package io.fathom.cloud.secrets.commands;
import io.fathom.cloud.commands.AuthenticatedCmdlet;
import io.fathom.cloud.secrets.services.ca.KeyPairs;
import io.fathom.cloud.server.auth.Auth;
import io.fathom.cloud.server.model.Project;
import io.fathom.cloud.services.SecretService;
import io.fathom.cloud.services.SecretService.Secret;
import io.fathom.cloud.services.SecretService.SecretItem;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.inject.Inject;
import org.kohsuke.args4j.Option;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.fathomdb.crypto.CertificateAndKey;
import com.fathomdb.crypto.Certificates;
import com.fathomdb.crypto.EncryptionStore;
import com.fathomdb.crypto.SimpleCertificateAndKey;
import com.google.common.base.Charsets;
import com.google.protobuf.Message;
public class SecretKeyActivateCmdlet extends AuthenticatedCmdlet {
private static final Logger log = LoggerFactory.getLogger(SecretKeyActivateCmdlet.class);
public SecretKeyActivateCmdlet() {
super("secret-key-activate");
}
@Option(name = "-s", usage = "key subject", required = true)
public String subject;
@Option(name = "-alias", usage = "alias to save as", required = false)
public String alias = "https";
@Inject
SecretService secretService;
@Inject
EncryptionStore encryptionStore;
@Override
protected Message run0() throws Exception {
Auth auth = getAuth();
Project project = auth.getProject();
List<Secret> secrets = secretService.list(auth, project);
Secret found = null;
for (Secret secret : secrets) {
if (subject.equals(secret.getSecretInfo().subject)) {
if (found != null) {
throw new IllegalStateException("Found multiple keys with subject: " + subject);
}
found = secret;
}
}
if (found == null) {
throw new IllegalArgumentException("Key not found with subject: " + subject);
}
String certificate = getSecret(found, "certificate");
List<X509Certificate> certificateChain = Certificates.fromPem(certificate);
String keypairEncoded = getSecret(found, "privatekey");
KeyPair keypair = KeyPairs.fromPem(keypairEncoded);
CertificateAndKey certificateAndKey = new SimpleCertificateAndKey(certificateChain, keypair.getPrivate());
encryptionStore.setCertificateAndKey(alias, certificateAndKey);
return null;
}
private String getSecret(Secret secret, String key) {
SecretItem item = secret.find(key);
if (item == null) {
throw new IllegalArgumentException("Secret not found: " + key);
}
return new String(item.getBytes(), Charsets.UTF_8);
}
}