storj/cmd/certificates/sign.go

// Copyright (C) 2019 Storj Labs, Inc.
// See LICENSE for copying information.

package main

import (
	"crypto/x509"
	"os"

	"github.com/spf13/cobra"
	"github.com/zeebo/errs"

	"storj.io/common/identity"
)

var (
	signCmd = &cobra.Command{
		Use:   "sign [signee identity-dir]",
		Short: "Sign a CA and update corresponding CA and identity certificate chains",
		Args:  cobra.ExactArgs(1),
		RunE:  cmdSign,
	}

	signCfg struct {
		SigneeCACfg    identity.PeerCAConfig
		SigneeIdentCfg identity.PeerConfig
		// NB: defaults to same as CA
		Signer identity.FullCAConfig
	}
)

func cmdSign(cmd *cobra.Command, args []string) error {
	ca, err := signCfg.SigneeCACfg.Load()
	if err != nil {
		return err
	}

	var (
		signeeIdentityExists bool
		ident                *identity.PeerIdentity
	)
	_, err = os.Stat(signCfg.SigneeIdentCfg.CertPath)
	if err != nil {
		signeeIdentityExists = !os.IsNotExist(err)
		if signeeIdentityExists {
			return err
		}

		ident, err = signCfg.SigneeIdentCfg.Load()
		if err != nil {
			return err
		}
	}

	signer, err := signCfg.Signer.Load()
	if err != nil {
		return err
	}
	restChain := []*x509.Certificate{signer.Cert}

	// NB: backup ca and identity
	err = signCfg.SigneeCACfg.SaveBackup(ca)
	if err != nil {
		return err
	}

	ca.Cert, err = signer.Sign(ca.Cert)
	if err != nil {
		return err
	}
	ca.RestChain = restChain

	writeErrs := new(errs.Group)
	err = signCfg.SigneeCACfg.Save(ca)
	if err != nil {
		writeErrs.Add(err)
	}

	if signeeIdentityExists {
		err = signCfg.SigneeIdentCfg.SaveBackup(ident)
		if err != nil {
			writeErrs.Add(err)
		}
		ident.CA = ca.Cert
		ident.RestChain = restChain

		err = signCfg.SigneeIdentCfg.Save(ident)
		if err != nil {
			writeErrs.Add(err)
		}
	}

	return writeErrs.Err()
}
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`// Copyright (C) 2019 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package main`

			`import (`
			`"crypto/x509"`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`"os"`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00
			`"github.com/spf13/cobra"`
			`"github.com/zeebo/errs"`

common: separate repository Change-Id: Ibb89c42060450e3839481a7e495bbe3ad940610a 2019-12-27 11:48:47 +00:00			`"storj.io/common/identity"`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`)`

			`var (`
			`signCmd = &cobra.Command{`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`Use: "sign [signee identity-dir]",`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`Short: "Sign a CA and update corresponding CA and identity certificate chains",`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`Args: cobra.ExactArgs(1),`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`RunE: cmdSign,`
			`}`

			`signCfg struct {`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`SigneeCACfg identity.PeerCAConfig`
			`SigneeIdentCfg identity.PeerConfig`
Improvements to `certificates` commands: (#1012) 2019-01-14 14:28:52 +00:00			`// NB: defaults to same as CA`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`Signer identity.FullCAConfig`
			`}`
			`)`

			`func cmdSign(cmd *cobra.Command, args []string) error {`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`ca, err := signCfg.SigneeCACfg.Load()`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if err != nil {`
			`return err`
			`}`

identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`var (`
			`signeeIdentityExists bool`
			`ident *identity.PeerIdentity`
			`)`
			`_, err = os.Stat(signCfg.SigneeIdentCfg.CertPath)`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if err != nil {`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`signeeIdentityExists = !os.IsNotExist(err)`
			`if signeeIdentityExists {`
			`return err`
			`}`

			`ident, err = signCfg.SigneeIdentCfg.Load()`
			`if err != nil {`
			`return err`
			`}`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`}`

			`signer, err := signCfg.Signer.Load()`
			`if err != nil {`
			`return err`
			`}`
			`restChain := []*x509.Certificate{signer.Cert}`

			`// NB: backup ca and identity`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`err = signCfg.SigneeCACfg.SaveBackup(ca)`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if err != nil {`
			`return err`
			`}`

			`ca.Cert, err = signer.Sign(ca.Cert)`
			`if err != nil {`
			`return err`
			`}`
			`ca.RestChain = restChain`

			`writeErrs := new(errs.Group)`
identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`err = signCfg.SigneeCACfg.Save(ca)`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`if err != nil {`
			`writeErrs.Add(err)`
			`}`

identity improvements: (#1215) 2019-02-06 16:40:55 +00:00			`if signeeIdentityExists {`
			`err = signCfg.SigneeIdentCfg.SaveBackup(ident)`
			`if err != nil {`
			`writeErrs.Add(err)`
			`}`
			`ident.CA = ca.Cert`
			`ident.RestChain = restChain`

			`err = signCfg.SigneeIdentCfg.Save(ident)`
			`if err != nil {`
			`writeErrs.Add(err)`
			`}`
Improve cert signing integration test+: (#997) 2019-01-11 14:59:35 +00:00			`}`

			`return writeErrs.Err()`
			`}`