2019-01-24 20:15:10 +00:00
|
|
|
// Copyright (C) 2019 Storj Labs, Inc.
|
2018-08-27 23:23:48 +01:00
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2019-02-06 16:40:55 +00:00
|
|
|
"path/filepath"
|
|
|
|
|
|
2018-08-27 23:23:48 +01:00
|
|
|
"github.com/spf13/cobra"
|
2019-02-06 16:40:55 +00:00
|
|
|
"github.com/zeebo/errs"
|
2018-08-27 23:23:48 +01:00
|
|
|
|
2019-12-27 11:48:47 +00:00
|
|
|
"storj.io/common/identity"
|
2020-03-23 19:18:20 +00:00
|
|
|
"storj.io/private/cfgstruct"
|
|
|
|
|
"storj.io/private/process"
|
2018-08-27 23:23:48 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var (
|
2020-08-11 15:50:01 +01:00
|
|
|
// ErrSetup is used when an error occurs while setting up.
|
2021-04-28 09:06:17 +01:00
|
|
|
ErrSetup = errs.Class("setup")
|
2019-02-06 16:40:55 +00:00
|
|
|
|
2018-08-27 23:23:48 +01:00
|
|
|
idCmd = &cobra.Command{
|
2019-01-18 10:36:58 +00:00
|
|
|
Use: "id",
|
|
|
|
|
Short: "Manage identities",
|
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newIDCmd = &cobra.Command{
|
2019-01-24 15:41:16 +00:00
|
|
|
Use: "create",
|
2019-01-18 10:36:58 +00:00
|
|
|
Short: "Creates a new identity from an existing certificate authority",
|
|
|
|
|
RunE: cmdNewID,
|
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
|
|
|
|
|
2018-12-18 11:55:55 +00:00
|
|
|
leafExtCmd = &cobra.Command{
|
2019-01-18 10:36:58 +00:00
|
|
|
Use: "extensions",
|
|
|
|
|
Short: "Prints the extensions attached to the identity leaf certificate",
|
2019-02-06 16:40:55 +00:00
|
|
|
Args: cobra.MaximumNArgs(1),
|
2019-01-18 10:36:58 +00:00
|
|
|
RunE: cmdLeafExtensions,
|
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-12-18 11:55:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
revokeLeafCmd = &cobra.Command{
|
2019-01-18 10:36:58 +00:00
|
|
|
Use: "revoke",
|
|
|
|
|
Short: "Revoke the identity's leaf certificate (creates backup)",
|
|
|
|
|
RunE: cmdRevokeLeaf,
|
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-12-18 11:55:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-27 23:23:48 +01:00
|
|
|
newIDCfg struct {
|
2019-01-30 20:47:21 +00:00
|
|
|
CA identity.FullCAConfig
|
|
|
|
|
Identity identity.SetupConfig
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
2018-12-18 11:55:55 +00:00
|
|
|
|
|
|
|
|
leafExtCfg struct {
|
2019-02-06 16:40:55 +00:00
|
|
|
Identity identity.PeerConfig
|
2018-12-18 11:55:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
revokeLeafCfg struct {
|
2019-01-30 20:47:21 +00:00
|
|
|
CA identity.FullCAConfig
|
2019-04-03 16:03:53 +01:00
|
|
|
Identity identity.Config
|
2018-12-18 11:55:55 +00:00
|
|
|
// TODO: add "broadcast" option to send revocation to network nodes
|
|
|
|
|
}
|
2018-08-27 23:23:48 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
rootCmd.AddCommand(idCmd)
|
|
|
|
|
idCmd.AddCommand(newIDCmd)
|
2018-12-18 11:55:55 +00:00
|
|
|
idCmd.AddCommand(leafExtCmd)
|
|
|
|
|
idCmd.AddCommand(revokeLeafCmd)
|
2019-01-22 12:35:48 +00:00
|
|
|
|
Command line flags features and cleanup (#2068)
* change BindSetup to be an option to Bind
* add process.Bind to allow composite structures
* hack fix for noprefix flags
* used tagged version of structs
Before this PR, some flags were created by calling `cfgstruct.Bind` and having their fields create a flag. Once the flags were parsed, `viper` was used to acquire all the values from them and config files, and the fields in the struct were set through the flag interface.
This doesn't work for slices of things on config structs very well, since it can only set strings, and for a string slice, it turns out that the implementation in `pflag` appends an entry rather than setting it.
This changes three things:
1. Only have a `Bind` call instead of `Bind` and `BindSetup`, and make `BindSetup` an option instead.
2. Add a `process.Bind` call that takes in a `*cobra.Cmd`, binds the struct to the command's flags, and keeps track of that struct in a global map keyed by the command.
3. Use `viper` to get the values and load them into the bound configuration structs instead of using the flags to propagate the changes.
In this way, we can support whatever rich configuration we want in the config yaml files, while still getting command like flags when important.
2019-05-29 18:56:22 +01:00
|
|
|
process.Bind(newIDCmd, &newIDCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
|
|
|
|
|
process.Bind(leafExtCmd, &leafExtCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
|
|
|
|
|
process.Bind(revokeLeafCmd, &revokeLeafCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func cmdNewID(cmd *cobra.Command, args []string) (err error) {
|
|
|
|
|
ca, err := newIDCfg.CA.Load()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-12 14:42:38 +00:00
|
|
|
s, err := newIDCfg.Identity.Status()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2019-01-30 20:47:21 +00:00
|
|
|
if s == identity.NoCertNoKey || newIDCfg.Identity.Overwrite {
|
2018-08-27 23:23:48 +01:00
|
|
|
_, err := newIDCfg.Identity.Create(ca)
|
|
|
|
|
return err
|
|
|
|
|
}
|
2019-02-06 16:40:55 +00:00
|
|
|
return ErrSetup.New("identity file(s) exist: %s", s)
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
2018-12-18 11:55:55 +00:00
|
|
|
|
|
|
|
|
func cmdLeafExtensions(cmd *cobra.Command, args []string) (err error) {
|
2019-02-06 16:40:55 +00:00
|
|
|
if len(args) > 0 {
|
|
|
|
|
leafExtCfg.Identity = identity.PeerConfig{
|
|
|
|
|
CertPath: filepath.Join(identityDir, args[0], "identity.cert"),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ident, err := leafExtCfg.Identity.Load()
|
2018-12-18 11:55:55 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-03 16:03:53 +01:00
|
|
|
return printExtensions(ident.Leaf.Raw, ident.Leaf.Extensions)
|
2018-12-18 11:55:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func cmdRevokeLeaf(cmd *cobra.Command, args []string) (err error) {
|
|
|
|
|
ca, err := revokeLeafCfg.CA.Load()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
originalIdent, err := revokeLeafCfg.Identity.Load()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-03 16:03:53 +01:00
|
|
|
manageableIdent := identity.NewManageableFullIdentity(originalIdent, ca)
|
|
|
|
|
if err := manageableIdent.Revoke(); err != nil {
|
2018-12-18 11:55:55 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-03 16:03:53 +01:00
|
|
|
// NB: backup original cert and key.
|
2019-01-11 14:59:35 +00:00
|
|
|
if err := revokeLeafCfg.Identity.SaveBackup(originalIdent); err != nil {
|
2018-12-18 11:55:55 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-03 16:03:53 +01:00
|
|
|
if err := revokeLeafCfg.Identity.Save(manageableIdent.FullIdentity); err != nil {
|
2018-12-18 11:55:55 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
