cmd

package
v0.0.0-...-2a87563 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 22, 2022 License: LGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DecryptCmd = &cli.Command{
	Name: "decrypt",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:    "repo-path",
			Usage:   "Specify the KMS configuration repository",
			EnvVars: []string{"KMS_REPO_PATH"},
			Value:   "/tmp",
		},
		&cli.StringFlag{
			Name:     "src",
			Usage:    "Specify encrypted file (support local file path, ipfs://file, https://file)",
			Required: true,
		},
		&cli.StringFlag{
			Name:  "output",
			Usage: "Decrypted file output directory",
			Value: "",
		},
	},
	Action: func(cctx *cli.Context) error {
		repoPath := cctx.String("repo-path")
		kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig)

		kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath)
		if err != nil {
			return err
		}

		src := cctx.String("src")
		var data []byte
		if strings.HasPrefix(src, "http") {
			resp, err := http.Get(src)
			if err != nil {
				return err
			}
			data, err = ioutil.ReadAll(resp.Body)
			if err != nil {
				return err
			}
		} else if strings.HasPrefix(src, "ipfs") {
			str := strings.Replace(src, "ipfs://", "", 1)
			ss := strings.Split(str, "/")
			if len(ss) != 2 {
				return fmt.Errorf("src is not a valid ipfs link")
			}
			sh := ipfsShell.NewShell(ss[0])
			read, err := sh.Cat(ss[1])
			if err != nil {
				return err
			}
			data, err = ioutil.ReadAll(read)
			if err != nil {
				return err
			}
		} else {
			readCloser, _, err := decrypt.FsOpenFile(context.TODO(), src, 0)
			if err != nil {
				return err
			}
			defer readCloser.Close()
			data, err = ioutil.ReadAll(readCloser)
			if err != nil {
				return err
			}
		}

		metadataLen := decrypt.BytesToInt(data[0:4])
		log.Debug("metadataLen: ", metadataLen)

		var metadata map[string]string
		err = json.Unmarshal(data[4:4+metadataLen], &metadata)
		if err != nil {
			return err
		}
		log.Info("metadata: ", metadata)

		kmsID := metadata[decrypt.MetaKeyID]
		kmsKey, ok := kmsKeys[kmsID]
		if !ok {
			return errors.New("KMS key ID non-existent")
		}

		reader := bytes.NewReader(data[4+metadataLen:])
		decReader, err := decrypt.Unseal(reader, metadata, kmsKey)

		output := cctx.String("output")
		decrypt.MkdirAll(output)

		object := filepath.Base(metadata[decrypt.MetaObject])
		dest := ""
		if output != "" {
			dest = path.Join(output, object)
		} else {
			dest = object
		}

		err = decrypt.WriteFile(decReader, dest)
		if err != nil {
			return err
		}

		log.Info(dest)
		return nil
	},
}
View Source
var ImportCmd = &cli.Command{
	Name:  "import",
	Usage: "Import KMS key config",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:    "repo-path",
			Usage:   "Specify the KMS configuration repository",
			EnvVars: []string{"KMS_REPO_PATH"},
			Value:   "/tmp",
		},
		&cli.StringFlag{
			Name:     "keyConfig",
			Usage:    "Input KMS key/secret config file path",
			Required: true,
		},
	},
	Action: func(cctx *cli.Context) error {
		repoPath := cctx.String("repo-path")
		kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig)

		kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath)
		if err != nil {
			return err
		}

		keyConfigPath := cctx.String("keyConfig")
		ok, err := decrypt.FileExist(keyConfigPath)
		if err != nil {
			return err
		}
		if !ok {
			return errors.New("KMS key config is non-existent")
		}

		data, err := ioutil.ReadFile(keyConfigPath)
		if err != nil {
			return err
		}

		var keySecret = map[string]string{}
		err = json.Unmarshal(data, &keySecret)
		if err != nil {
			return err
		}

