storj/cmd/identity/certificate_authority.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package main

import (
	"fmt"
	"os"

	"github.com/spf13/cobra"

	"storj.io/storj/pkg/cfgstruct"
	"storj.io/storj/pkg/peertls"
	"storj.io/storj/pkg/process"
	"storj.io/storj/pkg/provider"
)

var (
	caCmd = &cobra.Command{
		Use:         "certificate-authority",
		Short:       "Manage certificate authorities",
		Annotations: map[string]string{"type": "setup"},
	}

	newCACmd = &cobra.Command{
		Use:         "create",
		Short:       "Create a new certificate authority",
		RunE:        cmdNewCA,
		Annotations: map[string]string{"type": "setup"},
	}

	getIDCmd = &cobra.Command{
		Use:         "id",
		Short:       "Get the id of a CA",
		RunE:        cmdGetID,
		Annotations: map[string]string{"type": "setup"},
	}

	caExtCmd = &cobra.Command{
		Use:         "extensions",
		Short:       "Prints the extensions attached to the identity CA certificate",
		RunE:        cmdCAExtensions,
		Annotations: map[string]string{"type": "setup"},
	}
	revokeCACmd = &cobra.Command{
		Use:         "revoke",
		Short:       "Revoke the identity's CA certificate (creates backup)",
		RunE:        cmdRevokeCA,
		Annotations: map[string]string{"type": "setup"},
	}

	newCACfg struct {
		CA provider.CASetupConfig
	}

	getIDCfg struct {
		CA provider.PeerCAConfig
	}

	caExtCfg struct {
		CA provider.FullCAConfig
	}

	revokeCACfg struct {
		CA provider.FullCAConfig
		// TODO: add "broadcast" option to send revocation to network nodes
	}
)

func init() {
	rootCmd.AddCommand(caCmd)

	caCmd.AddCommand(newCACmd)
	caCmd.AddCommand(getIDCmd)
	caCmd.AddCommand(caExtCmd)
	caCmd.AddCommand(revokeCACmd)

	cfgstruct.Bind(newCACmd.Flags(), &newCACfg, cfgstruct.IdentityDir(defaultIdentityDir))
	cfgstruct.Bind(getIDCmd.Flags(), &getIDCfg, cfgstruct.IdentityDir(defaultIdentityDir))
	cfgstruct.Bind(caExtCmd.Flags(), &caExtCfg, cfgstruct.IdentityDir(defaultIdentityDir))
	cfgstruct.Bind(revokeCACmd.Flags(), &revokeCACfg, cfgstruct.IdentityDir(defaultIdentityDir))
}

func cmdNewCA(cmd *cobra.Command, args []string) error {
	_, err := newCACfg.CA.Create(process.Ctx(cmd), os.Stdout)
	return err
}

func cmdGetID(cmd *cobra.Command, args []string) (err error) {
	p, err := getIDCfg.CA.Load()
	if err != nil {
		return err
	}

	fmt.Println(p.ID.String())
	return nil
}

func cmdRevokeCA(cmd *cobra.Command, args []string) (err error) {
	ca, err := revokeCACfg.CA.Load()
	if err != nil {
		return err
	}

	// NB: backup original cert
	if err := revokeCACfg.CA.SaveBackup(ca); err != nil {
		return err
	}

	if err := peertls.AddRevocationExt(ca.Key, ca.Cert, ca.Cert); err != nil {
		return err
	}

	updateCfg := provider.FullCAConfig{
		CertPath: revokeCACfg.CA.CertPath,
	}
	if err := updateCfg.Save(ca); err != nil {
		return err
	}
	return nil
}

func cmdCAExtensions(cmd *cobra.Command, args []string) (err error) {
	ca, err := caExtCfg.CA.Load()
	if err != nil {
		return err
	}

	return printExtensions(ca.Cert.Raw, ca.Cert.ExtraExtensions)
}
updates copyright 2018 to 2019 (#1133) 2019-01-24 20:15:10 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`// See LICENSE for copying information.`

			`package main`

			`import (`
			`"fmt"`
identity cleanup (#1145) 2019-01-26 14:59:53 +00:00			`"os"`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00
			`"github.com/spf13/cobra"`

			`"storj.io/storj/pkg/cfgstruct"`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`"storj.io/storj/pkg/peertls"`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`"storj.io/storj/pkg/process"`
			`"storj.io/storj/pkg/provider"`
			`)`

			`var (`
			`caCmd = &cobra.Command{`
Change identity command (#1128) 2019-01-24 15:41:16 +00:00			`Use: "certificate-authority",`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Short: "Manage certificate authorities",`
			`Annotations: map[string]string{"type": "setup"},`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`

			`newCACmd = &cobra.Command{`
Change identity command (#1128) 2019-01-24 15:41:16 +00:00			`Use: "create",`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Short: "Create a new certificate authority",`
			`RunE: cmdNewCA,`
			`Annotations: map[string]string{"type": "setup"},`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`getIDCmd = &cobra.Command{`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Use: "id",`
			`Short: "Get the id of a CA",`
			`RunE: cmdGetID,`
			`Annotations: map[string]string{"type": "setup"},`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`

Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`caExtCmd = &cobra.Command{`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Use: "extensions",`
			`Short: "Prints the extensions attached to the identity CA certificate",`
			`RunE: cmdCAExtensions,`
			`Annotations: map[string]string{"type": "setup"},`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`}`
			`revokeCACmd = &cobra.Command{`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00			`Use: "revoke",`
			`Short: "Revoke the identity's CA certificate (creates backup)",`
			`RunE: cmdRevokeCA,`
			`Annotations: map[string]string{"type": "setup"},`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`}`

CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`newCACfg struct {`
			`CA provider.CASetupConfig`
			`}`

			`getIDCfg struct {`
			`CA provider.PeerCAConfig`
			`}`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00
			`caExtCfg struct {`
			`CA provider.FullCAConfig`
			`}`

			`revokeCACfg struct {`
			`CA provider.FullCAConfig`
			`// TODO: add "broadcast" option to send revocation to network nodes`
			`}`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`)`

			`func init() {`
			`rootCmd.AddCommand(caCmd)`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`caCmd.AddCommand(newCACmd)`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`caCmd.AddCommand(getIDCmd)`
			`caCmd.AddCommand(caExtCmd)`
			`caCmd.AddCommand(revokeCACmd)`
Consolidate identity management to identity cli commands (#1083) * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * linters * Consolidate identity management: Move identity cretaion/signing out of storagenode setup command. * fixes * sava backups before saving signed certs * add "-prebuilt-test-cmds" test flag * linters * prepare cli tests for travis * linter fixes * more fixes * linter gods * sp/sdk/sim * remove ca.difficulty * remove unused difficulty * return setup to its rightful place * wip travis * Revert "wip travis" This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca. * typo in travis.yaml * remove tests * remove more * make it only create one identity at a time for consistency * add config-dir for consitency * add identity creation to storj-sim * add flags * simplify * fix nolint and compile * prevent overwrite and pass difficulty, concurrency, and parent creds * goimports 2019-01-18 10:36:58 +00:00
oops (#1110) 2019-01-22 14:34:40 +00:00			`cfgstruct.Bind(newCACmd.Flags(), &newCACfg, cfgstruct.IdentityDir(defaultIdentityDir))`
			`cfgstruct.Bind(getIDCmd.Flags(), &getIDCfg, cfgstruct.IdentityDir(defaultIdentityDir))`
			`cfgstruct.Bind(caExtCmd.Flags(), &caExtCfg, cfgstruct.IdentityDir(defaultIdentityDir))`
			`cfgstruct.Bind(revokeCACmd.Flags(), &revokeCACfg, cfgstruct.IdentityDir(defaultIdentityDir))`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`}`

Reduce linter concurrency (#297) Limit concurrency to reduce memory usage. 2018-08-28 16:00:18 +01:00			`func cmdNewCA(cmd *cobra.Command, args []string) error {`
identity cleanup (#1145) 2019-01-26 14:59:53 +00:00			`_, err := newCACfg.CA.Create(process.Ctx(cmd), os.Stdout)`
CA and identity commands (#235) * wip ca/ident cmds * minor improvements and commenting * combine id and ca commands and add $CONFDIR * add `NewIdenity` test * refactor `NewCA` benchmarks * linter fixes 2018-08-27 23:23:48 +01:00			`return err`
			`}`

			`func cmdGetID(cmd *cobra.Command, args []string) (err error) {`
			`p, err := getIDCfg.CA.Load()`
			`if err != nil {`
			`return err`
			`}`

			`fmt.Println(p.ID.String())`
			`return nil`
			`}`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00
			`func cmdRevokeCA(cmd *cobra.Command, args []string) (err error) {`
			`ca, err := revokeCACfg.CA.Load()`
			`if err != nil {`
			`return err`
			`}`

			`// NB: backup original cert`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if err := revokeCACfg.CA.SaveBackup(ca); err != nil {`
Cert revocation CLI (#848) * wip * allow identity and CA configs to save cert/key separately * fixes * linter and default path fixes * review fixes * fixes: + review fixes + bug fixes + add extensions command * linter fixes * fix ca revoke description * review fixes 2018-12-18 11:55:55 +00:00			`return err`
			`}`

			`if err := peertls.AddRevocationExt(ca.Key, ca.Cert, ca.Cert); err != nil {`
			`return err`
			`}`

			`updateCfg := provider.FullCAConfig{`
			`CertPath: revokeCACfg.CA.CertPath,`
			`}`
			`if err := updateCfg.Save(ca); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`

			`func cmdCAExtensions(cmd *cobra.Command, args []string) (err error) {`
			`ca, err := caExtCfg.CA.Load()`
			`if err != nil {`
			`return err`
			`}`

			`return printExtensions(ca.Cert.Raw, ca.Cert.ExtraExtensions)`
			`}`