Beispiel #1
0
func (m *mailer) updateCertStatus(serial string) error {
	// Update CertificateStatus object
	tx, err := m.dbMap.Begin()
	if err != nil {
		err = sa.Rollback(tx, err)
		m.log.Err(fmt.Sprintf("Error opening transaction for certificate %s: %s", serial, err))
		return err
	}

	csObj, err := tx.Get(&core.CertificateStatus{}, serial)
	if err != nil {
		err = sa.Rollback(tx, err)
		m.log.Err(fmt.Sprintf("Error fetching status for certificate %s: %s", serial, err))
		return err
	}
	certStatus := csObj.(*core.CertificateStatus)
	certStatus.LastExpirationNagSent = m.clk.Now()

	_, err = tx.Update(certStatus)
	if err != nil {
		err = sa.Rollback(tx, err)
		m.log.Err(fmt.Sprintf("Error updating status for certificate %s: %s", serial, err))
		return err
	}

	err = tx.Commit()
	if err != nil {
		err = sa.Rollback(tx, err)
		m.log.Err(fmt.Sprintf("Error committing transaction for certificate %s: %s", serial, err))
		return err
	}

	return nil
}
func main() {
	ctx := context.Background()
	app := cli.NewApp()
	app.Name = "admin-revoker"
	app.Usage = "Revokes issued certificates"
	app.Version = cmd.Version()
	app.Author = "Boulder contributors"
	app.Email = "*****@*****.**"

	app.Flags = []cli.Flag{
		cli.StringFlag{
			Name:   "config",
			Value:  "config.json",
			EnvVar: "BOULDER_CONFIG",
			Usage:  "Path to Boulder JSON configuration file",
		},
	}
	app.Commands = []cli.Command{
		{
			Name:  "serial-revoke",
			Usage: "Revoke a single certificate by the hex serial number",
			Action: func(c *cli.Context) {
				// 1: serial,  2: reasonCode
				serial := c.Args().First()
				reasonCode, err := strconv.Atoi(c.Args().Get(1))
				cmd.FailOnError(err, "Reason code argument must be an integer")

				cac, logger, dbMap, _, _ := setupContext(c)

				tx, err := dbMap.Begin()
				if err != nil {
					cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
				}

				err = revokeBySerial(ctx, serial, core.RevocationCode(reasonCode), cac, logger, tx)
				if err != nil {
					cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
				}

				err = tx.Commit()
				cmd.FailOnError(err, "Couldn't cleanly close transaction")
			},
		},
		{
			Name:  "reg-revoke",
			Usage: "Revoke all certificates associated with a registration ID",
			Action: func(c *cli.Context) {
				// 1: registration ID,  2: reasonCode
				regID, err := strconv.ParseInt(c.Args().First(), 10, 64)
				cmd.FailOnError(err, "Registration ID argument must be an integer")
				reasonCode, err := strconv.Atoi(c.Args().Get(1))
				cmd.FailOnError(err, "Reason code argument must be an integer")

				cac, logger, dbMap, sac, _ := setupContext(c)
				// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
				defer logger.AuditPanic()

				tx, err := dbMap.Begin()
				if err != nil {
					cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
				}

				_, err = sac.GetRegistration(ctx, regID)
				if err != nil {
					cmd.FailOnError(err, "Couldn't fetch registration")
				}

				err = revokeByReg(ctx, regID, core.RevocationCode(reasonCode), cac, logger, tx)
				if err != nil {
					cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
				}

				err = tx.Commit()
				cmd.FailOnError(err, "Couldn't cleanly close transaction")
			},
		},
		{
			Name:  "list-reasons",
			Usage: "List all revocation reason codes",
			Action: func(c *cli.Context) {
				var codes revocationCodes
				for k := range core.RevocationReasons {
					codes = append(codes, k)
				}
				sort.Sort(codes)
				fmt.Printf("Revocation reason codes\n-----------------------\n\n")
				for _, k := range codes {
					fmt.Printf("%d: %s\n", k, core.RevocationReasons[k])
				}
			},
		},
		{
			Name:  "auth-revoke",
			Usage: "Revoke all pending/valid authorizations for a domain",
			Action: func(c *cli.Context) {
				domain := c.Args().First()
				_, logger, _, sac, stats := setupContext(c)
				ident := core.AcmeIdentifier{Value: domain, Type: core.IdentifierDNS}
				authsRevoked, pendingAuthsRevoked, err := sac.RevokeAuthorizationsByDomain(ctx, ident)
				cmd.FailOnError(err, fmt.Sprintf("Failed to revoke authorizations for %s", ident.Value))
				logger.Info(fmt.Sprintf(
					"Revoked %d pending authorizations and %d final authorizations\n",
					authsRevoked,
					pendingAuthsRevoked,
				))
				stats.Inc("admin-revoker.revokedAuthorizations", authsRevoked, 1.0)
				stats.Inc("admin-revoker.revokedPendingAuthorizations", pendingAuthsRevoked, 1.0)
			},
		},
	}

