// repositoryFromKeystores is a helper function for NewNotaryRepository that
// takes some basic NotaryRepository parameters as well as keystores (in order
// of usage preference), and returns a NotaryRepository.
func repositoryFromKeystores(baseDir, gun, baseURL string, rt http.RoundTripper,
keyStores []trustmanager.KeyStore) (*NotaryRepository, error) {
certManager, err := certs.NewManager(baseDir)
if err != nil {
return nil, err
}
cryptoService := cryptoservice.NewCryptoService(gun, keyStores...)
nRepo := &NotaryRepository{
gun: gun,
baseDir: baseDir,
baseURL: baseURL,
tufRepoPath: filepath.Join(baseDir, tufDir, filepath.FromSlash(gun)),
CryptoService: cryptoService,
roundTrip: rt,
CertManager: certManager,
}
fileStore, err := store.NewFilesystemStore(
nRepo.tufRepoPath,
"metadata",
"json",
"",
)
if err != nil {
return nil, err
}
nRepo.fileStore = fileStore
return nRepo, nil
}
func certList(cmd *cobra.Command, args []string) {
if len(args) > 0 {
cmd.Usage()
os.Exit(1)
}
parseConfig()
trustDir := mainViper.GetString("trust_dir")
certManager, err := certs.NewManager(trustDir)
if err != nil {
fatalf("Failed to create a new truststore manager with directory: %s", trustDir)
}
trustedCerts := certManager.TrustedCertificateStore().GetCertificates()
cmd.Println("")
prettyPrintCerts(trustedCerts, cmd.Out())
cmd.Println("")
}
// certRemove deletes a certificate given a cert ID or a gun
func certRemove(cmd *cobra.Command, args []string) {
// If the user hasn't provided -g with a gun, or a cert ID, show usage
// If the user provided -g and a cert ID, also show usage
if (len(args) < 1 && certRemoveGUN == "") || (len(args) > 0 && certRemoveGUN != "") {
cmd.Usage()
fatalf("Must specify the cert ID or the GUN of the certificates to remove")
}
parseConfig()
trustDir := mainViper.GetString("trust_dir")
certManager, err := certs.NewManager(trustDir)
if err != nil {
fatalf("Failed to create a new truststore manager with directory: %s", trustDir)
}
var certsToRemove []*x509.Certificate
// If there is no GUN, we expect a cert ID
if certRemoveGUN == "" {
certID := args[0]
// This is an invalid ID
if len(certID) != idSize {
fatalf("Invalid certificate ID provided: %s", certID)
}
// Attempt to find this certificates
cert, err := certManager.TrustedCertificateStore().GetCertificateByCertID(certID)
if err != nil {
fatalf("Unable to retrieve certificate with cert ID: %s", certID)
}
certsToRemove = append(certsToRemove, cert)
} else {
// We got the -g flag, it's a GUN
toRemove, err := certManager.TrustedCertificateStore().GetCertificatesByCN(
certRemoveGUN)
if err != nil {
fatalf("%v", err)
}
certsToRemove = append(certsToRemove, toRemove...)
}
// List all the keys about to be removed
cmd.Printf("The following certificates will be removed:\n\n")
for _, cert := range certsToRemove {
// This error can't occur because we're getting certs off of an
// x509 store that indexes by ID.
certID, _ := trustmanager.FingerprintCert(cert)
cmd.Printf("%s - %s\n", cert.Subject.CommonName, certID)
}
cmd.Println("\nAre you sure you want to remove these certificates? (yes/no)")
// Ask for confirmation before removing certificates, unless -y is provided
if !certRemoveYes {
confirmed := askConfirm()
if !confirmed {
fatalf("Aborting action.")
}
}
// Remove all the certs
for _, cert := range certsToRemove {
err = certManager.TrustedCertificateStore().RemoveCert(cert)
if err != nil {
fatalf("Failed to remove root certificate for %s", cert.Subject.CommonName)
}
}
}
