storj/cmd/identity/identity.go

132 lines
3.2 KiB
Go
Raw Normal View History

2019-01-24 20:15:10 +00:00
// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
2019-02-06 16:40:55 +00:00
"path/filepath"
"github.com/spf13/cobra"
2019-02-06 16:40:55 +00:00
"github.com/zeebo/errs"
"storj.io/storj/pkg/cfgstruct"
2019-01-30 20:47:21 +00:00
"storj.io/storj/pkg/identity"
)
var (
2019-02-06 16:40:55 +00:00
// ErrSetup is used when an error occurs while setting up
ErrSetup = errs.Class("setup error")
idCmd = &cobra.Command{
Use: "id",
Short: "Manage identities",
Annotations: map[string]string{"type": "setup"},
}
newIDCmd = &cobra.Command{
2019-01-24 15:41:16 +00:00
Use: "create",
Short: "Creates a new identity from an existing certificate authority",
RunE: cmdNewID,
Annotations: map[string]string{"type": "setup"},
}
leafExtCmd = &cobra.Command{
Use: "extensions",
Short: "Prints the extensions attached to the identity leaf certificate",
2019-02-06 16:40:55 +00:00
Args: cobra.MaximumNArgs(1),
RunE: cmdLeafExtensions,
Annotations: map[string]string{"type": "setup"},
}
revokeLeafCmd = &cobra.Command{
Use: "revoke",
Short: "Revoke the identity's leaf certificate (creates backup)",
RunE: cmdRevokeLeaf,
Annotations: map[string]string{"type": "setup"},
}
newIDCfg struct {
2019-01-30 20:47:21 +00:00
CA identity.FullCAConfig
Identity identity.SetupConfig
}
leafExtCfg struct {
2019-02-06 16:40:55 +00:00
Identity identity.PeerConfig
}
revokeLeafCfg struct {
2019-01-30 20:47:21 +00:00
CA identity.FullCAConfig
2019-04-03 16:03:53 +01:00
Identity identity.Config
// TODO: add "broadcast" option to send revocation to network nodes
}
)
func init() {
rootCmd.AddCommand(idCmd)
idCmd.AddCommand(newIDCmd)
idCmd.AddCommand(leafExtCmd)
idCmd.AddCommand(revokeLeafCmd)
cfgstruct.Bind(newIDCmd.Flags(), &newIDCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
cfgstruct.Bind(leafExtCmd.Flags(), &leafExtCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
cfgstruct.Bind(revokeLeafCmd.Flags(), &revokeLeafCfg, defaults, cfgstruct.IdentityDir(defaultIdentityDir))
}
func cmdNewID(cmd *cobra.Command, args []string) (err error) {
ca, err := newIDCfg.CA.Load()
if err != nil {
return err
}
s, err := newIDCfg.Identity.Status()
if err != nil {
return err
}
2019-01-30 20:47:21 +00:00
if s == identity.NoCertNoKey || newIDCfg.Identity.Overwrite {
_, err := newIDCfg.Identity.Create(ca)
return err
}
2019-02-06 16:40:55 +00:00
return ErrSetup.New("identity file(s) exist: %s", s)
}
func cmdLeafExtensions(cmd *cobra.Command, args []string) (err error) {
2019-02-06 16:40:55 +00:00
if len(args) > 0 {
leafExtCfg.Identity = identity.PeerConfig{
CertPath: filepath.Join(identityDir, args[0], "identity.cert"),
}
}
ident, err := leafExtCfg.Identity.Load()
if err != nil {
return err
}
2019-04-03 16:03:53 +01:00
return printExtensions(ident.Leaf.Raw, ident.Leaf.Extensions)
}
func cmdRevokeLeaf(cmd *cobra.Command, args []string) (err error) {
ca, err := revokeLeafCfg.CA.Load()
if err != nil {
return err
}
originalIdent, err := revokeLeafCfg.Identity.Load()
if err != nil {
return err
}
2019-04-03 16:03:53 +01:00
manageableIdent := identity.NewManageableFullIdentity(originalIdent, ca)
if err := manageableIdent.Revoke(); err != nil {
return err
}
2019-04-03 16:03:53 +01:00
// NB: backup original cert and key.
if err := revokeLeafCfg.Identity.SaveBackup(originalIdent); err != nil {
return err
}
2019-04-03 16:03:53 +01:00
if err := revokeLeafCfg.Identity.Save(manageableIdent.FullIdentity); err != nil {
return err
}
return nil
}