Let clients list and revoke certs

2021-12-06 19:14:39 +01:00
parent 79b80772c7
commit be564f9a3e
12 changed files with 684 additions and 122 deletions
--- a/actions/client.go
+++ b/actions/client.go
@@ -394,3 +394,71 @@ func ActionClientChangePassword(c *cli.Context) error {
 	}
 	return nil
 }
+
+func ActionClientCertList(c *cli.Context) error {
+	cfg, err := getConfig(c)
+	if err != nil {
+		return err
+	}
+
+	addr := cfg.Client.DefaultServer
+	if c.IsSet("addr") {
+		addr = c.String("addr")
+	}
+
+	clientCreds, err := cfg.Client.Creds()
+	if err != nil {
+		return err
+	}
+	conn, err := grpc.DialContext(c.Context, addr, grpc.WithTransportCredentials(clientCreds))
+
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	client := pb.NewCertificateServiceClient(conn)
+	resp, err := client.ListCertificates(c.Context, &pb.Empty{})
+	if err != nil {
+		return cli.Exit(fmt.Sprintf("unable to list certificates: %s", err), 1)
+	}
+
+	for _, info := range resp.Certificates {
+		fmt.Printf("%s - %s", info.Serial, info.OwnerUsername)
+	}
+	return nil
+}
+
+func ActionClientCertRevoke(c *cli.Context) error {
+	if c.Args().Len() < 1 {
+		return cli.Exit("need at least 1 argument", 1)
+	}
+	cfg, err := getConfig(c)
+	if err != nil {
+		return err
+	}
+
+	addr := cfg.Client.DefaultServer
+	if c.IsSet("addr") {
+		addr = c.String("addr")
+	}
+
+	clientCreds, err := cfg.Client.Creds()
+	if err != nil {
+		return err
+	}
+	conn, err := grpc.DialContext(c.Context, addr, grpc.WithTransportCredentials(clientCreds))
+
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	client := pb.NewCertificateServiceClient(conn)
+	for _, serial := range c.Args().Slice() {
+		if _, err := client.RevokeCertificate(c.Context, &pb.RevokeCertificateRequest{Serial: serial}); err != nil {
+			fmt.Printf("Revoked %s\n", serial)
+		}
+	}
+	return nil
+}
--- a/actions/serve.go
+++ b/actions/serve.go
@@ -33,6 +33,7 @@ func ActionServe(c *cli.Context) error {
 	serverLogger := logger.Named("SERV")
 	authLogger := logger.Named("AUTH")
 	httpLogger := logger.Named("HTTP")
+	certLogger := logger.Named("CERT")

 	// Read certificates
 	srvCertBytes, err := cfg.Server.GRPC.Certs.GetCertBytes()
@@ -108,6 +109,10 @@ func ActionServe(c *cli.Context) error {
 			grpcFileServer.Hostname = c.String("hostname")
 		}

+		// Setup cert-service
+		certServiceServer := server.NewCertServiceServer(certSvc, certStore, userStore)
+		certServiceServer.Logger = certLogger
+
 		// Setup user-service
 		grpcUserServer := server.NewGRPCUserServiceServer(userStore, certSvc)
 		grpcUserServer.Logger = logger.Named("USER")
@@ -140,6 +145,7 @@ func ActionServe(c *cli.Context) error {
 		)
 		pb.RegisterFileServiceServer(grpcServer, grpcFileServer)
 		pb.RegisterUserServiceServer(grpcServer, grpcUserServer)
+		pb.RegisterCertificateServiceServer(grpcServer, certServiceServer)

 		// wait for cancel
 		go func() {