		kmsKeys[keySecret["kmsID"]] = keySecret["kmsKey"]

		b, err := json.MarshalIndent(kmsKeys, "", "")
		if err != nil {
			return err
		}
		reader := bytes.NewReader(b)

		err = decrypt.WriteFile(reader, kmsConfigPath)
		if err != nil {
			return err
		}

		return nil
	},
}
View Source
var InitCmd = &cli.Command{
	Name:  "init",
	Usage: "Initialize a KMS repo",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:    "repo-path",
			Usage:   "Specify the KMS configuration repository",
			EnvVars: []string{"KMS_REPO_PATH"},
			Value:   "/tmp",
		},
	},
	Action: func(cctx *cli.Context) error {
		log.Info("Initializing KMS")

		repoPath := cctx.String("repo-path")

		kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig)

		ok, err := decrypt.FileExist(kmsConfigPath)
		if err != nil {
			return err
		}
		if ok {
			return fmt.Errorf("repo at '%s' is already initialized", decrypt.KMSConfig)
		}

		log.Infof("Initializing repo at '%s'", repoPath)
		err = os.MkdirAll(repoPath, 0755)
		if err != nil && !os.IsExist(err) {
			return err
		}

		c, err := os.Create(kmsConfigPath)
		if err != nil {
			return err
		}
		defer c.Close()
		err = os.Chmod(kmsConfigPath, 0666)
		if err != nil {
			return err
		}

		b, err := json.MarshalIndent(map[string]string{}, "", "")
		if err != nil {
			return fmt.Errorf("marshaling KMS config: %w", err)
		}

		if err := ioutil.WriteFile(kmsConfigPath, b, 0644); err != nil {
			return fmt.Errorf("persisting storage metadata (%s): %w", kmsConfigPath, err)
		}

		log.Infof("kms repo at '%s' initialized success", kmsConfigPath)

		return nil
	},
}
View Source
var ListCmd = &cli.Command{
	Name:  "list",
	Usage: "Show KMS keys list",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:    "repo-path",
			Usage:   "Specify the KMS configuration repository",
			EnvVars: []string{"KMS_REPO_PATH"},
			Value:   "/tmp",
		},
	},
	Action: func(cctx *cli.Context) error {
		repoPath := cctx.String("repo-path")
		kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig)

		kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath)
		if err != nil {
			return err
		}

		for k, _ := range kmsKeys {
			log.Infof("%s\n", k)
		}

		return nil
	},
}
View Source
var RemoveCmd = &cli.Command{
	Name:  "remove",
	Usage: "Remove KMS key ID",
	Flags: []cli.Flag{
		&cli.StringFlag{
			Name:    "repo-path",
			Usage:   "Specify the KMS configuration repository",
			EnvVars: []string{"KMS_REPO_PATH"},
			Value:   "/tmp",
		},
		&cli.StringFlag{
			Name:     "keyID",
			Usage:    "Input KMS key ID",
			Required: true,
		},
	},
	Action: func(cctx *cli.Context) error {
		repoPath := cctx.String("repo-path")
		kmsConfigPath := filepath.Join(repoPath, decrypt.KMSConfig)

		kmsKeys, err := decrypt.GetKmsKeys(kmsConfigPath)
		if err != nil {
			return err
		}

		_, ok := kmsKeys[cctx.String("keyID")]
		if !ok {
			return errors.New("KMS key ID non-existent")
		}

		var tempKmsKeys = map[string]string{}
		for k, v := range kmsKeys {
			if k == cctx.String("keyID") {
				continue
			}
			tempKmsKeys[k] = v
		}
		b, err := json.MarshalIndent(tempKmsKeys, "", "")
		if err != nil {
			return err
		}
		reader := bytes.NewReader(b)

		err = decrypt.WriteFile(reader, kmsConfigPath)
		if err != nil {
			return err
		}
		return nil
	},
}

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL