JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c5549befd2
storj/cmd/identity/certificate_authority.go
Bryan White 4eb55017c8
Cert revocation CLI (#848) 
* wip

* allow identity and CA configs to save cert/key separately

* fixes

* linter and default path fixes

* review fixes

* fixes:

+ review fixes
+ bug fixes
+ add extensions command

* linter fixes

* fix ca revoke description

* review fixes
2018-12-18 12:55:55 +01:00

125 lines
2.6 KiB
Go
Raw Blame History

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
"fmt"
"github.com/spf13/cobra"
"storj.io/storj/pkg/cfgstruct"
"storj.io/storj/pkg/peertls"
"storj.io/storj/pkg/process"
"storj.io/storj/pkg/provider"
)
var (
caCmd = &cobra.Command{
Use: "ca",
Short: "Manage certificate authorities",
}
newCACmd = &cobra.Command{
Use: "new",
Short: "Create a new certificate authority",
RunE: cmdNewCA,
}
getIDCmd = &cobra.Command{
Use: "id",
Short: "Get the id of a CA",
RunE: cmdGetID,
}
caExtCmd = &cobra.Command{
Use: "extensions",
Short: "Prints the extensions attached to the identity CA certificate",
RunE: cmdCAExtensions,
}
revokeCACmd = &cobra.Command{
Use: "revoke",
Short: "Revoke the identity's CA certificate (creates backup)",
RunE: cmdRevokeCA,
}
newCACfg struct {
CA provider.CASetupConfig
}
getIDCfg struct {
CA provider.PeerCAConfig
}
caExtCfg struct {
CA provider.FullCAConfig
}
revokeCACfg struct {
CA provider.FullCAConfig
// TODO: add "broadcast" option to send revocation to network nodes
}
)
func init() {
rootCmd.AddCommand(caCmd)
caCmd.AddCommand(newCACmd)
cfgstruct.Bind(newCACmd.Flags(), &newCACfg, cfgstruct.ConfDir(defaultConfDir))
caCmd.AddCommand(getIDCmd)
cfgstruct.Bind(getIDCmd.Flags(), &getIDCfg, cfgstruct.ConfDir(defaultConfDir))
caCmd.AddCommand(caExtCmd)
cfgstruct.Bind(caExtCmd.Flags(), &caExtCfg, cfgstruct.ConfDir(defaultConfDir))
caCmd.AddCommand(revokeCACmd)
cfgstruct.Bind(revokeCACmd.Flags(), &revokeCACfg, cfgstruct.ConfDir(defaultConfDir))
}
func cmdNewCA(cmd *cobra.Command, args []string) error {
_, err := newCACfg.CA.Create(process.Ctx(cmd))
return err
}
func cmdGetID(cmd *cobra.Command, args []string) (err error) {
p, err := getIDCfg.CA.Load()
if err != nil {
return err
}
fmt.Println(p.ID.String())
return nil
}
func cmdRevokeCA(cmd *cobra.Command, args []string) (err error) {
ca, err := revokeCACfg.CA.Load()
if err != nil {
return err
}
// NB: backup original cert
var backupCfg provider.FullCAConfig
backupCfg.CertPath = backupPath(revokeCACfg.CA.CertPath)
if err := backupCfg.Save(ca); err != nil {
return err
}
if err := peertls.AddRevocationExt(ca.Key, ca.Cert, ca.Cert); err != nil {
return err
}
updateCfg := provider.FullCAConfig{
CertPath: revokeCACfg.CA.CertPath,
}
if err := updateCfg.Save(ca); err != nil {
return err
}
return nil
}
func cmdCAExtensions(cmd *cobra.Command, args []string) (err error) {
ca, err := caExtCfg.CA.Load()
if err != nil {
return err
}
return printExtensions(ca.Cert.Raw, ca.Cert.ExtraExtensions)
}
Reference in New Issue View Git Blame Copy Permalink