This repository has been archived by the owner on Jul 16, 2021. It is now read-only.
/
post.go
117 lines (103 loc) · 3.3 KB
/
post.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// Copyright 2016 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd
import (
"context"
"encoding/base64"
"fmt"
"log"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"google.golang.org/grpc"
tpb "github.com/google/keytransparency/core/api/type/type_go_proto"
"github.com/google/tink/go/tink"
)
var (
data string
)
// postCmd represents the post command
var postCmd = &cobra.Command{
Use: "post [user email] -d {base64 key data}",
Short: "Update the account with the given profile",
Long: `Post replaces the current key-set with the provided key-set,
and verifies that both the previous and current key-sets are accurate. eg:
./keytransparency-client post foobar@example.com -d "dGVzdA=="
User email MUST match the OAuth account used to authorize the update.
`,
PreRun: func(cmd *cobra.Command, args []string) {
handle, err := readKeysetFile(keysetFile, masterPassword)
if err != nil {
log.Fatal(err)
}
keyset = handle
},
RunE: func(cmd *cobra.Command, args []string) error {
// Validate input.
if len(args) < 1 {
return fmt.Errorf("user email needs to be provided")
}
if data == "" {
return fmt.Errorf("no key data provided")
}
if !viper.IsSet("client-secret") {
return fmt.Errorf("no client secret provided")
}
profileData, err := base64.StdEncoding.DecodeString(data)
if err != nil {
return fmt.Errorf("hex.Decode(%v): %v", data, err)
}
userID := args[0]
timeout := viper.GetDuration("timeout")
ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
// Create client.
userCreds, err := userCreds(ctx)
if err != nil {
return err
}
c, err := GetClient(ctx)
if err != nil {
return fmt.Errorf("error connecting: %v", err)
}
// Update.
authorizedKeys, err := keyset.Public()
if err != nil {
return fmt.Errorf("store.PublicKeys() failed: %v", err)
}
if err != nil {
return fmt.Errorf("updateKeys() failed: %v", err)
}
u := &tpb.User{
DirectoryId: viper.GetString("directory"),
UserId: userID,
PublicKeyData: profileData,
AuthorizedKeys: authorizedKeys.Keyset(),
}
if _, err := c.Update(ctx, u, []*tink.KeysetHandle{keyset},
grpc.PerRPCCredentials(userCreds)); err != nil {
return fmt.Errorf("update failed: %v", err)
}
fmt.Printf("New key for %v: %x\n", userID, data)
return nil
},
}
func init() {
RootCmd.AddCommand(postCmd)
postCmd.PersistentFlags().StringVarP(&masterPassword, "password", "p", "", "The master key to the local keyset")
postCmd.PersistentFlags().StringP("secret", "s", "", "Path to client secret json")
if err := viper.BindPFlag("client-secret", postCmd.PersistentFlags().Lookup("secret")); err != nil {
log.Fatalf("%v", err)
}
postCmd.PersistentFlags().StringVarP(&data, "data", "d", "", "hex encoded key data")
}