2018-08-27 23:23:48 +01:00
|
|
|
// Copyright (C) 2018 Storj Labs, Inc.
|
|
|
|
// See LICENSE for copying information.
|
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
|
|
|
|
"storj.io/storj/pkg/cfgstruct"
|
2018-12-18 11:55:55 +00:00
|
|
|
"storj.io/storj/pkg/peertls"
|
2018-08-27 23:23:48 +01:00
|
|
|
"storj.io/storj/pkg/process"
|
|
|
|
"storj.io/storj/pkg/provider"
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
caCmd = &cobra.Command{
|
2019-01-24 15:41:16 +00:00
|
|
|
Use: "certificate-authority",
|
2019-01-18 10:36:58 +00:00
|
|
|
Short: "Manage certificate authorities",
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
newCACmd = &cobra.Command{
|
2019-01-24 15:41:16 +00:00
|
|
|
Use: "create",
|
2019-01-18 10:36:58 +00:00
|
|
|
Short: "Create a new certificate authority",
|
|
|
|
RunE: cmdNewCA,
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
2018-12-18 11:55:55 +00:00
|
|
|
|
2018-08-27 23:23:48 +01:00
|
|
|
getIDCmd = &cobra.Command{
|
2019-01-18 10:36:58 +00:00
|
|
|
Use: "id",
|
|
|
|
Short: "Get the id of a CA",
|
|
|
|
RunE: cmdGetID,
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
|
|
|
|
2018-12-18 11:55:55 +00:00
|
|
|
caExtCmd = &cobra.Command{
|
2019-01-18 10:36:58 +00:00
|
|
|
Use: "extensions",
|
|
|
|
Short: "Prints the extensions attached to the identity CA certificate",
|
|
|
|
RunE: cmdCAExtensions,
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-12-18 11:55:55 +00:00
|
|
|
}
|
|
|
|
revokeCACmd = &cobra.Command{
|
2019-01-18 10:36:58 +00:00
|
|
|
Use: "revoke",
|
|
|
|
Short: "Revoke the identity's CA certificate (creates backup)",
|
|
|
|
RunE: cmdRevokeCA,
|
|
|
|
Annotations: map[string]string{"type": "setup"},
|
2018-12-18 11:55:55 +00:00
|
|
|
}
|
|
|
|
|
2018-08-27 23:23:48 +01:00
|
|
|
newCACfg struct {
|
|
|
|
CA provider.CASetupConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
getIDCfg struct {
|
|
|
|
CA provider.PeerCAConfig
|
|
|
|
}
|
2018-12-18 11:55:55 +00:00
|
|
|
|
|
|
|
caExtCfg struct {
|
|
|
|
CA provider.FullCAConfig
|
|
|
|
}
|
|
|
|
|
|
|
|
revokeCACfg struct {
|
|
|
|
CA provider.FullCAConfig
|
|
|
|
// TODO: add "broadcast" option to send revocation to network nodes
|
|
|
|
}
|
2018-08-27 23:23:48 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
rootCmd.AddCommand(caCmd)
|
2019-01-18 10:36:58 +00:00
|
|
|
|
2018-08-27 23:23:48 +01:00
|
|
|
caCmd.AddCommand(newCACmd)
|
2018-12-18 11:55:55 +00:00
|
|
|
caCmd.AddCommand(getIDCmd)
|
|
|
|
caCmd.AddCommand(caExtCmd)
|
|
|
|
caCmd.AddCommand(revokeCACmd)
|
2019-01-18 10:36:58 +00:00
|
|
|
|
2019-01-22 14:34:40 +00:00
|
|
|
cfgstruct.Bind(newCACmd.Flags(), &newCACfg, cfgstruct.IdentityDir(defaultIdentityDir))
|
|
|
|
cfgstruct.Bind(getIDCmd.Flags(), &getIDCfg, cfgstruct.IdentityDir(defaultIdentityDir))
|
|
|
|
cfgstruct.Bind(caExtCmd.Flags(), &caExtCfg, cfgstruct.IdentityDir(defaultIdentityDir))
|
|
|
|
cfgstruct.Bind(revokeCACmd.Flags(), &revokeCACfg, cfgstruct.IdentityDir(defaultIdentityDir))
|
2018-08-27 23:23:48 +01:00
|
|
|
}
|
|
|
|
|
2018-08-28 16:00:18 +01:00
|
|
|
func cmdNewCA(cmd *cobra.Command, args []string) error {
|
2018-08-27 23:23:48 +01:00
|
|
|
_, err := newCACfg.CA.Create(process.Ctx(cmd))
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
func cmdGetID(cmd *cobra.Command, args []string) (err error) {
|
|
|
|
p, err := getIDCfg.CA.Load()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
fmt.Println(p.ID.String())
|
|
|
|
return nil
|
|
|
|
}
|
2018-12-18 11:55:55 +00:00
|
|
|
|
|
|
|
func cmdRevokeCA(cmd *cobra.Command, args []string) (err error) {
|
|
|
|
ca, err := revokeCACfg.CA.Load()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// NB: backup original cert
|
2019-01-11 14:59:35 +00:00
|
|
|
if err := revokeCACfg.CA.SaveBackup(ca); err != nil {
|
2018-12-18 11:55:55 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
if err := peertls.AddRevocationExt(ca.Key, ca.Cert, ca.Cert); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
updateCfg := provider.FullCAConfig{
|
|
|
|
CertPath: revokeCACfg.CA.CertPath,
|
|
|
|
}
|
|
|
|
if err := updateCfg.Save(ca); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func cmdCAExtensions(cmd *cobra.Command, args []string) (err error) {
|
|
|
|
ca, err := caExtCfg.CA.Load()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return printExtensions(ca.Cert.Raw, ca.Cert.ExtraExtensions)
|
|
|
|
}
|