func (m *mailer) updateCertStatus(serial string) error {
// Update CertificateStatus object
tx, err := m.dbMap.Begin()
if err != nil {
err = sa.Rollback(tx, err)
m.log.Err(fmt.Sprintf("Error opening transaction for certificate %s: %s", serial, err))
return err
}
csObj, err := tx.Get(&core.CertificateStatus{}, serial)
if err != nil {
err = sa.Rollback(tx, err)
m.log.Err(fmt.Sprintf("Error fetching status for certificate %s: %s", serial, err))
return err
}
certStatus := csObj.(*core.CertificateStatus)
certStatus.LastExpirationNagSent = m.clk.Now()
_, err = tx.Update(certStatus)
if err != nil {
err = sa.Rollback(tx, err)
m.log.Err(fmt.Sprintf("Error updating status for certificate %s: %s", serial, err))
return err
}
err = tx.Commit()
if err != nil {
err = sa.Rollback(tx, err)
m.log.Err(fmt.Sprintf("Error committing transaction for certificate %s: %s", serial, err))
return err
}
return nil
}
func main() {
ctx := context.Background()
app := cli.NewApp()
app.Name = "admin-revoker"
app.Usage = "Revokes issued certificates"
app.Version = cmd.Version()
app.Author = "Boulder contributors"
app.Email = "*****@*****.**"
app.Flags = []cli.Flag{
cli.StringFlag{
Name: "config",
Value: "config.json",
EnvVar: "BOULDER_CONFIG",
Usage: "Path to Boulder JSON configuration file",
},
}
app.Commands = []cli.Command{
{
Name: "serial-revoke",
Usage: "Revoke a single certificate by the hex serial number",
Action: func(c *cli.Context) {
// 1: serial, 2: reasonCode
serial := c.Args().First()
reasonCode, err := strconv.Atoi(c.Args().Get(1))
cmd.FailOnError(err, "Reason code argument must be an integer")
cac, logger, dbMap, _, _ := setupContext(c)
tx, err := dbMap.Begin()
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
}
err = revokeBySerial(ctx, serial, core.RevocationCode(reasonCode), cac, logger, tx)
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
}
err = tx.Commit()
cmd.FailOnError(err, "Couldn't cleanly close transaction")
},
},
{
Name: "reg-revoke",
Usage: "Revoke all certificates associated with a registration ID",
Action: func(c *cli.Context) {
// 1: registration ID, 2: reasonCode
regID, err := strconv.ParseInt(c.Args().First(), 10, 64)
cmd.FailOnError(err, "Registration ID argument must be an integer")
reasonCode, err := strconv.Atoi(c.Args().Get(1))
cmd.FailOnError(err, "Reason code argument must be an integer")
cac, logger, dbMap, sac, _ := setupContext(c)
// AUDIT[ Error Conditions ] 9cc4d537-8534-4970-8665-4b382abe82f3
defer logger.AuditPanic()
tx, err := dbMap.Begin()
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
}
_, err = sac.GetRegistration(ctx, regID)
if err != nil {
cmd.FailOnError(err, "Couldn't fetch registration")
}
err = revokeByReg(ctx, regID, core.RevocationCode(reasonCode), cac, logger, tx)
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
}
err = tx.Commit()
cmd.FailOnError(err, "Couldn't cleanly close transaction")
},
},
{
Name: "list-reasons",
Usage: "List all revocation reason codes",
Action: func(c *cli.Context) {
var codes revocationCodes
for k := range core.RevocationReasons {
codes = append(codes, k)
}
sort.Sort(codes)
fmt.Printf("Revocation reason codes\n-----------------------\n\n")
for _, k := range codes {
fmt.Printf("%d: %s\n", k, core.RevocationReasons[k])
}
},
},
{
Name: "auth-revoke",
Usage: "Revoke all pending/valid authorizations for a domain",
Action: func(c *cli.Context) {
domain := c.Args().First()
_, logger, _, sac, stats := setupContext(c)
