diff --git a/cmd/notary/keys.go b/cmd/notary/keys.go index 94606a02e3..328ced8f57 100644 --- a/cmd/notary/keys.go +++ b/cmd/notary/keys.go @@ -1,6 +1,19 @@ package main -import "github.com/spf13/cobra" +import ( + "crypto/x509" + "crypto/x509/pkix" + "fmt" + "math" + "net/url" + "os" + "time" + + "github.com/docker/vetinari/trustmanager" + "github.com/spf13/cobra" +) + +var subjectKeyID string var cmdKeys = &cobra.Command{ Use: "keys", @@ -8,3 +21,105 @@ var cmdKeys = &cobra.Command{ Long: "operations on signature keys and trusted certificate authorities.", Run: nil, } + +func init() { + cmdKeys.AddCommand(cmdKeysTrust) + cmdKeys.AddCommand(cmdKeysList) + cmdKeys.AddCommand(cmdKeysRemove) +} + +var cmdKeysList = &cobra.Command{ + Use: "list", + Short: "List the currently trusted certificate authorities.", + Long: "lists the currently trusted certificate authorities.", + Run: keysList, +} + +var cmdKeysRemove = &cobra.Command{ + Use: "remove [ Subject Key ID ]", + Short: "removes trust from a specific certificate authority or certificate.", + Long: "remove trust from a specific certificate authority.", + Run: keysRemove, +} + +var cmdKeysTrust = &cobra.Command{ + Use: "trust [ QDN ] [ certificate ]", + Short: "Trusts a new certificate for a specific QDN.", + Long: "Adds a the certificate to the trusted certificate authority list for the specified Qualified Docker Name.", + Run: keysTrust, +} + +func keysRemove(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a SHA256 SubjectKeyID of the certificate") + } + + cert, err := caStore.GetCertificateBySKID(args[0]) + if err != nil { + fatalf("certificate not found") + } + + fmt.Printf("Removing: ") + printCert(cert) + + err = caStore.RemoveCert(cert) + if err != nil { + fatalf("failed to remove certificate for Key Store") + } +} + +func keysTrust(cmd *cobra.Command, args []string) { + if len(args) < 2 { + cmd.Usage() + fatalf("not enough arguments provided") + } + + qualifiedDN := args[0] + certLocationStr := args[1] + // Verify if argument is a valid URL + url, err := url.Parse(certLocationStr) + if err == nil && url.Scheme != "" { + + cert, err := trustmanager.GetCertFromURL(certLocationStr) + if err != nil { + fatalf("error retreiving certificate from url (%s): %v", certLocationStr, err) + } + err = cert.VerifyHostname(qualifiedDN) + if err != nil { + fatalf("certificate does not match the Qualified Docker Name: %v", err) + } + err = caStore.AddCert(cert) + if err != nil { + fatalf("error adding certificate from file: %v", err) + } + fmt.Printf("Adding: ") + printCert(cert) + } else if _, err := os.Stat(certLocationStr); err == nil { + if err := caStore.AddCertFromFile(certLocationStr); err != nil { + fatalf("error adding certificate from file: %v", err) + } + } else { + fatalf("please provide a file location or URL for CA certificate.") + } +} + +func keysList(cmd *cobra.Command, args []string) { + // Load all the certificates + trustedCAs := caStore.GetCertificates() + + for _, c := range trustedCAs { + printCert(c) + } + +} + +func printCert(cert *x509.Certificate) { + timeDifference := cert.NotAfter.Sub(time.Now()) + subjectKeyID := trustmanager.FingerprintCert(cert) + fmt.Printf("Certificate: %s ; Expires in: %v days; SKID: %s\n", printPkix(cert.Subject), math.Floor(timeDifference.Hours()/24), string(subjectKeyID)) +} + +func printPkix(pkixName pkix.Name) string { + return fmt.Sprintf("%s - %s", pkixName.CommonName, pkixName.Organization) +} diff --git a/cmd/notary/keys_list.go b/cmd/notary/keys_list.go deleted file mode 100644 index a3781c5383..0000000000 --- a/cmd/notary/keys_list.go +++ /dev/null @@ -1,39 +0,0 @@ -package main - -import ( - "crypto/x509" - "crypto/x509/pkix" - "fmt" - "math" - "time" - - "github.com/docker/vetinari/trustmanager" - "github.com/spf13/cobra" -) - -var cmdKeysList = &cobra.Command{ - Use: "list", - Short: "List the currently trusted certificate authorities.", - Long: "lists the currently trusted certificate authorities.", - Run: keysList, -} - -func keysList(cmd *cobra.Command, args []string) { - // Load all the certificates - trustedCAs := caStore.GetCertificates() - - for _, c := range trustedCAs { - printCert(c) - } - -} - -func printCert(cert *x509.Certificate) { - timeDifference := cert.NotAfter.Sub(time.Now()) - subjectKeyID := trustmanager.FingerprintCert(cert) - fmt.Printf("Certificate: %s ; Expires in: %v days; SKID: %s\n", printPkix(cert.Subject), math.Floor(timeDifference.Hours()/24), string(subjectKeyID)) -} - -func printPkix(pkixName pkix.Name) string { - return fmt.Sprintf("%s - %s", pkixName.CommonName, pkixName.Organization) -} diff --git a/cmd/notary/keys_remove.go b/cmd/notary/keys_remove.go deleted file mode 100644 index 539295542c..0000000000 --- a/cmd/notary/keys_remove.go +++ /dev/null @@ -1,37 +0,0 @@ -package main - -import ( - "fmt" - - "github.com/spf13/cobra" -) - -var ( - subjectKeyID string - cmdKeysRemove = &cobra.Command{ - Use: "remove [ Subject Key ID ]", - Short: "removes trust from a specific certificate authority or certificate.", - Long: "remove trust from a specific certificate authority.", - Run: keysRemove, - } -) - -func keysRemove(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a SHA256 SubjectKeyID of the certificate") - } - - cert, err := caStore.GetCertificateBySKID(args[0]) - if err != nil { - fatalf("certificate not found") - } - - fmt.Printf("Removing: ") - printCert(cert) - - err = caStore.RemoveCert(cert) - if err != nil { - fatalf("failed to remove certificate for Key Store") - } -} diff --git a/cmd/notary/keys_trust.go b/cmd/notary/keys_trust.go deleted file mode 100644 index d38d217486..0000000000 --- a/cmd/notary/keys_trust.go +++ /dev/null @@ -1,52 +0,0 @@ -package main - -import ( - "fmt" - "net/url" - "os" - - "github.com/docker/vetinari/trustmanager" - "github.com/spf13/cobra" -) - -var cmdKeysTrust = &cobra.Command{ - Use: "trust [ QDN ] [ certificate ]", - Short: "Trusts a new certificate for a specific QDN.", - Long: "Adds a the certificate to the trusted certificate authority list for the specified Qualified Docker Name.", - Run: keysTrust, -} - -func keysTrust(cmd *cobra.Command, args []string) { - if len(args) < 2 { - cmd.Usage() - fatalf("not enough arguments provided") - } - - qualifiedDN := args[0] - certLocationStr := args[1] - // Verify if argument is a valid URL - url, err := url.Parse(certLocationStr) - if err == nil && url.Scheme != "" { - - cert, err := trustmanager.GetCertFromURL(certLocationStr) - if err != nil { - fatalf("error retreiving certificate from url (%s): %v", certLocationStr, err) - } - err = cert.VerifyHostname(qualifiedDN) - if err != nil { - fatalf("certificate does not match the Qualified Docker Name: %v", err) - } - err = caStore.AddCert(cert) - if err != nil { - fatalf("error adding certificate from file: %v", err) - } - fmt.Printf("Adding: ") - printCert(cert) - } else if _, err := os.Stat(certLocationStr); err == nil { - if err := caStore.AddCertFromFile(certLocationStr); err != nil { - fatalf("error adding certificate from file: %v", err) - } - } else { - fatalf("please provide a file location or URL for CA certificate.") - } -} diff --git a/cmd/notary/main.go b/cmd/notary/main.go index 6221590ece..9329123ebf 100644 --- a/cmd/notary/main.go +++ b/cmd/notary/main.go @@ -75,8 +75,6 @@ func main() { } NotaryCmd.AddCommand(cmdKeys, cmdTuf) - cmdKeys.AddCommand(cmdKeysTrust, cmdKeysList, cmdKeysRemove) - cmdTuf.AddCommand(cmdTufInit, cmdTufAdd, cmdTufRemove, cmdTufPush, cmdTufLookup, cmdTufList) NotaryCmd.Execute() } diff --git a/cmd/notary/tuf.go b/cmd/notary/tuf.go index 11cdb67e95..da7ca238be 100644 --- a/cmd/notary/tuf.go +++ b/cmd/notary/tuf.go @@ -1,6 +1,10 @@ package main -import "github.com/spf13/cobra" +import ( + "fmt" + + "github.com/spf13/cobra" +) var cmdTuf = &cobra.Command{ Use: "tuf", @@ -10,3 +14,103 @@ var cmdTuf = &cobra.Command{ } var remoteTrustServer string + +func init() { + cmdTuf.AddCommand(cmdTufInit) + cmdTuf.AddCommand(cmdTufAdd) + cmdTuf.AddCommand(cmdTufRemove) + cmdTuf.AddCommand(cmdTufPush) + cmdTufPush.Flags().StringVarP(&remoteTrustServer, "remote", "r", "", "Remote trust server location") + cmdTuf.AddCommand(cmdTufLookup) + cmdTufLookup.Flags().StringVarP(&remoteTrustServer, "remote", "r", "", "Remote trust server location") + cmdTuf.AddCommand(cmdTufList) +} + +var cmdTufAdd = &cobra.Command{ + Use: "add [ QDN ] ", + Short: "pushes local updates.", + Long: "pushes all local updates within a specific TUF repo to remote trust server.", + Run: tufAdd, +} + +var cmdTufRemove = &cobra.Command{ + Use: "remove [ QDN ] ", + Short: "Removes a target from the TUF repo.", + Long: "removes a target from the local TUF repo identified by a Qualified Docker Name.", + Run: tufRemove, +} + +var cmdTufInit = &cobra.Command{ + Use: "init [ QDN ]", + Short: "initializes the local TUF repository.", + Long: "creates locally the initial set of TUF metadata for the Qualified Docker Name.", + Run: tufInit, +} + +var cmdTufList = &cobra.Command{ + Use: "list [ QDN ]", + Short: "Lists all targets in a TUF repository.", + Long: "lists all the targets in the TUF repository identified by the Qualified Docker Name.", + Run: tufList, +} + +var cmdTufLookup = &cobra.Command{ + Use: "lookup [ QDN ] ", + Short: "Looks up a specific TUF target in a repository.", + Long: "looks up a TUF target in a repository given a Qualified Docker Name.", + Run: tufLookup, +} + +var cmdTufPush = &cobra.Command{ + Use: "push [ QDN ]", + Short: "initializes the local TUF repository.", + Long: "creates locally the initial set of TUF metadata for the Qualified Docker Name.", + Run: tufPush, +} + +func tufAdd(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a QDN") + } +} + +func tufInit(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a QDN") + } +} + +func tufList(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a QDN") + } +} + +func tufLookup(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a QDN") + } + + fmt.Println("Remote trust server configured: " + remoteTrustServer) + +} + +func tufPush(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a QDN") + } + + fmt.Println("Remote trust server configured: " + remoteTrustServer) +} + +func tufRemove(cmd *cobra.Command, args []string) { + if len(args) < 1 { + cmd.Usage() + fatalf("must specify a QDN") + } +} diff --git a/cmd/notary/tuf_add.go b/cmd/notary/tuf_add.go deleted file mode 100644 index e6819e8765..0000000000 --- a/cmd/notary/tuf_add.go +++ /dev/null @@ -1,17 +0,0 @@ -package main - -import "github.com/spf13/cobra" - -var cmdTufAdd = &cobra.Command{ - Use: "add [ QDN ] ", - Short: "pushes local updates.", - Long: "pushes all local updates within a specific TUF repo to remote trust server.", - Run: tufAdd, -} - -func tufAdd(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a QDN") - } -} diff --git a/cmd/notary/tuf_init.go b/cmd/notary/tuf_init.go deleted file mode 100644 index c1875c1ca5..0000000000 --- a/cmd/notary/tuf_init.go +++ /dev/null @@ -1,17 +0,0 @@ -package main - -import "github.com/spf13/cobra" - -var cmdTufInit = &cobra.Command{ - Use: "init [ QDN ]", - Short: "initializes the local TUF repository.", - Long: "creates locally the initial set of TUF metadata for the Qualified Docker Name.", - Run: tufInit, -} - -func tufInit(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a QDN") - } -} diff --git a/cmd/notary/tuf_list.go b/cmd/notary/tuf_list.go deleted file mode 100644 index e6e26b2ec9..0000000000 --- a/cmd/notary/tuf_list.go +++ /dev/null @@ -1,17 +0,0 @@ -package main - -import "github.com/spf13/cobra" - -var cmdTufList = &cobra.Command{ - Use: "list [ QDN ]", - Short: "Lists all targets in a TUF repository.", - Long: "lists all the targets in the TUF repository identified by the Qualified Docker Name.", - Run: tufList, -} - -func tufList(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a QDN") - } -} diff --git a/cmd/notary/tuf_lookup.go b/cmd/notary/tuf_lookup.go deleted file mode 100644 index 6733f76008..0000000000 --- a/cmd/notary/tuf_lookup.go +++ /dev/null @@ -1,28 +0,0 @@ -package main - -import ( - "fmt" - - "github.com/spf13/cobra" -) - -var cmdTufLookup = &cobra.Command{ - Use: "lookup [ QDN ] ", - Short: "Looks up a specific TUF target in a repository.", - Long: "looks up a TUF target in a repository given a Qualified Docker Name.", - Run: tufLookup, -} - -func init() { - cmdTufLookup.Flags().StringVarP(&remoteTrustServer, "remote", "r", "", "Remote trust server location") -} - -func tufLookup(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a QDN") - } - - fmt.Println("Remote trust server configured: " + remoteTrustServer) - -} diff --git a/cmd/notary/tuf_push.go b/cmd/notary/tuf_push.go deleted file mode 100644 index bb6f24fba6..0000000000 --- a/cmd/notary/tuf_push.go +++ /dev/null @@ -1,27 +0,0 @@ -package main - -import ( - "fmt" - - "github.com/spf13/cobra" -) - -var cmdTufPush = &cobra.Command{ - Use: "push [ QDN ]", - Short: "initializes the local TUF repository.", - Long: "creates locally the initial set of TUF metadata for the Qualified Docker Name.", - Run: tufPush, -} - -func init() { - cmdTufPush.Flags().StringVarP(&remoteTrustServer, "remote", "r", "", "Remote trust server location") -} - -func tufPush(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a QDN") - } - - fmt.Println("Remote trust server configured: " + remoteTrustServer) -} diff --git a/cmd/notary/tuf_remove.go b/cmd/notary/tuf_remove.go deleted file mode 100644 index 111ae8aac0..0000000000 --- a/cmd/notary/tuf_remove.go +++ /dev/null @@ -1,17 +0,0 @@ -package main - -import "github.com/spf13/cobra" - -var cmdTufRemove = &cobra.Command{ - Use: "remove [ QDN ] ", - Short: "Removes a target from the TUF repo.", - Long: "removes a target from the local TUF repo identified by a Qualified Docker Name.", - Run: tufRemove, -} - -func tufRemove(cmd *cobra.Command, args []string) { - if len(args) < 1 { - cmd.Usage() - fatalf("must specify a QDN") - } -}