SecretKeyCreateCmdlet.java

package io.fathom.cloud.secrets.commands;

import io.fathom.cloud.commands.AuthenticatedCmdlet;
import io.fathom.cloud.secrets.services.ca.Csr;
import io.fathom.cloud.secrets.services.ca.KeyPairs;
import io.fathom.cloud.secrets.services.ca.SelfSigned;
import io.fathom.cloud.server.auth.Auth;
import io.fathom.cloud.server.model.Project;
import io.fathom.cloud.services.SecretService;
import io.fathom.cloud.services.SecretService.SecretInfo;

import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.List;

import javax.inject.Inject;

import org.kohsuke.args4j.Option;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.fathomdb.crypto.Certificates;
import com.google.common.base.Charsets;
import com.google.protobuf.Message;

public class SecretKeyCreateCmdlet extends AuthenticatedCmdlet {
    private static final Logger log = LoggerFactory.getLogger(SecretKeyCreateCmdlet.class);

    public SecretKeyCreateCmdlet() {
        super("secret-key-create");
    }

    @Option(name = "-s", usage = "subject", required = true)
    public String subject;

    @Inject
    SecretService secretService;

    @Override
    protected Message run0() throws Exception {
        Auth auth = getAuth();
        Project project = auth.getProject();

        SelfSigned helper = new SelfSigned();

        int keySize = 2048;
        String algorithm = "rsa";

        KeyPair keyPair = KeyPairs.generateKeyPair(algorithm, keySize);
        Csr csr = helper.buildCsr(keyPair, subject);

        List<X509Certificate> certChain = helper.selfSign(csr, keyPair);

        StringBuilder sb = new StringBuilder();
        for (X509Certificate cert : certChain) {
            sb.append(Certificates.toPem(cert));
        }

        SecretInfo secretInfo = new SecretInfo();
        secretInfo.name = "Self signed certificate for " + subject;
        secretInfo.algorithm = algorithm;
        secretInfo.keySize = keySize;
        secretInfo.subject = subject;

        SecretService.Secret secret = secretService.create(auth, project, secretInfo);

        secretService.setSecretItem(auth, secret, "certificate", sb.toString().getBytes(Charsets.UTF_8));

        String encoded = KeyPairs.toPem(keyPair);
        secretService.setSecretItem(auth, secret, "privatekey", encoded.getBytes(Charsets.UTF_8));

        return null;
    }
}