	err := app.Run(os.Args)
	cmd.FailOnError(err, "Failed to run application")
}
Beispiel #3
0
func main() {
	usage := func() {
		fmt.Fprintf(os.Stderr, usageString)
		os.Exit(1)
	}
	if len(os.Args) <= 2 {
		usage()
	}

	command := os.Args[1]
	flagSet := flag.NewFlagSet(command, flag.ContinueOnError)
	configFile := flagSet.String("config", "", "File path to the configuration file for this service")
	err := flagSet.Parse(os.Args[2:])
	cmd.FailOnError(err, "Error parsing flagset")

	if *configFile == "" {
		usage()
	}

	var c config
	err = cmd.ReadConfigFile(*configFile, &c)
	cmd.FailOnError(err, "Reading JSON config file into config structure")

	ctx := context.Background()
	args := flagSet.Args()
	switch {
	case command == "serial-revoke" && len(args) == 2:
		// 1: serial,  2: reasonCode
		serial := args[0]
		reasonCode, err := strconv.Atoi(args[1])
		cmd.FailOnError(err, "Reason code argument must be an integer")

		rac, logger, dbMap, _, _ := setupContext(c)

		tx, err := dbMap.Begin()
		if err != nil {
			cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
		}

		err = revokeBySerial(ctx, serial, revocation.Reason(reasonCode), rac, logger, tx)
		if err != nil {
			cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
		}

		err = tx.Commit()
		cmd.FailOnError(err, "Couldn't cleanly close transaction")

	case command == "reg-revoke" && len(args) == 2:
		// 1: registration ID,  2: reasonCode
		regID, err := strconv.ParseInt(args[0], 10, 64)
		cmd.FailOnError(err, "Registration ID argument must be an integer")
		reasonCode, err := strconv.Atoi(args[1])
		cmd.FailOnError(err, "Reason code argument must be an integer")

		rac, logger, dbMap, sac, _ := setupContext(c)
		defer logger.AuditPanic()

		tx, err := dbMap.Begin()
		if err != nil {
			cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
		}

		_, err = sac.GetRegistration(ctx, regID)
		if err != nil {
			cmd.FailOnError(err, "Couldn't fetch registration")
		}

		err = revokeByReg(ctx, regID, revocation.Reason(reasonCode), rac, logger, tx)
		if err != nil {
			cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
		}

		err = tx.Commit()
		cmd.FailOnError(err, "Couldn't cleanly close transaction")

	case command == "list-reasons":
		var codes revocationCodes
		for k := range revocation.ReasonToString {
			codes = append(codes, k)
		}
		sort.Sort(codes)
		fmt.Printf("Revocation reason codes\n-----------------------\n\n")
		for _, k := range codes {
			fmt.Printf("%d: %s\n", k, revocation.ReasonToString[k])
		}

	case command == "auth-revoke" && len(args) == 1:
		domain := args[0]
		_, logger, _, sac, stats := setupContext(c)
		ident := core.AcmeIdentifier{Value: domain, Type: core.IdentifierDNS}
		authsRevoked, pendingAuthsRevoked, err := sac.RevokeAuthorizationsByDomain(ctx, ident)
		cmd.FailOnError(err, fmt.Sprintf("Failed to revoke authorizations for %s", ident.Value))
		logger.Info(fmt.Sprintf(
			"Revoked %d pending authorizations and %d final authorizations\n",
			pendingAuthsRevoked,
			authsRevoked,
		))
		stats.Inc("RevokedAuthorizations", authsRevoked)
		stats.Inc("RevokedPendingAuthorizations", pendingAuthsRevoked)

	default:
		usage()
	}
}