ident := core.AcmeIdentifier{Value: domain, Type: core.IdentifierDNS}
authsRevoked, pendingAuthsRevoked, err := sac.RevokeAuthorizationsByDomain(ctx, ident)
cmd.FailOnError(err, fmt.Sprintf("Failed to revoke authorizations for %s", ident.Value))
logger.Info(fmt.Sprintf(
"Revoked %d pending authorizations and %d final authorizations\n",
authsRevoked,
pendingAuthsRevoked,
))
stats.Inc("admin-revoker.revokedAuthorizations", authsRevoked, 1.0)
stats.Inc("admin-revoker.revokedPendingAuthorizations", pendingAuthsRevoked, 1.0)
},
},
}
err := app.Run(os.Args)
cmd.FailOnError(err, "Failed to run application")
}
func main() {
usage := func() {
fmt.Fprintf(os.Stderr, usageString)
os.Exit(1)
}
if len(os.Args) <= 2 {
usage()
}
command := os.Args[1]
flagSet := flag.NewFlagSet(command, flag.ContinueOnError)
configFile := flagSet.String("config", "", "File path to the configuration file for this service")
err := flagSet.Parse(os.Args[2:])
cmd.FailOnError(err, "Error parsing flagset")
if *configFile == "" {
usage()
}
var c config
err = cmd.ReadConfigFile(*configFile, &c)
cmd.FailOnError(err, "Reading JSON config file into config structure")
ctx := context.Background()
args := flagSet.Args()
switch {
case command == "serial-revoke" && len(args) == 2:
// 1: serial, 2: reasonCode
serial := args[0]
reasonCode, err := strconv.Atoi(args[1])
cmd.FailOnError(err, "Reason code argument must be an integer")
rac, logger, dbMap, _, _ := setupContext(c)
tx, err := dbMap.Begin()
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
}
err = revokeBySerial(ctx, serial, revocation.Reason(reasonCode), rac, logger, tx)
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
}
err = tx.Commit()
cmd.FailOnError(err, "Couldn't cleanly close transaction")
case command == "reg-revoke" && len(args) == 2:
// 1: registration ID, 2: reasonCode
regID, err := strconv.ParseInt(args[0], 10, 64)
cmd.FailOnError(err, "Registration ID argument must be an integer")
reasonCode, err := strconv.Atoi(args[1])
cmd.FailOnError(err, "Reason code argument must be an integer")
rac, logger, dbMap, sac, _ := setupContext(c)
defer logger.AuditPanic()
tx, err := dbMap.Begin()
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't begin transaction")
}
_, err = sac.GetRegistration(ctx, regID)
if err != nil {
cmd.FailOnError(err, "Couldn't fetch registration")
}
err = revokeByReg(ctx, regID, revocation.Reason(reasonCode), rac, logger, tx)
if err != nil {
cmd.FailOnError(sa.Rollback(tx, err), "Couldn't revoke certificate")
}
err = tx.Commit()
cmd.FailOnError(err, "Couldn't cleanly close transaction")
case command == "list-reasons":
var codes revocationCodes
for k := range revocation.ReasonToString {
codes = append(codes, k)
}
sort.Sort(codes)
fmt.Printf("Revocation reason codes\n-----------------------\n\n")
for _, k := range codes {
fmt.Printf("%d: %s\n", k, revocation.ReasonToString[k])
}
case command == "auth-revoke" && len(args) == 1:
domain := args[0]
_, logger, _, sac, stats := setupContext(c)
ident := core.AcmeIdentifier{Value: domain, Type: core.IdentifierDNS}
authsRevoked, pendingAuthsRevoked, err := sac.RevokeAuthorizationsByDomain(ctx, ident)
cmd.FailOnError(err, fmt.Sprintf("Failed to revoke authorizations for %s", ident.Value))
logger.Info(fmt.Sprintf(
"Revoked %d pending authorizations and %d final authorizations\n",
pendingAuthsRevoked,
authsRevoked,
))
stats.Inc("RevokedAuthorizations", authsRevoked)
stats.Inc("RevokedPendingAuthorizations", pendingAuthsRevoked)
default:
usage()
}
}