JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bbf81f2479
storj/cmd/identity/identity.go
Egon Elbre bbf81f2479 Consolidate identity management to identity cli commands (#1083) 
* Consolidate identity management:

Move identity cretaion/signing out of storagenode setup command.

* fixes

* linters

* Consolidate identity management:

Move identity cretaion/signing out of storagenode setup command.

* fixes

* sava backups before saving signed certs

* add "-prebuilt-test-cmds" test flag

* linters

* prepare cli tests for travis

* linter fixes

* more fixes

* linter gods

* sp/sdk/sim

* remove ca.difficulty

* remove unused difficulty

* return setup to its rightful place

* wip travis

* Revert "wip travis"

This reverts commit 56834849dcf066d3cc0a4f139033fc3f6d7188ca.

* typo in travis.yaml

* remove tests

* remove more

* make it only create one identity at a time for consistency

* add config-dir for consitency

* add identity creation to storj-sim

* add flags

* simplify

* fix nolint and compile

* prevent overwrite and pass difficulty, concurrency, and parent creds

* goimports
2019-01-18 11:36:58 +01:00

123 lines
2.9 KiB
Go
Raw Blame History

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
"github.com/spf13/cobra"
"storj.io/storj/pkg/cfgstruct"
"storj.io/storj/pkg/peertls"
"storj.io/storj/pkg/provider"
)
var (
idCmd = &cobra.Command{
Use: "id",
Short: "Manage identities",
Annotations: map[string]string{"type": "setup"},
}
newIDCmd = &cobra.Command{
Use: "new",
Short: "Creates a new identity from an existing certificate authority",
RunE: cmdNewID,
Annotations: map[string]string{"type": "setup"},
}
leafExtCmd = &cobra.Command{
Use: "extensions",
Short: "Prints the extensions attached to the identity leaf certificate",
RunE: cmdLeafExtensions,
Annotations: map[string]string{"type": "setup"},
}
revokeLeafCmd = &cobra.Command{
Use: "revoke",
Short: "Revoke the identity's leaf certificate (creates backup)",
RunE: cmdRevokeLeaf,
Annotations: map[string]string{"type": "setup"},
}
newIDCfg struct {
CA provider.FullCAConfig
Identity provider.IdentitySetupConfig
}
leafExtCfg struct {
Identity provider.IdentityConfig
}
revokeLeafCfg struct {
CA provider.FullCAConfig
Identity provider.IdentityConfig
// TODO: add "broadcast" option to send revocation to network nodes
}
)
func init() {
rootCmd.AddCommand(idCmd)
idCmd.AddCommand(newIDCmd)
cfgstruct.Bind(newIDCmd.Flags(), &newIDCfg, cfgstruct.ConfDir(defaultConfDir))
idCmd.AddCommand(leafExtCmd)
cfgstruct.Bind(leafExtCmd.Flags(), &leafExtCfg, cfgstruct.ConfDir(defaultConfDir))
idCmd.AddCommand(revokeLeafCmd)
cfgstruct.Bind(revokeLeafCmd.Flags(), &revokeLeafCfg, cfgstruct.ConfDir(defaultConfDir))
}
func cmdNewID(cmd *cobra.Command, args []string) (err error) {
ca, err := newIDCfg.CA.Load()
if err != nil {
return err
}
s := newIDCfg.Identity.Status()
if s == provider.NoCertNoKey || newIDCfg.Identity.Overwrite {
_, err := newIDCfg.Identity.Create(ca)
return err
}
return provider.ErrSetup.New("identity file(s) exist: %s", s)
}
func cmdLeafExtensions(cmd *cobra.Command, args []string) (err error) {
fi, err := leafExtCfg.Identity.Load()
if err != nil {
return err
}
return printExtensions(fi.Leaf.Raw, fi.Leaf.ExtraExtensions)
}
func cmdRevokeLeaf(cmd *cobra.Command, args []string) (err error) {
ca, err := revokeLeafCfg.CA.Load()
if err != nil {
return err
}
originalIdent, err := revokeLeafCfg.Identity.Load()
if err != nil {
return err
}
updatedIdent, err := ca.NewIdentity()
if err != nil {
return err
}
if err := peertls.AddRevocationExt(ca.Key, originalIdent.Leaf, updatedIdent.Leaf); err != nil {
return err
}
// NB: backup original cert
if err := revokeLeafCfg.Identity.SaveBackup(originalIdent); err != nil {
return err
}
updateCfg := provider.IdentityConfig{
CertPath: revokeLeafCfg.Identity.CertPath,
}
if err := updateCfg.Save(updatedIdent); err != nil {
return err
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink