in cert/aziot-certd-config/src/lib.rs [409:614]
fn parse_config() {
let actual = r#"
homedir_path = "/var/lib/aziot/certd"
max_requests = 50
[cert_issuance]
device-ca = { method = "est", common_name = "custom-name" }
module-id = { method = "self_signed", expiry_days = 90, common_name = "custom-name"}
module-server = { method = "local_ca" }
[cert_issuance.device-id]
method = "est"
url = "https://estendpoint.com/.well-known/est/device-id/"
username = "username"
password = "password"
identity_cert = "device-id"
identity_pk = "device-id"
bootstrap_identity_cert = "bootstrap"
bootstrap_identity_pk = "bootstrap"
expiry_days = 365
subject = { "L" = "AQ", "ST" = "Antarctica", "CN" = "test-device" }
[cert_issuance.est]
identity_cert = "est-id"
identity_pk = "est-id"
bootstrap_identity_cert = "bootstrap"
bootstrap_identity_pk = "bootstrap"
trusted_certs = [
"est-ca",
]
[cert_issuance.est.identity_auto_renew]
rotate_key = true
threshold = "50%"
retry = "10%"
[cert_issuance.est.urls]
default = "https://estendpoint.com/.well-known/est/"
device-ca = "https://estendpoint.com/.well-known/est/device-ca/"
[preloaded_certs]
bootstrap = "file:///var/secrets/bootstrap.cer"
est-ca = "file:///var/secrets/est-ca.cer"
trust-bundle = [
"est-ca",
]
[[principal]]
uid = 1000
certs = ["test"]
"#;
let actual: Config = toml::from_str(actual).unwrap();
assert_eq!(
actual,
Config {
homedir_path: "/var/lib/aziot/certd".into(),
max_requests: 50,
cert_issuance: CertIssuance {
est: Some(Est {
trusted_certs: vec!["est-ca".to_owned(),],
identity_auto_renew: cert_renewal::AutoRenewConfig {
rotate_key: true,
policy: cert_renewal::RenewalPolicy {
threshold: cert_renewal::Policy::Percentage(50),
retry: cert_renewal::Policy::Percentage(10)
}
},
auth: Some(EstAuth {
basic: None,
x509: Some(EstAuthX509 {
identity: CertificateWithPrivateKey {
cert: "est-id".to_owned(),
pk: "est-id".to_owned()
},
bootstrap_identity: Some(CertificateWithPrivateKey {
cert: "bootstrap".to_owned(),
pk: "bootstrap".to_owned()
}),
})
}),
urls: vec![
(
"default".to_owned(),
"https://estendpoint.com/.well-known/est/".parse().unwrap()
),
(
"device-ca".to_owned(),
"https://estendpoint.com/.well-known/est/device-ca/"
.parse()
.unwrap()
),
]
.into_iter()
.collect()
}),
local_ca: None,
certs: [
(
"device-ca",
CertIssuanceOptions {
method: CertIssuanceMethod::Est {
url: None,
auth: None
},
expiry_days: None,
subject: Some(CertSubject::CommonName("custom-name".to_owned())),
}
),
(
"device-id",
CertIssuanceOptions {
method: CertIssuanceMethod::Est {
url: Some(
"https://estendpoint.com/.well-known/est/device-id/"
.parse()
.unwrap()
),
auth: Some(EstAuth {
basic: Some(EstAuthBasic {
username: "username".to_owned(),
password: "password".to_owned(),
}),
x509: Some(EstAuthX509 {
identity: CertificateWithPrivateKey {
cert: "device-id".to_owned(),
pk: "device-id".to_owned()
},
bootstrap_identity: Some(CertificateWithPrivateKey {
cert: "bootstrap".to_owned(),
pk: "bootstrap".to_owned()
}),
})
})
},
expiry_days: Some(365),
subject: Some(CertSubject::Subject(
vec![
("L".to_owned(), "AQ".to_owned()),
("ST".to_owned(), "Antarctica".to_owned()),
("CN".to_owned(), "test-device".to_owned())
]
.into_iter()
.collect()
)),
}
),
(
"module-id",
CertIssuanceOptions {
method: CertIssuanceMethod::SelfSigned,
expiry_days: Some(90),
subject: Some(CertSubject::CommonName("custom-name".to_owned())),
}
),
(
"module-server",
CertIssuanceOptions {
method: CertIssuanceMethod::LocalCa,
expiry_days: None,
subject: None,
}
),
]
.iter()
.map(|(id, options)| ((*id).to_owned(), options.clone()))
.collect(),
},
preloaded_certs: vec![
(
"bootstrap".to_owned(),
PreloadedCert::Uri("file:///var/secrets/bootstrap.cer".parse().unwrap())
),
(
"est-ca".to_owned(),
PreloadedCert::Uri("file:///var/secrets/est-ca.cer".parse().unwrap())
),
(
"trust-bundle".to_owned(),
PreloadedCert::Ids(vec!["est-ca".to_owned()])
),
]
.into_iter()
.collect(),
endpoints: Endpoints {
aziot_certd: Connector::Unix {
socket_path: Path::new(concat!(env!("SOCKET_DIR"), "/certd.sock")).into()
},
aziot_keyd: Connector::Unix {
socket_path: Path::new(concat!(env!("SOCKET_DIR"), "/keyd.sock")).into()
},
},
principal: vec![Principal {
uid: 1000,
certs: vec!["test".to_string()]
}],
}
);
}