEMON,
@@ -56,7 +73,14 @@ fn run() -> Result<(), Error> {
     let rest_server = RestServer::new(config);
 
     let cert_path = configdir!("/proxy.pfx");
-    let raw_cert = tools::file_get_contents(cert_path)?;
+    let raw_cert = match std::fs::read(cert_path) {
+        Ok(pfx) => pfx,
+        Err(ref err) if err.kind() == io::ErrorKind::NotFound => {
+            let pkcs12 = load_certificate(configdir!("/proxy.key"), configdir!("/proxy.pem"))?;
+            pkcs12.to_der()?
+        }
+        Err(err) => bail!("unable to read certificate file {} - {}", cert_path, err),
+    };
 
     let identity = match native_tls::Identity::from_pkcs12(&raw_cert, "") {
         Ok(data) => data,