certreplace 1.0.1

CLI tool for replacing x509 certificates and their private keys.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

use openssl::pkey::{PKey, Private};
use openssl::x509::X509;
use regex::Regex;
use std::fmt::Display;
use std::path::PathBuf;

// Error

/// Error occurring while parsing certificates or private keys.
#[derive(Debug)]
pub struct ParseError {
    pub msg: String,
}

impl std::error::Error for ParseError {}

impl Display for ParseError {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        write!(f, "Failed to parse certificate: {}", self.msg)
    }
}

// Model

#[derive(Debug)]
pub enum CommonName {
    Literal(String),
    Pattern(Regex),
}

impl Display for CommonName {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Literal(string) => write!(f, "{string}"),
            Self::Pattern(pattern) => write!(f, "{pattern}"),
        }
    }
}

impl CommonName {
    pub fn matches(&self, cn: &str) -> bool {
        match self {
            Self::Literal(string) => string == cn,
            Self::Pattern(pattern) => pattern.is_match(cn),
        }
    }
}

/// The action for the app to perform.
#[derive(Debug)]
pub enum Verb {
    /// Find certificates and their matching private keys.
    Find { cn: CommonName },
    /// Replace certificates, and optionally their private keys.
    Replace {
        cn: CommonName,
        cert: Cert,
        privkey: Option<PrivKey>,
    },
}

impl Display for Verb {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        match self {
            Self::Find { cn } => {
                    write!(f, "Finding certificates and associated private keys with common name matching: {}", cn)
            },
            Self::Replace {
                cn,
                cert: _,
                privkey,
            } => match privkey.is_some() {
                true => write!(f, "Replacing certificates and associated private keys with common name matching: {}", cn),
                false => write!(f, "Replacing certificates only with common name matching: {}", cn),
            },
        }
    }
}

impl Verb {
    /// Returns the target common name.
    pub fn cn(&self) -> &CommonName {
        match self {
            Self::Find { cn } => cn,
            Self::Replace {
                cn,
                cert: _,
                privkey: _,
            } => cn,
        }
    }

    /// Returns whether to also consider private keys.
    pub fn privkeys(&self) -> bool {
        match self {
            Self::Find { .. } => true,
            Self::Replace {
                cn: _,
                cert: _,
                privkey,
            } => privkey.is_some(),
        }
    }
}

// PKI Objects

/// An X509 certificate.
#[derive(Debug, Clone)]
pub struct Cert {
    pub cert: X509,
    pub common_name: String,
    pub locator: PEMLocator,
}

/// An X509 certificate private key.
#[derive(Debug, Clone)]
pub struct PrivKey {
    /// Private key.
    pub key: PKey<Private>,
    /// Path to file with key in.
    pub locator: PEMLocator,
}

/// A X509 certificate or private key.
#[derive(Debug)]
pub enum PKIObject {
    Cert(Cert),
    PrivKey(PrivKey),
}

// File objects

/// A single part of a PEM file.
#[derive(Debug, PartialEq, Eq)]
pub struct PEMPart<'a> {
    pub label: String,
    /// Data contained in the part.
    pub data: &'a [u8],
    /// Index of the start of the bytes in the file.
    pub start: usize,
}

/// Kinds of PEMParts that can exist.
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum PEMKind {
    Cert,
    PrivKey,
}

/// Describes the location of a PEMPart on disk.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct PEMLocator {
    /// Kind of data in this PEMPart.
    pub kind: PEMKind,
    /// Path to the file containing the bytes.
    pub path: PathBuf,
    /// Index of the start of the bytes in the file.
    pub start: usize,
    /// Index of the end of the bytes in the file.
    pub end: usize,
}